Dozens of malicious wallpapers found on Steam Workshop: gamers’ accounts at risk

Since late 2025, malware has been spreading rapidly through the Steam Workshop, the gaming platform's built-in service for players to create and share custom content. The attackers are primarily targeting gamers in China and Russia, aiming to hijack their accounts. To pull this off, they are...

152 Chrome Wallpaper Extensions with 105K Installs Linked to Adware and Fake Traffic

Cybersecurity researchers have discovered a network of 152 Google Chrome extensions that act as new tab live wallpaper add-ons to distribute a potentially unwanted program PUP family. The cluster spans 38 separate Chrome Web Store publisher accounts and three brand backends: tabplugins.com,...

CVE-2026-21026

Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information...

EUVD-2026-34798

Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information...

PT-2026-46916

Improper export of android application components in SpriteWallpaper prior to SMR Jun-2026 Release 1 allows local attackers to access to sensitive information...

[SECURITY] Fedora 44 Update: plasma-login-manager-6.6.4-1.fc44

Plasma Login provides a display manager for KDE Plasma and with an new frontend providing a greeter, wallpaper plugin integration and a System Settings module KCM...

EUVD-2019-19899

Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to...

CVE-2019-25576

Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to...

CVE-2019-25576

CVE-2019-25576 affects Kepler Wallpaper Script 1.1 and is described as an SQL injection in the category parameter. An unauthenticated attacker can send GET requests with URL-encoded SQL UNION statements to retrieve data such as usernames, database names, and MySQL version details. The connected s...

CVE-2019-25576 Kepler Wallpaper Script 1.1 SQL Injection via category

Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to...

CVE-2019-25576

Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to...

PT-2026-26924

Kepler Wallpaper Script 1.1 contains an SQL injection vulnerability that allows unauthenticated attackers to execute arbitrary SQL queries by injecting malicious code into the category parameter. Attackers can send GET requests to the category endpoint with URL-encoded SQL UNION statements to...

Kepler Wallpaper Script SQL注入漏洞

Kepler Wallpaper Script is a desktop wallpaper generation script developed by Kepler Wallpaper Inc. Version 1.1 of Kepler Wallpaper Script contains an SQL injection vulnerability. This vulnerability stems from the category parameter, which allows for SQL injections, potentially enabling...

CVE-2022-50893

VIAVIWEB Wallpaper Admin 1.0 contains an unauthenticated remote code execution vulnerability in the image upload functionality. Attackers can upload a malicious PHP file through the addgalleryimage.php endpoint to execute arbitrary code on the server...

CVE-2022-50892

VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating login credentials. Attackers can exploit the login page by injecting 'admin' or 1=1-- - payload to gain unauthorized access to the administrative interface...

CVE-2022-50894

VIAVIWEB Wallpaper Admin 1.0 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the imgid parameter. Attackers can send GET requests to editgalleryimage.php with malicious imgid values to extract database...

CVE-2022-50894

VIAVIWEB Wallpaper Admin 1.0 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the imgid parameter. Attackers can send GET requests to editgalleryimage.php with malicious imgid values to extract database...

CVE-2022-50894

VIAVIWEB Wallpaper Admin 1.0 contains an SQL injection vulnerability that allows authenticated attackers to manipulate database queries by injecting SQL code through the imgid parameter. Attackers can send GET requests to editgalleryimage.php with malicious imgid values to extract database...

CVE-2022-50892

VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating login credentials. Attackers can exploit the login page by injecting 'admin' or 1=1-- - payload to gain unauthorized access to the administrative interface...

CVE-2022-50892

VIAVIWEB Wallpaper Admin 1.0 contains a SQL injection vulnerability that allows attackers to bypass authentication by manipulating login credentials. Attackers can exploit the login page by injecting 'admin' or 1=1-- - payload to gain unauthorized access to the administrative interface...