HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics Security Vulnerabilities

CVE-2023-48318 WordPress Contact Form Email plugin <= 1.3.41 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Contact Form Email allows Functionality Bypass.This issue affects Contact Form Email: from n/a through...

CVE-2023-48318 WordPress Contact Form Email plugin <= 1.3.41 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in CodePeople Contact Form Email allows Functionality Bypass.This issue affects Contact Form Email: from n/a through...

CVE-2023-48276 WordPress WP Forms Puzzle Captcha plugin <= 4.1 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Functionality Bypass.This issue affects WP Forms Puzzle Captcha: from n/a through...

CVE-2023-48276 WordPress WP Forms Puzzle Captcha plugin <= 4.1 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Functionality Bypass.This issue affects WP Forms Puzzle Captcha: from n/a through...

CVE-2023-48271 WordPress Maspik – Spam Blacklist plugin <= 0.10.3 - IP Filtering Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in yonifre Maspik – Spam blacklist allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maspik – Spam blacklist: from n/a through...

CVE-2023-48271 WordPress Maspik – Spam Blacklist plugin <= 0.10.3 - IP Filtering Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in yonifre Maspik – Spam blacklist allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maspik – Spam blacklist: from n/a through...

CVE-2023-45053

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in pluginever WP Content Pilot – Autoblogging & Affiliate Marketing Plugin allows Code Injection.This issue affects WP Content Pilot – Autoblogging & Affiliate Marketing Plugin: from n/a through...

CVE-2023-45053

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in pluginever WP Content Pilot – Autoblogging & Affiliate Marketing Plugin allows Code Injection.This issue affects WP Content Pilot – Autoblogging & Affiliate Marketing Plugin: from n/a through...

CVE-2023-45053 WordPress WP Content Pilot plugin <= 1.3.3 - HTML Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in pluginever WP Content Pilot – Autoblogging & Affiliate Marketing Plugin allows Code Injection.This issue affects WP Content Pilot – Autoblogging & Affiliate Marketing Plugin: from n/a through...

CVE-2023-45053 WordPress WP Content Pilot plugin <= 1.3.3 - HTML Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in pluginever WP Content Pilot – Autoblogging & Affiliate Marketing Plugin allows Code Injection.This issue affects WP Content Pilot – Autoblogging & Affiliate Marketing Plugin: from n/a through...

Arbitrary Command Execution

typo3/cms is vulnerable to Arbitrary Command Execution. The vulnerability is due to improper handling of the "From" header when an email comes from a non-trusted source and when no "Return-Path" is configured, which allows an attacker to execute arbitrary shell commands on the server. Note that...

CVE-2024-20886

Arbitrary directory creation in Samsung Live Wallpaper PC prior to version 3.3.8.0 allows attacker to create arbitrary...

CVE-2024-20886

Arbitrary directory creation in Samsung Live Wallpaper PC prior to version 3.3.8.0 allows attacker to create arbitrary...

CVE-2023-28494

Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through...

CVE-2023-28494

Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through...

CVE-2023-28494 WordPress Contact Form Email plugin <= 1.3.31 - Missing Authorization Leading To Feedback Submission Vulnerability

Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through...

CVE-2023-28494 WordPress Contact Form Email plugin <= 1.3.31 - Missing Authorization Leading To Feedback Submission Vulnerability

Missing Authorization vulnerability in CodePeople Contact Form Email allows Functionality Misuse.This issue affects Contact Form Email: from n/a through...

CVE-2024-20886

Arbitrary directory creation in Samsung Live Wallpaper PC prior to version 3.3.8.0 allows attacker to create arbitrary...

CVE-2024-20886

Arbitrary directory creation in Samsung Live Wallpaper PC prior to version 3.3.8.0 allows attacker to create arbitrary...

Cross-Site Scripting (XSS)

typo3/cms-core is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to the mishandling of t3:// URL schemes and typolink functionality, which affecting both backend forms and frontend extensions using typolink rendering, which allows attackers to execute arbitrary JavaScript...

DarkGate Malware Replaces AutoIt with AutoHotkey in Latest Cyber Attacks

Cyber attacks involving the DarkGate malware-as-a-service (MaaS) operation have shifted away from AutoIt scripts to an AutoHotkey mechanism to deliver the last stages, underscoring continued efforts on the part of the threat actors to continuously stay ahead of the detection curve. The updates...

