102 matches found
CVE-2026-8398
The CVE-2026-8398 entry concerns a supply-chain compromise of DAEMON Tools Lite Windows installers (versions 12.5.0.2421–12.5.0.2434) distributed via daemon-tools.cc. Attackers allegedly gained access to AVB Disc Soft’s build/distribution infrastructure and trojanized three binaries—DTHelper.exe,...
EUVD-2018-11861
Malware in sbrugna...
EUVD-2023-41265
Malicious code in bioql PyPI...
CVE-2025-30604
CVE-2025-30604 affects JiangQie Official Website Mini Program (ZhuiGe Official Website Mini Program in EUVD context). Reported as an SQL Injection vulnerability (blind SQLi) in the Mini Program component, with affected versions ranging up to 1.8.2. The connected EUVD entry confirms the issue is p...
WordPress JiangQie Official Website Mini Program plugin <= 1.8.2 - SQL Injection Vulnerability
SQL Injection Vulnerability discovered by kuteminh11 - VNPT Cyber Immunity in WordPress Plugin JiangQie Official Website Mini Program versions = 1.8.2...
DerbyNet 9.0 print/render/racer.inc SQL Injection
CVE ID: CVE-2024-30923 Description: An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, specifically within the print/render/racer.inc component. This vulnerability allows remote attackers to execute arbitrary code and disclose sensitive information by exploiting improper...
DerbyNet 9.0 print/render/award.inc SQL Injection
CVE ID: CVE-2024-30922 Description: A SQL Injection vulnerability has been identified in DerbyNet version 9.0, specifically affecting the 'where' clause in Award Document Rendering through the component print/render/award.inc. This vulnerability allows remote attackers to execute arbitrary code a...
APTs Exploiting WinRAR 0day Flaw Despite Patch Availability
By Deeba Ahmed All a user needs to do is visit the official WinRAR website and install the latest version to thwart the attack. This is a post from HackRead.com Read the original post: APTs Exploiting WinRAR 0day Flaw Despite Patch Availability...
CVE-2023-37362 Weintek Weincloud Improper Authentication
Weintek Weincloud v0.13.6 could allow an attacker to abuse the registration functionality to login with testing credentials to the official website...
CVE-2022-2601
creationtimestamp| type| source ---|---|--- 2022-12-15 00:22:57+00:00| seen| https://t.me/cibsecurity/54563 2024-08-13 18:05:01+00:00| seen| https://www.thezdi.com/blog/2024/8/13/the-august-2024-security-update-review 2024-08-22 08:35:31+00:00| seen| https://t.me/SecLabNews/15551 2024-08-24...
Ubuntu: Security Advisory (USN-5745-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Official website of Russian Parliament, MoD and Kremlin go offline
By Waqas The Kremlin domain is the official website of President Vladimir Putin which according to NetBlocks is among the… This is a post from HackRead.com Read the original post: Official website of Russian Parliament, MoD and Kremlin go offline...
Sql injection
The JiangQie Official Website Mini Program WordPress plugin before 1.1.1 does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues...
CVE-2021-24303
The CVE-2021-24303 entry concerns the WordPress plugin “JiangQie Official Website Mini Program” (before v1.1.1). The vulnerability arises because the id GET parameter is not escaped/validated before being used in SQL statements, enabling SQL injection. Impact is described as high (per CVE data) w...
JiangQie Official Website Mini Program < 1.1.1 - Authenticated SQL Injection
The plugin does not escape or validate the id GET parameter before using it in SQL statements, leading to SQL injection issues https://example.com/wp-admin/admin.php?page=jiangqieowfreefeedback&action=detail&id=1+AND+%28SELECT+%2A+FROM+%28SELECT%28SLEEP%285%29%29%29a%29 Could also make a logged i...
WordPress JiangQie Official Website Mini Program plugin <= 1.1.0 - Authenticated SQL Injection (SQLi) vulnerability
Authenticated SQL Injection SQLi vulnerability discovered by ja9er in WordPress JiangQie Official Website Mini Program plugin versions = 1.1.0. Solution Update the WordPress JiangQie Official Website Mini Program plugin to the latest available version at least 1.1.1...
Censys-Python - An Easy-To-Use And Lightweight API Wrapper For The Censys Search Engine
An easy-to-use and lightweight API wrapper for the Censys Search Engine censys.io. Python 3.6+ is currently supported. Getting Started The library can be installed using pip. $ pip install censys To configure your credentials run censys config or set both CENSYSAPIID and CENSYSAPISECRET environme...
National Cyber Security Centre Cyber Awareness Campaign
The United Kingdom UK National Cyber Security Centre NCSC has launched a new cyber security campaign encouraging the public to adopt six behaviors to stay safe online. The six Cyber Aware behaviors recommended by the NSCS are: 1. Use a separate password for your email 2. Create strong passwords...
Utah Says No to Apple/Google COVID-19 Tracing; Debuts Startup App
The state of Utah has settled on a contact-tracing mobile app that collects detailed user location information to track the spread of COVID-19 among citizens – eschewing the API model proposed by Apple and Google in April. The app is called “Healthy Together” and it was created by a startup calle...
BackBox Linux 6.0 - Ubuntu-based Linux Distribution Penetration Test and Security Assessment
BackBox Linux is a penetration testing and security assessment oriented Linux distribution providing a network and systems analysis toolkit. It includes some of the most commonly known/used security and analysis tools, aiming for a wide spread of goals, ranging from web application analysis to...