EUVD-2024-54939

URL Redirection to Untrusted Site 'Open Redirect' vulnerability in Akınsoft QR Menü allows Forceful Browsing, Phishing. This issue affects QR Menü: from s1.05.05 before v1.05.12...

EUVD-2024-54947

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Akınsoft QR Menü allows Cross-Site Scripting XSS. This issue affects QR Menü: from s1.05.05 before v1.05.12...

ChatGPhish Vulnerability Turns ChatGPT Web Summaries Into a Phishing Surface

Cybersecurity researchers have disclosed details of a vulnerability in OpenAI ChatGPT that leverages the artificial intelligence AI assistant's implicit trust in Markdown links and images to trigger prompt injections and open the door to phishing attacks. The technique has been codenamed ChatGPhi...

CVE-2026-44460

FileRise is a self-hosted web-based file manager with multi-file upload, editing, and batch operations. Prior to 3.12.0, /api/totpsetup.php is callable from a session that has only passed the password check state pendingloginuser. When the target account already has TOTP configured, the endpoint...

CVE-2026-24545

Missing Authorization vulnerability in Nikki Blight QR Redirector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QR Redirector: from n/a through 2.0.3...

CVE-2026-24545 WordPress QR Redirector plugin <= 2.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Nikki Blight QR Redirector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QR Redirector: from n/a through 2.0.3...

CVE-2026-24545

Missing Authorization vulnerability in Nikki Blight QR Redirector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QR Redirector: from n/a through 2.0.3...

CVE-2026-24545 WordPress QR Redirector plugin <= 2.0.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in Nikki Blight QR Redirector allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects QR Redirector: from n/a through 2.0.3...

WordPress plugin QR Redirector 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-13479

Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows Exploitation of Trusted Identifiers. This issue affects QR Menu: through 21052026. NOTE: The vendor was contacted early about this disclosure but did not respond in any w...

CVE-2025-13479 IDOR in PosCube's QR Menu

Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows Exploitation of Trusted Identifiers. This issue affects QR Menu: through 21052026. NOTE: The vendor was contacted early about this disclosure but did not respond in any w...

CVE-2025-13479

Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows Exploitation of Trusted Identifiers. This issue affects QR Menu: through 21052026. NOTE: The vendor was contacted early about this disclosure but did not respond in any w...

CVE-2025-13479

CVE-2025-13479 affects PosCube’s QR Menu. The issue is an authorization bypass via a user-controlled key, enabling exploitation of trusted identifiers. Affected as of QR Menu through 21052026. Root cause: authorization bypass vulnerability; impact aligns with CVSS: high confidentiality impact, ne...

CVE-2025-13479 IDOR in PosCube's QR Menu

Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows Exploitation of Trusted Identifiers. This issue affects QR Menu: through 21052026. NOTE: The vendor was contacted early about this disclosure but did not respond in any w...

PosCube QR Menu 安全漏洞

PosCube QR Menu is a QR code electronic menu and ordering management system for the catering industry developed by the Turkish company PosCube. The versions of PosCube QR Menu dated back to May 21052026 and earlier contained a security vulnerability. This vulnerability stemmed from an authorizati...

Banana RAT Malware in Fake Invoices Hits Customers at 16 Brazilian Banks

Banana RAT malware hidden in fake invoices and security update screens targets customers at 16 Brazilian banks stealing data with QR fraud...

Malicious code in qr-code-styling-temp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 004a5cc51cc0e38448c56189fb4437ad113eec163f7ae1a7692b88d6aed71182 The package's install lifecycle script node index.js and its main entry both load lib/core.js, which reads os.userInfo.username, os.hostname, and the...

MAL-2026-4655 Malicious code in qr-code-styling-temp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 004a5cc51cc0e38448c56189fb4437ad113eec163f7ae1a7692b88d6aed71182 The package's install lifecycle script node index.js and its main entry both load lib/core.js, which reads os.userInfo.username, os.hostname, and the...

Scammers Send Physical Phishing Letters to Steal Ledger Wallet Seed Phrases

Scammers are mailing fake Ledger phishing letters to users in Italy with QR codes that trick crypto wallet users into revealing seed phrases...

MISP modules 信任管理问题漏洞

MISP modules are scalable threat intelligence platform modules developed under the open-source MISP Project. They support import, export, expansion, and automated workflows. Prior to version 3.0.7, there were vulnerabilities related to trust management in MISP modules. These vulnerabilities stemm...