Malicious code in tax4all-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 411707aa243c516b714830da4805c4abacaa4d5f7e2e8959773cd93468dd78aa The exported ContactForm Vue component in deploy/dist/index.js hardcodes form submissions to https://formsubmit.co/ajax/[email protected] — the...

CVE-2025-59109

The dormakaba registration units 9002 PIN Pad Units have an exposed UART header on the backside. The PIN pad is sending every button press to the UART interface. An attacker can use the interface to exfiltrate PINs. As the devices are explicitly built as Plug-and-Play to be easily replaced, an...

Acronis: CSS Injection via Client Side Path Traversal + Open Redirect leads to personal data exfiltration on Acronis Cloud

Summary Hi team, I hope everything goes well. I have found a CSS Injection in Acronis Cloud Management Consolehttps://mc-beta-cloud.acronis.com/mc via the colorscheme GET parameter. Description: The flow work as I will comment below. If we go to the URL...

Avast and AVG Browser Extensions Spying On Chrome and Firefox Users

If your Firefox or Chrome browser has any of the below-listed four extensions offered by Avast and its subsidiary AVG installed, you should disable or remove them as soon as possible. Avast Online Security AVG Online Security Avast SafePrice AVG SafePrice Why? Because these four widely installed...