EUVD-2022-37791

Malicious code in bioql PyPI...

EUVD-2025-0075

Malicious code in bioql PyPI...

CVE-2023-6181

An oversight in BCB handling of reboot reason that allows for persistent code execution...

CVE-2025-29287

creationtimestamp| type| source ---|---|--- 2025-04-21 15:03:06+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12681 2025-04-21 16:13:55+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lndknt6npa2g 2025-04-21 16:48:34+00:00| seen|...

Suspended Directus user can continue to use session token to access API

Summary Since the user status is not checked when verifying a session token a suspended user can use the token generated in session auth mode to access the API despite their status. Details There is a check missing in verifySessionJWT to verify that a user is actually still active and allowed to...

MetaMask: Missing ^ Line Beginner Leads to Origin Spoofing

The vulnerability was identified in MetaMask's regex-based origin validation for endowments. Due to a missing caret ^ anchor at the beginning of the regex pattern, origin spoofing was possible. This oversight allowed malicious domains to be treated as trusted, bypassing intended security...

CVE-2024-27920

The CVE covers projectdiscovery/nuclei where unsigned code templates could be executed via workflows in Nuclei v3. root cause: oversight in workflow execution that allows executing unsigned templates. Impact: local execution with high severity per listed metrics; effects are mitigation-dependent ...

GHSA-W5WX-6G2R-R78Q Nuclei allows unsigned code template execution through workflows

Overview A significant security oversight was identified in Nuclei v3, involving the execution of unsigned code templates through workflows. This vulnerability specifically affects users utilizing custom workflows, potentially allowing the execution of malicious code on the user's system. This...

IBM QRadar SIEM Cross-Site Scripting Vulnerability (CNVD-2024-01173)

IBM QRadar SIEM is a solution from International Business Machines IBM that utilizes security intelligence to protect assets and information from advanced threats. The solution provides oversight of the entire scope of the IT architecture, generates detailed reports on data access and user...

DOM XSS at index FBD Table

Description I think your website is quite secure. But you overlooked the XSS vulnerability. Proof of Concept 1 .Login with demo account 2 .Access the link https://demo.librenms.org/search/search=fdb and insert the payload test123"alert1alertdocument.cookie 3 .Hit enter, XSS vulnerability detected...

Cynet's MDR Offers Organizations Continuous Security Oversight

Today's cyber attackers are constantly looking for ways to exploit vulnerabilities and infiltrate organizations. To keep up with this evolving threat landscape, security teams must be on the lookout for potential risks around the clock. Since most organizations simply cannot afford to have 24x7...

Smart lighting security

Smart lighting systems create great opportunity for improved efficiency, cost savings and easy management. The long lifespan and low power requirement of LED luminaires and lamps means that it’s worth investing in replacing older fluorescent and incandescent lighting. RJ45 connections delivering...

Twitter temporarily disables 'Tweeting via SMS' after CEO gets hacked

Twitter today finally decided to temporarily disable a feature, called 'Tweeting via SMS,' after it was abused by a hacking group to compromise Twitter CEO Jack Dorsey last week and sent a series of racist and offensive tweets to Dorsey's followers. Dorsey's Twitter account was compromised last...

State Government Online Payment Service Exposes 14M Customers

Details on more than 14 million customer records have been exposed thanks to a security oversight at GovPayNow.com, which as its name implies provides a platform for online payment systems for state and local governments. The company, which according to its website “handles more than 2.1 million...

Totally Pwning the Tapplock Smart Lock

TL;DR – How to open a Tapplock over BLE in under two seconds: Totally Pwning the Tapplock Smart Lock A couple of weekends ago, a YouTuber called JerryRigEverything posted a teardown of a “smart” padlock, called the Tapplock. He discovered that, using a sticky GoPro mount, he could remove the back...

LocalTapiola: Non-secure requests to www.lahitapiola.fi are not automatically upgraded to HTTPS

To reproduce, send a HEAD request to http://www.lahitapiola.fi like so: curl -I http://www.lahitapiola.fi HTTP/1.1 301 Moved Permanently Date: Fri, 19 Aug 2016 22:11:59 GMT Location: http://www.lahitapiola.fi/henkilo Cache-Control: max-age=60 Expires: Fri, 19 Aug 2016 22:12:59 GMT Content-Type:...

Multiple Vulnerabilities Identified in 'Utterly Broken' BHU Routers

Researchers have identified a router so fraught with vulnerabilities and so “utterly broken” that it can be exploited to do pretty much anything. An attacker could bypass its authentication, peruse sensitive information stored in the router’s system logs and even use the device to execute OS...

The Next Security Scandal Will Be An Attack on High Frequency Trading Systems

The U.S. Securities and Exchange Commission voted on Tuesday to impose new rules to help oversee what experts warn is a burgeoning and little understood shadow market of ultra high-speed, computer based trading. But one security expert warns that new reporting rules are only part of the problem...

NASA Computer Networks Have Potentially Catastrophic Security Holes !

NASA's internal computer network is full of holes and is extremely vulnerable to an external cyberattack, an audit by the Office of the Inspector General has found. Even worse, it appears several of the vulnerabilities have been known for months, yet remained unpatched. "Six computer servers...

[Full-Disclosure] BAD NEWS: Microsoft Security Bulletin MS03-032

Since the cat somehow got out of the bag, and more importantly, this is so blatantly obvious, herewith is the "Bad News": The patch for Drew's object data=funky.hta doesn't work: http://www.malware.com/badnews.html script var oPopup = window.createPopup; function showPopup...