Lucene search

K

HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics Security Vulnerabilities

cvelist
cvelist

CVE-2023-48318 WordPress Contact Form Email plugin <= 1.3.41 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Contact Form Email allows Functionality Bypass.This issue affects Contact Form Email: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-06-04 10:26 AM
1
vulnrichment
vulnrichment

CVE-2023-48318 WordPress Contact Form Email plugin <= 1.3.41 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Contact Form Email allows Functionality Bypass.This issue affects Contact Form Email: from n/a through...

5.3CVSS

7AI Score

0.0004EPSS

2024-06-04 10:26 AM
cvelist
cvelist

CVE-2023-48276 WordPress WP Forms Puzzle Captcha plugin <= 4.1 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Functionality Bypass.This issue affects WP Forms Puzzle Captcha: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-06-04 10:20 AM
vulnrichment
vulnrichment

CVE-2023-48276 WordPress WP Forms Puzzle Captcha plugin <= 4.1 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Functionality Bypass.This issue affects WP Forms Puzzle Captcha: from n/a through...

5.3CVSS

7AI Score

0.0004EPSS

2024-06-04 10:20 AM
cvelist
cvelist

CVE-2023-48271 WordPress Maspik – Spam Blacklist plugin <= 0.10.3 - IP Filtering Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in yonifre Maspik – Spam blacklist allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maspik – Spam blacklist: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-04 10:19 AM
vulnrichment
vulnrichment

CVE-2023-48271 WordPress Maspik – Spam Blacklist plugin <= 0.10.3 - IP Filtering Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in yonifre Maspik – Spam blacklist allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maspik – Spam blacklist: from n/a through...

5.3CVSS

7AI Score

0.0004EPSS

2024-06-04 10:19 AM
nvd
nvd

CVE-2023-45053

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in pluginever WP Content Pilot – Autoblogging & Affiliate Marketing Plugin allows Code Injection.This issue affects WP Content Pilot – Autoblogging & Affiliate Marketing Plugin: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-04 10:15 AM
1
cve
cve

CVE-2023-45053

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in pluginever WP Content Pilot – Autoblogging & Affiliate Marketing Plugin allows Code Injection.This issue affects WP Content Pilot – Autoblogging & Affiliate Marketing Plugin: from n/a through...

4.3CVSS

7.1AI Score

0.0004EPSS

2024-06-04 10:15 AM
1
cvelist
cvelist

CVE-2023-45053 WordPress WP Content Pilot plugin <= 1.3.3 - HTML Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in pluginever WP Content Pilot – Autoblogging & Affiliate Marketing Plugin allows Code Injection.This issue affects WP Content Pilot – Autoblogging & Affiliate Marketing Plugin: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-04 09:14 AM
vulnrichment
vulnrichment

CVE-2023-45053 WordPress WP Content Pilot plugin <= 1.3.3 - HTML Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in pluginever WP Content Pilot – Autoblogging & Affiliate Marketing Plugin allows Code Injection.This issue affects WP Content Pilot – Autoblogging & Affiliate Marketing Plugin: from n/a through...

4.3CVSS

6.9AI Score

0.0004EPSS

2024-06-04 09:14 AM
veracode
veracode

Arbitrary Command Execution

typo3/cms is vulnerable to Arbitrary Command Execution. The vulnerability is due to improper handling of the "From" header when an email comes from a non-trusted source and when no "Return-Path" is configured, which allows an attacker to execute arbitrary shell commands on the server. Note that...

8AI Score

2024-06-04 09:11 AM
4
cve
cve

CVE-2024-20886

Arbitrary directory creation in Samsung Live Wallpaper PC prior to version 3.3.8.0 allows attacker to create arbitrary...

6.2CVSS

7.2AI Score

0.0004EPSS

2024-06-04 07:15 AM
12
nvd
nvd

CVE-2024-20886

Arbitrary directory creation in Samsung Live Wallpaper PC prior to version 3.3.8.0 allows attacker to create arbitrary...

6.2CVSS

6.3AI Score

0.0004EPSS

2024-06-04 07:15 AM
nvd
nvd

CVE-2023-28494

Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-04 07:15 AM
4
cve
cve

CVE-2023-28494

Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through...

