Intent redirection vulnerability in third-party SDK exposed millions of Android wallets to potential risk

In this article 1. Technical details 2. Disclosure timeline 3. Mitigation and protection guidance 4. References 5. Learn more During routine security research, we identified a severe intent redirection vulnerability in a widely used third-party Android SDK called EngageSDK. This flaw allows apps ...

CVE-2026-35197 Code injection in dye template expressions

dye is a portable and respectful color library for shell scripts. Prior to 1.1.1, certain dye template expressions would result in execution of arbitrary code. This issue was discovered and fixed by dye's author, and is not known to be exploited. This vulnerability is fixed in 1.1.1...

WordPress CPO Content Types Plugin <= 1.1.0 is vulnerable to Cross Site Scripting (XSS)

Software CPO Content Types Type Plugin Vulnerable versions = 1.1.0 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25451 Patch priority Low CVSS severity Low 5.9 Developer Claim ownership PSID 1449c76ab8ca Credits Rio Darmawan Required...

Microsoft Crushes 116 Bugs, Three Actively Exploited

Three bugs under active exploit were squashed by Microsoft Tuesday, part of its July security roundup of fixes for Windows, Microsoft Office, SharePoint Server and Exchange Server. In all, Microsoft patched 116 bugs. Twelve bugs are rated critical, 103 rated important and one classified as modera...

EasyFTP version 1.7.0.11 and version 1.7.0.2 Crash PoC

Exploit for windows platform in category dos / poc ====================================================== EasyFTP version 1.7.0.11 and version 1.7.0.2 Crash PoC ====================================================== sub banner print q PoC EasyFTP 1.7.0.X Crash Author: Inj3cti0n P4ck3t e-mail:...