Lucene search

K

HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics Security Vulnerabilities

nvd
nvd

CVE-2024-35632

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks. Integration for Contact Form 7 and Constant Contact.This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through...

4.3CVSS

5.1AI Score

0.0004EPSS

2024-06-03 12:15 PM
4
cve
cve

CVE-2024-35632

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks. Integration for Contact Form 7 and Constant Contact.This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through...

4.3CVSS

7.3AI Score

0.0004EPSS

2024-06-03 12:15 PM
14
vulnrichment
vulnrichment

CVE-2024-35632 WordPress Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks. Integration for Contact Form 7 and Constant Contact.This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through...

4.3CVSS

7AI Score

0.0004EPSS

2024-06-03 11:49 AM
cvelist
cvelist

CVE-2024-35632 WordPress Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks. Integration for Contact Form 7 and Constant Contact.This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through...

4.3CVSS

5.1AI Score

0.0004EPSS

2024-06-03 11:49 AM
schneier
schneier

Seeing Like a Data Structure

Technology was once simply a tool--and a small one at that--used to amplify human intent and capacity. That was the story of the industrial revolution: we could control nature and build large, complex human societies, and the more we employed and mastered technology, the better things got. We...

6.9AI Score

2024-06-03 11:06 AM
5
nuclei
nuclei

Progress Telerik Report Server - Authentication Bypass

In Progress Telerik Report Server, version 2024 Q1 (10.0.24.305) or earlier, on IIS, an unauthenticated attacker can gain access to Telerik Report Server restricted functionality via an authentication bypass...

9.9CVSS

9.7AI Score

0.938EPSS

2024-06-03 10:40 AM
5
securelist
securelist

IT threat evolution Q1 2024

IT threat evolution Q1 2024 IT threat evolution Q1 2024. Mobile statistics IT threat evolution Q1 2024. Non-mobile statistics Targeted attacks Operation Triangulation: the final mystery Last June, we published a series of reports on Operation Triangulation, a previously unknown iOS malware...

7.8CVSS

6AI Score

0.003EPSS

2024-06-03 10:00 AM
5
aix
aix

AIX is vulnerable to information disclosure due to openCryptoki (CVE-2024-0914)

IBM SECURITY ADVISORY First Issued: Mon Jun 3 08:50:37 CDT 2024 The most recent version of this document is available here: https://aix.software.ibm.com/aix/efixes/security/opencryptoki_advisory.asc Security Bulletin: AIX is vulnerable to information disclosure due to openCryptoki...

5.9CVSS

5.8AI Score

0.001EPSS

2024-06-03 08:50 AM
4
veracode
veracode

Remote Code Execution

typo3/cms-core is vulnerable to Remote Code Execution. The vulnerability is due to the ability to obfuscate Phar files as image or text files, which can then be uploaded and invoked via manipulated URLs in TYPO3 backend forms, which allows an attacker to execute arbitrary...

8.1AI Score

2024-06-03 08:13 AM
malwarebytes
malwarebytes

A week in security (May 27 &#8211; June 2)

Last week on Malwarebytes Labs: Data leak site BreachForums is back, boasting Live Nation/Ticketmaster user data. But is it a trap? The Ticketmaster "breach"—what you need to know Ticketmaster confirms customer data breach How to tell if a VPN app added your Windows device to a botnet Beware of...

6.8AI Score

2024-06-03 07:09 AM
6
veracode
veracode

Cross Site Scripting (XSS)

typo3/cms-core is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to a failure to properly encode user input in frontend forms handled by the form framework, allowing malicious users to inject and execute arbitrary JavaScript code in the context of other users'...

6.7AI Score

2024-06-03 07:00 AM
nvd
nvd

CVE-2024-37031

The Active Admin (aka activeadmin) framework before 3.2.2 for Ruby on Rails allows stored XSS in certain situations where users can create entities (to be later edited in forms) with arbitrary names, aka a "dynamic form legends" issue. 4.0.0.beta7 is also a fixed...

5.7AI Score

EPSS

2024-06-03 06:15 AM
cve
cve

CVE-2024-37031

The Active Admin (aka activeadmin) framework before 3.2.2 for Ruby on Rails allows stored XSS in certain situations where users can create entities (to be later edited in forms) with arbitrary names, aka a "dynamic form legends" issue. 4.0.0.beta7 is also a fixed...

