Lucene search

K

HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics Security Vulnerabilities

vulnrichment
vulnrichment

CVE-2024-5432 Lifeline Donation <= 1.2.6 - Authentication Bypass

The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.6. This is due to insufficient verification on the user being supplied during the checkout through the plugin. This makes it possible for unauthenticated attackers to log in as...

9.8CVSS

7.2AI Score

0.001EPSS

2024-06-20 02:08 AM
2
cvelist
cvelist

CVE-2024-5432 Lifeline Donation <= 1.2.6 - Authentication Bypass

The Lifeline Donation plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.2.6. This is due to insufficient verification on the user being supplied during the checkout through the plugin. This makes it possible for unauthenticated attackers to log in as...

9.8CVSS

0.001EPSS

2024-06-20 02:08 AM
5
cvelist
cvelist

CVE-2024-3602 Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer <= 1.1.0 - Missing Authorization

The Pop ups, Exit intent popups, email popups, banners, bars, countdowns and cart savers – Promolayer plugin for WordPress is vulnerable to unauthorized plugin settings update due to a missing capability check on the disconnect_promolayer function in all versions up to, and including, 1.1.0. This.....

4.3CVSS

0.0004EPSS

2024-06-20 02:08 AM
2
nessus
nessus

SUSE SLES15 Security Update : kernel RT (Live Patch 0 for SLE 15 SP5) (SUSE-SU-2024:2091-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2091-1 advisory. This update for the Linux Kernel 5.14.21-150500_11 fixes several issues. The following security issues were fixed: - CVE-2023-52628: Fixed...

5.5CVSS

7.5AI Score

0.0005EPSS

2024-06-20 12:00 AM
nessus
nessus

SUSE SLES15 Security Update : kernel RT (Live Patch 1 for SLE 15 SP5) (SUSE-SU-2024:2094-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2094-1 advisory. This update for the Linux Kernel 5.14.21-150500_13_5 fixes several issues. The following security issues were fixed: - CVE-2023-52628: Fixed...

7.5AI Score

0.0005EPSS

2024-06-20 12:00 AM
1
nessus
nessus

SUSE SLES15 Security Update : kernel RT (Live Patch 11 for SLE 15 SP5) (SUSE-SU-2024:2100-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2100-1 advisory. This update for the Linux Kernel 5.14.21-150500_13_38 fixes several issues. The following security issues were fixed: - CVE-2024-26852: Fixed...

7CVSS

7.5AI Score

0.0004EPSS

2024-06-20 12:00 AM
nessus
nessus

SUSE SLES15 Security Update : kernel RT (Live Patch 8 for SLE 15 SP5) (SUSE-SU-2024:2099-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2099-1 advisory. This update for the Linux Kernel 5.14.21-150500_13_27 fixes several issues. The following security issues were fixed: - CVE-2023-6931: Fixed...

7.8CVSS

7AI Score

0.0004EPSS

2024-06-20 12:00 AM
nessus
nessus

SUSE SLES15 Security Update : kernel RT (Live Patch 13 for SLE 15 SP5) (SUSE-SU-2024:2101-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2101-1 advisory. This update for the Linux Kernel 5.14.21-150500_13_47 fixes several issues. The following security issues were fixed: - CVE-2024-26852: Fixed...

7.1AI Score

0.0004EPSS

2024-06-20 12:00 AM
1
nessus
nessus

SUSE SLES15 Security Update : kernel RT (Live Patch 6 for SLE 15 SP5) (SUSE-SU-2024:2096-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2024:2096-1 advisory. This update for the Linux Kernel 5.14.21-150500_13_21 fixes one issue. The following security issue was fixed: - CVE-2024-26852: Fixed use-after-free...

