PT-2026-39296

Name of the Vulnerable Software and Affected Versions grav-plugin-admin versions prior to 1.10.49.5 Description The application fails to properly validate and sanitize user input in the dataheadertitle parameter. This allows attackers to craft a malicious URL containing a Cross-Site Scripting XSS...

Fake TikTok Downloaders on Chrome and Edge Spying on 130,000 Users

Over 130,000 users are at risk from fake TikTok downloader extensions on Chrome and Microsoft Edge. Researchers discovered these malicious tools use device fingerprinting to spy on users and steal sensitive browser data...

EUVD-2018-14279

Malware in sbrugna...

EUVD-2019-11339

Malware in sbrugna...

EUVD-2019-13053

Malware in sbrugna...

EUVD-2020-4164

Malware in sbrugna...

EUVD-2020-27311

Malware in sbrugna...

EUVD-2022-1128

Malicious code in bioql PyPI...

EUVD-2022-44475

Malicious code in bioql PyPI...

EUVD-2024-0617

Malicious code in bioql PyPI...

EUVD-2024-0025

Malicious code in bioql PyPI...

EUVD-2024-53893

Malicious code in bioql PyPI...

EUVD-2025-18487

Malicious code in bioql PyPI...

EUVD-2025-6934

Malicious code in bioql PyPI...

EUVD-2025-7077

Malicious code in bioql PyPI...

EUVD-2025-6968

Malicious code in bioql PyPI...

CVE-2025-54593

FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.1 and below, an authenticated administrator user can execute arbitrary code on the FreshRSS server by modifying the update URL to one they control, and gain code execution after running an update. After successfully executing code...

CVE-2025-40730

HTML injection in Vox Media's Chorus CMS. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the 'q' parameter in '/search'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to...

CVE-2025-40730

The CVE-2025-40730 entry concerns HTML injection in Vox Media’s Chorus CMS. The vulnerability arises from an injection in the /search?q parameter, allowing an attacker to execute JavaScript in a victim’s browser and potentially steal session cookies or perform actions on behalf of the user. Affec...

PT-2025-31063 · Vox Media · Horus Cms

Name of the Vulnerable Software and Affected Versions: Vox Media Chorus CMS affected versions not specified Description: An HTML injection issue exists in Vox Media’s Chorus CMS. An attacker can execute JavaScript code in a victim’s browser by sending a malicious URL utilizing the q parameter in...