48 matches found
EUVD-2020-27313
Malware in sbrugna...
EUVD-2024-1894
Malicious code in bioql PyPI...
GHSA-VHGQ-R8GX-5FPV Ibexa Admin UI assets XSS vulnerabilities in back office
Impact This security advisory is a part of IBEXA-SA-2025-003, which resolves XSS vulnerabilities in several parts of the back office of Ibexa DXP. Back office access and varying levels of editing and management permissions are required to exploit these vulnerabilities. This typically means Editor...
PT-2025-13894
Name of the Vulnerable Software and Affected Versions macOS versions prior to 15.4 Description The issue allows an app to potentially access protected user data due to inadequate checks. This has been addressed with improved checks. Recommendations For versions prior to 15.4, update to macOS...
How Garmin watches reveal your personal data, and what you can do
TL;DR A walk-through of obtaining sensitive data from a Garmin watch using forensic techniques How digital forensics on a Garmin watch helped solve a double murder case A comparison of Garmin's privacy with other brands including Fitbit, Apple, and Samsung Understand the security and privacy...
CVE-2024-50349
Git is a fast, scalable, distributed revision control system with an unusually rich command set that provides both high-level operations and full access to internals. When Git asks for credentials via a terminal prompt i.e. without using any credential helper, it prints out the host name for whic...
“Simply staggering” surveillance conducted by social media and streaming services, FTC finds
The US Federal Trade Commission FTC released a report that examines the data collection and use practices of major social media and video streaming services, finding that—and this will not come as a surprise to our regular readers—the companies engaged in vast surveillance of consumers in order t...
Polyfill Library Injected with Malware Impacting 100,000 Websites
A trusted JavaScript library, Polyfill.io, became a malware delivery system. Security experts exposed the attack and the potential consequences for website visitors. Learn how this supply chain attack highlights the importance of web development security and what steps developers can take to...
XWiki Platform: Password hash might be leaked by diff once the xobject holding them is deleted
Impact It is possible to access the hash of a password by using the diff feature of the history whenever the object storing the password is deleted. Using that vulnerability it's possible for an attacker to have access to the hash password of a user if they have rights to edit the users' page. No...
Malicious shares can't be paused or stopped after creation, so users will continue use them
Lines of code Vulnerability details Impact In case if share creator is a malefactor he can try to do multiple malicious operations: Pump and Dump attack with price manipulation, artificially increase fees for NFT minting. Proof of Concept Both attacks described in my other reports and unfortunate...
Simple Giveaways < 2.46.1 - CSRF
Description The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF attacks...
Allowing delegate call with msg.value in executeBatch() is dangerous
Lines of code Vulnerability details Bug Description ERC725XCore's execute function allows four types of operations: 1. CALL for normal calls 2. DELEGATECALL 3. CREATE/CREATE2 for contract deployment 4. STATICCALL The executeBatch function simply calls execute in a loop to perform multiple calls i...
WordPress Plugin Kali Forms 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A security vulnerability exists in the...
recostone.com Cross Site Scripting vulnerability OBB-3226170
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
LastPass Data Breach: It’s Time to Ditch This Password Manager
The password manager’s most recent data breach is so concerning, users need to take immediate steps to protect themselves...
Fulfill transactions that are not protected with a deadline may lead to unfavorable trade.
Lines of code Vulnerability details Impact A fulfill transaction of order with descending/ascending amount should be protected by the deadline. The price of an order with a descnding amount is sensitive to the time. Letting users make such a trade without providing the deadline would lead to...
Slurp can be frontrun with fee increase
Lines of code Vulnerability details Impact The TurboSafe.slurp function fetches the current fee from the clerk. This fee can be changed. The slurp transaction can be frontrun with a fee increase specifically targeted for the vault or the asset by the clerk and steal the vault yield that should go...
User may not receive the full amount of IL compensation
Handle jonah1005 Vulnerability details Impact The user would not get full IL compensation if there's not enough funds in the reserve. VaderReserve.solL76-L91 VaderReserve.solL85 uint256 actualAmount = minreserve, amount; While this is reasonable, users should be able to specify the minimum receiv...
Simple Image Gallery 1.0 - Remote Code Execution (Unauthenticated) Exploit
Exploit Title: Simple Image Gallery 1.0 - Remote Code Execution RCE Unauthenticated Exploit Author: Tagoletta Tağmaç Software Link: https://www.sourcecodester.com/php/14903/simple-image-gallery-web-app-using-php-free-source-code.html Version: V 1.0 Tested on: Ubuntu import requests import random...
Information disclosure
Nextcloud Deck before 1.2.7, 1.4.1 suffers from an information disclosure vulnerability when searches for sharees utilize the lookup server by default instead of only the local Nextcloud server unless a global search has been explicitly chosen by the user...