611 matches found
CVE-2025-57769 FressRSS: Clickjacking can lead to XSS and/or privilege escalation
FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below contain a vulnerability where a specially crafted page can trick a user into executing arbitrary JS code or promoting a user in FreshRSS by obscuring UI elements in iframes. If embedding an authenticated iframe is possibl...
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
🤝 Show your support - give a ⭐️ if you liked the content | SHARE on Twitter | Follow me on --- 🐱💻 ✂️ 🤬 LOG4J Java exploit - WAF and patches bypass tricks 📝 Description CVE-2021-44228 works on: log4j: 2.0 Upper Lookup The UpperLookup converts the passed in argument to upper case. Presumably the...
CVE-2025-58197
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mra13 Simple Download Monitor simple-download-monitor allows Stored XSS.This issue affects Simple Download Monitor: from n/a through = 3.9.34...
MAL-2025-37907 Malicious code in updated-tricks-v-bucks-generator-free_2023-bbi7zrezw (npm)
The package updated-tricks-v-bucks-generator-free2023-bbi7zrezw was found to contain malicious code...
Malicious code in updated-tricks-robux-generator-free_2023-ss1nujjg-pba (npm)
The package updated-tricks-robux-generator-free2023-ss1nujjg-pba was found to contain malicious code...
Malicious code in updated-tricks-robux-generator-free_2023-ss1nujjg-ftr (npm)
The package updated-tricks-robux-generator-free2023-ss1nujjg-ftr was found to contain malicious code...
Malicious code in updated-tricks-v-bucks-generator-free_2023-08ivy7m1f (npm)
The package updated-tricks-v-bucks-generator-free2023-08ivy7m1f was found to contain malicious code...
MAL-2025-37905 Malicious code in updated-tricks-robux-generator-free_2023-ss1nujjg-pba (npm)
The package updated-tricks-robux-generator-free2023-ss1nujjg-pba was found to contain malicious code...
MAL-2025-20933 Malicious code in free-codes-fortnite-2023-for-free-updated-tricks (npm)
The package free-codes-fortnite-2023-for-free-updated-tricks was found to contain malicious code...
MAL-2025-37903 Malicious code in updated-tricks-roblox-robux-generator-2023-get-verify_wrhzdu (npm)
The package updated-tricks-roblox-robux-generator-2023-get-verifywrhzdu was found to contain malicious code...
CVE-2025-30027
CVE-2025-30027 affects Axis devices via insufficient input validation in ACAP configuration files, enabling arbitrary code execution. Exploitation requires the device to allow unsigned ACAP apps and a user to install a malicious ACAP application. Impact: high on confidentiality, integrity, and av...
git: Git does not sanitize URLs when asking for credentials interactively
A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed...
CVE-2024-56279
Server-Side Request Forgery SSRF vulnerability in mra13 Compact WP Audio Player compact-wp-audio-player allows Server Side Request Forgery.This issue affects Compact WP Audio Player: from n/a through = 1.9.14...
CVE-2023-22691
Cross-Site Request Forgery CSRF vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin = v2.1 versions...
CVE-2023-22685
Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin = v2.2 versions...
CVE-2023-48286
Missing Authorization vulnerability in mra13 Stripe Payments stripe-payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stripe Payments: from n/a through = 2.0.79...
CVE-2022-47163
Cross-Site Request Forgery CSRF vulnerability in Tips and Tricks HQ, josh401 WP CSV to Database – Insert CSV file content into WordPress plugin = 2.6 versions...
New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials
Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that's primarily designed to target users in Spain and Turkey. "Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remot...
The Rise of QR Phishing: How Scammers Exploit QR Codes and How to Stay Safe
QR phishing is on the rise, tricking users into scanning malicious QR codes. Learn how cybercriminals exploit QR codes and how to protect yourself...
Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update)
Posted by James Forshaw, Google Project Zero Back in 2021 I wrote a blog post about various ways you can build a virtual memory access trap primitive on Windows. The goal was to cause a reader or writer of a virtual memory address to halt for a significant e.g. 1 or more seconds amount of time,...