Payload
You must login to view this content
Aggregator
Payload
3 weeks 3 days ago
You must login to view this content
cohenido
Malicious npm Package Turns Hugging Face Into Malware CDN and Exfiltration Backend
3 weeks 3 days ago
A rogue npm package named js-logger-pack has been caught quietly turning Hugging Face, a widely trusted AI model hosting platform, into both a malware delivery network and a stolen data storage backend. The campaign marks a clear shift in how attackers abuse legitimate cloud services to run supply chain attacks while staying hidden. The package appeared harmless […]
The post Malicious npm Package Turns Hugging Face Into Malware CDN and Exfiltration Backend appeared first on Cyber Security News.
Tushar Subhra Dutta
Bitwarden CLI npm package compromised to steal developer credentials
3 weeks 3 days ago
The Bitwarden CLI was briefly compromised after attackers uploaded a malicious @bitwarden/cli package to npm containing a credential-stealing payload capable of spreading to other projects. [...]
Lawrence Abrams
Surveillance campaigns use commercial surveillance tools to exploit long-known telecom vulnerabilities
3 weeks 3 days ago
Researchers said it’s the first-ever mapping of attack traffic to mobile operator signalling infrastructure.
The post Surveillance campaigns use commercial surveillance tools to exploit long-known telecom vulnerabilities appeared first on CyberScoop.
Tim Starks
CVE-2025-41011
3 weeks 3 days ago
Currently trending CVE - Hype Score: 1 - HTML injection vulnerability in PHP Point of Sale v19.4. This vulnerability allows an attacker to render HTML in the victim's browser due to a lack of proper validation of user input by sending a request to '/reports/generate/specific_customer', ussing 'start_date_formatted' y ...
CVE-2025-2749
3 weeks 3 days ago
Currently trending CVE - Hype Score: 1 - An authenticated remote code execution in Kentico Xperience allows authenticated users Staging Sync Server to upload arbitrary data to path relative locations. This results in path traversal and arbitrary file upload, including content that can be executed server side leading to ...
3 киловатта, 10 секунд, $10 за выстрел. Лазер NI-L3K делает охоту на дроны почти бесплатной
3 weeks 3 days ago
Оружие, которое полностью меняет экономику войны.
CISA: US agency breached through Cisco vulnerability, FIRESTARTER backdoor allowed access through March
3 weeks 3 days ago
CISA said the unnamed department was infected with malware called “FIRESTARTER” that allowed the hackers to return to the Cisco device in March without re-exploiting the original vulnerabilities.
CVE-2006-5190 | osCommerce up to 2.2 Ms3 banner_manager.php zpage cross site scripting (EDB-28743 / XFDB-29355)
3 weeks 3 days ago
A vulnerability classified as problematic was found in osCommerce up to 2.2 Ms3. Affected by this vulnerability is an unknown functionality of the file banner_manager.php. Such manipulation of the argument zpage leads to basic cross site scripting.
This vulnerability is listed as CVE-2006-5190. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com
CVE-2006-5190 | osCommerce banner_statistics.php page cross site scripting (EDB-28743 / XFDB-29355)
3 weeks 3 days ago
A vulnerability labeled as problematic has been found in osCommerce. Impacted is an unknown function of the file admin/banner_statistics.php. The manipulation of the argument page results in basic cross site scripting.
This vulnerability was named CVE-2006-5190. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com
CVE-2006-5190 | osCommerce admin/countries.php page cross site scripting (EDB-28743 / XFDB-29355)
3 weeks 3 days ago
A vulnerability marked as problematic has been reported in osCommerce. The affected element is an unknown function of the file admin/countries.php. This manipulation of the argument page causes basic cross site scripting.
The identification of this vulnerability is CVE-2006-5190. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2006-5190 | osCommerce admin/currencies.php page cross site scripting (EDB-28743 / XFDB-29355)
3 weeks 3 days ago
A vulnerability described as problematic has been identified in osCommerce. The impacted element is an unknown function of the file admin/currencies.php. Such manipulation of the argument page leads to basic cross site scripting.
