50 matches found
CVE-2026-46401 HAX CMS PHP has Insufficient Session Expiration
HAX CMS helps manage microsite universe with PHP or NodeJs backends. Versions prior to 26.0.0 suffer from an improper session termination vulnerability where authentication tokens remain valid after user logout. This allows attackers who obtain valid tokens to maintain persistent access to...
CVE-2026-43893 exiftool-vendored: Argument injection via newline characters in tag names
exiftool-vendored provides cross-platform Node.js access to ExifTool. Prior to 35.19.0, exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments...
exiftool-vendored ๅๆฐๆณจๅ ฅๆผๆด
exiftool-vendored is a cross-platform image metadata reading and writing tool developed by PhotoStructure. Versions of exiftool-vendored prior to 35.19.0 had a parameter injection vulnerability. This vulnerability occurred when ExifTool was executed in the โ-stayopen True -โ mode, where strings...
PT-2026-38253
Name of the Vulnerable Software and Affected Versions Nitro versions prior to 2.13.4 Nitro versions prior to 3.0.260429-beta Description An attacker can bypass proxy route rules by sending percent-encoded path traversal sequences ..%2f in the URL. This occurs when Nitro treats these characters as...
exiftool-vendored vulnerable to argument injection via newline characters in tag names
Impact exiftool-vendored starts ExifTool in -stayopen True -@ - mode, where arguments are read from stdin one per line. In affected versions, several caller-supplied strings were interpolated into ExifTool arguments without rejecting line delimiters. A newline or carriage return inside one of tho...
PT-2026-37303
Name of the Vulnerable Software and Affected Versions exiftool-vendored versions prior to 35.19.0 Description Certain strings provided by the caller are interpolated into ExifTool arguments without rejecting line delimiters. A newline or carriage return within these strings can split a single...
Linux Distros Unpatched Vulnerability : CVE-2025-65430
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in allauth-django before 65.13.0. IdP: marking a user as isactive=False after having handed tokens for that user while the account was...
PT-2025-48348
๐ ๐๐๐ญ๐๐ฌ๐ญ ๐๐๐ ๐๐ซ๐๐๐ค๐๐จ๐ฐ๐ง ๐๐ฏ๐๐ข๐ฅ๐๐๐ฅ๐ ๐ง๐จ๐ฐ! Oracle CVE-2024-21854 is under active attack even after being patched. Learn why patch delays are dangerous and how to stay secure. ๐ Explore the write-up โ https://t.co/YSCfFvYLPP Join the discussion and tell us what you think!...
EUVD-2025-14208
Malicious code in bioql PyPI...
Malicious code in react-stay-scrolled-examples (npm)
The package react-stay-scrolled-examples was found to contain malicious code...
MAL-2025-31856 Malicious code in react-stay-scrolled-examples (npm)
The package react-stay-scrolled-examples was found to contain malicious code...
iOS Workspace App 2501.10 - How to Fix Login Hang at "Stay Signed In" Prompt
Users of the Citrix Workspace app on iOS devices may experience a hang or freeze at the "Stay Signed In" prompt after adding their Citrix Cloud workspace URL. The app becomes unresponsive, preventing users from selecting either "Allow" or "Deny."...
Spotify, Audible, and Amazon used to push dodgy forex trading sites and more
Spotify and Amazon services have been flooded with bogus listings that push dubious "forex trading" sites, Telegram channels, and suspicious links claiming to offer pirated software according to our friends over at BleepingComputer. Cybercriminals are abusing the options to inject keywords and...
PT-2024-40005 ยท Unknown ยท Uptime Kuma
Name of the Vulnerable Software and Affected Versions: Uptime Kuma affected versions not specified Description: The issue allows access to the platform despite authentication being enabled, as previously logged-in sessions remain valid. The expected behavior is that all previously connected...
WordPress plugin Traffic Manager security vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
Beware malware posing as beta versions of legitimate apps, warns FBI
The FBI has issued a warning that cybercriminals are embedding malicious code in mobile beta-testing apps in attempts to defraud potential victims. The victims are typically contacted on dating sites and social media, and in some cases they are promised incentives such as large financial payouts...
Google Android ไปฃ็ ้ฎ้ขๆผๆด
Google Android is a Linux-based open source operating system from Google. A security vulnerability exists in Google Android. No information about this vulnerability is available at this time, please stay tuned to CNNVD or the vendor's announcement...
Monthly Threat Webinar Series in 2023: What to Expect
Stay informed and stay ahead...
Google Pixel ๅฎๅ จๆผๆด
Google Pixel is a smartphone from the American company Google Google. Google Pixel has a security vulnerability. No information about this vulnerability is available at this time, so stay tuned to CNNVD or the manufacturer's announcement...
Google Pixel ่ทฏๅพ้ๅๆผๆด
Google Pixel is a smartphone from the American company Google Google. Google Pixel has a security vulnerability. No information about this vulnerability is available at this time, so stay tuned to CNNVD or the manufacturer's announcement...