Mollie Payment Forms & Donations Security Vulnerabilities
Amazon Linux 2 : cri-tools (ALAS-2024-2568)
The version of cri-tools installed on the remote host is prior to 1.29.0-1. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2024-2568 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of...
8.2AI Score
0.0004EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 479df73e-2838-11ef-9cab-4ccc6adda413 advisory. David Edmundson reports: KSmserver, KDE's XSMP manager, incorrectly allows connections via...
7.9AI Score
EPSS
Securing Online Business Transactions: Essential Tools and Practices
Enhance your online transaction security with encryption, VPNs, and authentication. Understand threats, address vulnerabilities, and use secure payment gateways. Stay compliant with PCI DSS and regulatory standards to protect your business and build customer...
7.4AI Score
Traefik has unexpected behavior with IPv4-mapped IPv6 addresses
Impact There is a vulnerability in Go managing various Is methods (IsPrivate, IsLoopback, etc) for IPv4-mapped IPv6 addresses. They didn't work as expected returning false for addresses which would return true in their traditional IPv4 forms. References CVE-2024-24790 Patches ...
9.8CVSS
6.6AI Score
0.001EPSS
Traefik has unexpected behavior with IPv4-mapped IPv6 addresses
Impact There is a vulnerability in Go managing various Is methods (IsPrivate, IsLoopback, etc) for IPv4-mapped IPv6 addresses. They didn't work as expected returning false for addresses which would return true in their traditional IPv4 forms. References CVE-2024-24790 Patches ...
9.8CVSS
7AI Score
0.001EPSS
Microsoft and Adobe Patch Tuesday, June 2024 Security Update Review
Microsoft's June Patch Tuesday is here, bringing fixes for vulnerabilities impacting its multiple products. This month's release highlights the ongoing battle against cybersecurity threats, from critical updates to important fixes. Let's dive into the crucial insights from Microsoft's Patch...
9.8CVSS
9.3AI Score
0.003EPSS
10 years of the GitHub Security Bug Bounty Program
Each year, we celebrate the GitHub Security Bug Bounty program, highlighting impressive bugs and researchers, rewards, live hacking events, and more. This year, we celebrate a new milestone: 10 years of the GitHub Security Bug Bounty program! While we've had some exciting growth over the last 10...
7AI Score
The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment...
5.3CVSS
5.2AI Score
0.0004EPSS
The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment...
5.3CVSS
0.0004EPSS
The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment...
5.3CVSS
6.9AI Score
0.0004EPSS
The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment...
5.3CVSS
0.0004EPSS
The Aimeos HTML client provides Aimeos HTML components for e-commerce projects. Starting in version 2020.04.1 and prior to versions 2020.10.27, 2021.10.21, 2022.10.12, 2023.10.14, and 2024.04.5, digital downloads sold in online shops can be downloaded without valid payment, e.g. if the payment...
5.3CVSS
6.6AI Score
0.0004EPSS
Update 24.1 for Microsoft Dynamics 365 Business Central (on-premises) 2024 Release Wave 1 (Application Build 24.1.19498, Platform Build 24.0.19487) Overview This update replaces previously released updates. You should always install the latest update. This update also fixes vulnerabilities. For...
8.8CVSS
8.9AI Score
0.001EPSS
Update 22.13 for Microsoft Dynamics 365 Business Central (on-premises) 2023 Release Wave 1 (Application Build 22.13.64344, Platform Build 22.0.64336) Overview This update replaces previously released updates. You should always install the latest update. This update also fixes vulnerabilities. For.....
8.8CVSS
8.8AI Score
0.001EPSS
Update 23.7 for Microsoft Dynamics 365 Business Central (on-premises) 2023 Release Wave 2 (Application Build 23.7.18957, Platform Build 23.0.18933) Overview This update replaces previously released updates. You should always install the latest update. This update also fixes vulnerabilities. For...
8.8CVSS
8.8AI Score
0.001EPSS
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for.....
5.3CVSS
0.0005EPSS
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for.....
5.3CVSS
5.2AI Score
0.0005EPSS
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for.....
5.3CVSS
0.0005EPSS
The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the entry data for.....
5.3CVSS
6.8AI Score
0.0005EPSS
Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the...
6.5CVSS
6.8AI Score
0.0004EPSS
Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the...
6.5CVSS
0.0004EPSS
CVE-2024-34691 Missing Authorization check in SAP S/4HANA (Manage Incoming Payment Files)
Manage Incoming Payment Files (F1680) of SAP S/4HANA does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. As a result, it has high impact on integrity and no impact on the confidentiality and availability of the...
6.5CVSS
0.0004EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 5f608c68-276c-11ef-8caa-0897988a1c07 advisory. Composer project reports: The status, reinstall and remove commands with packages ...
8.8CVSS
8AI Score
0.0004EPSS
Payment Gateway for Telcell < 2.0.4 - Open Redirect
The plugin does not validate the api_url parameter before redirecting the user to its value, leading to an Open Redirect...
