Silver Fox Deploys ABCDoor Malware via Tax-Themed Phishing in India and Russia

The China-based cybercrime group known as Silver Fox aka Monarch, SwimSnake, The Great Thief of Valley, UTG-Q-1000, and Void Arachne has been linked to a new campaign targeting organizations in Russia and India with a new malware called ABCDoor. The activity involved using phishing emails that...

[SECURITY] Fedora 44 Update: skrooge-26.1.20-3.fc44

skrooge is a personal finances manager, aiming at being simple and intuitive. It allows you to keep track of your expenses and incomes, categorize them, and build reports of them...

CVE-2025-12883

The Campay Woocommerce Payment Gateway plugin for WordPress is vulnerable to Unauthenticated Payment Bypass in all versions up to, and including, 1.2.2. This is due to the plugin not properly validating that a transaction has occurred through the payment gateway. This makes it possible for...

CVE-2024-44630

Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1,marks1, sub2, course-short, income, category, ph, country,...

EUVD-2024-55078

Multiple parameters in register.php in PHPGurukul Student Record System 3.20 are vulnerable to SQL injection. These include: c-full, fname, mname,lname, gname, ocp, nation, mobno, email, board1, roll1, pyear1, board2, roll2, pyear2, sub1,marks1, sub2, course-short, income, category, ph, country,...

EUVD-2021-16069

Malware in sbrugna...

EUVD-2025-31735

Malicious code in bioql PyPI...

CVE-2025-52047

In Frappe ErpNext v15.57.5, the function getincomeaccount at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the filters.disabled parameter...

CVE-2025-52047

In Frappe ErpNext v15.57.5, the function getincomeaccount at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the filters.disabled parameter...

CVE-2025-52047

In Frappe ErpNext v15.57.5, the function getincomeaccount at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the filters.disabled parameter...

PT-2025-39990

Name of the Vulnerable Software and Affected Versions Frappe ErpNext version 15.57.5 Description The get income account function at erpnext/controllers/queries.py is susceptible to SQL Injection. An attacker can inject a SQL query into the filters.disabled parameter, potentially allowing extracti...

CVE-2025-52047

In Frappe ErpNext v15.57.5, the function getincomeaccount at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the filters.disabled parameter...

CVE-2025-52047

In Frappe ErpNext v15.57.5, the function getincomeaccount at erpnext/controllers/queries.py is vulnerable to SQL Injection, which allows an attacker to extract all information from databases by injecting a SQL query into the filters.disabled parameter...

CVE-2025-52047

CVE-2025-52047 affects Frappe ErpNext v15.57.5, where the function get_income_account() in erpnext/controllers/queries.py is vulnerable to SQL Injection via the filters.disabled parameter, potentially enabling an attacker to extract data from the database. The issue is confirmed by multiple conne...

Malicious code in breeze-plugin-income-flexitravel (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2025-47617 Malicious code in breeze-plugin-income-flexitravel (npm)

--- -= Per source details. Do not edit below this line.=-...

MAL-2024-7851 Malicious code in income_access_npm_config (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 51d9955aae12e69e264784bcf65382bde7741326c5841d4a06389474e6daa09b Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Understanding HyperCycle’s HyperShare Smart Contract Feature

HyperCycle enhances AI safety and efficiency with cryptographic proofs and peer-to-peer nodes. HyperShare supports decentralized governance and income…...

Akaunting 3.1.8 - Server-Side Template Injection (SSTI) Vulnerability

Exploit Title: Akaunting 3.1.8 - Server-Side Template Injection SSTI Exploit Author: tmrswrr Vendor: https://akaunting.com/forum Software Link: https://akaunting.com/apps/crm Vulnerable Versions: 3.1.8 Tested : https://www.softaculous.com/apps/erp/Akaunting 1 Login with admin cred and go to : Ite...

Akaunting 3.1.8 - Server-Side Template Injection (SSTI)

Exploit Title: Akaunting 3.1.8 - Server-Side Template Injection SSTI Exploit Author: tmrswrr Date: 30/05/2024 Vendor: https://akaunting.com/forum Software Link: https://akaunting.com/apps/crm Vulnerable Versions: 3.1.8 Tested : https://www.softaculous.com/apps/erp/Akaunting 1 Login with admin cre...