CVE-2026-6624 BichitroGan ISP Billing Software Pool List add cross site scripting

A weakness has been identified in BichitroGan ISP Billing Software 2025.3.20. Affected is an unknown function of the file /?\route=pool/add of the component Pool List Interface. Executing a manipulation can lead to cross site scripting. The attack may be performed from remote. The exploit has bee...

CVE-2026-6624

The CVE concerns BichitroGan ISP Billing Software 2025.3.20. Affected component: the Pool List Interface function at /?_route=pool/add, where input manipulation can lead to cross-site scripting. The exploit is described as remote and publicly available, with the vendor contacted but no response. ...

CVE-2026-6623

CVE-2026-6623 affects BichitroGan ISP Billing Software 2025.3.20. The issue is a cross-site scripting vulnerability in the Profile Page Handler, triggered by manipulating the file path /?_route=settings/users-view/. The attack could be carried out remotely, with the CVSS indicating network access...

CVE-2026-6623 BichitroGan ISP Billing Software Profile users-view cross site scripting

A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /?route=settings/users-view/ of the component Profile Page Handler. Performing a manipulation results in cross site scripting. The attack is possible to be carried out...

CVE-2026-6623 BichitroGan ISP Billing Software Profile users-view cross site scripting

A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /?route=settings/users-view/ of the component Profile Page Handler. Performing a manipulation results in cross site scripting. The attack is possible to be carried out...

CVE-2026-6622 BichitroGan ISP Billing Software Customer edit cross site scripting

A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /?\route=customers/edit/ of the component Customer Handler. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly...

CVE-2026-6622

A vulnerability was identified in BichitroGan ISP Billing Software 2025.3.20. This affects an unknown function of the file /?\route=customers/edit/ of the component Customer Handler. Such manipulation leads to cross site scripting. The attack can be executed remotely. The exploit is publicly...

CVE-2026-6622

CVE-2026-6622 affects BichitroGan ISP Billing Software 2025.3.20. The vulnerability is in the Customer Handler ’s function handling the path/?_route=customers/edit/, where manipulation can lead to a cross-site scripting (XSS) condition. It is exploitable remotely and an exploit is publicly availa...

Malicious code in leavemealone (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5628eb1d01e8eb7de8a582cd9ea85dff68eafde06f4e1164ae92842354db0bf7 During building the package, it executes encrypted code. The content is unclear as the decryption key bases on the local environment variable. Given leaving a...

CVE-2026-6613

A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function deleteagent/stopschedule/getscheduledata of the file superagi/controllers/agent.py. The manipulation of the argument agentid leads to authorization bypass. The attack is possible to be carried out...

A week in security (April 13 – April 19)

Last week on Malwarebytes Labs: This old-school scam is still working "Your shipment has arrived" email hides remote access software Browser Guard gets even better with Access Control "iCloud storage is full" scam is back, and now it wants your payment details A fake Slack download is giving...

SKYSEA Client View and SKYMEC IT Manager improper file access permission settings

Overview SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. are Enterprise IT Asset Management Tools. SKYSEA Client View and SKYMEC IT Manager contain the following vulnerability. Incorrect default permissions in the installation folder CWE-276 - CVE-2026-39454 Takashi Matsumoto of...

GFI HelpDesk 安全漏洞

GFI HelpDesk is an open-source service request and ticket management system for enterprise IT support processes developed by GFI. Versions of GFI HelpDesk prior to 4.99.9 contained security vulnerabilities. These vulnerabilities stemmed from insufficient cleaning of the charset POST parameter in...

BichitroGan ISP Billing Software 安全漏洞

BichitroGan ISP Billing Software is an internet service provider billing and customer management system developed by BichitroGan Company in Bangladesh. The version 2025.3.20 of BichitroGan ISP Billing Software contains a security vulnerability. This vulnerability arises from improper handling of...

BichitroGan ISP Billing Software 安全漏洞

BichitroGan ISP Billing Software is an internet service provider billing and customer management system developed by BichitroGan Company in Bangladesh. The version 2025.3.20 of BichitroGan ISP Billing Software contains a security vulnerability. This vulnerability arises from improper handling of...

DeepCool DeepCreative 安全漏洞

DeepCool DeepCreative is a creative design and control software platform for the hardware ecosystem developed by DeepCool Corporation in China. Versions of DeepCool DeepCreative prior to 1.2.7 contained security vulnerabilities. These vulnerabilities were caused by improper permission settings,...

Silex SD-330AC和Silex AMC Manager 安全漏洞

Silex SD-330AC and Silex AMC Manager are both products of the Japanese company Silex. Silex SD-330AC is a device server that provides wireless network connectivity and the ability to share with USB devices. Silex AMC Manager is a management software used for centralized management of device serve...

PT-2026-33780

A vulnerability was identified in Z-BlogPHP 1.7.5. This affects the function App::UnPack of the file /zb users/plugin/AppCentre/app upload.php of the component ZBA File Handler. The manipulation leads to unrestricted upload. The attack may be initiated remotely. The exploit is publicly available...

Weaponizing the Commons: A Taxonomy and Detection Framework of Abuse on GitHub

GitHub plays a critical role in modern software supply chains, making its security an important research concern. Existing studies have primarily focused on CI/CD automation, collaboration patterns, and community management, while abuse behaviors on GitHub have received little systematic...

PT-2026-33744

A security flaw has been discovered in BichitroGan ISP Billing Software 2025.3.20. This impacts an unknown function of the file /? route=settings/users-view/ of the component Profile Page Handler. Performing a manipulation results in cross site scripting. The attack is possible to be carried out...