Lucene search

K

Mollie Payment Forms & Donations Security Vulnerabilities

thn
thn

Indian National Pleads Guilty to $37 Million Cryptocurrency Theft Scheme

An Indian national has pleaded guilty in the U.S. over charges of stealing more than $37 million by setting up a website that impersonated the Coinbase cryptocurrency exchange platform. Chirag Tomar, 30, pleaded guilty to wire fraud conspiracy, which carries a maximum sentence of 20 years in...

7.5AI Score

2024-05-28 12:50 PM
3
nessus
nessus

Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2024-625)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2024-625 advisory. An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and...

7.2AI Score

0.0004EPSS

2024-05-28 12:00 AM
4
talos
talos

Foxit Reader Updater improper certificate validation privilege escalation vulnerability

Talos Vulnerability Report TALOS-2024-1989 Foxit Reader Updater improper certificate validation privilege escalation vulnerability May 28, 2024 CVE Number CVE-2024-29072 SUMMARY A privilege escalation vulnerability exists in the Foxit Reader 2024.2.0.25138. The vulnerability occurs due to improper....

8.2CVSS

7.6AI Score

0.0004EPSS

2024-05-28 12:00 AM
1
nessus
nessus

Oracle Linux 8 : python39:3.9 / and / python39-devel:3.9 (ELSA-2024-2985)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2985 advisory. mod_wsgi [4.7.1-7] - Bump release for rebuild Resolves: rhbz#2213595 [4.7.1-6] - Remove rpath Resolves: rhbz#2213837 [4.7.1-5] - Core...

8.2CVSS

7.2AI Score

0.016EPSS

2024-05-28 12:00 AM
3
nessus
nessus

Oracle Linux 8 : python27:2.7 (ELSA-2024-2987)

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2024-2987 advisory. babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves:...

9.8CVSS

7.2AI Score

0.032EPSS

2024-05-28 12:00 AM
5
github
github

silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms

When accessing the install.php script it is possible to extract any pre-configured database or default admin account password by viewing the source of the page, and inspecting the value property of the password...

7.2AI Score

2024-05-27 10:54 PM
5
osv
osv

silverstripe/framework's install.php script discloses sensitive data by pre-populating DB credential forms

When accessing the install.php script it is possible to extract any pre-configured database or default admin account password by viewing the source of the page, and inspecting the value property of the password...

7.2AI Score

2024-05-27 10:54 PM
1
osv
osv

silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms

User enumeration is possible by performing a timing attack on the login or password reset pages with user...

7.3AI Score

2024-05-27 09:45 PM
github
github

silverstripe/framework vulnerable to user enumeration via timing attack on login and password reset forms

User enumeration is possible by performing a timing attack on the login or password reset pages with user...

7.3AI Score

2024-05-27 09:45 PM
6
securelist
securelist

Message board scams

Marketplace fraud is nothing new. Cybercriminals swindle money out of buyers and sellers alike. Lately, we've seen a proliferation of cybergangs operating under the Fraud-as-a-Service model and specializing in tricking users of online marketplaces, in particular, message boards. Criminals are...

6.4AI Score

2024-05-27 01:00 PM
9
thn
thn

Moroccan Cybercrime Group Steals Up to $100K Daily Through Gift Card Fraud

Microsoft is calling attention to a Morocco-based cybercrime group dubbed Storm-0539 that's behind gift card fraud and theft through highly sophisticated email and SMS phishing attacks. "Their primary motivation is to steal gift cards and profit by selling them online at a discounted rate," the...

7AI Score

2024-05-27 12:12 PM
1
thn
thn

New Tricks in the Phishing Playbook: Cloudflare Workers, HTML Smuggling, GenAI

Cybersecurity researchers are alerting of phishing campaigns that abuse Cloudflare Workers to serve phishing sites that are used to harvest users' credentials associated with Microsoft, Gmail, Yahoo!, and cPanel Webmail. The attack method, called transparent phishing or adversary-in-the-middle...

7.2AI Score

2024-05-27 09:02 AM
1
openvas
openvas

Fedora: Security Advisory for glib2 (FEDORA-2024-fd2569c4e9)

The remote host is missing an update for...

