EUVD-2020-6378

Malware in sbrugna...

EUVD-2024-48781

Malicious code in bioql PyPI...

EUVD-2024-2827

Malicious code in bioql PyPI...

EUVD-2025-7086

Malicious code in bioql PyPI...

Hackers Use Facebook Ads to Spread JSCEAL Malware via Fake Cryptocurrency Trading Apps

Cybersecurity researchers are calling attention to an ongoing campaign that distributes fake cryptocurrency trading apps to deploy a compiled V8 JavaScript JSC malware called JSCEAL that can capture data such as credentials and wallets. The activity leverages thousands of malicious advertisements...

CVE-2024-41572

Learning with Texts LWT 2.0.3 is vulnerable to Cross Site Scripting XSS. The application has a specific function that does not filter special characters in URL parameters. Remote attackers can inject JavaScript code without authorization. Exploiting this vulnerability, attackers can steal user...

CVE-2024-10812

An open redirect vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs when a user is redirected to a URL specified by user-controlled input in the 'file' parameter without proper validation or sanitization. This can be exploited by attackers to conduct phishing...

CVE-2024-10812

CVE-2024-10812 affects binary-husky/gpt_academic (v3.83) with an open redirect via the file parameter. The Nuclei template for GPT Academic v1.3.9 confirms the issue arises from user-controlled input that redirects to attacker-controlled URLs, enabling phishing, malware distribution, and credenti...

CVE-2024-10812 Open Redirect in binary-husky/gpt_academic

An open redirect vulnerability exists in binary-husky/gptacademic version 3.83. The vulnerability occurs when a user is redirected to a URL specified by user-controlled input in the 'file' parameter without proper validation or sanitization. This can be exploited by attackers to conduct phishing...

CVE-2024-28112 Cross site scripting on router page in Peering Manager

Peering Manager is a BGP session management tool. Affected versions of Peering Manager are subject to a potential stored Cross-Site Scripting XSS attack in the name attribute of AS or Platform. The XSS triggers on a routers detail page. Adversaries are able to execute arbitrary JavaScript code wi...

CVE-2022-26491

An issue was discovered in Pidgin before 2.14.9. A remote attacker who can spoof DNS responses can redirect a client connection to a malicious server. The client will perform TLS certificate verification of the malicious domain name instead of the original XMPP service domain, allowing the attack...

CVE-2021-45813

SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting XSS vulnerability. The attacker can steal the user's session by injecting malicious JavaScript codes which leads to Session Hijacking and cause user's credentials theft...

CVE-2021-45813

SLICAN WebCTI 1.01 2015 is affected by a Cross Site Scripting XSS vulnerability. The attacker can steal the user's session by injecting malicious JavaScript codes which leads to Session Hijacking and cause user's credentials theft...

CVE-2021-37401

An attacker may obtain the user credentials from file servers, backup repositories, or ZLD files saved in SD cards. As a result, the PLC user program may be uploaded, altered, and/or downloaded...

SharkBot Android banking Trojan cleans users out

Researchers have discovered and analyzed a new Android banking Trojan that allows attackers to steal sensitive banking information such as user credentials, personal information, current balance, and even to perform gestures on the infected device. According to the researchers, SharkBot...

Gris CMS Cross-Site Scripting Vulnerability

Gris CMS is a flat file CMS for developers and Markdown enthusiasts. A cross-site scripting vulnerability exists in Gris CMS v0.1, which stems from a lack of proper validation of client data in the web application, and can be exploited by an attacker to inject malicious JavaScript code to steal...

CVE-2020-27781

User credentials can be manipulated and stolen by Native CephFS consumers of OpenStack Manila, resulting in potential privilege escalation. An Open Stack Manila user can request access to a share to an arbitrary cephx user, including existing users. The access key is retrieved via the interface...

Ignite Realtime Openfire Cross-Site Scripting Vulnerability (CNVD-2021-09925)

Ignite Realtime Openfire is a real-time collaboration RTC server licensed under the open source Apache license. Ignite Realtime Openfire 4.6.0 suffers from a create-bookmark.jsp groupchatJID stored cross-site scripting vulnerability. An attacker can exploit this vulnerability to steal sensitive...

Phishing Attack Leads to Phony Google, Compromised Red Cross Sites

An apparent phishing scam involving fake Google and Red Cross websites is making the rounds according to security firm Sophos, which intercepted a spammy e-mail this morning that tries to send unsuspecting users to less than genuine versions of those sites. An email with the subject line, “Re:...

New Version of Flashback Mac Trojan Found Using Java Exploits

A new version of the Flashback Trojan that targets Macs has appeared, and this one uses a drive-by download technique to attempt exploits of two Java vulnerabilities. The Flashback.G malware also tries to trick users into accepting a fake digital certificate, which will install the malware if the...