This vulnerability is referenced as CVE-2006-5190. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com
CVE-2006-5180 | Baumedia Newswriter 1.40/1.41/1.42 NWCONF_SYSTEM[server_path] file inclusion (EDB-2443)
3 weeks 3 days ago
A vulnerability was found in Baumedia Newswriter 1.40/1.41/1.42 and classified as critical. Affected by this issue is some unknown functionality. Executing a manipulation of the argument NWCONF_SYSTEM[server_path] can lead to file inclusion.
This vulnerability appears as CVE-2006-5180. The attack may be performed from remote. In addition, an exploit is available.
vuldb.com
CVE-2006-5181 | Joshua Muheim phpMyWebmin 1.0 change_preferences2.php target file inclusion (EDB-2462 / XFDB-29285)
3 weeks 3 days ago
A vulnerability was found in Joshua Muheim phpMyWebmin 1.0. It has been classified as critical. This affects an unknown part of the file change_preferences2.php. The manipulation of the argument target leads to file inclusion.
This vulnerability is traded as CVE-2006-5181. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.
vuldb.com
CVE-2006-5182 | Dan Jensen Travelsized CMS up to 0.4 frontpage.php setup_folder file inclusion (EDB-2471 / XFDB-29337)
3 weeks 3 days ago
A vulnerability was found in Dan Jensen Travelsized CMS up to 0.4. It has been declared as critical. This vulnerability affects unknown code of the file frontpage.php. The manipulation of the argument setup_folder results in file inclusion.
This vulnerability is known as CVE-2006-5182. It is possible to launch the attack remotely. Furthermore, an exploit is available.
vuldb.com
CVE-2006-5183 | Dayfox Designs Dayfox Blog 2.0 adminlog.php slogin file inclusion (XFDB-29310)
3 weeks 3 days ago
A vulnerability was found in Dayfox Designs Dayfox Blog 2.0. It has been rated as critical. This issue affects some unknown processing of the file adminlog.php. This manipulation of the argument slogin causes file inclusion.
This vulnerability is handled as CVE-2006-5183. The attack can be initiated remotely. There is not any exploit available.
vuldb.com
CVE-2006-5184 | PKR Internet Taskjitsu up to 2.0.5 Query sql injection (BID-20332 / SA22257)
3 weeks 3 days ago
A vulnerability categorized as critical has been discovered in PKR Internet Taskjitsu up to 2.0.5. Impacted is an unknown function. Such manipulation of the argument Query leads to sql injection.
This vulnerability is uniquely identified as CVE-2006-5184. The attack can be launched remotely. No exploit exists.
It is advisable to upgrade the affected component.
vuldb.com
CVE-2006-5185 | HAMweather 3.9.8.3/3.9.8.4 Weather template.php eval memory corruption (Nessus ID 22497 / XFDB-29304)
3 weeks 3 days ago
A vulnerability identified as critical has been detected in HAMweather 3.9.8.3/3.9.8.4. The affected element is the function eval of the file template.php of the component Weather. Performing a manipulation results in memory corruption.
This vulnerability was named CVE-2006-5185. The attack may be initiated remotely. There is no available exploit.
You should upgrade the affected component.
vuldb.com
CVE-2006-5186 | phpMyProfiler 0.9.6 functions.php pmp_rel_path file inclusion (EDB-2470 / XFDB-29335)
3 weeks 3 days ago
A vulnerability labeled as critical has been found in phpMyProfiler 0.9.6. The impacted element is an unknown function of the file functions.php. Executing a manipulation of the argument pmp_rel_path can lead to file inclusion.
The identification of this vulnerability is CVE-2006-5186. The attack may be launched remotely. Furthermore, there is an exploit available.
It is advisable to implement a patch to correct this issue.
vuldb.com