Lucene search

K

Mollie Payment Forms & Donations Security Vulnerabilities

vulnrichment
vulnrichment

CVE-2024-1175 WP-Recall – Registration, Profile, Commerce & More <= 16.26.6 - Unauthenticated Payment Deletion via delete_payment

The WP-Recall – Registration, Profile, Commerce & More plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'delete_payment' function in all versions up to, and including, 16.26.6. This makes it possible for unauthenticated attackers to delete...

5.3CVSS

6.9AI Score

0.0005EPSS

2024-06-06 03:53 AM
ubuntucve
ubuntucve

CVE-2024-24790

The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4...

6.7AI Score

0.0004EPSS

2024-06-06 12:00 AM
nessus
nessus

FreeBSD : cyrus-imapd -- unbounded memory allocation (14908bda-232b-11ef-b621-00155d645102)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 14908bda-232b-11ef-b621-00155d645102 advisory. Cyrus IMAP 3.8.3 Release Notes states: Fixed CVE-2024-34055: Cyrus-IMAP through 3.8.2 and 3.10.0-beta2...

6.5CVSS

6.6AI Score

0.0005EPSS

2024-06-06 12:00 AM
1
osv
osv

Typo3 Arbitrary Code Execution and Cross-Site Scripting in Backend API

Backend API configuration using Page TSconfig is vulnerable to arbitrary code execution and cross-site scripting. TSconfig fields of page properties in backend forms can be used to inject malicious sequences. Field tsconfig_includes is vulnerable to directory traversal leading to same scenarios as....

7.6AI Score

2024-06-05 05:19 PM
5
github
github

Typo3 Arbitrary Code Execution and Cross-Site Scripting in Backend API

Backend API configuration using Page TSconfig is vulnerable to arbitrary code execution and cross-site scripting. TSconfig fields of page properties in backend forms can be used to inject malicious sequences. Field tsconfig_includes is vulnerable to directory traversal leading to same scenarios as....

7.6AI Score

2024-06-05 05:19 PM
5
github
github

Cross-Site Scripting in TYPO3 CMS Backend

Failing to properly encode user input, backend forms are vulnerable to Cross-Site Scripting. A valid backend user account is needed to exploit this...

7AI Score

2024-06-05 05:07 PM
2
osv
osv

Cross-Site Scripting in TYPO3 CMS Backend

Failing to properly encode user input, backend forms are vulnerable to Cross-Site Scripting. A valid backend user account is needed to exploit this...

7AI Score

2024-06-05 05:07 PM
2
github
github

Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS

Phar files (formerly known as "PHP archives") can act als self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - "bundle.phar" would be valid as well as...

6.9AI Score

2024-06-05 04:41 PM
2
osv
osv

Insecure Deserialization & Arbitrary Code Execution in TYPO3 CMS

Phar files (formerly known as "PHP archives") can act als self extracting archives which leads to the fact that source code is executed when Phar files are invoked. The Phar file format is not limited to be stored with a dedicated file extension - "bundle.phar" would be valid as well as...

6.9AI Score

2024-06-05 04:41 PM
nvd
nvd

CVE-2024-24790

The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4...

6.3AI Score

0.0004EPSS

2024-06-05 04:15 PM
cve
cve

CVE-2024-24790

The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4...

6.8AI Score

0.0004EPSS

2024-06-05 04:15 PM
36
debiancve
debiancve

CVE-2024-24790

The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4...

6.7AI Score

0.0004EPSS

2024-06-05 04:15 PM
alpinelinux
alpinelinux

CVE-2024-24790

The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4...

6.7AI Score

0.0004EPSS

2024-06-05 04:15 PM
3
cvelist
cvelist

CVE-2024-24790 Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip

The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4...

6.4AI Score

0.0004EPSS

2024-06-05 03:13 PM
wordfence
wordfence

40,000 WordPress Sites affected by Vulnerability That Leads to Privilege Escalation in Login/Signup Popup WordPress Plugin

📢 Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the.....

8.8CVSS

8.5AI Score

0.001EPSS

2024-06-05 03:01 PM
6
github
github

Digital products download without proper payment status check

Impact Digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed. Patches New versions for the Aimeos HTML client 2020-2024 are...

5.3CVSS

7AI Score

0.0004EPSS

2024-06-05 01:30 PM
osv
osv

Digital products download without proper payment status check

Impact Digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment didn't succeed. Patches New versions for the Aimeos HTML client 2020-2024 are...

5.3CVSS

7AI Score

0.0004EPSS

2024-06-05 01:30 PM
2
malwarebytes
malwarebytes

Financial sextortion scams on the rise

“Hey there!” messaged Savannah, someone 16-year-old Charlie had never met before, but looked cute in her profile picture. She had long blonde hair, blue eyes, and an adorable smile, so he decided to DM with her on Instagram. Soon their flirty exchanges grew heated, and Savannah was sending Charlie....

