CVE-2026-8398

The CVE-2026-8398 entry concerns a supply-chain compromise of DAEMON Tools Lite Windows installers (versions 12.5.0.2421–12.5.0.2434) distributed via daemon-tools.cc. Attackers allegedly gained access to AVB Disc Soft’s build/distribution infrastructure and trojanized three binaries—DTHelper.exe,...

EUVD-2018-11861

Malware in sbrugna...

EUVD-2023-41265

Malicious code in bioql PyPI...

DerbyNet 9.0 print/render/award.inc SQL Injection

CVE ID: CVE-2024-30922 Description: A SQL Injection vulnerability has been identified in DerbyNet version 9.0, specifically affecting the 'where' clause in Award Document Rendering through the component print/render/award.inc. This vulnerability allows remote attackers to execute arbitrary code a...

DerbyNet 9.0 print/render/racer.inc SQL Injection

CVE ID: CVE-2024-30923 Description: An SQL Injection vulnerability has been discovered in DerbyNet version 9.0, specifically within the print/render/racer.inc component. This vulnerability allows remote attackers to execute arbitrary code and disclose sensitive information by exploiting improper...

APTs Exploiting WinRAR 0day Flaw Despite Patch Availability

By Deeba Ahmed All a user needs to do is visit the official WinRAR website and install the latest version to thwart the attack. This is a post from HackRead.com Read the original post: APTs Exploiting WinRAR 0day Flaw Despite Patch Availability...

CVE-2023-37362 Weintek Weincloud Improper Authentication

Weintek Weincloud v0.13.6 could allow an attacker to abuse the registration functionality to login with testing credentials to the official website...

CVE-2022-2601

creationtimestamp| type| source ---|---|--- 2022-12-15 00:22:57+00:00| seen| https://t.me/cibsecurity/54563 2024-08-13 18:05:01+00:00| seen| https://www.thezdi.com/blog/2024/8/13/the-august-2024-security-update-review 2024-08-22 08:35:31+00:00| seen| https://t.me/SecLabNews/15551 2024-08-24...

Ubuntu: Security Advisory (USN-5745-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Official website of Russian Parliament, MoD and Kremlin go offline

By Waqas The Kremlin domain is the official website of President Vladimir Putin which according to NetBlocks is among the… This is a post from HackRead.com Read the original post: Official website of Russian Parliament, MoD and Kremlin go offline...

CVE-2021-24303

The CVE-2021-24303 entry concerns the WordPress plugin “JiangQie Official Website Mini Program” (before v1.1.1). The vulnerability arises because the id GET parameter is not escaped/validated before being used in SQL statements, enabling SQL injection. Impact is described as high (per CVE data) w...

WordPress JiangQie Official Website Mini Program plugin <= 1.1.0 - Authenticated SQL Injection (SQLi) vulnerability

Authenticated SQL Injection SQLi vulnerability discovered by ja9er in WordPress JiangQie Official Website Mini Program plugin versions = 1.1.0. Solution Update the WordPress JiangQie Official Website Mini Program plugin to the latest available version at least 1.1.1...

Censys-Python - An Easy-To-Use And Lightweight API Wrapper For The Censys Search Engine

An easy-to-use and lightweight API wrapper for the Censys Search Engine censys.io. Python 3.6+ is currently supported. Getting Started The library can be installed using pip. $ pip install censys To configure your credentials run censys config or set both CENSYSAPIID and CENSYSAPISECRET environme...

National Cyber Security Centre Cyber Awareness Campaign

The United Kingdom UK National Cyber Security Centre NCSC has launched a new cyber security campaign encouraging the public to adopt six behaviors to stay safe online. The six Cyber Aware behaviors recommended by the NSCS are: 1. Use a separate password for your email 2. Create strong passwords...

Utah Says No to Apple/Google COVID-19 Tracing; Debuts Startup App

The state of Utah has settled on a contact-tracing mobile app that collects detailed user location information to track the spread of COVID-19 among citizens – eschewing the API model proposed by Apple and Google in April. The app is called “Healthy Together” and it was created by a startup calle...

BackBox Linux 6.0 - Ubuntu-based Linux Distribution Penetration Test and Security Assessment

BackBox Linux is a penetration testing and security assessment oriented Linux distribution providing a network and systems analysis toolkit. It includes some of the most commonly known/used security and analysis tools, aiming for a wide spread of goals, ranging from web application analysis to...

officialauthenticchiefsstore.com XSS vulnerability

Open Bug Bounty ID: OBB-681569 Description| Value ---|--- Affected Website:| officialauthenticchiefsstore.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6....

officialauthenticshoppanthers.com XSS vulnerability

Open Bug Bounty ID: OBB-681571 Description| Value ---|--- Affected Website:| officialauthenticshoppanthers.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6...

officialauthenticcowboysstore.com XSS vulnerability

Open Bug Bounty ID: OBB-681570 Description| Value ---|--- Affected Website:| officialauthenticcowboysstore.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6...

Sending FireEye HX data to Splunk

FireEye HX is an agent-based Endpoint Protection solution. Something like an antivirus, but focused on Advanced Persistent Threats APT. It has an appliance with GUI where you can manage the agents and see information about detected security incidents. As with any agent-based solution, it's...