EUVD-2025-13984

Malicious code in bioql PyPI...

Monero: [Monero wallet RPC] File precreation to file ownership and credentials leak

The Monero wallet RPC was found to have a vulnerability in the file creation process that could lead to potential credential leakage. The issue was located in the walletrpcserver::init method, where a file was created without using the OEXCL flag, allowing an attacker to pre-create the file and...

saopauloguiaonline.com.br Cross Site Scripting vulnerability

Security Researcher haxmov Helped patch 543 vulnerabilities Received 4 Coordinated Disclosure badges Received 3 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting saopauloguiaonline.com.br website and its users. Following...

Concrete CMS: Password Reset link hijacking via Host Header Poisoning

Summary Concrete5 uses the Host header when sending out password reset links. This allows an attacker to insert a malicious host header, leading to password reset link / token leakage. Impact The victim will receive the malicious link in their email, and, when clicked, will leak the user's passwo...

Limny 2.0 - Cross-Site Request Forgery (Change Email and Password)

Limny 2.0 - Cross-Site Request Forgery Change Email and Password /¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯¯\ :Limny 2.0 Change Pass CSRF : / /Discovered By: \ |Luis Santana | / Overview ¯¯¯¯¯¯¯¯¯¯ The Limny 2.0 CMS is vulnerable to a Cross-Site-Request Forgery exploit which allows for a malicious attacker to...

majordomo.1.94.4.txt

Hi, I found something to discuss, this time involving majordomo. This was tested on a Slackware linux 8.0 kernel 2.4.8; majordomo version 1.94.4, I also tested the other versions and all default installs had the same problem, note that the versions 1.94.1 an 1.94.2 should NOT be used anymore, tho...