Lucene search

K

Mollie Payment Forms & Donations Security Vulnerabilities

malwarebytes
malwarebytes

What is real-time protection and why do you need it?

The constant barrage of cyber threats can be overwhelming for all of us. And, as those threats evolve and attackers find new ways to compromise us, we need a way to keep on top of everything nasty that’s thrown our way. Malwarebytes’ free version tackles and reactively resolves threats already on.....

7.2AI Score

2024-05-20 12:39 PM
6
veracode
veracode

Sensitive Information Disclosure

ezsystems/repository-forms is vulnerable to Sensitive Information Disclosure. The vulnerability is caused due to missing permission checks before allowing access to user data. Specifically, the system did not properly verify if the user had the 'content' edit permissions, which allowed...

6.7AI Score

2024-05-20 06:31 AM
2
nessus
nessus

FreeBSD : qt5-webengine -- Multiple vulnerabilities (d58455cc-159e-11ef-83d8-4ccc6adda413)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the d58455cc-159e-11ef-83d8-4ccc6adda413 advisory. Out of bounds memory access in Compositing in Google Chrome prior to 123.0.6312.122 allowed a...

8AI Score

0.0004EPSS

2024-05-20 12:00 AM
2
wpvulndb
wpvulndb

WP Fundraising Donation and Crowdfunding Platform < 1.7.0 - Missing Authorization

Description The WP Fundraising Donation and Crowdfunding Platform plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on several functions surrounding donation modification in versions up to, and including, 1.6.4. This makes it possible for...

6.6AI Score

0.0004EPSS

2024-05-20 12:00 AM
1
debiancve
debiancve

CVE-2024-35871

In the Linux kernel, the following vulnerability has been resolved: riscv: process: Fix kernel gp leakage childregs represents the registers which are active for the new thread in user context. For a kernel thread, childregs-&gt;gp is never used since the kernel gp is not touched by switch_to. For....

7.1AI Score

0.0004EPSS

2024-05-19 09:15 AM
4
cve
cve

CVE-2024-35871

In the Linux kernel, the following vulnerability has been resolved: riscv: process: Fix kernel gp leakage childregs represents the registers which are active for the new thread in user context. For a kernel thread, childregs-&gt;gp is never used since the kernel gp is not touched by switch_to. For ...

6.8AI Score

0.0004EPSS

2024-05-19 09:15 AM
27
nvd
nvd

CVE-2024-35871

In the Linux kernel, the following vulnerability has been resolved: riscv: process: Fix kernel gp leakage childregs represents the registers which are active for the new thread in user context. For a kernel thread, childregs-&gt;gp is never used since the kernel gp is not touched by switch_to. For ...

6.6AI Score

0.0004EPSS

2024-05-19 09:15 AM
cvelist
cvelist

CVE-2024-35871 riscv: process: Fix kernel gp leakage

In the Linux kernel, the following vulnerability has been resolved: riscv: process: Fix kernel gp leakage childregs represents the registers which are active for the new thread in user context. For a kernel thread, childregs-&gt;gp is never used since the kernel gp is not touched by switch_to. For ...

6.6AI Score

0.0004EPSS

2024-05-19 08:34 AM
thn
thn

Grandoreiro Banking Trojan Resurfaces, Targeting Over 1,500 Banks Worldwide

The threat actors behind the Windows-based Grandoreiro banking trojan have returned in a global campaign since March 2024 following a law enforcement takedown in January. The large-scale phishing attacks, likely facilitated by other cybercriminals via a malware-as-a-service (MaaS) model, target...

7.1AI Score

2024-05-19 07:59 AM
ubuntucve
ubuntucve

CVE-2024-35871

In the Linux kernel, the following vulnerability has been resolved: riscv: process: Fix kernel gp leakage childregs represents the registers which are active for the new thread in user context. For a kernel thread, childregs-&gt;gp is never used since the kernel gp is not touched by switch_to. For ...

6.8AI Score

0.0004EPSS

2024-05-19 12:00 AM
1
cve
cve

CVE-2024-4709

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subject’ parameter in versions up to, and including, 5.1.16 due to insufficient input sanitization and output escaping. This makes it....

7.2CVSS

5.7AI Score

0.001EPSS

2024-05-18 08:15 AM
30
nvd
nvd

CVE-2024-4709

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subject’ parameter in versions up to, and including, 5.1.16 due to insufficient input sanitization and output escaping. This makes it....

7.2CVSS

6.3AI Score

0.001EPSS

2024-05-18 08:15 AM
cve
cve

CVE-2024-2782

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including,.....

7.5CVSS

6.5AI Score

0.0005EPSS

2024-05-18 08:15 AM
46
nvd
nvd

CVE-2024-2782

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including,.....

