82 matches found
CVE-2025-34133 Wimi Teamwork < v7.38.17 CSRF
Wimi Teamwork versions prior to 7.38.17 contains a cross-site request forgery CSRF vulnerability in its API. The API accepts any authenticated request that contains a JSON field named 'csrftoken' without validating the field’s value; only the presence of the field is checked. An attacker can craf...
CVE-2025-34133
Wimi Teamwork
Wimi Teamwork 安全漏洞
Wimi Teamwork is a team collaboration cloud platform from Wimi USA. A security vulnerability exists in Wimi Teamwork versions prior to 7.38.17 that stems from the API not validating the csrftoken field value, which could lead to a cross-site request forgery attack...
PT-2025-43971
Name of the Vulnerable Software and Affected Versions Wimi Teamwork versions prior to 7.38.17 Description The software contains a cross-site request forgery CSRF issue in its API. The API accepts authenticated requests containing a JSON field named csrf token without validating its value, only...
EUVD-2017-6329
Malware in sbrugna...
EUVD-2005-4409
Malware in sbrugna...
EUVD-2017-6328
Malware in sbrugna...
EUVD-2017-6327
Malware in sbrugna...
EUVD-2023-44239
Malicious code in bioql PyPI...
EUVD-2023-44238
Malicious code in bioql PyPI...
Cultivating Growth and Development at Rapid7
At Rapid7, we’re pushing the boundaries on what a cybersecurity company can be as we work to build a more secure digital future. In a field where the threat landscape continues to evolve, continuous learning and the development of our people becomes an engine for company success and innovation...
CVE-2023-3589
A Cross-Site Request Forgery CSRF vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server...
CVE-2023-3588
A stored Cross-site Scripting XSS vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x allows an attacker to execute arbitrary script code...
Ghosted by a cybercriminal
Welcome to this week's edition of the Threat Source newsletter. Talos recently published research into how threat actors are increasingly teaming up across the attack chain. Each group handles a slice of the operation, passing the breach along like a relay baton. It's a concerning trend -- one th...
CVE-2005-4414
Unspecified vulnerability in Teamwork 3 before alpha 1.7 has unknown impact and attack vectors, related to "a menu security bug."...
"There is no business school class that would ever sit down and design Talos"
As part of the celebrations of Cisco Talos turning 10, wed like to take you back to where it all began: How we formed our mission of protecting our customers and making the internet suck a bit less, an insight into our culture, and how we came to work with some of the most talented human beings o...
Collaborative Scheduling: Enhancing Team Coordination With Open-Source Tools
By Uzair Amir In the rapidly evolving work environment of today, collaborative scheduling stands out as a foundational pillar for effective… This is a post from HackRead.com Read the original post: Collaborative Scheduling: Enhancing Team Coordination With Open-Source Tools...
CVE-2023-3589
A Cross-Site Request Forgery CSRF vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server...
CVE-2023-3589
A Cross-Site Request Forgery CSRF vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server...
Cross site request forgery (csrf)
A Cross-Site Request Forgery CSRF vulnerability affecting Teamwork Cloud from No Magic Release 2021x through No Magic Release 2022x could allow with some very specific conditions an attacker to send a specifically crafted query to the server...