CVE-2024-2470

The Simple Ajax Chat WordPress plugin before 20240412 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2024-2470

The Simple Ajax Chat WordPress plugin before 20240412 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2024-2470 Simple Ajax Chat < 20240412 - Admin+ Stored XSS

The Simple Ajax Chat WordPress plugin before 20240412 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

Directory Traversal

typo3/cms-core is vulnerable to Directory Traversal. The vulnerability is due to TSconfig fields in page property backend forms, which allows an attacker to inject malicious sequences into the tsconfig_includes field which results in directory...

CVE-2024-1717 Admin Notices Manager <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval

The Admin Notices Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_ajax_call() function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above,.....

CVE-2024-1717 Admin Notices Manager <= 1.4.0 - Missing Authorization to Authenticated (Subscriber+) User Email Retrieval

The Admin Notices Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the handle_ajax_call() function in all versions up to, and including, 1.4.0. This makes it possible for authenticated attackers, with subscriber-level access and above,.....

CVE-2024-4552

The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.6.0. This is due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated...

CVE-2024-4552

The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.6.0. This is due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated...

CVE-2024-4552 Social Login Lite For WooCommerce <= 1.6.0 - Authentication Bypass

The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.6.0. This is due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated...

CVE-2024-4552 Social Login Lite For WooCommerce <= 1.6.0 - Authentication Bypass

The Social Login Lite For WooCommerce plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.6.0. This is due to insufficient verification on the user being supplied during the social login through the plugin. This makes it possible for unauthenticated...

K000139897: Linux kernel vulnerability CVE-2023-42753

Security Advisory Description An array indexing vulnerability was found in the netfilter subsystem of the Linux kernel. A missing macro could lead to a miscalculation of the h-&gt;nets array offset, providing attackers with the primitive to arbitrarily increment/decrement a memory buffer...

go -- multiple vulnerabilities

The Go project reports: archive/zip: mishandling of corrupt central directory record The archive/zip package's handling of certain types of invalid zip files differed from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with...

Mageia: Security Advisory (MGASA-2024-0204)

The remote host is missing an update for...

SUSE SLED15 / SLES15 / openSUSE 15 Security Update : glibc (SUSE-SU-2024:1895-1)

The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:1895-1 advisory. - CVE-2024-33599: Fixed a stack-based buffer overflow in netgroup cache in nscd (bsc#1223423) -....

FreeBSD : chromium -- multiple security fixes (b058380e-21a4-11ef-8a0f-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the b058380e-21a4-11ef-8a0f-a8a1599412c6 advisory. Chrome Releases reports: This update includes 11 security fixes: Tenable has extracted the...

CVE-2023-23735

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through...

CVE-2023-23738

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through...

CVE-2023-23738

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through...

CVE-2023-23735

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through...

CVE-2023-23738 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Unauthenticated Email Spoofing Vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through...

CVE-2023-23738 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Unauthenticated Email Spoofing Vulnerability

Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') vulnerability in Brainstorm Force Spectra allows Content Spoofing, Phishing.This issue affects Spectra: from n/a through...

CVE-2023-23735 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Unauthenticated Email HTML Injection Vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through...

CVE-2023-23735 WordPress Spectra – WordPress Gutenberg Blocks plugin <= 2.3.0 - Unauthenticated Email HTML Injection Vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Brainstorm Force Spectra allows Code Injection.This issue affects Spectra: from n/a through...

CVE-2023-51219

A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controller JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access...

CVE-2023-51219

A deep link validation issue in KakaoTalk 10.4.3 allowed a remote adversary to direct users to run any attacker-controller JavaScript within a WebView. The impact was further escalated by triggering another WebView that leaked its access token in a HTTP request header. Ultimately, this access...

PCI DSS 4.0: Get Audit-Ready for the New Requirements

The Payment Card Industry Data Security Standard (PCI DSS) originated in 2004 and is managed by the PCI Security Standards Council to ensure security for the global payment industry. This mandate applies to all entities worldwide that store, process, or transmit payment cardholder data or...

Microsoft is named a leader in the Forrester Wave for XDR

“Defenders think in lists, attackers think in graphs.”1 This remains a reality for the many organizations that operate across siloed security tools, fueling the demand on security operations (SOC) teams, as advanced cyberattacks continue to increase in frequency and speed. That’s where extended...

Authorities Ramp Up Efforts to Capture the Mastermind Behind Emotet

Law enforcement authorities behind Operation Endgame are seeking information related to an individual who goes by the name Odd and is allegedly the mastermind behind the Emotet malware. Odd is also said to go by the nicknames Aron, C700, Cbd748, Ivanov Odd, Mors, Morse, and Veron over the past...

Live Nation Confirms Massive Ticketmaster Data Breach

In an SEC filing, Live Nation Entertainment confirmed its subsidiary Ticketmaster suffered a data breach, claiming it...