Lucene search
K

41 matches found

OSV
OSV
added 2026/04/27 6:37 p.m.8 views

MAL-2026-3104 Malicious code in robase-ui (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 9ca93a110c410fd6294e5270289bebb1872f9b81152d837f4990756881646cc0 During installation package downloads and runs a malicious executable. Likely continuation of 2026-03-rowrap. The campaign is built over a malicious Roblox API...

5.8AI score
Exploits0References9
CNNVD
CNNVD
added 2026/03/19 12:0 a.m.10 views

wgcloud 安全漏洞

WGCloud is a lightweight distributed server monitoring and operation system developed by Tianshiyeben as an individual developer. Version 3.6.3 of WGCloud contains a security vulnerability. This vulnerability stems from a connection testing feature in the backend database management system, which...

7.5CVSS5.8AI score0.00253EPSS
Exploits1References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-39542

Malicious code in bioql PyPI...

2.5CVSS6.6AI score0.00141EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-1986

Malicious code in bioql PyPI...

8.1CVSS6.4AI score0.00458EPSS
Exploits0References2
NVD
NVD
added 2025/10/01 10:15 p.m.7 views

CVE-2025-61587

Weblate is a web based localization tool. An open redirect exists in versions 5.13.2 and below via the redir parameter on .within.website when Weblate is configured with Anubis and REDIRECTDOMAINS is not set. An attacker can craft a URL on the legitimate domain that redirects a victim to an...

6.1CVSS0.00365EPSS
Exploits1References4
Snyk
Snyk
added 2025/09/17 8:23 p.m.2 views

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data via the DownloadTinyFile function. An attacker can intercept and modify file downloads by performing a man-in-the-middle attack on network traffic, potentially causing peers to receive malicious file...

6.9CVSS6.6AI score0.0013EPSS
Exploits0References2
Snyk
Snyk
added 2025/09/15 7:39 a.m.5 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

9.8CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2025/09/15 7:39 a.m.4 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

9.8CVSS7AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/08/25 6:1 a.m.11 views

webkitgtk: A download’s origin may be incorrectly associated

A flaw was found in WebKitGTK. A malicious website can cause the origin of a download to be incorrectly associated with the wrong site due to improper checks, allowing an attacker to trick a user into downloading a malicious file...

6.2CVSS6.9AI score0.00886EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/05/23 10:37 a.m.9 views

CVE-2024-47531

Scout is a web-based visualizer for VCF-files. Due to the lack of sanitization in the filename, it is possible bypass intended file extension and make users download malicious files with any extension. With malicious content injected inside the file data and users unknowingly downloading it and...

4.6CVSS6.9AI score0.00311EPSS
Exploits1
HackRead
HackRead
added 2025/03/24 8:28 p.m.13 views

5 Unexpected Devices You Didn’t Know Could Spread Malware

When you think of malware, your mind probably jumps to malicious downloads or email attachments. But it turns…...

7.3AI score
Exploits0
Securelist
Securelist
added 2025/03/06 10:0 a.m.19 views

Trojans disguised as AI: Cybercriminals exploit DeepSeek’s popularity

Introduction Among the most significant events in the AI world in early 2025 was the release of DeepSeek-R1 – a powerful reasoning large language model LLM with open weights. It's available both for local use and as a free service. Since DeepSeek was the first service to offer access to a reasoni...

7.2AI score
Exploits0
Positive Technologies
Positive Technologies
added 2024/09/30 12:0 a.m.6 views

PT-2024-32645 · Scout · Scout

Name of the Vulnerable Software and Affected Versions: Scout versions prior to 4.89 Description: The issue arises from the lack of sanitization in filenames, allowing bypass of intended file extensions. This enables the download of malicious files with any extension. If users unknowingly download...

4.6CVSS7.1AI score0.00311EPSS
Exploits1References7
Malwarebytes
Malwarebytes
added 2024/08/21 9:31 p.m.14 views

Fraudulent Slack ad shows malvertiser’s patience and skills

In the past year alone, we have reported almost five hundred unique malvertising incidents related to Google search ads. While it can be difficult to attribute each incident to a specific threat actor, we usually notice similarities between campaigns. Some malvertisers go to great lengths to bypa...

7.2AI score
Exploits0
AstraLinux
AstraLinux
added 2024/06/26 1:32 p.m.4 views

Astra Linux – Vulnerability in Chromium

Inappropriate implementation in Downloads in Google Chrome prior to 126.0.6478.54 allowed a remote attacker to obfuscate security UI through a malicious file. Chromium security severity: Medium...

8.8CVSS7.5AI score0.00469EPSS
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2024/05/22 12:0 a.m.6 views

The vulnerability in the script interface/sysmanage/licenseauthorization.php of the D-Link DAR-7000 and DAR-8000 router microsystems allows a hacker to execute arbitrary code.

The vulnerability in the interface/sysmanage/licenseauthorization.php script of the D-Link DAR-7000 and DAR-8000 router microsystems lies in the ability to download files of a malicious nature without limitation. Exploiting this vulnerability allows an attacker to execute arbitrary code remotely...

6.5CVSS7AI score0.02311EPSS
Exploits0References6Affected Software2
HackRead
HackRead
added 2024/03/06 6:41 p.m.12 views

Fake Skype, Zoom, Google Meet Sites Infecting Devices with Multiple RATs

By Deeba Ahmed Remote Access Trojan Threat: Beware Malicious Downloads Disguised as Meeting Apps. This is a post from HackRead.com Read the original post: Fake Skype, Zoom, Google Meet Sites Infecting Devices with Multiple RATs...

7.3AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/04/17 3:3 p.m.4 views

Mozilla: Files with malicious extensions could have been downloaded unsafely on Linux

The Mozilla Foundation Security Advisory describes this flaw as: Firefox did not properly handle downloads of files ending in .desktop, which can be interpreted to run attacker-controlled commands. This bug only affects Firefox for Linux on certain Distributions. Other operating systems are...

8.8CVSS7.3AI score0.00737EPSS
Exploits0References5
SUSE CVE
SUSE CVE
added 2023/02/15 3:40 a.m.2 views

SUSE CVE-2021-32679

Nextcloud Server is a Nextcloud package that handles data storage. In versions prior to 19.0.13, 20.0.11, and 21.0.3, filenames where not escaped by default in controllers using DownloadResponse. When a user-supplied filename was passed unsanitized into a DownloadResponse, this could be used to...

8.8CVSS8.4AI score0.0137EPSS
Exploits0References4
Debian CVE
Debian CVE
added 2022/07/14 8:5 p.m.47 views

CVE-2022-31156

Gradle is a build tool. Dependency verification is a security feature in Gradle Build Tool that was introduced to allow validation of external dependencies either through their checksum or cryptographic signatures. In versions 6.2 through 7.4.2, there are some cases in which Gradle may skip that...

6.6CVSS5AI score0.00507EPSS
Exploits0
Rows per page
Query Builder