EUVD-2018-15729

Malware in sbrugna...

EUVD-2020-5794

Malware in sbrugna...

EUVD-2020-30076

Malware in sbrugna...

EUVD-2018-8144

Malware in sbrugna...

EUVD-2019-14830

Malware in sbrugna...

EUVD-2009-1718

Malware in sbrugna...

EUVD-2021-8403

Malicious code in bioql PyPI...

EUVD-2022-34602

Malicious code in bioql PyPI...

webkitgtk: A download’s origin may be incorrectly associated

A flaw was found in WebKitGTK. A malicious website can cause the origin of a download to be incorrectly associated with the wrong site due to improper checks, allowing an attacker to trick a user into downloading a malicious file...

CVE-2025-8030

Insufficient escaping in the “Copy as cURL” feature could potentially be used to trick a user into executing unexpected code. This vulnerability was fixed in Firefox 141, Firefox ESR 128.13, Firefox ESR 140.1, Thunderbird 141, Thunderbird 128.13, and Thunderbird 140.1...

Fake Telegram Apps Spread via 607 Domains in New Android Malware Attack

Fake Telegram apps are being spread through 607 malicious domains to deliver Android malware, using blog-style pages and phishing tactics to trick users...

Mozilla -- local code execution

[email protected] reports: Due to insufficient escaping of the newline character in the Copy as cURL feature, an attacker could trick a user into using this command, potentially leading to local code execution on the user's system...

CVE-2023-48302

Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. Starting in version 25.0.0 and prior to versions 25.0.13, 26.0.8, and 27.1.3 of Nextcloud Server and Nextcloud Enterprise Server, when a user is tricked into copy pasting HTML code without markup Ctrl+Shift+V the...

CVE-2023-28744

A use-after-free vulnerability exists in the JavaScript engine of Foxit Software's PDF Reader, version 12.1.1.15289. A specially crafted PDF document can trigger the reuse of previously freed memory by manipulating form fields of a specific type. This can lead to memory corruption and arbitrary...

CVE-2022-22762

Under certain circumstances, a JavaScript alert or prompt could have been shown while another website was displayed underneath it. This could have been abused to trick the user. This bug only affects Firefox for Android. Other operating systems are unaffected.. This vulnerability affects Firefox ...

CVE-2021-29987

After requesting multiple permissions, and closing the first permission panel, subsequent permission panels will be displayed in a different position but still record a click in the default location, making it possible to trick a user into accepting a permission they did not want to. This bug onl...

CVE-2025-1244

A command injection flaw was found in the text editor Emacs. It could allow a remote, unauthenticated attacker to execute arbitrary shell commands on a vulnerable system. Exploitation is possible by tricking users into visiting a specially crafted website or an HTTP URL with a redirect. Mitigatio...

CVE-2024-9635 Checkout with Cash App on WooCommerce <= 6.0.2 - Reflected Cross-Site Scripting

The Checkout with Cash App on WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'wphttpreferer' parameter in several files in all versions up to, and including, 6.0.2 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-38166

CVE-2024-38166 is a cross-site scripting (XSS) vulnerability in Microsoft Dynamics 365 (on-premises and related Dynamics components) caused by improper neutralization of input during web page generation. An unauthenticated attacker can exploit this weakness to spoof the user interface or execute ...

CVE-2023-39153

A cross-site request forgery CSRF vulnerability in Jenkins GitLab Authentication Plugin 1.17.1 and earlier allows attackers to trick users into logging in to the attacker's account...