6.1AI Score

EPSS

2024-06-03 06:15 AM
40
osv
osv

CVE-2024-37031

The Active Admin (aka activeadmin) framework before 3.2.2 for Ruby on Rails allows stored XSS in certain situations where users can create entities (to be later edited in forms) with arbitrary names, aka a "dynamic form legends" issue. 4.0.0.beta7 is also a fixed...

5.7AI Score

EPSS

2024-06-03 06:15 AM
thn
thn

Beware: Fake Browser Updates Deliver BitRAT and Lumma Stealer Malware

Fake web browser updates are being used to deliver remote access trojans (RATs) and information stealer malware such as BitRAT and Lumma Stealer (aka LummaC2). "Fake browser updates have been responsible for numerous malware infections, including those of the well-known SocGholish malware,"...

2024-06-03 03:51 AM
f5
f5

K000139877: Linux kernel vulnerabilities CVE-2021-47076 and CVE-2021-47080

Security Advisory Description CVE-2021-47076 In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Return CQE error if invalid lkey was supplied RXE is missing update of WQE status in LOCAL_WRITE failures. This caused the following kernel panic if someone sent an atomic...

5.6AI Score

0.0004EPSS

2024-06-03 12:00 AM
5
f5
f5

K000139880: Intel CPU/BIOS vulnerabilities CVE-2023-28402, CVE-2023-27504, and CVE-2023-28383

Security Advisory Description CVE-2023-28402 Improper input validation in some Intel(R) BIOS Guard firmware may allow a privileged user to potentially enable escalation of privilege via local access. CVE-2023-27504 Improper conditions check in some Intel(R) BIOS Guard firmware may allow a...

7.2CVSS

6.5AI Score

0.0004EPSS

2024-06-03 12:00 AM
5
nessus
nessus

RHEL 4 : evolution (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 4 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. DoS from large email (CVE-2006-0040) evolution: mailto URL scheme attachment header improper input...

7.1AI Score

0.018EPSS

2024-06-03 12:00 AM
1
f5
f5

K000139876: Linux kernel vulnerability CVE-2021-46955

Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: openvswitch: fix stack OOB read while fragmenting IPv4 packets running openvswitch on kernels built with KASAN, it's possible to see the following splat while testing fragmentation of IPv4 packets:...

5.9AI Score

0.0004EPSS

2024-06-03 12:00 AM
2
nessus
nessus

RHEL 5 : quagga (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. quagga: VPNv4 NLRI parser memcpys to stack on unchecked length (CVE-2016-2342) quagga: Double free...

6.5CVSS

7.8AI Score

0.268EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : irssi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. irssi: heap buffer overflow due to calculation error in the completion code (CVE-2018-5208) The buf.pl...

9.8CVSS

7.2AI Score

0.011EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : evolution (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. evolution: specially crafted email leading to OpenPGP signatures being spoofed for arbitrary messages ...

6.5CVSS

6.6AI Score

0.003EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : quagga (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. quagga: Double free vulnerability in bgpd when processing certain forms of UPDATE message allowing to ...

6.5CVSS

8.5AI Score

0.122EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : perl-email-address (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. perl-Email-Address: denial of service when parsing crafted email address list (CVE-2015-7686) ...

7.5CVSS

8.2AI Score

0.039EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 5 : evolution (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 5 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. evolution: incorrect selection of recipient gpg public key for encrypted mail (CVE-2013-4166) GNOME...

7.5CVSS

8AI Score

0.005EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 8 : evolution (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. evolution: attaching local filed/directories to composed email can lead to unintended information disclosure...

6.5CVSS

6.4AI Score

0.001EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 7 : evolution (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 7 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. evolution: attaching local filed/directories to composed email can lead to unintended information disclosure...

6.5CVSS

6.5AI Score

0.001EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : irssi (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. irssi: heap buffer overflow due to calculation error in the completion code (CVE-2018-5208) The buf.pl...

9.8CVSS

7.2AI Score

0.011EPSS

2024-06-03 12:00 AM
openvas
openvas

SUSE: Security Advisory (SUSE-SU-2024:1895-1)

The remote host is missing an update for...

6.4AI Score

0.0004EPSS

2024-06-03 12:00 AM
1
nessus
nessus

RHEL 6 : rabbitmq-server (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. rabbitmq: MQTT connection authentication succeeds with empty password (CVE-2016-9877) An issue was...

7.8CVSS

6.9AI Score

0.003EPSS

2024-06-03 12:00 AM
nessus
nessus

RHEL 6 : django (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 6 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. python-django: DNS rebinding vulnerability when 'DEBUG=True' (CVE-2016-9014) Django before 1.4.21, 1.5.x...