4.3CVSS

7.1AI Score

0.0004EPSS

2024-06-04 07:15 AM
1
vulnrichment
vulnrichment

CVE-2023-28494 WordPress Contact Form Email plugin <= 1.3.31 - Missing Authorization Leading To Feedback Submission Vulnerability

Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through...

4.3CVSS

6.9AI Score

0.0004EPSS

2024-06-04 07:06 AM
cvelist
cvelist

CVE-2023-28494 WordPress Contact Form Email plugin <= 1.3.31 - Missing Authorization Leading To Feedback Submission Vulnerability

Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through...

4.3CVSS

4.7AI Score

0.0004EPSS

2024-06-04 07:06 AM
2
cvelist
cvelist

CVE-2024-20886

Arbitrary directory creation in Samsung Live Wallpaper PC prior to version 3.3.8.0 allows attacker to create arbitrary...

6.2CVSS

6.3AI Score

0.0004EPSS

2024-06-04 06:42 AM
vulnrichment
vulnrichment

CVE-2024-20886

Arbitrary directory creation in Samsung Live Wallpaper PC prior to version 3.3.8.0 allows attacker to create arbitrary...

6.2CVSS

7AI Score

0.0004EPSS

2024-06-04 06:42 AM
1
veracode
veracode

Cross-Site Scripting (XSS)

typo3/cms-core is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to the mishandling of t3:// URL schemes and typolink functionality, which affecting both backend forms and frontend extensions using typolink rendering, which allows attackers to execute arbitrary JavaScript...

6.8AI Score

2024-06-04 06:36 AM
thn
thn

DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks

Cyber attacks involving the DarkGate malware-as-a-service (MaaS) operation have shifted away from AutoIt scripts to an AutoHotkey mechanism to deliver the last stages, underscoring continued efforts on the part of the threat actors to continuously stay ahead of the detection curve. The updates...

8.8CVSS

7.3AI Score

0.005EPSS

2024-06-04 06:33 AM
1
cve
cve

CVE-2024-2470

The Simple Ajax Chat WordPress plugin before 20240412 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

5.9AI Score

0.0004EPSS

2024-06-04 06:15 AM
7
nvd
nvd

CVE-2024-2470

The Simple Ajax Chat WordPress plugin before 20240412 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

7.8AI Score

0.0004EPSS

2024-06-04 06:15 AM
cvelist
cvelist

CVE-2024-2470 Simple Ajax Chat < 20240412 - Admin+ Stored XSS

The Simple Ajax Chat WordPress plugin before 20240412 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

7.8AI Score

0.0004EPSS

2024-06-04 06:00 AM
2
veracode
veracode

Directory Traversal

typo3/cms-core is vulnerable to Directory Traversal. The vulnerability is due to TSconfig fields in page property backend forms, which allows an attacker to inject malicious sequences into the tsconfig_includes field which results in directory...

6.9AI Score

2024-06-04 05:40 AM
cvelist
cvelist

CVE-2024-1717 Admin Notices Manager <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval

The Admin Notices Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_ajax_call() function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above,.....

4.3CVSS

4.3AI Score

0.0004EPSS

2024-06-04 05:32 AM
1
vulnrichment
vulnrichment

CVE-2024-1717 Admin Notices Manager <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval

The Admin Notices Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_ajax_call() function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above,.....

4.3CVSS

6.5AI Score

0.0004EPSS

2024-06-04 05:32 AM
nvd
nvd

CVE-2024-4552

The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.6.0. This is due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated...

9.8CVSS

9.7AI Score

0.001EPSS

2024-06-04 02:15 AM
2
cve
cve

CVE-2024-4552

The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.6.0. This is due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated...

9.8CVSS

7.4AI Score

0.001EPSS

2024-06-04 02:15 AM
28
vulnrichment
vulnrichment

CVE-2024-4552 Social Login Lite For WooCommerce <= 1.6.0 - Authentication Bypass

The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.6.0. This is due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated...

9.8CVSS

7.2AI Score

0.001EPSS

2024-06-04 02:00 AM
cvelist
cvelist

CVE-2024-4552 Social Login Lite For WooCommerce <= 1.6.0 - Authentication Bypass

The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.6.0. This is due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated...