7.5AI Score

0.0004EPSS

2024-05-27 12:00 AM
1
openvas
openvas

Fedora: Security Advisory for php-tcpdf (FEDORA-2024-27eafd0e65)

The remote host is missing an update for...

6.7AI Score

0.0004EPSS

2024-05-27 12:00 AM
openvas
openvas

Fedora: Security Advisory for glib2 (FEDORA-2024-635a54eb7e)

The remote host is missing an update for...

7.5AI Score

0.0004EPSS

2024-05-27 12:00 AM
nessus
nessus

FreeBSD : electron29 -- use after free in Dawn (04e78f32-04b2-4c23-bfae-72600842d317)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 04e78f32-04b2-4c23-bfae-72600842d317 advisory. Electron developers report: This update fixes the following vulnerability: Tenable has extracted the...

6.9AI Score

0.0004EPSS

2024-05-26 12:00 AM
3
nessus
nessus

FreeBSD : electron28 -- multiple vulnerabilities (43d1c381-a3e5-4a1d-b3ed-f37b61a451af)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 43d1c381-a3e5-4a1d-b3ed-f37b61a451af advisory. Electron developers report: This update fixes the following vulnerabilities: Tenable has...

8.8CVSS

9.4AI Score

0.001EPSS

2024-05-26 12:00 AM
1
nessus
nessus

FreeBSD : QtNetworkAuth -- predictable seeding of PRNG in QAbstractOAuth (f5fa174d-19de-11ef-83d8-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the f5fa174d-19de-11ef-83d8-4ccc6adda413 advisory. Andy Shaw reports: The OAuth1 implementation in QtNetworkAuth created nonces using a...

7.2AI Score

0.0004EPSS

2024-05-25 12:00 AM
5
pentestpartners
pentestpartners

UK PSTI? You’ll need a Vulnerability Disclosure Program!

If you are distributing or selling smart devices in to the UK market, your products will need to be compliant with the UK Product Security and Telecommunications Act. One of the three mandatory areas is that you have a vulnerability disclosure program (VDP) In the supporting materials for the Act,....

7.4AI Score

2024-05-24 05:52 AM
7
oraclelinux
oraclelinux

python39:3.9 and python39-devel:3.9 security update

mod_wsgi [4.7.1-7] - Bump release for rebuild Resolves: rhbz#2213595 [4.7.1-6] - Remove rpath Resolves: rhbz#2213837 [4.7.1-5] - Core dumped upon file upload >= 1GB Resolves: rhbz#2125172 [4.7.1-4] - Convert from Fedora to the python39 module in RHEL8 - Resolves: rhbz#1877430 [4.7.1-3] - Rebuilt...

8.1CVSS

6.7AI Score

0.005EPSS

2024-05-24 12:00 AM
4
oraclelinux
oraclelinux

python27:2.7 security update

babel [2.5.1-10] - Fix CVE-2021-20095 Resolves: rhbz#1955615 [2.5.1-9] - Bumping due to problems with modular RPM upgrade path - Resolves: rhbz#1695587 [2.5.1-8] - Fix unversioned requires/buildrequires - Resolves: rhbz#1628242 [2.5.1-7] - Remove unversioned binaries - Resolves: rhbz#1613343...

9.8CVSS

6.7AI Score

0.005EPSS

2024-05-24 12:00 AM
2
amazon
amazon

Medium: amazon-cloudwatch-agent

Issue Overview: An attacker may cause an HTTP/2 endpoint to read arbitrary amounts of header data by sending an excessive number of CONTINUATION frames. Maintaining HPACK state requires parsing and processing all HEADERS and CONTINUATION frames on a connection. When a request's headers exceed...

6.9AI Score

0.0004EPSS

2024-05-23 10:04 PM
1
github
github

silverstripe/framework ReadOnly transformation for formfields exploitable

Form fields returning isReadonly() as true are vulnerable to reflected XSS injections. This includes ReadonlyField, LookupField, HTMLReadonlyField, as well as special purpose fields like TimeField_Readonly. Values submitted to through these form fields are not filtered out from the form session...

