CVE-2026-7166

Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on...

EUVD-2026-38236

Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on...

CVE-2026-7166 Multiple vulnerabilities in the Assassin game by Gaudire

Vulnerability involving the exposure of sensitive data provided without adequate protection. The API exposes email and phone number data from the ‘email’ and ‘telefon’ fields. This vulnerability is also present in the local database, as it contains accessible sensitive information such as data on...

CVE-2026-7166

CVE-2026-7166 affects the Assassin game by Gaudire. The API and local database expose sensitive data via the email and telefon fields, including data on minors and municipal users. This unauthenticated remote access could compromise confidentiality (CVSS 4.0 base 9.2, HIGH impact). No exploit or ...

EUVD-2017-6420

Malware in sbrugna...

StarCities E-Municipality Management 跨站脚本漏洞

StarCities E-Municipality Management is an electronic municipal management system from StarCities USA. A cross-site scripting vulnerability exists in versions prior to StarCities E-Municipality Management 20250825, which stems from improper input neutralization during web page generation and coul...

The vulnerability of the web interface of the information system for state and municipal payments in the Republic of Tatarstan (GIS GMPl) stems from errors in the logic of the web application’s operation. This vulnerability allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the web interface of the information system for state and municipal payments in the Republic of Tatarstan GIS GMPl is related to errors in the logic of the web application’s operation. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthoriz...

Local Government Cybersecurity: Why Municipal Systems Need Extra Protection

Cybersecurity threats to local governments are part of life in the digital environment in which people live today.…...

Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks

A recently patched pair of security flaws affecting Ivanti Endpoint Manager Mobile EPMM software has been exploited by a China-nexus threat actor to target a wide range of sectors across Europe, North America, and the Asia-Pacific region. The vulnerabilities, tracked as CVE-2025-4427 CVSS score:...

PT-2025-5829

Name of the Vulnerable Software and Affected Versions Trimble Cityworks versions prior to 15.8.9 Trimble Cityworks with office companion versions prior to 23.10 Description A deserialization vulnerability could allow an authenticated user to perform a remote code execution attack against a...

quebecmunicipal.qc.ca Cross Site Scripting vulnerability OBB-3400473

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

New HiatusRAT Malware Targets Business-Grade Routers to Covertly Spy on Victims

A never-before-seen complex malware is targeting business-grade routers to covertly spy on victims in Latin America, Europe, and North America at least since July 2022. The elusive campaign, dubbed Hiatus by Lumen Black Lotus Labs, has been found to deploy two malicious binaries, a remote access...

Osprey Pump Controller 1.0.1 userName Command Injection Vulnerability

Osprey Pump Controller 1.0.1 userName Blind Command Injection Vendor: ProPump and Controls, Inc. Product web page: https://www.propumpservice.com | https://www.pumpstationparts.com Affected version: Software Build ID 20211018, Production 10/18/2021 Mirage App: MirageAppManager, Release 1.0.1 Mira...

Crippling Cyberattacks, Disinformation Top Concerns for Election Day

What keeps researchers up at night leading up to Nov. 3 isn’t election-day winners and losers. Most cite possible attacks on local infrastructure, crippling ransomware incidents and disinformation campaigns. There are also many concerned voters this year. Election-related cybersecurity attacks ha...

Vermont Taxpayers Warned of Data Leak Over the Past Three Years

The Vermont Department of Taxes may have been exposing taxpayer data that could be used in credential scams for more than three years due to a vulnerability in its online tax filing system. A notice PDF posted on the department’s website warned taxpayers who filed a Property Transfer Tax return...

Knoxville Ransomware Attack Leads to IT Network Shutdown

The city of Knoxville, Tenn. is reeling from a ransomware attack that knocked the city’s network offline and prevented police officers from responding to non-life-threatening traffic crashes. The incident occurred Wednesday and shuttered systems until Thursday. Also impacted was the city’s intern...

Ransomware Hits Georgia Courts as Municipal Attacks Spread

Almost every month in 2019 so far has seen reports of a local government falling prey to ransomware, but this series of attacks belies an even broader threat...

City Pays $2K in Ransomware, Stirs ‘Never Pay’ Debate

The city of West Haven, Conn. made the hard choice to pay cyberattackers a $2,000 ransom after being hit with malware that ground their operations to a halt. West Haven said that its City Hall offices were the victim of a ransomware attack, which the U.S. Department of Homeland Security determine...

DDoS-Happy ‘Bitcoin Baron’ Sentenced to Almost 2 Years in Jail

The Bitcoin Baron, a self-proclaimed vigilante responsible for DDoS attacks on civic networks in Madison, Wisc., San Marcos, Texas, and other sites in 2015, has been collared in Phoenix and sentenced to serve 20 months in prison. The conviction and sentencing is only for the former attack, in whi...

jacksoncountymunicipalcourt.com XSS vulnerability

Open Bug Bounty ID: OBB-619887 Description| Value ---|--- Affected Website:| jacksoncountymunicipalcourt.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...