9.8CVSS

9.7AI Score

0.001EPSS

2024-06-04 02:00 AM
2
f5
f5

K000139897: Linux kernel vulnerability CVE-2023-42753

Security Advisory Description An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h-&gt;nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer...

7.8CVSS

6.4AI Score

0.0004EPSS

2024-06-04 12:00 AM
5
freebsd
freebsd

go -- multiple vulnerabilities

The Go project reports: archive/zip: mishandling of corrupt central directory record The archive/zip package's handling of certain types of invalid zip files differed from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with...

6.8AI Score

0.0004EPSS

2024-06-04 12:00 AM
1
openvas
openvas

Mageia: Security Advisory (MGASA-2024-0204)

The remote host is missing an update for...

9CVSS

6.5AI Score

0.001EPSS

2024-06-04 12:00 AM
nessus
nessus

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : glibc (SUSE-SU-2024:1895-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1895-1 advisory. - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) -....

4.7AI Score

0.0004EPSS

2024-06-04 12:00 AM
1
nessus
nessus

FreeBSD : chromium -- multiple security fixes (b058380e-21a4-11ef-8a0f-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b058380e-21a4-11ef-8a0f-a8a1599412c6 advisory. Chrome Releases reports: This update includes 11 security fixes: Tenable has extracted the...

9.8AI Score

0.0004EPSS

2024-06-04 12:00 AM
1
nvd
nvd

CVE-2023-23735

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-06-03 10:15 PM
nvd
nvd

CVE-2023-23738

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-03 10:15 PM
cve
cve

CVE-2023-23738

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through...

5.3CVSS

7.2AI Score

0.0004EPSS

2024-06-03 10:15 PM
15
cve
cve

CVE-2023-23735

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through...

5.3CVSS

7.2AI Score

0.0004EPSS

2024-06-03 10:15 PM
14
cvelist
cvelist

CVE-2023-23738 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Unauthenticated Email Spoofing Vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-03 09:33 PM
1
vulnrichment
vulnrichment

CVE-2023-23738 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Unauthenticated Email Spoofing Vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through...

5.3CVSS

6.9AI Score

0.0004EPSS

2024-06-03 09:33 PM
cvelist
cvelist

CVE-2023-23735 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Unauthenticated Email HTML Injection Vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-06-03 09:26 PM
vulnrichment
vulnrichment

CVE-2023-23735 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Unauthenticated Email HTML Injection Vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through...

5.3CVSS

6.9AI Score

0.0004EPSS

2024-06-03 09:26 PM
cve
cve

CVE-2023-51219

A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controller JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access...

6.9AI Score

EPSS

2024-06-03 08:15 PM
23
nvd
nvd

CVE-2023-51219

A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controller JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access...

6.3AI Score

EPSS

2024-06-03 08:15 PM
qualysblog
qualysblog

PCI DSS 4.0: Get Audit-Ready for the New Requirements

The Payment Card Industry Data Security Standard (PCI DSS) originated in 2004 and is managed by the PCI Security Standards Council to ensure security for the global payment industry. This mandate applies to all entities worldwide that store, process, or transmit payment cardholder data or...

7.6AI Score

2024-06-03 05:41 PM
1
mssecure
mssecure

Microsoft is named a leader in the Forrester Wave for XDR

“Defenders think in lists, attackers think in graphs.”1 This remains a reality for the many organizations that operate across siloed security tools, fueling the demand on security operations (SOC) teams, as advanced cyberattacks continue to increase in frequency and speed. That’s where extended...

6.8AI Score

2024-06-03 04:00 PM
1
thn
thn

Authorities Ramp Up Efforts to Capture the Mastermind Behind Emotet

Law enforcement authorities behind Operation Endgame are seeking information related to an individual who goes by the name Odd and is allegedly the mastermind behind the Emotet malware. Odd is also said to go by the nicknames Aron, C700, Cbd748, Ivanov Odd, Mors, Morse, and Veron over the past...

7.3AI Score

2024-06-03 01:45 PM
1
hackread
hackread

Live Nation Confirms Massive Ticketmaster Data Breach

In an SEC filing, Live Nation Entertainment confirmed its subsidiary Ticketmaster suffered a data breach, claiming it...

7.3AI Score

2024-06-03 12:25 PM
5
Total number of security vulnerabilities163813