8.1CVSS

7.7AI Score

0.017EPSS

2024-06-03 12:00 AM
github
github

Password confirmation stored in plain text via registration form in statamic/cms

Users registering via the user:register_form tag will have their password confirmation stored in plain text in their user file. Impact This only affects sites matching all of the following conditions: - Running Statamic versions between 5.3.0 and 5.6.1. (This version range represents only one...

1.8CVSS

6.2AI Score

0.0004EPSS

2024-06-02 10:30 PM
7
osv
osv

Password confirmation stored in plain text via registration form in statamic/cms

Users registering via the user:register_form tag will have their password confirmation stored in plain text in their user file. Impact This only affects sites matching all of the following conditions: - Running Statamic versions between 5.3.0 and 5.6.1. (This version range represents only one...

1.8CVSS

6.2AI Score

0.0004EPSS

2024-06-02 10:30 PM
1
osv
osv

Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`

Impact Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even when they have not been granted permission over the model....

5.5CVSS

6.3AI Score

0.0004EPSS

2024-06-02 10:28 PM
github
github

Improper Handling of Insufficient Permissions in `wagtail.contrib.settings`

Impact Due to an improperly applied permission check in the wagtail.contrib.settings module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even when they have not been granted permission over the model....

5.5CVSS

6.3AI Score

0.0004EPSS

2024-06-02 10:28 PM
5
redhatcve
redhatcve

CVE-2024-36886

In the Linux kernel, the following vulnerability has been resolved: tipc: fix UAF in error path Sam Page (sam4k) working with Trend Micro Zero Day Initiative reported a UAF in the tipc_buf_append() error path: BUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0...

7.1AI Score

0.0004EPSS

2024-06-02 02:31 PM
1
kitploit
kitploit

EvilSlackbot - A Slack Bot Phishing Framework For Red Teaming Exercises

EvilSlackbot A Slack Attack Framework for conducting Red Team and phishing exercises within Slack workspaces. Disclaimer This tool is intended for Security Professionals only. Do not use this tool against any Slack workspace without explicit permission to test. Use at your own risk. Background...

7AI Score

2024-06-02 12:30 PM
12
zdt

4.9CVSS

6.7AI Score

0.013EPSS

2024-06-02 12:00 AM
10
zdt

7.6CVSS

6.7AI Score

0.0004EPSS

2024-06-02 12:00 AM
6
malwarebytes
malwarebytes

Ticketmaster confirms customer data breach

Live Nation Entertainment has confirmed what everyone has been speculating on for the last week: Ticketmaster has suffered a data breach. In a filing with the SEC, Live Nation said on May 20th it identified "unauthorized activity within a third-party cloud database environment containing Company...

7.4AI Score

2024-06-01 08:09 PM
4
cve
cve

CVE-2024-2506

The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS functionality in all versions up to, and including, 4.2.7 due to insufficient input sanitization and output escaping on user supplied.....

6.4CVSS

6AI Score

0.0004EPSS

2024-06-01 07:15 AM
29
nvd
nvd

CVE-2024-2506

The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS functionality in all versions up to, and including, 4.2.7 due to insufficient input sanitization and output escaping on user supplied.....

6.4CVSS

5.9AI Score

0.0004EPSS

2024-06-01 07:15 AM
cvelist
cvelist

CVE-2024-2506 Popup Builder <= 4.2.7 - Authenticated(Contributor+) Stored Cross-Site Scripting via Custom JS

The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS functionality in all versions up to, and including, 4.2.7 due to insufficient input sanitization and output escaping on user supplied.....

6.4CVSS

5.9AI Score

0.0004EPSS

2024-06-01 06:51 AM
exploitdb

7.4AI Score

2024-06-01 12:00 AM
74
github
github

Moodle CSRF risk in analytics management of models

Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF...

6.4AI Score

0.0004EPSS

2024-05-31 09:30 PM
1
osv
osv

Moodle CSRF risk in analytics management of models

Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF...

6.4AI Score

0.0004EPSS

2024-05-31 09:30 PM
cve
cve

CVE-2024-34008

Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF...

6.7AI Score

0.0004EPSS

2024-05-31 09:15 PM
12
nvd
nvd

CVE-2024-34008

Actions in the admin management of analytics models did not include the necessary token to prevent a CSRF...

6.4AI Score

0.0004EPSS

2024-05-31 09:15 PM
1
Total number of security vulnerabilities163814