6.1AI Score

2024-05-23 07:50 PM
5
osv
osv

silverstripe/framework ReadOnly transformation for formfields exploitable

Form fields returning isReadonly() as true are vulnerable to reflected XSS injections. This includes ReadonlyField, LookupField, HTMLReadonlyField, as well as special purpose fields like TimeField_Readonly. Values submitted to through these form fields are not filtered out from the form session...

6.1AI Score

2024-05-23 07:50 PM
6
osv
osv

Silverstripe Missing CSRF protection in login form

LoginForm calls disableSecurityToken(), which causes a "shared host domain" vulnerability:...

7.1AI Score

2024-05-23 07:41 PM
4
github
github

Silverstripe Missing CSRF protection in login form

LoginForm calls disableSecurityToken(), which causes a "shared host domain" vulnerability:...

7.1AI Score

2024-05-23 07:41 PM
2
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 13, 2024 to May 19, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 118 vulnerabilities disclosed in 90...

10CVSS

9.4AI Score

EPSS

2024-05-23 03:00 PM
16
redhat
redhat

(RHSA-2024:2901) Low: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.12.1-394 Security Update

The Custom Metrics Autoscaler Operator for Red Hat OpenShift is an optional operator, based on the Kubernetes Event Driven Autoscaler (KEDA), which allows workloads to be scaled using additional metrics sources other than pod metrics. This release builds upon updated compiler, runtime library, and....

6.9AI Score

0.004EPSS

2024-05-23 02:07 PM
5
redhatcve
redhatcve

CVE-2021-47227

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Prevent state corruption in __fpu__restore_sig() The non-compacted slowpath uses __copy_from_user() and copies the entire user buffer into the kernel buffer, verbatim. This means that the kernel buffer may now contain...

6.9AI Score

0.0004EPSS

2024-05-23 02:00 PM
4
mssecure
mssecure

Cyber Signals: Inside the growing risk of gift card fraud

In the ever-evolving landscape of cyberthreats, staying ahead of malicious actors is a constant challenge. Microsoft Threat Intelligence has observed that gift cards are attractive targets for fraud and social engineering practices. Unlike credit or debit cards, there’s no customer name or bank...

7.5AI Score

2024-05-23 01:00 PM
redhatcve
redhatcve

CVE-2023-52786

In the Linux kernel, the following vulnerability has been resolved: ext4: fix racy may inline data check in dio write syzbot reports that the following warning from ext4_iomap_begin() triggers as of the commit referenced below: if (WARN_ON_ONCE(ext4_has_inline_data(inode))) return -ERANGE; This...

6.4AI Score

0.0004EPSS

2024-05-23 11:10 AM
4
redhat
redhat

(RHSA-2024:3316) Important: Migration Toolkit for Applications security and bug fix update

Migration Toolkit for Applications 7.0.3 Images Security Fix(es) from Bugzilla: golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS (CVE-2023-45288) webpack-dev-middleware: lack of URL validation may lead to file leak (CVE-2024-29180) axios: exposure of...

7.4AI Score

EPSS

2024-05-23 06:30 AM
5
redhat
redhat

(RHSA-2024:2874) Moderate: OpenShift Container Platform 4.13.42 security and extras update

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.13.42. See the following advisory for the container...

7.1AI Score

0.05EPSS

2024-05-23 06:07 AM
3
nvd
nvd

CVE-2023-6325

The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the export_entries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for...

5.3CVSS

5.7AI Score

0.001EPSS

2024-05-23 05:15 AM
cve
cve

CVE-2023-6325

The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the export_entries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for...

5.3CVSS

6.8AI Score

0.001EPSS

2024-05-23 05:15 AM
33
cvelist
cvelist

CVE-2023-6325 RomethemeForm For Elementor <= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate

The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the export_entries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for...

5.3CVSS

5.7AI Score

0.001EPSS

2024-05-23 04:30 AM
vulnrichment
vulnrichment

CVE-2023-6325 RomethemeForm For Elementor <= 1.1.5 - Missing Authorization via export_entries, rtformnewform, and rtformupdate

The RomethemeForm For Elementor plugin for WordPress is vulnerable to unauthorized access and modification of data due to a missing capability check on the export_entries, rtformnewform, and rtformupdate functions in all versions up to, and including, 1.1.5. This makes it possible for...

