Lucene search

K

HubSpot – CRM, Email Marketing, Live Chat, Forms & Analytics Security Vulnerabilities

cvelist
cvelist

CVE-2024-36407 SuiteCRM unauthenticated user password reset on php7

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, a user password can be reset from an unauthenticated attacker. The attacker does not get access to the new password. But this can be annoying for the user. This attack is.....

3.7CVSS

0.0005EPSS

2024-06-10 04:38 PM
5
vulnrichment
vulnrichment

CVE-2024-35747 WordPress Contact Form Builder, Contact Widget plugin <= 2.1.7 - Bypass Vulnerability vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through...

5.3CVSS

7AI Score

0.0005EPSS

2024-06-10 04:37 PM
cvelist
cvelist

CVE-2024-35747 WordPress Contact Form Builder, Contact Widget plugin <= 2.1.7 - Bypass Vulnerability vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through...

5.3CVSS

0.0005EPSS

2024-06-10 04:37 PM
3
osv
osv

linux-laptop vulnerabilities

Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) It was.....

7.8CVSS

8AI Score

0.001EPSS

2024-06-10 04:09 PM
nvd
nvd

CVE-2024-4403

A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted...

4.4CVSS

0.0004EPSS

2024-06-10 03:15 PM
3
nvd
nvd

CVE-2024-36406

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this...

5.4CVSS

0.001EPSS

2024-06-10 03:15 PM
4
cve
cve

CVE-2024-4403

A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted...

4.4CVSS

4.7AI Score

0.0004EPSS

2024-06-10 03:15 PM
22
cve
cve

CVE-2024-36406

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this...

5.4CVSS

5.4AI Score

0.001EPSS

2024-06-10 03:15 PM
22
cvelist
cvelist

CVE-2024-36406 SuiteCRM vulnerable to open redirects

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this...

5.4CVSS

0.001EPSS

2024-06-10 03:06 PM
1
vulnrichment
vulnrichment

CVE-2024-36406 SuiteCRM vulnerable to open redirects

SuiteCRM is an open-source Customer Relationship Management (CRM) software application. In versions prior to 7.14.4 and 8.6.1, unchecked input allows for open re-direct. Versions 7.14.4 and 8.6.1 contain a fix for this...

5.4CVSS

6.8AI Score

0.001EPSS

2024-06-10 03:06 PM
vulnrichment
vulnrichment

CVE-2024-4403 CSRF in restart_program in parisneo/lollms-webui

A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted...

4.4CVSS

6.9AI Score

0.0004EPSS

2024-06-10 02:43 PM
1
cvelist
cvelist

CVE-2024-4403 CSRF in restart_program in parisneo/lollms-webui

A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted...

4.4CVSS

0.0004EPSS

2024-06-10 02:43 PM
impervablog
impervablog

A European Summer of Sports is Upon Us – What Does it Mean for Security?

The recent Champions League final in London (congratulations, Real Madrid!) marked the opening shot to a hot European summer of major sporting events. We now approach the highly anticipated UEFA EURO 2024 football tournament in Germany and the Olympic Games in Paris 2024. And as we do, bad actors.....

7AI Score

2024-06-10 01:00 PM
12
thn
thn

Google Takes Down Influence Campaigns Tied to China, Indonesia, and Russia

Google has revealed that it took down 1,320 YouTube channels and 1,177 Blogger blogs as part of a coordinated influence operation connected to the People's Republic of China (PRC). "The coordinated inauthentic network uploaded content in Chinese and English about China and U.S. foreign affairs,"...

7AI Score

2024-06-10 11:00 AM
5
securelist
securelist

Bypassing 2FA with phishing and OTP bots

Introduction Two-factor authentication (2FA) is a security feature we have come to expect as standard by 2024. Most of today's websites offer some form of it, and some of them won't even let you use their service until you enable 2FA. Individual countries have adopted laws that require certain...

