Lucene search
K

84 matches found

Positive Technologies
Positive Technologies
added 2026/05/28 12:0 a.m.20 views

PT-2026-44207

Name of the Vulnerable Software and Affected Versions Eupago Gateway For Woocommerce WordPress plugin versions prior to 4.7.2 Description The plugin fails to properly restrict access to its refund request handler. This allows unauthenticated attackers to initiate refunds for any WooCommerce order...

8.6CVSS5.8AI score0.00215EPSS
Exploits0References3
Wired Threat Level
Wired Threat Level
added 2026/05/14 10:0 a.m.12 views

Your iPhone Gets Stolen. Then the Hacking Begins

A bustling underground ecosystem is providing criminals with the tools to unlock iPhones—and wage phishing attacks against their contacts to access bank accounts and more...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/01/10 8:59 a.m.4 views

Europol Arrests 34 Black Axe Members in Spain Over €5.9M Fraud and Organized Crime

Europol on Friday announced the arrest of 34 individuals in Spain who are alleged to be part of an international criminal organization called Black Axe. As part of an operation conducted by the Spanish National Police, in coordination with the Bavarian State Criminal Police Office and Europol, 28...

6.7AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 11:51 a.m.7 views

CVE-2009-4046

Multiple SQL injection vulnerabilities in FrontAccounting FA 2.2.x before 2.2 RC allow remote attackers to execute arbitrary SQL commands via unspecified parameters to 1 bankaccounts.php, 2 currencies.php, 3 exchangerates.php, 4 glaccounttypes.php, and 5 glaccounts.php in gl/manage/; and 6...

7.5CVSS9AI score0.01051EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/12/20 10:11 a.m.11 views

CVE-2025-12361

The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.9.7.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This...

4.3CVSS5.5AI score0.00208EPSS
Exploits0References1
NVD
NVD
added 2025/12/19 10:15 a.m.16 views

CVE-2025-12361

The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.9.7.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This...

4.3CVSS0.00208EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/12/19 9:29 a.m.21 views

CVE-2025-12361 myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program <= 2.9.7.1 - Missing Authorization to Sensitive Information Exposure

The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.9.7.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This...

4.3CVSS0.00208EPSS
Exploits0References3
CVE
CVE
added 2025/12/19 9:29 a.m.16 views

CVE-2025-12361

The CVE-2025-12361 entry concerns the WordPress plugin myCred (Points Management System) with vulnerability in versions up to and including 2.9.7.1. The root cause is Missing Authorization: authenticated users with Subscriber-level access and above can access sensitive information via the get_ban...

4.3CVSS5.1AI score0.00208EPSS
Exploits0References3
EUVD
EUVD
added 2025/12/19 9:29 a.m.7 views

EUVD-2025-204523

The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.9.7.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This...

4.3CVSS5AI score0.00208EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2025/12/19 9:29 a.m.5 views

CVE-2025-12361 myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program <= 2.9.7.1 - Missing Authorization to Sensitive Information Exposure

The myCred – Points Management System For Gamification, Ranks, Badges, and Loyalty Program plugin for WordPress is vulnerable to Missing Authorization in versions up to, and including, 2.9.7.1. This is due to the plugin not properly verifying that a user is authorized to perform an action. This...

4.3CVSS5.1AI score0.00208EPSS
Exploits0References3
GitLab Advisory Database
GitLab Advisory Database
added 2025/10/20 12:0 a.m.10 views

Actual Sync-server Gocardless service is logging sensitive data including bearer tokens and account numbers

The GoCardless components in Actualbudget in are logging responses to STDOUT in a parsed format using console.logand console.debug Which in this version of node is an alias for console.log. This is exposing sensitive information in log files including, but not limited to: - Gocardless bearer...

6.6AI score
Exploits0References6Affected Software1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-19351

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00274EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/08/22 11:5 a.m.16 views

INTERPOL Arrests 1,209 Cybercriminals Across 18 African Nations in Global Crackdown

INTERPOL on Friday announced that authorities from 18 countries across Africa have arrested 1,209 cybercriminals who targeted 88,000 victims. "The crackdown recovered $97.4 million and dismantled 11,432 malicious infrastructures, underscoring the global reach of cybercrime and the urgent need for...

6.9AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 10:37 a.m.4 views

CVE-2024-21736

SAP S/4HANA Finance for Advanced Payment Management - versions SAPSCORE 128, S4CORE 107, does not perform necessary authorization checks. A function import could be triggered allowing the attacker to create in-house bank accounts leading to low impact on the confidentiality of the application...

6.5CVSS6.8AI score0.00274EPSS
Exploits0References1
Malwarebytes
Malwarebytes
added 2024/04/18 11:27 a.m.16 views

Cannabis investment scam JuicyFields ends in 9 arrests

Europol and its associates have arrested 9 people in conjunction with a cannabis investment scam known as "JuicyFields". The suspects used social media to lure investors to their website. There they found information about a “golden opportunity” to invest in the cultivation, harvesting and...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2024/04/16 7:33 a.m.25 views

Hive RAT Creators and $3.5M Cryptojacking Mastermind Arrested in Global Crackdown

Two individuals have been arrested in Australia and the U.S. in connection with an alleged scheme to develop and distribute a remote access trojan called Hive RAT previously Firebird. The U.S. Justice Department DoJ said the malware "gave the malware purchasers control over victim computers and...

7.5AI score
Exploits0
BDU FSTEC
BDU FSTEC
added 2024/02/09 12:0 a.m.5 views

The vulnerability of the SAP S/4HANA Finance financial management software, related to incorrect authorization, allows a perpetrator to create internal bank accounts.

The vulnerability of the SAP S/4HANA Finance financial management software is related to incorrect authorization processes. Exploiting this vulnerability allows a malicious actor to create internal bank accounts remotely...

6.4CVSS6.5AI score0.00274EPSS
Exploits0References3
Prion
Prion
added 2024/01/09 2:15 a.m.17 views

Authorization

SAP S/4HANA Finance for Advanced Payment Management - versions SAPSCORE 128, S4CORE 107, does not perform necessary authorization checks. A function import could be triggered allowing the attacker to create in-house bank accounts leading to low impact on the confidentiality of the application...

6.4CVSS7.1AI score0.00274EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2024/01/09 1:15 a.m.2 views

CVE-2024-21736 Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management)

SAP S/4HANA Finance for Advanced Payment Management - versions SAPSCORE 128, S4CORE 107, does not perform necessary authorization checks. A function import could be triggered allowing the attacker to create in-house bank accounts leading to low impact on the confidentiality of the application...

6.4CVSS6.5AI score0.00274EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/01/09 1:15 a.m.27 views

CVE-2024-21736 Missing Authorization check in SAP S/4HANA Finance (Advanced Payment Management)

SAP S/4HANA Finance for Advanced Payment Management - versions SAPSCORE 128, S4CORE 107, does not perform necessary authorization checks. A function import could be triggered allowing the attacker to create in-house bank accounts leading to low impact on the confidentiality of the application...

6.4CVSS6.6AI score0.00274EPSS
Exploits0References2
Rows per page
Query Builder