11 matches found
CVE-2026-39419
MaxKB is an open-source AI assistant for enterprise. In versions 2.7.1 and below, an authenticated user can bypass sandbox result validation and spoof tool execution results by exploiting Python frame introspection to read the wrapper's UUID from its bytecode constants, then writing a forged resu...
Malicious code in mansioda-nodana-munfuuangu (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0473e352e1ba3128d7add54eb35d0cbf3f6d3c2c5a8a048eba210c37931268a9 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in artificial_cow_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fa57c798c98fd2181ddebb74ca7590fb2f33d37d6748a191186727d0aa9c556a This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
Malicious code in mahesa-bakwan39-sluey (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3eb2aaaf54e70933ec27dc1f1f3ff88bd7a7c78bc0abe17181fbde2101cbca79 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
CVE-2024-23277
The issue was addressed with improved checks. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4. An attacker in a privileged network position may be able to inject keystrokes by spoofing a keyboard...
Spoofing
In the Linux kernel, the following vulnerability has been resolved: netfs: Only call foliostartfscache one time for each folio If a network filesystem using netfs implements a clamplength function, it can set subrequest lengths smaller than a page size. When we loop through the folios in...
CVE-2021-29993
Firefox for Android allowed navigations through the intent:// protocol, which could be used to cause crashes and UI spoofs. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 92...
CVE-2021-29993
Firefox for Android allowed navigations through the intent:// protocol, which could be used to cause crashes and UI spoofs. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 92...
CVE-2021-29993
Firefox for Android allowed navigations through the intent:// protocol, which could be used to cause crashes and UI spoofs. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox 92...
Spear-Phishing Attack Spoofs EE To Target Executives
Researchers warn of an ongoing spear-phishing attack mimicking a well-known telecommunications company, EE, to snatch up corporate executives’ credentials and payment details. Highly targeted emails have been sent to a few executives – including one at a leading financial firm – purporting to be...
spoonsports.eu XSS vulnerability
Vulnerable URL: https://www.spoonsports.eu/catalogsearch/result/?q=%3C%2Fscript%3E%3Cimg+src%3Dx+onerror%3Dprompt%28%2FXSSPOSED%2F%29%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 04.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...