223 matches found
PHPJabbers Make an Offer Widget v1.0 - Cross-Site Scripting
There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0. id: CVE-2023-40752 info: name: PHPJabbers Make an Offer Widget v1.0 - Cross-Site Scripting author: ritikchaddha severity: medium description: | There is a Cross Site...
CVE-2026-34960 barebox Out-of-Bounds Read in DHCP Option Parsing
barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcpmessagetype function that fails to verify the options pointer remains within received packet bounds. An attacker on the same broadcast domain can send a crafted DHCP Offer or ACK...
CVE-2026-34960 barebox Out-of-Bounds Read in DHCP Option Parsing
barebox prior to version 2026.04.0 contains an out-of-bounds read vulnerability in DHCP option parsing within the dhcpmessagetype function that fails to verify the options pointer remains within received packet bounds. An attacker on the same broadcast domain can send a crafted DHCP Offer or ACK...
PT-2026-39849
Name of the Vulnerable Software and Affected Versions barebox versions prior to 2026.04.0 Description An out-of-bounds read occurs during DHCP option parsing within the dhcp message type function because the software fails to verify that the options pointer remains within the received packet...
Malicious Package
Overview upstart-offer-container is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packa...
Malicious code in upstart-offer-container (npm)
Package collects sensitive data SSH keys, AWS creds, env vars, exfiltrates it to a remote server, and executes shell commands. MALWARE! --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 148e48dd7b06a250063027a17895962000ca784a3fe52b704bea049afc85763a The package...
MAL-2026-2613 Malicious code in upstart-offer-container (npm)
Package collects sensitive data SSH keys, AWS creds, env vars, exfiltrates it to a remote server, and executes shell commands. MALWARE! --- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 148e48dd7b06a250063027a17895962000ca784a3fe52b704bea049afc85763a The package...
CVE-2026-23843
teklifolusturapp is a web-based PHP application that allows users to create, manage, and track quotes for their clients. Prior to commit dd082a134a225b8dcd401b6224eead4fb183ea1c, an Insecure Direct Object Reference IDOR vulnerability exists in the offer view functionality. Authenticated users can...
CVE-2026-23843
teklifolusturapp is a web-based PHP application that allows users to create, manage, and track quotes for their clients. Prior to commit dd082a134a225b8dcd401b6224eead4fb183ea1c, an Insecure Direct Object Reference IDOR vulnerability exists in the offer view functionality. Authenticated users can...
EUVD-2026-3298
teklifolusturapp is a web-based PHP application that allows users to create, manage, and track quotes for their clients. Prior to commit dd082a134a225b8dcd401b6224eead4fb183ea1c, an Insecure Direct Object Reference IDOR vulnerability exists in the offer view functionality. Authenticated users can...
CVE-2026-23843 teklifolustur_app's IDOR vulnerability allows unauthorized access to other users' offers
teklifolusturapp is a web-based PHP application that allows users to create, manage, and track quotes for their clients. Prior to commit dd082a134a225b8dcd401b6224eead4fb183ea1c, an Insecure Direct Object Reference IDOR vulnerability exists in the offer view functionality. Authenticated users can...
CVE-2026-23843 teklifolustur_app's IDOR vulnerability allows unauthorized access to other users' offers
teklifolusturapp is a web-based PHP application that allows users to create, manage, and track quotes for their clients. Prior to commit dd082a134a225b8dcd401b6224eead4fb183ea1c, an Insecure Direct Object Reference IDOR vulnerability exists in the offer view functionality. Authenticated users can...
CVE-2026-23843
teklifolusturapp is a web-based PHP application that allows users to create, manage, and track quotes for their clients. Prior to commit dd082a134a225b8dcd401b6224eead4fb183ea1c, an Insecure Direct Object Reference IDOR vulnerability exists in the offer view functionality. Authenticated users can...
PT-2026-3484
Name of the Vulnerable Software and Affected Versions teklifolustur app versions prior to commit dd082a134a225b8dcd401b6224eead4fb183ea1c Description teklifolustur app is a web-based PHP application for managing quotes. An Insecure Direct Object Reference IDOR exists in the offer view...
CVE-2023-40752
There is a Cross Site Scripting XSS vulnerability in the "action" parameter of index.php in PHPJabbers Make an Offer Widget v1.0...
CVE-2023-43660
Warpgate is a smart SSH, HTTPS and MySQL bastion host for Linux that doesn't need special client apps. The SSH key verification for a user can be bypassed by sending an SSH key offer without a signature. This allows bypassing authentication under following conditions: 1. The attacker knows the...
Be careful responding to unexpected job interviews
One of our customers was contacted on LinkedIn about a job offer. The initial message was followed up by an email: “Thank you for your interest in the Senior Construction Manager position at company. After reviewing your background, we were impressed with your experience and would like to invite...
CVE-2025-31993
HCL Unica Centralized Offer Management is vulnerable to a potential Server-Side Request Forgery SSRF. An attacker can exploit improper input validation by submitting maliciously crafted input to a target application running on a server...
CVE-2025-31997
HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References IDOR. An attacker can bypass authorization and access resources in the system directly, for example database records or files...
EUVD-2025-33879
HCL Unica Centralized Offer Management is vulnerable to poor unhandled exceptions which exposes sensitive information. An attacker can exploit use this information to exploit known vulnerabilities launch targeted attacks, such as remote code execution or denial of service...