Lucene search
K

15 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 9:30 a.m.5 views

CVE-2023-43509

A vulnerability in the web-based management interface of ClearPass Policy Manager could allow an unauthenticated remote attacker to send notifications to computers that are running ClearPass OnGuard. These notifications can then be used to phish users or trick them into downloading malicious...

5.8CVSS7AI score0.00567EPSS
Exploits0References1
HackRead
HackRead
added 2025/10/09 1:0 p.m.4 views

SquareX Shows AI Browsers Fall Prey to OAuth Attacks, Malware Downloads and Malicious Link Distribution

Palo Alto, California, 9th October 2025, CyberNewsWire...

7AI score
Exploits0
Snyk
Snyk
added 2025/09/15 7:39 a.m.3 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

9.8CVSS7AI score
Exploits0References2
Snyk
Snyk
added 2025/09/15 7:39 a.m.2 views

Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. Compromised versions of this package contain a file called bundle.js that exfiltrates secrets from the user's accounts, including credentials and API tokens. It also downloads malicious files and repackages them...

9.8CVSS7AI score
Exploits0References2
RedHat Linux
RedHat Linux
added 2025/08/25 4:53 a.m.13 views

webkitgtk: A download’s origin may be incorrectly associated

A flaw was found in WebKitGTK. A malicious website can cause the origin of a download to be incorrectly associated with the wrong site due to improper checks, allowing an attacker to trick a user into downloading a malicious file...

6.2CVSS6.9AI score0.00886EPSS
Exploits0References6
The Hacker News
The Hacker News
added 2024/11/14 2:0 p.m.7 views

Google Warns of Rising Cloaking Scams, AI-Driven Fraud, and Crypto Schemes

Google has revealed that bad actors are leveraging techniques like landing page cloaking to conduct scams by impersonating legitimate sites. "Cloaking is specifically designed to prevent moderation systems and teams from reviewing policy-violating content which enables them to deploy the scam...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2024/06/04 11:19 a.m.10 views

The Next Generation of RBI (Remote Browser Isolation)

The landscape of browser security has undergone significant changes over the past decade. While Browser Isolation was once considered the gold standard for protecting against browser exploits and malware downloads, it has become increasingly inadequate and insecure in today's SaaS-centric world...

7.4AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2023/12/26 12:0 a.m.3 views

The vulnerability of the OpenKM document management system, related to the lack of measures taken to protect the website structure, allows attackers to perform cross-site scripting attacks.

The vulnerability of the OpenKM document management system is related to the lack of measures taken to protect the website structure when processing the text parameter. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by downloading specially created...

9CVSS5.6AI score0.00618EPSS
Exploits2References2
ThreatPost
ThreatPost
added 2020/03/04 5:48 p.m.37 views

Microsoft OneNote Used To Sidestep Phishing Detection

A phishing campaign was recently discovered leveraging OneNote, Microsoft’s digital notebook that automatically saves and syncs notes, to bypass detection tools and download malware onto victims’ systems. The attacker was utilizing OneNote as a way to easily experiment with various lures that...

6.9AI score
Exploits0References11
Malwarebytes
Malwarebytes
added 2020/01/07 5:45 p.m.29 views

Dubious downloads: How to check if a website and its files are malicious

A significant amount of malware infections and potentially unwanted program PUP irritants are the result of downloads from unreliable sources. There are a multitude of websites that specialize in distributing malicious payloads by offering them up as something legitimate or by bundling the desire...

7.3AI score
Exploits0
Check Point Advisories
Check Point Advisories
added 2018/04/15 12:0 a.m.1 views

Coins LTD Exploit Kits Traffic Distribution System

Coins LTD Traffic Distribution System TDS operates by silently redirecting the victim to a malicious web page, leading to infection by an exploit kit. Successful infection will allow the attacker to download additional malware to the target...

3.5AI score
Exploits0
CNVD
CNVD
added 2017/05/24 12:0 a.m.2 views

INFOR EAM Cross-Site Scripting Attack Vulnerability

Infor EAM is the best configurable enterprise-class asset management solution on the market. Improve capital asset management by increasing reliability, enhancing predictive maintenance, ensuring regulatory compliance, reducing energy consumption, and supporting sustainability programs. A...

5.4CVSS6.4AI score0.00954EPSS
Exploits5References1
Hacker One
Hacker One
added 2016/09/13 5:30 p.m.23 views

Concrete CMS: Content Spoofing possible in concrete5.org

An attacker can include any arbitrary text using specially crafted concrete5 url. This is done using character /%0d%0a. Input https://www.concrete5.org/%0d%0ahas%20moved%20to%20www.evil.com.Please%20visit%20evil.com%20Present%20resource Output The requested URL / has moved to www.evil.com.Please...

6.8AI score
Exploits0
ThreatPost
ThreatPost
added 2009/10/23 4:21 p.m.10 views

'Avalanche' Crimeware Kit Fuels Phishing Attacks

A single cybercrime group called “Avalanche” was responsible for nearly one-quarter of all identity theft-related phishing attacks in the first half of 2009, according to a new report by the Anti-Phishing Work Group APWG. According to the report, phishing sites on Avalanche domains target the...

0.4AI score
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2008/06/30 12:0 a.m.39 views

Trac quickjump Search Script q Parameter Arbitrary Site Redirect

The remote host is running Trac, an enhanced wiki and issue tracking system for software development projects. The version of Trac installed on the remote host fails to sanitize user input to the 'q' parameter of the 'search' script before using it in an unfiltered and unmanaged fashion in a...

6.1CVSS6.2AI score0.01834EPSS
Exploits0References4
Rows per page
Query Builder