EUVD-2018-1092

Malware in sbrugna...

EUVD-2025-10934

Malicious code in bioql PyPI...

CVE-2025-54132 Cursor's Mermaid Diagram Tool is Vulnerable to an Arbitrary Image Fetch

Cursor is a code editor built for programming with AI. In versions below 1.3, Mermaid which is used to render diagrams allows embedding images which then get rendered by Cursor in the chat box. An attacker can use this to exfiltrate sensitive information to a third-party attacker controlled serve...

CVE-2024-25650

Insecure key exchange between Delinea PAM Secret Server 11.4 and the Distributed Engine 8.4.3 allows a PAM administrator to obtain the Symmetric Key used to encrypt RabbitMQ messages via crafted payloads to the /pre-authenticate, /authenticate, and /execute-and-respond REST API endpoints. This...

USN-7447-1: Yelp vulnerability

It was discovered that Yelp incorrectly handled paths in ghelp URLs. A remote attacker could use this issue to trick users into opening malicious downloaded help files and exfiltrate sensitive information...

CVE-2025-3578

A malicious, authenticated user in Aidex, versions prior to 1.7, could list credentials of other users, create or modify existing users in the application, list credentials of users in production or development environments. In addition, it would be possible to cause bugs that would result in the...

CVE-2025-3578

The CVE-2025-3578 vulnerability in Aidex affects versions prior to 1.7 and can be exploited by an authenticated user to list credentials of other users, create or modify users, and disclose sensitive information from production/development environments. It enables exfiltration of details about th...

CVE-2025-31117 OpenEMR Out-of-Band Server-Side Request Forgery (OOB SSRF) Vulnerability

OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery OOB SSRF vulnerability was identified in OpenEMR, allowing an attacker to force the server to make unauthorized requests to external or internal...

CVE-2025-31117

OpenEMR — CVE-2025-31117 — is an Out-of-Band Server-Side Request Forgery (OOB SSRF) in OpenEMR that can force the server to make unauthorized requests to external or internal resources. The attack can be executed via DNS or HTTP interactions and is described as not returning a direct response, wi...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 : LibreOffice vulnerabilities (USN-7228-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7228-1 advisory. Thomas Rinsma discovered that LibreOffice incorrectly handled paths when processing embedded font files. If a user or...

Python-Based NodeStealer Version Targets Facebook Ads Manager

In this blog entry, Trend Micro’s Managed XDR team discuss their investigation into how the latest variant of NodeStealer is delivered through spear-phishing attacks, potentially leading to malware execution, data theft, and the exfiltration of sensitive information via Telegram...

Design/Logic Flaw

XMPie uStore 12.3.7244.0 allows for administrators to generate reports based on raw SQL queries. Since the application ships with default administrative credentials, an attacker may authenticate into the application and exfiltrate sensitive information from the database...