Friday Squid Blogging: Increased Squid Population in the Falklands

Some good news: squid stocks seem to be recovering in the waters off the Falkland Islands. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

CISOs in a Pinch: A Security Analysis of OpenClaw

Learn how Claude Code Security set Cybersecurity stocks on fire...

Claude Code Security set the Cybersecurity Stocks on Fire - Here's the Signal in the Smoke

Learn how Claude Code Security set Cybersecurity stocks on fire...

EUVD-2023-37641

Malicious code in bioql PyPI...

Malicious code in pro-stocks-widget (npm)

The package communicates with a domain associated with malicious activity...

MAL-2025-6120 Malicious code in pro-stocks-widget (npm)

The package communicates with a domain associated with malicious activity...

CVE-2024-11690

The Financial Stocks & Crypto Market Data Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'e' parameter in all versions up to, and including, 1.10.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

CVE-2023-33478

RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php...

WordPress Financial Stocks & Crypto Market Data Plugin plugin <= 1.10.3 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by vgo0 in WordPress Plugin Financial Stocks & Crypto Market Data Plugin versions = 1.10.3...

CVE-2024-11690

The Financial Stocks & Crypto Market Data Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'e' parameter in all versions up to, and including, 1.10.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

CVE-2024-11690 Financial Stocks & Crypto Market Data Plugin <= 1.10.3 - Reflected Cross-Site Scripting

The Financial Stocks & Crypto Market Data Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'e' parameter in all versions up to, and including, 1.10.3 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers...

WordPress plugin Financial Stocks & Crypto Market Data Plugin 跨站脚本漏洞

WordPress and the WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exist...

CVE-2023-33478

RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php...

CVE-2023-33478

RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php...

CVE-2023-33478

RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php...

CVE-2023-33478

RemoteClinic 2.0 has a SQL injection vulnerability in the ID parameter of /medicines/stocks.php...

CVE-2023-33478

RemoteClinic 2.0 is affected by a SQL injection in the ID parameter of /medicines/stocks.php. The vulnerability is documented across multiple sources (NVD/Red Hat/CVE entries) with CVSS v3.1 base score 9.8 (CRITICAL) and an attack vector of NETWORK, requiring no privileges or user interaction. Th...

Saad Irfan RemoteClinic Security Vulnerability

Saad Irfan RemoteClinic is a Saad Irfan open source application. It provides the ability to remotely manage your clinic via the Web. A security vulnerability exists in RemoteClinic version 2.0, which stems from a SQL injection vulnerability in the parameter ID of the file /medices/stocks.php...

PT-2023-24353 · Unknown · Remote Clinic

Name of the Vulnerable Software and Affected Versions: RemoteClinic version 2.0 Description: The issue is related to a SQL injection vulnerability. This vulnerability is located in the ID parameter of the "/medicines/stocks.php" API endpoint. Recommendations: For RemoteClinic version 2.0, avoid...

wine-stocks.com Cross Site Scripting vulnerability OBB-3262105

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...