Lucene search
K

611 matches found

OSV
OSV
added 2025/09/29 9:37 p.m.5 views

CVE-2025-57769 FressRSS: Clickjacking can lead to XSS and/or privilege escalation

FreshRSS is a free, self-hostable RSS aggregator. Versions 1.26.3 and below contain a vulnerability where a specially crafted page can trick a user into executing arbitrary JS code or promoting a user in FreshRSS by obscuring UI elements in iframes. If embedding an authenticated iframe is possibl...

5.3CVSS6.8AI score0.00257EPSS
Exploits1References5
Gitee
Gitee
added 2025/09/06 12:9 p.m.114 views

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

🤝 Show your support - give a ⭐️ if you liked the content | SHARE on Twitter | Follow me on --- 🐱‍💻 ✂️ 🤬 LOG4J Java exploit - WAF and patches bypass tricks 📝 Description CVE-2021-44228 works on: log4j: 2.0 Upper Lookup The UpperLookup converts the passed in argument to upper case. Presumably the...

10CVSS9AI score0.99999EPSS
Exploits356
NVD
NVD
added 2025/08/27 6:15 p.m.3 views

CVE-2025-58197

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in mra13 Simple Download Monitor simple-download-monitor allows Stored XSS.This issue affects Simple Download Monitor: from n/a through = 3.9.34...

6.5CVSS0.00154EPSS
Exploits0References1
OSV
OSV
added 2025/08/14 6:52 p.m.4 views

MAL-2025-37907 Malicious code in updated-tricks-v-bucks-generator-free_2023-bbi7zrezw (npm)

The package updated-tricks-v-bucks-generator-free2023-bbi7zrezw was found to contain malicious code...

7.2AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.5 views

Malicious code in updated-tricks-robux-generator-free_2023-ss1nujjg-pba (npm)

The package updated-tricks-robux-generator-free2023-ss1nujjg-pba was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.5 views

Malicious code in updated-tricks-robux-generator-free_2023-ss1nujjg-ftr (npm)

The package updated-tricks-robux-generator-free2023-ss1nujjg-ftr was found to contain malicious code...

7AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/08/14 6:52 p.m.6 views

Malicious code in updated-tricks-v-bucks-generator-free_2023-08ivy7m1f (npm)

The package updated-tricks-v-bucks-generator-free2023-08ivy7m1f was found to contain malicious code...

7AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.5 views

MAL-2025-37905 Malicious code in updated-tricks-robux-generator-free_2023-ss1nujjg-pba (npm)

The package updated-tricks-robux-generator-free2023-ss1nujjg-pba was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.3 views

MAL-2025-20933 Malicious code in free-codes-fortnite-2023-for-free-updated-tricks (npm)

The package free-codes-fortnite-2023-for-free-updated-tricks was found to contain malicious code...

7.2AI score
Exploits0
OSV
OSV
added 2025/08/14 6:52 p.m.7 views

MAL-2025-37903 Malicious code in updated-tricks-roblox-robux-generator-2023-get-verify_wrhzdu (npm)

The package updated-tricks-roblox-robux-generator-2023-get-verifywrhzdu was found to contain malicious code...

7.2AI score
Exploits0
CVE
CVE
added 2025/08/12 5:18 a.m.22 views

CVE-2025-30027

CVE-2025-30027 affects Axis devices via insufficient input validation in ACAP configuration files, enabling arbitrary code execution. Exploitation requires the device to allow unsigned ACAP apps and a user to install a malicious ACAP application. Impact: high on confidentiality, integrity, and av...

6.7CVSS7.8AI score0.00148EPSS
Exploits0References1Affected Software1
RedHat Linux
RedHat Linux
added 2025/07/23 2:25 p.m.17 views

git: Git does not sanitize URLs when asking for credentials interactively

A flaw was found in Git. This vulnerability occurs when Git requests credentials via a terminal prompt, for example, without the use of a credential helper. During this process, Git displays the host name for which the credentials are needed, but any URL-encoded parts are decoded and displayed...

4.7CVSS7.2AI score0.00643EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2025/05/23 9:10 a.m.5 views

CVE-2024-56279

Server-Side Request Forgery SSRF vulnerability in mra13 Compact WP Audio Player compact-wp-audio-player allows Server Side Request Forgery.This issue affects Compact WP Audio Player: from n/a through = 1.9.14...

6.4CVSS7.2AI score0.00289EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:46 a.m.6 views

CVE-2023-22691

Cross-Site Request Forgery CSRF vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin = v2.1 versions...

8.8CVSS7.1AI score0.00271EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 4:45 a.m.8 views

CVE-2023-22685

Auth. admin+ Stored Cross-Site Scripting XSS vulnerability in Tips and Tricks HQ, Ruhul Amin Category Specific RSS feed Subscription plugin = v2.2 versions...

5.9CVSS5.6AI score0.00369EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 2:10 a.m.7 views

CVE-2023-48286

Missing Authorization vulnerability in mra13 Stripe Payments stripe-payments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Stripe Payments: from n/a through = 2.0.79...

8.2CVSS7.3AI score0.00504EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:52 p.m.6 views

CVE-2022-47163

Cross-Site Request Forgery CSRF vulnerability in Tips and Tricks HQ, josh401 WP CSV to Database – Insert CSV file content into WordPress plugin = 2.6 versions...

7.5CVSS7AI score0.00246EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/03/29 7:28 a.m.26 views

New Android Trojan Crocodilus Abuses Accessibility to Steal Banking and Crypto Credentials

Cybersecurity researchers have discovered a new Android banking malware called Crocodilus that's primarily designed to target users in Spain and Turkey. "Crocodilus enters the scene not as a simple clone, but as a fully-fledged threat from the outset, equipped with modern techniques such as remot...

7.5AI score
Exploits0
HackRead
HackRead
added 2025/03/02 8:30 p.m.5 views

The Rise of QR Phishing: How Scammers Exploit QR Codes and How to Stay Safe

QR phishing is on the rise, tricking users into scanning malicious QR codes. Learn how cybercriminals exploit QR codes and how to protect yourself...

7.3AI score
Exploits0
GoogleProjectZero
GoogleProjectZero
added 2025/01/30 12:0 a.m.11 views

Windows Exploitation Tricks: Trapping Virtual Memory Access (2025 Update)

Posted by James Forshaw, Google Project Zero Back in 2021 I wrote a blog post about various ways you can build a virtual memory access trap primitive on Windows. The goal was to cause a reader or writer of a virtual memory address to halt for a significant e.g. 1 or more seconds amount of time,...

7.5AI score
Exploits0
Rows per page
Query Builder