9 matches found
Firefox Security Vulnerabilities: An Expert Guide
For any vulnerability management team, the daily flood of alerts can be overwhelming. When your scanner flags dozens of new CVEs, it’s easy to see browser-related issues as lower priority. Yet, a critical flaw in a widely used application like Firefox can be the initial foothold an attacker needs...
PT-2025-12096 · Unknown · Automatic1111/Stable-Diffusion-Webui
Name of the Vulnerable Software and Affected Versions: automatic1111/stable-diffusion-webui version 1.10.0 Description: An open redirect vulnerability in automatic1111/stable-diffusion-webui version 1.10.0 allows a remote unauthenticated attacker to redirect users to arbitrary websites via a...
PT-2024-37251 · Imartinez · Privategpt
Name of the Vulnerable Software and Affected Versions: imartinez/privategpt version 0.5.0 Description: An issue exists due to improper handling of the file parameter, allowing attackers to redirect users to a URL specified by user-controlled input without proper validation or sanitization. This c...
CVE-2023-36085
The sisqualWFM 7.1.319.103 thru 7.1.319.111 for Android, has a host header injection vulnerability in its "/sisqualIdentityServer/core/" endpoint. By modifying the HTTP Host header, an attacker can change webpage links and even redirect users to arbitrary or malicious locations. This can lead to...
Hackers Planted Fake Digital Evidence on Devices of Indian Activists and Lawyers
A previously unknown hacking group has been linked to targeted attacks against human rights activists, human rights defenders, academics, and lawyers across India in an attempt to plant "incriminating digital evidence." Cybersecurity firm SentinelOne attributed the intrusions to a group it tracks...
Brave Software: Phishing/Malware site blocking on Brave iOS can be bypassed with trailing dot in hostname
A vulnerability was discovered in Brave iOS nightly build that allowed bypassing of the phishing/malware site blocking feature by adding a trailing dot in the hostname. This allowed users to access prohibited sites without being blocked by Brave Shield protection...
Acronis: Subdomain Takeover – www.jet.acronis.com pointing to unclaimed Webflow services
Hi Team, Greetings! I've come across another subdomainwww.jet.acronis.com of acronis.com pointing to an unclaimed Webflow service. Visiting the www.jet.acronis.com returned the default 404 page for Webflow service, thereby making it potential for subdomain takeover. F940499 Similar to the previou...
Binance Hacked — Hackers Stole Over $40 Million Worth Of Bitcoin
Binance, one of the largest cryptocurrency exchanges in the world, confirmed today that the company lost nearly $41 million in Bitcoin in what appears to be its largest hack to date. In a statement, Binance's CEO Changpeng Zhao said the company discovered a "large scale security breach" earlier o...
Threat Outbreak Alert: Fake Portuguese Personal Picture Notification Email Messages on October 5, 2013
Medium Alert ID: 31128 First Published: 2013 October 7 14:08 GMT Version: 1 Summary Cisco Security has detected significant activity related to Portuguese-language spam email messages that claim to contain personal images for the recipient. The text in the email message attempts to convince the...