6.8AI Score
EPSS
Update: CVE-2024-4577 quickly weaponized to distribute “TellYouThePass” Ransomware
Introduction Recently, Imperva Threat Research reported on attacker activity leveraging the new PHP vulnerability, CVE-2024-4577. From as early as June 8th, we have detected attacker activity leveraging this vulnerability to deliver malware, which we have now identified to be a part of the...
10CVSS
8AI Score
EPSS
Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through...
5.3CVSS
5.4AI Score
0.0005EPSS
Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through...
5.3CVSS
0.0005EPSS
Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through...
5.3CVSS
7AI Score
0.0005EPSS
Improper Restriction of Excessive Authentication Attempts vulnerability in wpdevart Contact Form Builder, Contact Widget allows Functionality Bypass.This issue affects Contact Form Builder, Contact Widget: from n/a through...
5.3CVSS
0.0005EPSS
A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted...
4.4CVSS
0.0004EPSS
A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted...
4.4CVSS
4.7AI Score
0.0004EPSS
CVE-2024-4403 CSRF in restart_program in parisneo/lollms-webui
A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted...
4.4CVSS
6.9AI Score
0.0004EPSS
CVE-2024-4403 CSRF in restart_program in parisneo/lollms-webui
A Cross-Site Request Forgery (CSRF) vulnerability exists in the restart_program function of the parisneo/lollms-webui v9.6. This vulnerability allows attackers to trick users into performing unintended actions, such as resetting the program without their knowledge, by sending specially crafted...
4.4CVSS
0.0004EPSS
A European Summer of Sports is Upon Us – What Does it Mean for Security?
The recent Champions League final in London (congratulations, Real Madrid!) marked the opening shot to a hot European summer of major sporting events. We now approach the highly anticipated UEFA EURO 2024 football tournament in Germany and the Olympic Games in Paris 2024. And as we do, bad actors.....
7AI Score
Bypassing 2FA with phishing and OTP bots
Introduction Two-factor authentication (2FA) is a security feature we have come to expect as standard by 2024. Most of today's websites offer some form of it, and some of them won't even let you use their service until you enable 2FA. Individual countries have adopted laws that require certain...
7.2AI Score
Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...
7.3CVSS
5.5AI Score
0.0005EPSS
Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...
7.3CVSS
0.0005EPSS
Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...
5.3CVSS
0.0005EPSS
Missing Authorization vulnerability in Code Parrots Easy Forms for Mailchimp.This issue affects Easy Forms for Mailchimp: from n/a through...
5.3CVSS
7.2AI Score
0.0005EPSS
Malicious code in rb-payment-wallet (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (4eb4113e8b820d0f3ed35205bfc6b682ce6bb937db31002b79c44bb723908e18) The OpenSSF Package Analysis project identified 'rb-payment-wallet' @ 0.1.2 (npm) as malicious. It is considered malicious because: The package...
7.1AI Score
Improper Enforcement Of Behavioral Workflow
aimeos/ai-client-html is vulnerable to Improper enforcement of behavioral workflow. The vulnerability is due to an issue where digital downloads sold in online shops can be accessed without valid payment, for instance, if the payment process fails. This could allow attackers to obtain digital...
6.9AI Score
github.com/golang/go/ is vulnerable to Improper Input Validation. The vulnerability is due to various methods (IsPrivate, IsLoopback, etc.) which do not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4...
9.8CVSS
6.6AI Score
0.001EPSS
Description The Advanced Contact form 7 DB plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'vsz_cf7_export_to_excel' function in versions up to, and including, 2.0.2. This makes it possible for unauthenticated attackers to download the...
5.3CVSS
6.7AI Score
0.0005EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpecommerce Recurring PayPal Donations allows Stored XSS.This issue affects Recurring PayPal Donations: from n/a through...
6.5CVSS
6.4AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpecommerce Recurring PayPal Donations allows Stored XSS.This issue affects Recurring PayPal Donations: from n/a through...
6.5CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpecommerce Recurring PayPal Donations allows Stored XSS.This issue affects Recurring PayPal Donations: from n/a through...
6.5CVSS
0.0004EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpecommerce Recurring PayPal Donations allows Stored XSS.This issue affects Recurring PayPal Donations: from n/a through...
6.5CVSS
6.8AI Score
0.0004EPSS
The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 91929399-249e-11ef-9296-b42e991fc52e advisory. [email protected] reports: Kanboard is project management software that focuses on the...
8.2CVSS
6.8AI Score
0.0004EPSS
TYPO3 Cross-Site Scripting in Form Framework
Failing to properly encode user input, frontend forms handled by the form framework (system extension “form”) are vulnerable to cross-site...
6.7AI Score
TYPO3 Cross-Site Scripting in Form Framework
Failing to properly encode user input, frontend forms handled by the form framework (system extension “form”) are vulnerable to cross-site...
6.7AI Score