EUVD-2025-209497

The authentication endpoint fails to encode user-supplied input before rendering it in the web page, allowing for script injection. An attacker can leverage this by injecting malicious scripts into the authentication endpoint. This can result in the user's browser being redirected to a malicious...

JA4+ - Suite Of Network Fingerprinting Standards

JA4+ is a suite of network Fingerprinting methods that are easy to use and easy to share. These methods are both human and machine readable to facilitate more effective threat-hunting and analysis. The use-cases for these fingerprints include scanning for threat actors, malware detection, session...

AWS Patches Critical 'FlowFixation' Bug in Airflow Service to Prevent Session Hijacking

Cybersecurity researchers have shared details of a now-patched security vulnerability in Amazon Web Services AWS Managed Workflows for Apache Airflow MWAA that could be potentially exploited by a malicious actor to hijack victims' sessions and achieve remote code execution on underlying instances...

CumulusClips 2.4.1 Code Execution / CSRF / Cross Site Scripting

Exploit Title: CumulusClips Session fixation Google Dork: inurl:/cumulusclips/videos/ Date: 2.09.2016 Exploit Author: kor3k / Aukasz Korczyk Vendor Homepage: http://cumulusclips.org/ Software Link: http://cumulusclips.org/cumulusclips.zip Version: 2.4.1 Tested on: Debian Jessie Description:...