6.8AI Score

2024-06-05 01:30 PM
1
kitploit
kitploit

X-Recon - A Utility For Detecting Webpage Inputs And Conducting XSS Scans

A utility for identifying web page inputs and conducting XSS scanning. Features: Subdomain Discovery: Retrieves relevant subdomains for the target website and consolidates them into a whitelist. These subdomains can be utilized during the scraping process. Site-wide Link Discovery: Collects...

6.3AI Score

2024-06-05 12:30 PM
5
thn
thn

Unpacking 2024's SaaS Threat Predictions

Early in 2024, Wing Security released its State of SaaS Security report, offering surprising insights into emerging threats and best practices in the SaaS domain. Now, halfway through the year, several SaaS threat predictions from the report have already proven accurate. Fortunately, SaaS Security....

7.5AI Score

2024-06-05 11:00 AM
2
malwarebytes
malwarebytes

Big name TikTok accounts hijacked after opening DM

High profile TikTok accounts, including CNN, Sony, and—er­—Paris Hilton have been targeted in a recent attack. CNN was the first account takeover that made the news, with Semafor reporting that the account was down for several days after the incident. According to Forbes, the attack happens...

7.4AI Score

2024-06-05 10:03 AM
7
cve
cve

CVE-2024-2368

The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. This is due to missing or incorrect nonce validation on the duplicateForm() function. This makes it possible for unauthenticated attackers to duplicate forms via a forged....

4.3CVSS

6.7AI Score

0.0005EPSS

2024-06-05 07:15 AM
24
nvd
nvd

CVE-2024-2368

The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. This is due to missing or incorrect nonce validation on the duplicateForm() function. This makes it possible for unauthenticated attackers to duplicate forms via a forged....

4.3CVSS

4.2AI Score

0.0005EPSS

2024-06-05 07:15 AM
cvelist
cvelist

CVE-2024-2368 Mollie Forms <= 2.6.13 - Cross-Site Request Forgery to Arbitrary Post Duplication

The Mollie Forms plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.6.13. This is due to missing or incorrect nonce validation on the duplicateForm() function. This makes it possible for unauthenticated attackers to duplicate forms via a forged....

4.3CVSS

4.2AI Score

0.0005EPSS

2024-06-05 06:50 AM
cve
cve

CVE-2024-5149

The BuddyForms plugin for WordPress is vulnerable to Email Verification Bypass in all versions up to, and including, 2.8.9 via the use of an insufficiently random activation code. This makes it possible for unauthenticated attackers to bypass the email...

6.5CVSS

7.2AI Score

0.0005EPSS

2024-06-05 05:15 AM
24
nessus
nessus

RHEL 8 : Red Hat Product OCP Tools 4.13 OpenShift Jenkins (RHSA-2024:3636)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3636 advisory. Jenkins is a continuous integration server that monitors the execution of recurring jobs, such as software builds or cron jobs. Security...

7.5CVSS

7.6AI Score

0.962EPSS

2024-06-05 12:00 AM
freebsd
freebsd

traefik -- Unexpected behavior with IPv4-mapped IPv6 addresses

The traefik authors report: There is a vulnerability in Go managing various Is methods (IsPrivate, IsLoopback, etc) for IPv4-mapped IPv6 addresses. They didn't work as expected returning false for addresses which would return true in their traditional IPv4...

6.9AI Score

0.0004EPSS

2024-06-05 12:00 AM
nessus
nessus

RHEL 8 : Red Hat Product OCP Tools 4.14 OpenShift Jenkins (RHSA-2024:3634)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3634 advisory. Jenkins is a continuous integration server that monitors the execution of recurring jobs, such as software builds or cron jobs. Security...

7.5CVSS

6.8AI Score

0.962EPSS

2024-06-05 12:00 AM
nessus
nessus

RHEL 8 : Red Hat Product OCP Tools 4.12 Openshift Jenkins (RHSA-2024:3635)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3635 advisory. Jenkins is a continuous integration server that monitors the execution of recurring jobs, such as software builds or cron jobs. Security...

7.5CVSS

7.6AI Score

0.962EPSS

2024-06-05 12:00 AM
osv
osv

Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses in net/netip

The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4...

6.8AI Score

0.0004EPSS

2024-06-04 10:48 PM
13
cve
cve

CVE-2024-25095

Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

7.5CVSS

7.3AI Score

0.001EPSS

2024-06-04 07:18 PM
13
nvd
nvd

CVE-2024-25095

Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

7.5CVSS

7.7AI Score

0.001EPSS

2024-06-04 07:18 PM
1
cvelist
cvelist

CVE-2024-25095 WordPress Easy Forms for Mailchimp plugin <= 6.9.0 - Sensitive Data Exposure via Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...

7.5CVSS

7.7AI Score

0.001EPSS

2024-06-04 06:37 PM
1
github
github

Typo3 Arbitrary File Disclosure in Form Component

Failing to properly validate user input, the form component is susceptible to Arbitrary File Disclosure. A valid backend user account is needed to exploit this vulnerability. Only forms are vulnerable, which contain upload...