7.5CVSS

7.5AI Score

0.0005EPSS

2024-05-18 08:15 AM
2
cve
cve

CVE-2024-2772

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 5.1.13 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS

6.8AI Score

0.001EPSS

2024-05-18 08:15 AM
30
nvd
nvd

CVE-2024-2772

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 5.1.13 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS

6.1AI Score

0.001EPSS

2024-05-18 08:15 AM
2
cve
cve

CVE-2024-2771

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes...

9.8CVSS

7.7AI Score

0.001EPSS

2024-05-18 08:15 AM
53
nvd
nvd

CVE-2024-2771

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes...

9.8CVSS

6.9AI Score

0.001EPSS

2024-05-18 08:15 AM
cvelist
cvelist

CVE-2024-4709 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subject’ parameter in versions up to, and including, 5.1.16 due to insufficient input sanitization and output escaping. This makes it....

7.2CVSS

6.3AI Score

0.001EPSS

2024-05-18 07:38 AM
vulnrichment
vulnrichment

CVE-2024-4709 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘subject’ parameter in versions up to, and including, 5.1.16 due to insufficient input sanitization and output escaping. This makes it....

7.2CVSS

5.8AI Score

0.001EPSS

2024-05-18 07:38 AM
vulnrichment
vulnrichment

CVE-2024-2772 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.13 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 5.1.13 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS

6.5AI Score

0.001EPSS

2024-05-18 07:38 AM
1
cvelist
cvelist

CVE-2024-2772 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.13 - Authenticated (Subscriber+) Stored Cross-Site Scripting

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via form settings in all versions up to, and including, 5.1.13 due to insufficient input sanitization and output escaping. This makes it...

6.4CVSS

6.9AI Score

0.001EPSS

2024-05-18 07:38 AM
cvelist
cvelist

CVE-2024-2782 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Setting Manipulation

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including,.....

7.5CVSS

7.5AI Score

0.0005EPSS

2024-05-18 07:38 AM
vulnrichment
vulnrichment

CVE-2024-2782 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Setting Manipulation

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /wp-json/fluentform/v1/global-settings REST API endpoint in all versions up to, and including,.....

7.5CVSS

6.7AI Score

0.0005EPSS

2024-05-18 07:38 AM
cvelist
cvelist

CVE-2024-2771 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.16 - Missing Authorization to Settings Update and Limited Privilege Escalation

The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes...

9.8CVSS

7.2AI Score

0.001EPSS

2024-05-18 07:38 AM
2
nessus
nessus

FreeBSD : electron29 -- setuid() does not affect libuv's internal io_uring (a431676c-f86c-4371-b48a-b7d2b0bec3a3)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the a431676c-f86c-4371-b48a-b7d2b0bec3a3 advisory. setuid() does not affect libuv's internal io_uring operations if initialized before the call to...

7.3CVSS

7.2AI Score

0.0004EPSS

2024-05-18 12:00 AM
1
nessus
nessus

FreeBSD : Arti -- Security issues related to circuit construction (f393b5a7-1535-11ef-8064-c5610a6efffb)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the f393b5a7-1535-11ef-8064-c5610a6efffb advisory. In Tor Arti before 1.2.3, STUB circuits incorrectly have a length of 2 (with lite vanguards),...

7.5AI Score

EPSS

2024-05-18 12:00 AM
2
nessus
nessus

FreeBSD : OpenSSL -- Denial of Service vulnerability (b88aa380-1442-11ef-a490-84a93843eb75)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the b88aa380-1442-11ef-a490-84a93843eb75 advisory. Issue summary: Checking excessively long DSA keys or parameters may be very slow. Impact summary: ...

7.4AI Score

0.0004EPSS

2024-05-18 12:00 AM
9
qualysblog
qualysblog

Qualys Enterprise TruRisk™ Platform Extends FIM with Real-Time Monitoring of Unauthorized Access to Sensitive Data and Configuration Change Detection on Network Devices

Introducing FIM 4.0 with File Access Monitoring (FAM) and Agentless FIM to ensure compliance with the new PCI 4.0 File Integrity Monitoring (FIM) solutions are essential for virtually any organization to help identify suspicious activities across critical system files and registries, diagnose...

7.3AI Score

2024-05-17 11:45 PM
5
cve
cve

CVE-2024-35174

Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through...

5.3CVSS

6.3AI Score

0.0004EPSS

2024-05-17 11:15 AM
30
nvd
nvd

CVE-2024-35174

Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through...

5.3CVSS

5.8AI Score

0.0004EPSS

2024-05-17 11:15 AM
cvelist
cvelist

CVE-2024-35174 WordPress Flo Forms plugin <= 1.0.42 - Broken Access Control vulnerability

Missing Authorization vulnerability in Flothemes Flo Forms.This issue affects Flo Forms: from n/a through...

5.3CVSS

5.7AI Score

0.0004EPSS

2024-05-17 10:18 AM
nvd
nvd

CVE-2024-34755

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Salesforce.This issue affects Integration for Contact Form 7 and Salesforce: from n/a through...