6.9AI Score

0.0004EPSS

2024-06-20 12:00 AM
spring
spring

A Bootiful Podcast: Thomas Vitale, author of Cloud Native Spring in Action

Hi, Spring fans! In today's episode I'm thrilled to sit down with my friend and Cloud Native Spring in Action author Thomas Vitale. This episode was recorded live at the amazing Spring IO 2024...

7.1AI Score

2024-06-20 12:00 AM
1
trendmicroblog
trendmicroblog

Worldwide 2023 Email Phishing Statistics and Examples

Explore the need for going beyond built-in Microsoft 365 and Google Workspace™ security based on email threats detected in...

7.4AI Score

2024-06-20 12:00 AM
1
nessus
nessus

SUSE SLES15 Security Update : kernel RT (Live Patch 10 for SLE 15 SP5) (SUSE-SU-2024:2092-1)

The remote SUSE Linux SLES15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2092-1 advisory. This update for the Linux Kernel 5.14.21-150500_13_35 fixes several issues. The following security issues were fixed: - CVE-2024-26852: Fixed...

7CVSS

7.7AI Score

EPSS

2024-06-20 12:00 AM
trendmicroblog
trendmicroblog

Worldwide 2023 Email Phishing Statistics and Examples

Explore the need for going beyond built-in Microsoft 365 and Google Workspace™ security based on email threats detected in...

7.4AI Score

2024-06-20 12:00 AM
1
cve
cve

CVE-2024-36679

In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) &lt;=8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations() suffer of a white writer that can inject PHP code into a PHP...

7.6AI Score

0.0004EPSS

2024-06-19 09:15 PM
23
nvd
nvd

CVE-2024-36679

In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) &lt;=8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations() suffer of a white writer that can inject PHP code into a PHP...

0.0004EPSS

2024-06-19 09:15 PM
3
amazon
amazon

Medium: golang

Issue Overview: The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip...

9.8CVSS

6.6AI Score

0.001EPSS

2024-06-19 07:15 PM
cve
cve

CVE-2023-38393

Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through...

7.6CVSS

7.5AI Score

0.0004EPSS

2024-06-19 03:15 PM
43
nvd
nvd

CVE-2023-38393

Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through...

7.6CVSS

0.0004EPSS

2024-06-19 03:15 PM
github
github

TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option

Impact A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditable_regexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from the editor. Patches This...

6.1CVSS

6.7AI Score

0.0004EPSS

2024-06-19 03:07 PM
5
osv
osv

TinyMCE Cross-Site Scripting (XSS) vulnerability using noneditable_regexp option

Impact A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content extraction code. When using the noneditable_regexp option, specially crafted HTML attributes containing malicious code were able to be executed when content was extracted from the editor. Patches This...

6.1CVSS

6.5AI Score

0.0004EPSS

2024-06-19 03:07 PM
1
github
github

TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements

Impact A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. Patches This vulnerability has been patched in TinyMCE 7.2.0,.....

6.1CVSS

6.8AI Score

0.0004EPSS

2024-06-19 03:07 PM
7
osv
osv

TinyMCE Cross-Site Scripting (XSS) vulnerability using noscript elements

Impact A cross-site scripting (XSS) vulnerability was discovered in TinyMCE’s content parsing code. This allowed specially crafted noscript elements containing malicious code to be executed when that content was loaded into the editor. Patches This vulnerability has been patched in TinyMCE 7.2.0,.....

6.1CVSS

6.5AI Score

0.0004EPSS

2024-06-19 03:07 PM
2
qualysblog
qualysblog

TotalCloud Insights: Protect Your AWS Environment by Managing Access Keys Securely

Introduction With the average cost of a data breach coming in at $4.45M in 2023, safeguarding sensitive information and maintaining the security of cloud environments is more critical than ever. Instances of compromised access keys, not exclusive to AWS (Amazon Web Services) but prevalent across...

7.3AI Score

2024-06-19 03:02 PM
3
vulnrichment
vulnrichment

CVE-2023-38393 WordPress Ninja Forms plugin <= 3.6.25 - Subscriber+ Broken Access Control vulnerability

Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through...