7.1AI Score

2024-06-04 03:01 PM
1
osv
osv

Typo3 Arbitrary File Disclosure in Form Component

Failing to properly validate user input, the form component is susceptible to Arbitrary File Disclosure. A valid backend user account is needed to exploit this vulnerability. Only forms are vulnerable, which contain upload...

7.1AI Score

2024-06-04 03:01 PM
3
qualysblog
qualysblog

TotalCloud Insights: Securing Your Data—The Power of Encryption in Preventing Threats

Introduction Did you know there is a 90% failure rate for encryption-related controls of MySQL Server in Microsoft Azure? The issue isn't confined to Azure; in Google Cloud Platform (GCP) environments there is a 98% failure rate of encryption-related controls for both compute engine and storage...

7.2AI Score

2024-06-04 03:00 PM
3
nvd
nvd

CVE-2024-35668

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue allows Reflected XSS.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from...

6.1CVSS

7AI Score

0.0005EPSS

2024-06-04 02:15 PM
cve
cve

CVE-2024-35668

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue allows Reflected XSS.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from...

7.1CVSS

7.2AI Score

0.0005EPSS

2024-06-04 02:15 PM
16
cvelist
cvelist

CVE-2024-35668 WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Brevo plugin <= 3.1.77 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue allows Reflected XSS.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from...

7.1CVSS

6.5AI Score

0.0005EPSS

2024-06-04 01:48 PM
2
vulnrichment
vulnrichment

CVE-2024-35668 WordPress Newsletter, SMTP, Email marketing and Subscribe forms by Brevo plugin <= 3.1.77 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Brevo Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue allows Reflected XSS.This issue affects Newsletter, SMTP, Email marketing and Subscribe forms by Sendinblue: from...

7.1CVSS

7AI Score

0.0005EPSS

2024-06-04 01:48 PM
malwarebytes
malwarebytes

Debt collection agency FBCS leaks information of 3 million US citizens

The US debt collection agency Financial Business and Consumer Solutions (FBCS) has filed a data breach notification, listing the the total number of people affected as 3,226,631. FBCS is a nationally licensed, third-party collection agency that collects commercial and consumer debts, with most of.....

7.5AI Score

2024-06-04 11:58 AM
8
cve
cve

CVE-2023-48271

Authentication Bypass by Spoofing vulnerability in yonifre Maspik – Spam blacklist allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maspik – Spam blacklist: from n/a through...

5.3CVSS

7.2AI Score

0.0004EPSS

2024-06-04 11:15 AM
3
nvd
nvd

CVE-2023-48271

Authentication Bypass by Spoofing vulnerability in yonifre Maspik – Spam blacklist allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maspik – Spam blacklist: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-04 11:15 AM
2
cve
cve

CVE-2023-48276

Improper Restriction of Excessive Authentication Attempts vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Functionality Bypass.This issue affects WP Forms Puzzle Captcha: from n/a through...

5.3CVSS

7.2AI Score

0.0004EPSS

2024-06-04 11:15 AM
37
nvd
nvd

CVE-2023-48276

Improper Restriction of Excessive Authentication Attempts vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Functionality Bypass.This issue affects WP Forms Puzzle Captcha: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-06-04 11:15 AM
1
cvelist
cvelist

CVE-2023-48276 WordPress WP Forms Puzzle Captcha plugin <= 4.1 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Functionality Bypass.This issue affects WP Forms Puzzle Captcha: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-06-04 10:20 AM
vulnrichment
vulnrichment

CVE-2023-48276 WordPress WP Forms Puzzle Captcha plugin <= 4.1 - Captcha Bypass vulnerability

Improper Restriction of Excessive Authentication Attempts vulnerability in Nitin Rathod WP Forms Puzzle Captcha allows Functionality Bypass.This issue affects WP Forms Puzzle Captcha: from n/a through...

5.3CVSS

7AI Score

0.0004EPSS

2024-06-04 10:20 AM
cvelist
cvelist

CVE-2023-48271 WordPress Maspik – Spam Blacklist plugin <= 0.10.3 - IP Filtering Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in yonifre Maspik – Spam blacklist allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maspik – Spam blacklist: from n/a through...

5.3CVSS

5.3AI Score

0.0004EPSS

2024-06-04 10:19 AM
vulnrichment
vulnrichment

CVE-2023-48271 WordPress Maspik – Spam Blacklist plugin <= 0.10.3 - IP Filtering Bypass vulnerability

Authentication Bypass by Spoofing vulnerability in yonifre Maspik – Spam blacklist allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maspik – Spam blacklist: from n/a through...

5.3CVSS

7AI Score

0.0004EPSS

2024-06-04 10:19 AM
veracode
veracode

Cross-Site Scripting (XSS)

typo3/cms-core is vulnerable to Cross-Site Scripting (XSS). The vulnerability is due to the mishandling of t3:// URL schemes and typolink functionality, which affecting both backend forms and frontend extensions using typolink rendering, which allows attackers to execute arbitrary JavaScript...

6.8AI Score

2024-06-04 06:36 AM
Total number of security vulnerabilities28149