Donation Block For PayPal < 2.1.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.4CVSS
5.6AI Score
0.001EPSS
Donation Block For PayPal < 2.1.0 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC [paypal_donation_block size='"...
5.4CVSS
5.4AI Score
0.001EPSS
nemo-appium vulnerable to OS Command Injection
Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium...
9.8CVSS
4.7AI Score
0.002EPSS
nemo-appium vulnerable to OS Command Injection
Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium...
9.8CVSS
4.7AI Score
0.002EPSS
Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium...
9.8CVSS
7.1AI Score
0.002EPSS
Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium...
9.8CVSS
9.6AI Score
0.002EPSS
Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium...
9.8CVSS
8.2AI Score
0.002EPSS
Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium...
9.8CVSS
9.7AI Score
0.002EPSS
Versions of the package nemo-appium before 0.0.9 are vulnerable to Command Injection due to improper input sanitization in the 'module.exports.setup' function. Note: In order to exploit this vulnerability appium-running 0.1.3 has to be installed as one of nemo-appium...
7.4CVSS
9.9AI Score
0.002EPSS
Protecting Against Malicious Use of Remote Monitoring and Management Software
Summary The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Multi-State Information Sharing and Analysis Center (MS-ISAC) (hereafter referred to as the “authoring organizations”) are releasing this joint Cybersecurity Advisory (CSA) to warn network...
9.4AI Score
U.S. Federal Agencies Fall Victim to Cyber Attack Utilizing Legitimate RMM Software
At least two federal agencies in the U.S. fell victim to a "widespread cyber campaign" that involved the use of legitimate remote monitoring and management (RMM) software to perpetuate a phishing scam. "Specifically, cyber criminal actors sent phishing emails that led to the download of legitimate....
0.2AI Score
The WordPress Simple Shopping Cart WordPress plugin before 4.6.2 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used...
5.4CVSS
5.3AI Score
0.001EPSS
The Biggest US Surveillance Program You Didn’t Know About
Plus: A leaked US “no fly” list, the SCOTUS leaker slips investigators, and PayPal gets...
3.6AI Score
PayPal Notifies 35,000 Users of Data Breach
By Habiba Rashid According to PayPal, hackers managed to access the personal information of 34,942 users; however, no transactions were performed from the breached accounts. This is a post from HackRead.com Read the original post: PayPal Notifies 35,000 Users of Data...
3.9AI Score
Easy PayPal Buy Now Button < 1.7.4 - Contributor+ Stored XSS in Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks PoC [wpecpp name="' accesskey='X'...
5.4CVSS
5.1AI Score
0.001EPSS
Nice PayPal Button Lite <= 1.3.5 - CSRF
The plugin does not have CSRF checks in some places, which could allow attackers to make logged in users perform unwanted actions via CSRF...
8.8CVSS
8.3AI Score
0.001EPSS
Easy PayPal Buy Now Button < 1.7.4 - Contributor+ Stored XSS in Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.4CVSS
5.2AI Score
0.001EPSS
Exploit for Incorrect Conversion between Numeric Types in Apache Xalan-Java
AutoGenerateXalanPayload 简介...
0.3AI Score
Easy Accept Payments for PayPal < 4.9.10 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.4CVSS
5.2AI Score
0.001EPSS
Easy Accept Payments for PayPal < 4.9.10 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC [wp_paypal_payment_box_for_any_amount...
5.4CVSS
5.1AI Score
0.001EPSS
Get Unified Cloud and Endpoint Security: Only $1 for 1,000 Assets for all of 2023!
As the new year begins, it's more important than ever to protect your business from the constantly evolving cyber threats that could compromise your valuable assets. But who wants to pay an arm and a leg for top-tier security? With this Uptycs introductory offer, you do not have to. Kickstart the.....
-0.4AI Score
CVE-2022-10270 影响版本: 向日葵个人版 Windows <= 11.0.0.33 向日葵简约版 <=...
7.1AI Score
Exploit for Stack-based Buffer Overflow in Modbustools Modbus Slave
CVE-2022-1068 Modbus Slave缓冲区溢出漏洞CVE-2022-1068分析与复现 使用参考:...
7.5CVSS
6.5AI Score
0.001EPSS
Exploit for Authentication Bypass by Spoofing in Zabbix
cve-2022-23131 FOFA app="ZABBIX-监控系统" &&...
9.8CVSS
0.5AI Score
0.97EPSS
Exploit for Code Injection in Vmware Spring Framework
CVE-2022-22965-rexbb springboot core...
9.8CVSS
8.9AI Score
0.975EPSS
WordPress Simple Shopping Cart < 4.6.2 - Contributor+ Stored XSS via Shortcode
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks which could be used against high privilege users such as admins. PoC Exploit...
5.4CVSS
2.8AI Score
0.001EPSS
7.3AI Score
The Checkout for PayPal WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting...
