EUVD-2021-10983

Malware in sbrugna...

EUVD-2025-15882

Malicious code in bioql PyPI...

GHSA-QRGF-9GPC-VRXW Bypass of CSRF protection in the presence of predictable userInfo

Description The CSRF protection enforced by the @fastify/csrf-protection library in combination with @fastify/cookie can be bypassed from network and same-site attackers under certain conditions. @fastify/csrf-protection supports an optional userInfo parameter that binds the CSRF token to the use...

HashCheck - Tool To Assist In The Search For Leaked Passwords

This project aims to assist in the search for leaked passwords while maintaining a high level of privacy using the k-anonymity method. To achieve this, the APIs of different services are used, sending only a part of the Hash of the password we want to check, for example, the first 5 characters...

CVE-2021-20588

CVE-2021-20588 concerns an improper handling of length parameter inconsistency in Mitsubishi Electric FA Engineering Software. A remote, unauthenticated attacker can cause a DoS on affected software by spoofing MELSEC, GOT or FREQROL and returning crafted replies; exploitation may potentially lea...

CVE-2019-2620

Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Privileges. Supported versions that are affected are 8.0.15 and prior. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server...

ownCloud 10.3.0 stable - Cross-Site Request Forgery Vulnerability

Exploit for linux platform in category web applications Exploit Title: ownCloud 10.3.0 stable - Cross-Site Request Forgery Exploit Author: Ozer Goker Vendor Homepage: https://owncloud.org Software Link: https://owncloud.org/download/ Version: 10.3 CVE: N/A Introduction Your personal cloud...

CVE-2018-20954

The "Security and Privacy" Encryption feature in Mailpile before 1.0.0rc4 does not exclude disabled, revoked, and expired keys...

Apple Safari - User-Assisted Applescript Exec Attack (Metasploit)

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Safari User-Assisted Applescript Exec Attack', 'Description' = %q In versions of Mac OS X before 10.11.1, the applescript:// URL...

Safari User-Assisted Applescript Exec Attack

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Safari User-Assisted Applescript Exec Attack', 'Description' = %q In versions of Mac OS X before 10.11.1, the applescript:// URL...

Safari User-Assisted Applescript Exec Attack

In versions of Mac OS X before 10.11.1, the applescript:// URL scheme is provided, which opens the provided script in the Applescript Editor. Pressing cmd-R in the Editor executes the code without any additional confirmation from the user. By getting the user to press cmd-R in Safari, and by...

Chaos Communication Congress

Berlin, Germany One of the security world’s most venerable conferences, the Chaos Communications Congress CCC is an annual gathering for hackers sponsored by the Chaos Computer Club. First held in 1984, the event now draws thousands of hackers, intellectuals, academics and Utopians to snowy Berli...

CVE-2025-53387

CVE-2025-53387 entry is rejected/not used per the initial description.