CERT-In Recommends 12-Hour Patching for Internet-Facing Flaws Amid AI-Assisted Attacks

The Indian Computer Emergency Response Team CERT-In has issued new guidelines requiring organizations to patch critical security vulnerabilities in internet-exposed systems within 12 hours of being flagged where "feasible" to safeguard against potential threats stemming from threat actors' abuse ...

CVE-2026-41576

Brave CMS is affected by CVE-2026-41576 due to a public contact form that accepted user messages without authentication before commit 6c56603. The message text is passed through nl2br() (converting newlines to ) but is not HTML-escaped, and is then rendered in a Blade email template using the une...

CVE-2026-32757 Admidio: HTMLPurifier Bypass in eCard Message Allows HTML Email Injection

Admidio is an open-source user management solution. In versions 5.0.6 and below, the eCard send handler uses a raw $POST'ecardmessage' value instead of the HTMLPurifier-sanitized $formValues'ecardmessage' when constructing the greeting card HTML. This allows an authenticated attacker to inject...

Vikunja has Reflected HTML Injection via filter Parameter in its Projects Module

Vikunja is an open-source self-hosted task management platform with 3,300+ GitHub stars. A reflected HTML injection vulnerability exists in the Projects module where the filter URL parameter is rendered into the DOM without output encoding when the user clicks "Filter." While and are blocked, , ,...

Vikunja 安全漏洞

Vikunja is an open-source to-do application developed by Vikunja developers. Versions of Vikunja prior to 2.0.0 contained security vulnerabilities. These vulnerabilities stemmed from the filter parameters in the Projects module being rendered into the DOM without proper encoding, which could lead...

Can AI Models Be Jailbroken to Phish Elderly Victims? an End-To-End Evaluation

We present an end-to-end demonstration of how attackers can exploit AI safety failures to harm vulnerable populations: from jailbreaking LLMs to generate phishing content, to deploying those messages against real targets, to successfully compromising elderly victims. We systematically evaluated...

EUVD-2023-44261

Malicious code in bioql PyPI...

Mozilla: Phishing site popup could show local origin in address bar

The Mozilla Foundation Security Advisory describes this flaw as: A phishing site could have repurposed an about: dialog to show phishing content with an incorrect origin in the address bar...

Mozilla: Phishing site popup could show local origin in address bar

The Mozilla Foundation Security Advisory describes this flaw as: A phishing site could have repurposed an about: dialog to show phishing content with an incorrect origin in the address bar...

Debian dsa-5606 : firefox-esr - security update

The remote Debian 11 / 12 host has packages installed that are affected by multiple vulnerabilities as referenced in the dsa-5606 advisory. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-5606...

Fedora 39 : firefox (2024-14dea9640b)

The remote Fedora 39 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2024-14dea9640b advisory. - Updated to new upstream 122.0 Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus h...

CVE-2023-3612

Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content...

CVE-2023-3612

Govee Home app has unprotected access to WebView component which can be opened by any app on the device. By sending an URL to a specially crafted site, the attacker can execute JavaScript in context of WebView or steal sensitive user data by displaying phishing content...

Govee Home Security Breach

Govee Home is a software application. Govee Home contains a security vulnerability that stems from the fact that the WebView component can be opened by any application on the device, and by sending the URL to a specially crafted website, an attacker can execute JavaScript in the WebView context o...

PT-2023-25434 · Govee · Govee Home

Name of the Vulnerable Software and Affected Versions: Govee Home app affected versions not specified Description: The Govee Home app has unprotected access to the WebView component, which can be opened by any app on the device. By sending a URL to a specially crafted site, an attacker can execut...

The Telegram phishing market

Telegram has been gaining popularity with users around the world year by year. Common users are not the only ones who have recognized the messaging apps handy features — cybercrooks have already made it a branch of the dark web, their Telegram activity soaring since late 2021. The service is...

PT-2019-12541 · Rancher · Rancher

Name of the Vulnerable Software and Affected Versions: Rancher versions prior to 2.2.4 Rancher version 2.1.4 Description: A vulnerability exists in the login component of Rancher, where the errorMsg parameter can be tampered to display arbitrary content. Although tags are filtered, special...