7.6CVSS

6.9AI Score

0.0004EPSS

2024-06-19 02:15 PM
1
cvelist
cvelist

CVE-2023-38393 WordPress Ninja Forms plugin <= 3.6.25 - Subscriber+ Broken Access Control vulnerability

Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through...

7.6CVSS

0.0004EPSS

2024-06-19 02:15 PM
3
nvd
nvd

CVE-2023-38386

Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through...

7.6CVSS

0.0004EPSS

2024-06-19 01:15 PM
1
cve
cve

CVE-2023-38386

Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through...

7.6CVSS

7.6AI Score

0.0004EPSS

2024-06-19 01:15 PM
43
cvelist
cvelist

CVE-2023-38386 WordPress Ninja Forms plugin <= 3.6.25 - Contributor+ Broken Access Control vulnerability

Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through...

7.6CVSS

0.0004EPSS

2024-06-19 01:06 PM
1
nvd
nvd

CVE-2024-35780

Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through...

8.5CVSS

0.0004EPSS

2024-06-19 11:15 AM
3
cve
cve

CVE-2024-35780

Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through...

8.5CVSS

8.5AI Score

0.0004EPSS

2024-06-19 11:15 AM
24
schneier
schneier

The Hacking of Culture and the Creation of Socio-Technical Debt

Culture is increasingly mediated through algorithms. These algorithms have splintered the organization of culture, a result of states and tech companies vying for influence over mass audiences. One byproduct of this splintering is a shift from imperfect but broad cultural narratives to a...

6.8AI Score

2024-06-19 11:09 AM
7
thn
thn

New Case Study: Unmanaged GTM Tags Become a Security Nightmare

Are your tags really safe with Google Tag Manager? If you've been thinking that using GTM means that your tracking tags and pixels are safely managed, then it might be time to think again. In this article we look at how a big-ticket seller that does business on every continent came unstuck when it....

6.9AI Score

2024-06-19 11:03 AM
18
cvelist
cvelist

CVE-2024-35780 WordPress Page Builder: Live Composer plugin <= 1.5.42 - Contributor+ PHP Object Injection vulnerability

Deserialization of Untrusted Data vulnerability in Live Composer Team Page Builder: Live Composer.This issue affects Page Builder: Live Composer: from n/a through...

8.5CVSS

0.0004EPSS

2024-06-19 10:16 AM
4
thn
thn

Mailcow Mail Server Flaws Expose Servers to Remote Code Execution

Two security vulnerabilities have been disclosed in the Mailcow open-source mail server suite that could be exploited by malicious actors to achieve arbitrary code execution on susceptible instances. Both shortcomings impact all versions of the software prior to version 2024-04, which was released....

6.2CVSS

6.9AI Score

0.0004EPSS

2024-06-19 07:36 AM
36
veracode
veracode

Improper Authentication

github.com/pocketbase/pocketbase is vulnerable to Improper Authentication. The vulnerability is due to unverified account linking because an attacker can create an unverified account with the targeted user's email, and when the user signs up with OAuth2, their account is linked without changing...

5.4CVSS

6.7AI Score

0.0004EPSS

2024-06-19 07:03 AM
1
nvd
nvd

CVE-2024-4787

The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. This is due to insufficient limitations on the email recipient and the content in the 'send_pdf' and the 'send_pdf_front' functions which are reachable via....

5.8CVSS

0.0005EPSS

2024-06-19 04:15 AM
3
cve
cve

CVE-2024-4787

The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. This is due to insufficient limitations on the email recipient and the content in the 'send_pdf' and the 'send_pdf_front' functions which are reachable via....

5.8CVSS

5.7AI Score

0.0005EPSS

2024-06-19 04:15 AM
24
vulnrichment
vulnrichment

CVE-2024-4787 Cost Calculator Builder PRO <= 3.1.75 - Unauthenticated Arbitrary Email Sending

The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. This is due to insufficient limitations on the email recipient and the content in the 'send_pdf' and the 'send_pdf_front' functions which are reachable via....

