46 matches found
CVE-2025-24360
CVE-2025-24360 affects the Nuxt framework (Vue.js) prior to v3.15.3, with v3.8.1–v3.15.3 vulnerable due to default CORS settings that allow any origin to send requests to the development server and read responses. Several sources corroborate that, when using the Vite builder with the default serv...
PYSEC-2024-197
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the...
PYSEC-2024-197
Gradio is an open-source Python package designed for quick prototyping. This vulnerability involves a one-level read path traversal in the /customcomponent endpoint. Attackers can exploit this flaw to access and leak source code from custom Gradio components by manipulating the file path in the...
Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak
Just days after leaking data it claims to have exfiltrated from chipmaker NVIDIA, ransomware group Lapsus$ is claiming another international company among its victims — this time releasing data purportedly stolen from Samsung Electronics. The consumer electronics giant confirmed in a media...
CVE-2021-28805
Inclusion of sensitive information in the source code has been reported to affect certain QNAP switches running QSS. If exploited, this vulnerability allows attackers to read application data. This issue affects: QNAP Systems Inc. QSS versions prior to 1.0.3 build 20210505 on QSW-M2108-2C; versio...
CVE-2021-25764
PhpStorm (JetBrains) before 2020.3 is affected: the issue lets source code be written into debug logs (“Source code could be added to debug logs”). The vulnerability affects PhpStorm’s logging path and can lead to information disclosure via logs. The issue is tracked as CVE-2021-25764. Remediatio...
h1-ctf: [H1-2006 2020] CTF Writeup
Summary: The CTF's objective could be found in the following Twitter post: F858468 As outlined on https://hackerone.com/h1-ctf, all subdomains of bountypay.h1ctf.com are in scope. Doing subdomain enumeration revealed the following subdomains: api.bountypay.h1ctf.com app.bountypay.h1ctf.com...
Shanghai Chuangzheng Information Technology Co., Ltd. website building system has website source code leakage vulnerability
Shanghai Chuangzheng Information Technology Co., Ltd Chuangzheng was founded in 2005, is a national high-tech enterprise. Shanghai Chuangzheng Information Technology Co., Ltd. website building system has a website source code leakage vulnerability, attackers can use the vulnerability to obtain...
CVE-2019-14366
WP SlackSync plugin through 1.8.5 for WordPress leaks a Slack Access Token in source code. An attacker can obtain a lot of information about the victim's Slack channels, members, etc...
Source Code for CARBANAK Banking Malware Found On VirusTotal
Security researchers have discovered the full source code of theCarbanak malware—yes, this time it's for real. Carbanak—sometimes referred as FIN7, Anunak or Cobalt—is one of the most full-featured, dangerous malware that belongs to an APT-style cybercriminal group involved in several attacks...
Snapchat Hack — Hacker Leaked Snapchat Source Code On GitHub
The source code of the popular social media app Snapchat was recently surfaced online after a hacker leaked and posted it on the Microsoft-owned code repository GitHub. A GitHub account under the name Khaled Alshehri with the handle i5xx, who claimed to be from Pakistan, created a GitHub reposito...
A week in security (February 5 – February 11)
Last week on Malwarebytes Labs, we featured a new Flash Player zero-day that has been found in recent targeted attacks. And we talked about a new trick to cripple browsers that came out of the hat of tech support scammers. We also covered several methods of stealing cryptocurrencies, including on...
Modified Versions of Nukebot in Wild Since Source Code Leak
Some opportunistic criminals have put the leaked source code for the Nukebot banking Trojan to use, targeting banks in the United States and France with variants of the malware, while another group has adapted it to steal mail client and browser passwords. The leak was disclosed in early March wh...
GM Bot Banking Malware Source Code Leak
Source code for the potent Android malware GM Bot has been leaked to underground forums, according to IBM security experts. The impact, IBM X-Force threat intelligence says, will be an uptick in GM Bot variants and the number of attacks targeting financial applications on Android-based devices...
FireEye Trojan analysis engine (MAS) 6.4.1 – multiple vulnerabilities-vulnerability warning-the black bar safety net
FireEye Trojan analysis system MAS web login section there are multiple serious vulnerabilities. Multiples Vulnerabilities 3 XSS reflected 1 CSRF 1 NoSQLi Json object 1 PostGreSQL SQLi Exploitable? 1 File and Path Disclosure 1 Source code Info-leak XSS: The Cross-Station 1...
The local file contains(LFI)vulnerability Detection Tool – Kadimus-vulnerability warning-the black bar safety net
Kadimus is for detecting a site local file inclusion(LFI)vulnerability of security tools. Characteristics Detect all URL parameters /var/log/auth. log RCE /proc/self/environ RCE php://input RCE data://text RCE The source code leak detection Multi-thread scanning HTTP command execution vulnerabili...
Rig Exploit Kit Source Code Leaked
A spitting match between developers of the Rig Exploit Kit and one of its resellers resulted in a partial leak of the kit’s source code in a hacker forum. Rig is less than a year old and is spread primarily in malvertising campaigns, pushing Flash, Java and Microsoft Silverlight exploits; some...
Android iBanking Trojan Source Code Leaked Online
Smartphone is the need of everyone today and so the first target of most of the Cyber Criminals. Malware authors are getting to know their market and are changing their way of operations. Since last year we have seen a rise in the number of hackers moving from the Blackhat into the Greyhat. The...
Tomcat 4.0.10 自带Servlet可导致源码泄漏漏洞
No description provided by source...
IPSwitch WS_FTP Server Manager / Whats Up unauthorized access
It's possible to access script files with localhostnull account without password. Scripts source code leak...