30 matches found
EUVD-2023-41421
Malicious code in bioql PyPI...
EUVD-2023-41422
Malicious code in bioql PyPI...
CVE-2023-37535
Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters...
CVE-2023-37535
Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters...
CVE-2023-37535
Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters...
CVE-2023-37535 HCL Domino Volt and Domino Leap are affected by a Cross-site scripting (XSS) vulnerability
Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters...
CVE-2023-37535
CVE-2023-37535 affects HCL Domino Volt and Domino Leap. The root cause is an insufficient URI protocol whitelist that enables script injection via query parameters. Documented impact includes potential cross-site scripting through parameter handling; exploitation status is not detailed in the pro...
CVE-2023-37535 HCL Domino Volt and Domino Leap are affected by a Cross-site scripting (XSS) vulnerability
Insufficient URI protocol whitelist in HCL Domino Volt and Domino Leap allow script injection through query parameters...
PT-2025-18334 · Hcl · Domino Leap +1
Name of the Vulnerable Software and Affected Versions: HCL Domino Volt and Domino Leap affected versions not specified Description: The issue is related to an insufficient URI protocol whitelist, which allows script injection through query parameters. This can potentially lead to security breache...
CVE-2023-37534
Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters...
CVE-2023-37534
Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters...
CVE-2023-37534 HCL Leap is affected by a Cross-site scripting (XSS) vulnerability
Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters...
CVE-2023-37534
CVE-2023-37534 affects HCL Leap: insufficient URI protocol whitelist allows script injection via query parameters in the web app. Reported severity varies by source (NVD: CVSS v3.1 base 6.1; CNA data shows higher impact on integrity). Affected component is the HCL Leap URI handling logic; exploit...
CVE-2023-37534 HCL Leap is affected by a Cross-site scripting (XSS) vulnerability
Insufficient URI protocol whitelist in HCL Leap allows script injection through query parameters...
PT-2025-17842 · Hcl · Hcl Leap
Name of the Vulnerable Software and Affected Versions: HCL Leap affected versions not specified Description: The issue is related to an insufficient URI protocol whitelist, which allows script injection through query parameters. Recommendations: At the moment, there is no information about a newe...
New Attack Alert: Freeze[.]rs Injector Weaponized for XWorm Malware Attacks
Malicious actors are using a legitimate Rust-based injector called Freeze.rs to deploy a commodity malware called XWorm in victim environments. The novel attack chain, detected by Fortinet FortiGuard Labs on July 13, 2023, is initiated via a phishing email containing a booby-trapped PDF file. It...
Hackers Abusing Windows Search Feature to Install Remote Access Trojans
A legitimate Windows search feature is being exploited by unknown malicious actors to download arbitrary payloads from remote servers and compromise targeted systems with remote access trojans such as AsyncRAT and Remcos RAT. The novel attack technique, per Trellix, takes advantage of the...
Beyond File Search: A Novel Method
Beyond File Search: A Novel Method for Exploiting the "search-ms" URI Protocol Handler By Mathanraj Thangaraju and Sijo Jacob · July 26, 2023 Threat Summary In the ever-evolving landscape of cyber threats, malware authors continuously explore new avenues to exploit unsuspecting users. The Windows...
Countering Follina Attack (CVE- 2022-30190) with Trellix Network Security Platform’s Advanced Detection Features
Countering Follina Attack CVE- 2022-30190 with Trellix Network Security Platform’s Advanced Detection Features By Trellix · July 19, 2022 This blog was also written by Chintan Shah Executive summary During the end of May 2022, independent security researcher reported a vulnerability assigned...
CVE-2019-6453
mIRC before 7.55 allows remote command execution by using argument injection through custom URI protocol handlers. The attacker can specify an irc:// URI that loads an arbitrary .ini file from a UNC share pathname. Exploitation depends on browser-specific URI handling Chrome is not exploitable...