4.3CVSS

5.1AI Score

0.0004EPSS

2024-05-17 10:15 AM
1
cve
cve

CVE-2024-34755

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Salesforce.This issue affects Integration for Contact Form 7 and Salesforce: from n/a through...

4.3CVSS

6.9AI Score

0.0004EPSS

2024-05-17 10:15 AM
27
cvelist
cvelist

CVE-2024-34755 WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.3.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Salesforce.This issue affects Integration for Contact Form 7 and Salesforce: from n/a through...

4.3CVSS

5.1AI Score

0.0004EPSS

2024-05-17 09:52 AM
1
vulnrichment
vulnrichment

CVE-2024-34755 WordPress Integration for Salesforce and Contact Form 7, WPForms, Elementor, Formidable, Ninja Forms plugin <= 1.3.9 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks Integration for Contact Form 7 and Salesforce.This issue affects Integration for Contact Form 7 and Salesforce: from n/a through...

4.3CVSS

7AI Score

0.0004EPSS

2024-05-17 09:52 AM
cve
cve

CVE-2024-23522

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through...

5.3CVSS

6.8AI Score

0.0004EPSS

2024-05-17 09:15 AM
23
nvd
nvd

CVE-2024-23522

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-05-17 09:15 AM
cvelist
cvelist

CVE-2024-23522 WordPress Formidable Forms plugin <= 6.7 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through...

5.3CVSS

5.4AI Score

0.0004EPSS

2024-05-17 08:47 AM
vulnrichment
vulnrichment

CVE-2024-23522 WordPress Formidable Forms plugin <= 6.7 - Content Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Strategy11 Form Builder Team Formidable Forms allows Code Injection.This issue affects Formidable Forms: from n/a through...

5.3CVSS

6.9AI Score

0.0004EPSS

2024-05-17 08:47 AM
nvd
nvd

CVE-2023-23988

Missing Authorization vulnerability in Joseph C Dolson My Tickets.This issue affects My Tickets: from n/a through...

7.5CVSS

7.5AI Score

0.0004EPSS

2024-05-17 07:15 AM
cve
cve

CVE-2023-23988

Missing Authorization vulnerability in Joseph C Dolson My Tickets.This issue affects My Tickets: from n/a through...

7.5CVSS

6.9AI Score

0.0004EPSS

2024-05-17 07:15 AM
24
cvelist
cvelist

CVE-2023-23988 WordPress My Tickets plugin <= 1.9.11 - Payment Bypass Vulnerability

Missing Authorization vulnerability in Joseph C Dolson My Tickets.This issue affects My Tickets: from n/a through...

7.5CVSS

7.5AI Score

0.0004EPSS

2024-05-17 06:33 AM
openvas
openvas

openSUSE: Security Advisory for opera (openSUSE-SU-2024:0128-1)

The remote host is missing an update for...

8.8CVSS

7.4AI Score

0.001EPSS

2024-05-17 12:00 AM
redhat
redhat

(RHSA-2024:2781) Moderate: OpenShift Container Platform 4.12.57 security update

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 4.12.57. See the following advisory for the container...

7.2AI Score

0.05EPSS

2024-05-16 04:06 PM
5
qualysblog
qualysblog

How the Qualys Enterprise TruRisk™ Platform Supports CISA Vulnrichment

Introduction In today's interconnected digital landscape, cybersecurity threats pose significant risks to organizations across various sectors. Recognizing the need for a structured approach to identify, prioritize, and address vulnerabilities, the Cybersecurity and Infrastructure Security Agency.....

6.9AI Score

2024-05-16 03:03 PM
4
wordfence
wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 6, 2024 to May 12, 2024)

Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 184 vulnerabilities disclosed in 146...

10CVSS

9.5AI Score

EPSS

2024-05-16 01:04 PM
21
osv
osv

eZ Platform User data disclosure

In eZ Platform v2.3.x it is possible to bypass permission checks in a particular case. This means user data such as name and email (but not passwords or password hashes) can be read by unauthenticated users. This affects only v2.3.x. If you use v2.2.x or older you are not affected. To install, use....

7.3AI Score

2024-05-15 09:34 PM
2
github
github

eZ Platform User data disclosure

In eZ Platform v2.3.x it is possible to bypass permission checks in a particular case. This means user data such as name and email (but not passwords or password hashes) can be read by unauthenticated users. This affects only v2.3.x. If you use v2.2.x or older you are not affected. To install, use....

7.3AI Score

2024-05-15 09:34 PM
2
github
github

eZ Publish Legacy Patch EZSA-2018-001 for Several vulnerabilities

This security advisory fixes 4 separate vulnerabilities in eZ Publish Legacy, and we recommend that you install it as soon as possible if you are using Legacy by itself or via the LegacyBridge. First, it increases the randomness, and thus the security, of the pseudo-random bytes used to generate a....

6.2AI Score

2024-05-15 09:22 PM
3
Total number of security vulnerabilities28149