5.4CVSS
5.3AI Score
0.001EPSS
The Checkout for PayPal WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting...
5.4CVSS
0.001EPSS
The Checkout for PayPal WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting...
5.4CVSS
5.4AI Score
0.001EPSS
CVE-2022-3983 Checkout for PayPal < 1.0.14 - Contributor+ Stored XSS
The Checkout for PayPal WordPress plugin before 1.0.14 does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting...
5.6AI Score
0.001EPSS
Six Charged in Mass Takedown of DDoS-for-Hire Sites
The U.S. Department of Justice (DOJ) today seized four-dozen domains that sold "booter" or "stresser" services -- businesses that make it easy and cheap for even non-technical users to launch powerful Distributed Denial of Service (DDoS) attacks designed knock targets offline. The DOJ also charged....
0.4AI Score
A week in security (December 5 - 11)
Last week on Malwarebytes Labs: Security advisories are falling short. Here's why, with Dustin Childs: Lock and Code S03E25 Eufy "no cloud" security cameras streaming data to the cloud Snapchat gives Californians more power over their personal data Update now! Emergency fix for Google Chrome's V8.....
AI Score
Huatian Power Collaboration Office System has information leakage vulnerability
Dalian Huatian Software Co., Ltd. is a high-tech enterprise established according to the international advanced management model and system, and is a collaborative management software company known for its leading technology. There is an information leakage vulnerability in Huatian Power...
2.2AI Score
0.4AI Score
Main phishing and scamming trends and techniques
There are two main types of online fraud aimed at stealing user data and money: phishing and scams. Phishers primarily seek to extract confidential information from victims, such as credentials or bank card details, while scammers deploy social engineering to persuade targets to transfer money on.....
-0.1AI Score
Watch out for this triple threat PayPal phish
ZDNet reports an interesting form of PayPal scam sent to one of their own writers. The scam is a so-called "triple threat" phish, in that it gives the scammer three different ways to potentially collect some ill gotten gains from potential victims. The idea is that if one of the three tactics...
0.7AI Score
This is an actual CAPTCHA I was shown when trying to log into PayPal. As an actual human and not a bot, I had no idea how to answer. Is this a joke? (Seems not.) Is it a Magritte-like existential question? (It's not a bicycle. It's a drawing of a bicycle. Actually, it's a photograph of a drawing...
0.7AI Score
Exploit for Authentication Bypass by Spoofing in Apache Apisix
POC 收集的POC CVE-2022-24112...
9.8CVSS
0.9AI Score
0.974EPSS
WordPress Donations via PayPal plugin cross-site scripting vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a set of blogging platforms developed using the PHP language. WordPress plugin is an application plugin. WordPress Donations via PayPal plugin version 1.9.9 has a cross-site scripting vulnerability that...
4.8CVSS
1AI Score
0.001EPSS
The Donations via PayPal WordPress plugin before 1.9.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
0.001EPSS
The Donations via PayPal WordPress plugin before 1.9.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
4.7AI Score
0.001EPSS
The Donations via PayPal WordPress plugin before 1.9.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
4.8CVSS
4.7AI Score
0.001EPSS
CVE-2022-3822 Donations via PayPal < 1.9.9 - Admin+ Stored XSS
The Donations via PayPal WordPress plugin before 1.9.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5AI Score
0.001EPSS
Black Friday shoppers beware: online threats so far in 2022
The shopping event of the year, Black Friday, is almost here, and while the big day does not officially arrive until Friday, November 25th, deals are already starting. The day kickstarts the frenzied holiday shopping season with eye-catching promotional deals that lure shoppers into spending more.....
-0.4AI Score
Auth. Stored Cross-Site Scripting (XSS) vulnerability discovered by Lana Codes in WordPress Checkout for PayPal plugin (versions <= 1.0.13). Solution Update the WordPress Checkout for PayPal plugin to the latest available version (at least...
2.2AI Score
0.001EPSS
Checkout for PayPal < 1.0.14 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting attacks PoC As a contributor, put the following shortcode in a page/post...
5.4CVSS
2.3AI Score
0.001EPSS
Checkout for PayPal < 1.0.14 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in the page, which could allow users with a role as low as contributor to perform Stored Cross-Site Scripting...
5.4CVSS
1AI Score
0.001EPSS
First Review of A Hacker’s Mind
Kirkus reviews A Hacker's Mind: A cybersecurity expert examines how the powerful game whatever system is put before them, leaving it to others to cover the cost. Schneier, a professor at Harvard Kennedy School and author of such books as Data and Goliath and Click Here To Kill Everybody,...
AI Score
Exploit for Missing Authentication for Critical Function in Vmware Vcenter Server
VMware_vCenter_UNAuthorized_RCE_CVE-2021-21972 **zoomeye...
9.8CVSS
3.4AI Score
0.973EPSS