5.8CVSS

7AI Score

0.0005EPSS

2024-06-19 03:12 AM
cvelist
cvelist

CVE-2024-4787 Cost Calculator Builder PRO <= 3.1.75 - Unauthenticated Arbitrary Email Sending

The Cost Calculator Builder PRO for WordPress is vulnerable to arbitrary email sending vulnerability in versions up to, and including, 3.1.75. This is due to insufficient limitations on the email recipient and the content in the 'send_pdf' and the 'send_pdf_front' functions which are reachable via....

5.8CVSS

0.0005EPSS

2024-06-19 03:12 AM
1
cvelist
cvelist

CVE-2024-36679

In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) &lt;=8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations() suffer of a white writer that can inject PHP code into a PHP...

0.0004EPSS

2024-06-19 12:00 AM
2
openvas
openvas

Ubuntu: Security Advisory (USN-6818-4)

The remote host is missing an update for...

7.8CVSS

8AI Score

0.001EPSS

2024-06-19 12:00 AM
3
vulnrichment
vulnrichment

CVE-2024-36679

In the module "Module Live Chat Pro (All in One Messaging)" (livechatpro) &lt;=8.4.0, a guest can perform PHP Code injection. Due to a predictable token, the method Lcp::saveTranslations() suffer of a white writer that can inject PHP code into a PHP...

7.5AI Score

0.0004EPSS

2024-06-19 12:00 AM
nessus
nessus

Ubuntu 22.04 LTS : Linux kernel (HWE) vulnerabilities (USN-6818-4)

The remote Ubuntu 22.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-4 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer...

7.8CVSS

7.2AI Score

0.001EPSS

2024-06-19 12:00 AM
3
nessus
nessus

Ubuntu 20.04 LTS : Git vulnerability (USN-6793-2)

The remote Ubuntu 20.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-6793-2 advisory. USN-6793-1 fixed vulnerabilities in Git. The CVE-2024-32002 was pending further investigation. This update fixes the problem. Original advisory details: It...

9CVSS

9.6AI Score

0.001EPSS

2024-06-19 12:00 AM
2
nessus
nessus

FreeBSD : chromium -- multiple security fixes (453aa0fc-2d91-11ef-8a0f-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 453aa0fc-2d91-11ef-8a0f-a8a1599412c6 advisory. Chrome Releases reports: This update includes 21 security fixes: Tenable has extracted the...

8.8CVSS

8.3AI Score

0.001EPSS

2024-06-19 12:00 AM
3
osv
osv

linux-hwe-6.5 vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) It was.....

7.8CVSS

7.5AI Score

0.001EPSS

2024-06-18 11:24 PM
1
osv
osv

Dolibarr arbitrary file upload vulnerability

An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL...

7.7AI Score

0.0004EPSS

2024-06-18 09:30 PM
4
github
github

Dolibarr arbitrary file upload vulnerability

An arbitrary file upload vulnerability in the Upload Template function of Dolibarr ERP CRM up to v19.0.1 allows attackers to execute arbitrary code via uploading a crafted .SQL...

7.7AI Score

0.0004EPSS

2024-06-18 09:30 PM
2
nvd
nvd

CVE-2024-6129

A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to launch the attack...

3.7CVSS

0.0004EPSS

2024-06-18 09:15 PM
4
cve
cve

CVE-2024-6129

A vulnerability, which was classified as problematic, was found in spa-cartcms 1.9.0.6. Affected is an unknown function of the file /login of the component Username Handler. The manipulation of the argument email leads to observable behavioral discrepancy. It is possible to launch the attack...

3.7CVSS

4.3AI Score

0.0004EPSS

2024-06-18 09:15 PM
23
Total number of security vulnerabilities164206