5.3CVSS

6.9AI Score

0.001EPSS

2024-05-23 04:30 AM
nessus
nessus

FreeBSD : chromium -- multiple security fixes (8247af0d-183b-11ef-9f97-a8a1599412c6)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the 8247af0d-183b-11ef-9f97-a8a1599412c6 advisory. Chrome Releases reports: This update includes 15 security fixes: Tenable has extracted the...

8.8CVSS

7.5AI Score

0.002EPSS

2024-05-23 12:00 AM
2
nessus
nessus

RHEL 8 : container-tools:rhel8 (RHSA-2024:3254)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:3254 advisory. The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): *...

8.6CVSS

7.7AI Score

0.002EPSS

2024-05-23 12:00 AM
3
nessus
nessus

FreeBSD : Gitlab -- Vulnerabilities (f848ef90-1848-11ef-9850-001b217b3468)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f848ef90-1848-11ef-9850-001b217b3468 advisory. Gitlab reports: 1-click account takeover via XSS in the code editor in gitlab.com A DOS...

8CVSS

6.7AI Score

0.0004EPSS

2024-05-23 12:00 AM
11
redhat
redhat

(RHSA-2024:3254) Important: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): buildah: full container escape at build time (CVE-2024-1753) golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters...

7.3AI Score

0.002EPSS

2024-05-22 10:41 AM
8
malwarebytes
malwarebytes

Criminal record database of millions of Americans dumped online

A cybercriminal going by the names of EquationCorp and USDoD has released an enormous database containing the criminal records of millions of Americans. The database is said to contain 70 million rows of data. Post by USDoD on a breach forum The leaked database is said to include full names, dates....

7.3AI Score

2024-05-22 10:32 AM
9
cve
cve

CVE-2024-4157

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.15 via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for.....

7.5CVSS

7AI Score

0.001EPSS

2024-05-22 08:15 AM
28
nvd
nvd

CVE-2024-4157

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.15 via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for.....

7.5CVSS

7.3AI Score

0.001EPSS

2024-05-22 08:15 AM
1
cvelist
cvelist

CVE-2024-4157 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.15 - PHP Object Injection via extractDynamicValues

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.15 via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for.....

7.5CVSS

7.9AI Score

0.001EPSS

2024-05-22 07:37 AM
2
vulnrichment
vulnrichment

CVE-2024-4157 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.15 - PHP Object Injection via extractDynamicValues

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 5.1.15 via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for.....

7.5CVSS

6.5AI Score

0.001EPSS

2024-05-22 07:37 AM
2
wpvulndb
wpvulndb

Contact Form Plugin by Fluent Forms < 5.1.16 - Contributor+ PHP Object Injection

Description The plugin is vulnerable to PHP Object Injection via deserialization of untrusted input in the extractDynamicValues function. This makes it possible for authenticated attackers, with contributor-level access and above, to inject a PHP Object. If a POP chain is present via an additional....

9.8CVSS

6.9AI Score

0.001EPSS

2024-05-22 12:00 AM
5
wpvulndb
wpvulndb

Newsletter, SMTP, Email marketing and Subscribe forms by Brevo < 3.1.78 - Reflected XSS

Description The plugin is vulnerable to Reflected Cross-Site Scripting via the page parameter due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scripts in pages that execute if they can successfully trick a user....

6.5AI Score

2024-05-22 12:00 AM
4
almalinux
almalinux

Important: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): buildah: full container escape at build time (CVE-2024-1753) golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)...

8.6CVSS

6.9AI Score

0.002EPSS

2024-05-22 12:00 AM
2
osv
osv

Important: container-tools:rhel8 security update

The container-tools module contains tools for working with containers, notably podman, buildah, skopeo, and runc. Security Fix(es): buildah: full container escape at build time (CVE-2024-1753) golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters (CVE-2022-2880)...

8.6CVSS

6.7AI Score

0.002EPSS

2024-05-22 12:00 AM
2
Total number of security vulnerabilities28231