7.2AI Score

2024-06-10 10:00 AM
8
cve
cve

CVE-2024-35742

Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

7.3CVSS

5.5AI Score

0.0005EPSS

2024-06-10 08:15 AM
21
nvd
nvd

CVE-2024-35742

Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

7.3CVSS

0.0005EPSS

2024-06-10 08:15 AM
2
cvelist
cvelist

CVE-2024-35742 WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

5.3CVSS

0.0005EPSS

2024-06-10 07:40 AM
vulnrichment
vulnrichment

CVE-2024-35742 WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Broken Access Control vulnerability

Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

5.3CVSS

7.2AI Score

0.0005EPSS

2024-06-10 07:40 AM
thn
thn

Sticky Werewolf Expands Cyber Attack Targets in Russia and Belarus

Cybersecurity researchers have disclosed details of a threat actor known as Sticky Werewolf that has been linked to cyber attacks targeting entities in Russia and Belarus. The phishing attacks were aimed at a pharmaceutical company, a Russian research institute dealing with microbiology and...

7.2AI Score

2024-06-10 05:29 AM
1
veracode
veracode

Improper Input Validation

github.com/golang/go/ is vulnerable to Improper Input Validation. The vulnerability is due to various methods (IsPrivate, IsLoopback, etc.) which do not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4...

6.6AI Score

0.0004EPSS

2024-06-10 05:27 AM
ubuntu
ubuntu

Linux kernel (ARM laptop) vulnerabilities

Releases Ubuntu 23.10 Packages linux-laptop - Linux kernel for Lenovo X13s ARM laptops Details Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use...

7.8CVSS

7.7AI Score

0.001EPSS

2024-06-10 12:00 AM
1
openvas
openvas

Ubuntu: Security Advisory (USN-6820-1)

The remote host is missing an update for...

8CVSS

8.2AI Score

0.0004EPSS

2024-06-10 12:00 AM
3
openvas
openvas

Ubuntu: Security Advisory (USN-6816-1)

The remote host is missing an update for...

7.8CVSS

8.7AI Score

0.0005EPSS

2024-06-10 12:00 AM
2
nessus
nessus

RHEL 8 / 9 : Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update (Moderate) (RHSA-2024:3781)

The remote Redhat Enterprise Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3781 advisory. Red Hat Ansible Automation Platform provides an enterprise framework for building, deploying and managing IT automation at scale. IT...

8.1CVSS

8.4AI Score

EPSS

2024-06-10 12:00 AM
packetstorm

7.4AI Score

EPSS

2024-06-10 12:00 AM
58
openvas
openvas

Ubuntu: Security Advisory (USN-6818-1)

The remote host is missing an update for...

7.8CVSS

8.7AI Score

0.001EPSS

2024-06-10 12:00 AM
1
nessus
nessus

Ubuntu 23.10 : Linux kernel (ARM laptop) vulnerabilities (USN-6818-2)

The remote Ubuntu 23.10 host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-6818-2 advisory. Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference...

7.8CVSS

7.5AI Score

0.001EPSS

2024-06-10 12:00 AM
ubuntu
ubuntu

Kernel Live Patch Security Notice

Details It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.(CVE-2023-6270) It was discovered that a race...

7.8CVSS

7.9AI Score

0.0004EPSS

2024-06-10 12:00 AM
cve
cve

CVE-2024-35748

Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through...

5.3CVSS

5.3AI Score

0.0005EPSS

2024-06-09 07:15 PM
25
nvd
nvd

CVE-2024-35748

Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through...

5.3CVSS

0.0005EPSS

2024-06-09 07:15 PM
2
cvelist
cvelist

CVE-2024-35748 WordPress WooCommerce Dropshipping plugin <= 5.0.4 - Unauthenticated Arbitrary Email Sending vulnerability

Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through...

5.3CVSS

0.0005EPSS

2024-06-09 06:41 PM
4
vulnrichment
vulnrichment

CVE-2024-35748 WordPress WooCommerce Dropshipping plugin <= 5.0.4 - Unauthenticated Arbitrary Email Sending vulnerability

Missing Authorization vulnerability in OPMC WooCommerce Dropshipping.This issue affects WooCommerce Dropshipping: from n/a through...

5.3CVSS

7AI Score

0.0005EPSS

2024-06-09 06:41 PM
nvd
nvd

CVE-2024-31352

Missing Authorization vulnerability in Email Subscribers & Newsletters.This issue affects Email Subscribers & Newsletters: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-09 06:15 PM
2
cve
cve

CVE-2024-31352

Missing Authorization vulnerability in Email Subscribers & Newsletters.This issue affects Email Subscribers & Newsletters: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-09 06:15 PM
36
vulnrichment
vulnrichment

CVE-2024-31352 WordPress Icegram Express plugin <= 5.7.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in Email Subscribers & Newsletters.This issue affects Email Subscribers & Newsletters: from n/a through...

