PT-2026-39296

Name of the Vulnerable Software and Affected Versions grav-plugin-admin versions prior to 1.10.49.5 Description The application fails to properly validate and sanitize user input in the dataheadertitle parameter. This allows attackers to craft a malicious URL containing a Cross-Site Scripting XSS...

Fake TikTok Downloaders on Chrome and Edge Spying on 130,000 Users

Over 130,000 users are at risk from fake TikTok downloader extensions on Chrome and Microsoft Edge. Researchers discovered these malicious tools use device fingerprinting to spy on users and steal sensitive browser data...

EUVD-2019-13053

Malware in sbrugna...

EUVD-2020-27311

Malware in sbrugna...

EUVD-2018-14279

Malware in sbrugna...

EUVD-2018-6548

Malware in sbrugna...

EUVD-2019-11339

Malware in sbrugna...

EUVD-2020-4164

Malware in sbrugna...

EUVD-2018-0836

Malware in sbrugna...

EUVD-2025-18487

Malicious code in bioql PyPI...

EUVD-2024-0025

Malicious code in bioql PyPI...

EUVD-2024-53893

Malicious code in bioql PyPI...

EUVD-2025-6968

Malicious code in bioql PyPI...

EUVD-2022-1128

Malicious code in bioql PyPI...

EUVD-2022-44475

Malicious code in bioql PyPI...

EUVD-2025-6934

Malicious code in bioql PyPI...

EUVD-2025-7077

Malicious code in bioql PyPI...

EUVD-2024-0617

Malicious code in bioql PyPI...

CVE-2025-54593

FreshRSS is a free, self-hostable RSS aggregator. In versions 1.26.1 and below, an authenticated administrator user can execute arbitrary code on the FreshRSS server by modifying the update URL to one they control, and gain code execution after running an update. After successfully executing code...

CVE-2025-40730

HTML injection in Vox Media's Chorus CMS. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending them a malicious URL using the 'q' parameter in '/search'. This vulnerability can be exploited to steal sensitive user data, such as session cookies, or to...