72 matches found
Security-Advisories
Security Advisories — trexnegr0 Public disclosure repository...
CVE-2023-4098
It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application...
EUVD-2007-1178
Malware in sbrugna...
EUVD-2007-1821
Malware in sbrugna...
EUVD-2007-1256
Malware in sbrugna...
EUVD-2005-0857
Malware in sbrugna...
EUVD-2007-1823
Malware in sbrugna...
EUVD-2022-34881
Malicious code in bioql PyPI...
CVE-2025-24936
The web application allows user input to pass unfiltered to a command executed on the underlying operating system. The vulnerable component is bound to the network stack and the set of possible attackers extends up to and including the entire Internet. An attacker with low privileged access to th...
IBM Spectrum Protect Plus Web UI 10.1.0 < 10.1.17.1 (7237702)
The version of IBM Spectrum Protect Plus Web UI installed on the remote host is prior to 10.1.17.1 IBM Spectrum Protect Plus. It is, therefore, affected by multiple vulnerabilities as referenced in the 7237702 advisory. - Jinja is an extensible templating engine. Prior to 3.1.6, an oversight in h...
CVE-2025-4659
The Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 1.4.4. This makes it possible for unauthenticated attackers to retrieve the full path of the web...
A Human Study of Cognitive Biases in Web Application Security
Cybersecurity training has become a crucial part of computer science education and industrial onboarding. Capture the Flag CTF competitions have emerged as a valuable, gamified approach for developing and refining the skills of cybersecurity and software engineering professionals. However, while...
Earth Lamia Develops Custom Arsenal to Target Multiple Industries
Trend™ Research has been tracking an active APT threat actor named Earth Lamia, targeting multiple industries in Brazil, India and Southeast Asia countries at least since 2023. The threat actor primarily exploits vulnerabilities in web applications to gain access to targeted organizations...
CVE-2013-0668
Multiple cross-site scripting XSS vulnerabilities in the HMI web application in Siemens WinCC TIA Portal 11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL...
CVE-2019-18235
Advantech Spectre RT ERT351 Versions 5.1.3 and prior has insufficient login authentication parameters required for the web application may allow an attacker to gain full access using a brute-force password attack...
CVE-2025-2865
SaTECH BCU, in its firmware version 2.1.3, could allow XSS attacks and other malicious resources to be stored on the web server. An attacker with some knowledge of the web application could send a malicious request to the victim users. Through this request, the victims would interpret the code...
CVE-2022-1575
Arbitrary Code Execution through Sanitizer Bypass in GitHub repository jgraph/drawio prior to 18.0.0. - Arbitrary remote code execution in the desktop app. - Stored XSS in the web app...
Synology Router Manager (SRM) 1.3.x Multiple Vulnerabilities (Synology-SA-24:09) - Remote Known Vulnerable Versions Check
Synology Router Manager SRM is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
Moodle < 3.9.25, 3.11.x < 3.11.18, 4.0.x < 4.0.12, 4.1.x < 4.1.7, 4.2.x < 4.2.4, 4.3.x < 4.3.1 Multiple Vulnerabilities
Moodle is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle"; ifdescription...
CVE-2023-29457
Reflected XSS attacks, occur when a malicious script is reflected off a web application to the victim's browser. The script can be activated through Action form fields, which can be sent as request to a website with a vulnerability that enables execution of malicious scripts...