5.3CVSS

6.9AI Score

0.0004EPSS

2024-06-09 05:23 PM
cvelist
cvelist

CVE-2024-31352 WordPress Icegram Express plugin <= 5.7.13 - Broken Access Control vulnerability

Missing Authorization vulnerability in Email Subscribers & Newsletters.This issue affects Email Subscribers & Newsletters: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-09 05:23 PM
2
cve
cve

CVE-2024-32811

Insertion of Sensitive Information into Log File vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-06-09 01:15 PM
35
nvd
nvd

CVE-2024-32811

Insertion of Sensitive Information into Log File vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-09 01:15 PM
4
vulnrichment
vulnrichment

CVE-2024-32811 WordPress USPS Shipping for WooCommerce – Live Rates plugin <= 1.9.4 - Sensitive Data Exposure via Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through...

5.3CVSS

7AI Score

0.0004EPSS

2024-06-09 12:44 PM
1
cvelist
cvelist

CVE-2024-32811 WordPress USPS Shipping for WooCommerce – Live Rates plugin <= 1.9.4 - Sensitive Data Exposure via Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in Octolize USPS Shipping for WooCommerce – Live Rates.This issue affects USPS Shipping for WooCommerce – Live Rates: from n/a through...

5.3CVSS

0.0004EPSS

2024-06-09 12:44 PM
3
githubexploit
githubexploit

Exploit for Logging of Excessive Data in Salesagility Suitecrm

CVE-2024-36416 Tool for validating CVE-2024-36416 Usage...

8.6CVSS

7.2AI Score

0.0005EPSS

2024-06-09 07:18 AM
11
githubexploit
githubexploit

Exploit for CVE-2023-22515

CVE-2023-22515 Тут описана логика эксплуатации уязвимости,...

9.8CVSS

9.8AI Score

0.973EPSS

2024-06-08 08:04 PM
70
cve
cve

CVE-2024-35691

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC Widget Options - Extended.This issue affects Widget Options - Extended: from n/a through...

6.5CVSS

6.5AI Score

0.0004EPSS

2024-06-08 03:15 PM
22
nvd
nvd

CVE-2024-35691

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC Widget Options - Extended.This issue affects Widget Options - Extended: from n/a through...

6.5CVSS

0.0004EPSS

2024-06-08 03:15 PM
cvelist
cvelist

CVE-2024-35691 WordPress Widget Options - Extended plugin <= 5.1.0 - Multiple Data Exposure Vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC Widget Options - Extended.This issue affects Widget Options - Extended: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-08 02:38 PM
2
vulnrichment
vulnrichment

CVE-2024-35691 WordPress Widget Options - Extended plugin <= 5.1.0 - Multiple Data Exposure Vulnerability

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Marketing Fire, LLC Widget Options - Extended.This issue affects Widget Options - Extended: from n/a through...

4.3CVSS

6.9AI Score

0.0004EPSS

2024-06-08 02:38 PM
nessus
nessus

FreeBSD : kanboard -- Project Takeover via IDOR in ProjectPermissionController (91929399-249e-11ef-9296-b42e991fc52e)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 91929399-249e-11ef-9296-b42e991fc52e advisory. [email protected] reports: Kanboard is project management software that focuses on the...

8.2CVSS

6.8AI Score

0.0004EPSS

2024-06-08 12:00 AM
1
osv
osv

linux, linux-gcp, linux-gcp-5.15, linux-lowlatency, linux-lowlatency-hwe-5.15, linux-xilinx-zynqmp vulnerabilities

It was discovered that the ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code. (CVE-2023-6270) It was discovered that the Atheros...

8CVSS

8.9AI Score

0.0004EPSS

2024-06-07 10:40 PM
1
githubexploit
githubexploit

Exploit for Path Traversal in Wso2 Api Manager

CVE-2022-29464 A preauth arbitrary file upload that leads...

9.8CVSS

9.8AI Score

0.973EPSS

2024-06-07 10:17 PM
93
Total number of security vulnerabilities163813