Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

69 matches found

Positive Technologies
Positive Technologiesadded 2024/12/04 12:0 a.m.2 views

PT-2024-35140 · Docusign · Docusign

Name of the Vulnerable Software and Affected Versions: DocuSign versions through 2024-12-04 Description: The issue concerns a User Interface UI Misrepresentation of Critical Information vulnerability that allows Content Spoofing. Specifically, the SaaS AI assistant ignores hidden content that is...

8.2CVSS6.9AI score0.00275EPSS
Exploits0References6
HackRead
HackReadadded 2024/11/18 5:51 p.m.9 views

US Government Agencies Impersonated in Aggressive DocuSign Phishing Scams

DocuSign phishing scams surged by 98%, with hundreds of daily attacks impersonating US government agencies like HHS and…...

7.3AI score
Exploits0
HackRead
HackReadadded 2024/11/04 1:49 p.m.6 views

Scammers Use DocuSign API to Evade Spam Filters with Phishing Invoices

Scammers are exploiting DocuSign's APIs to send realistic fake invoices, primarily targeting security software like Norton. This phishing…...

7.3AI score
Exploits0
Wallarm Lab
Wallarm Labadded 2024/11/04 1:45 p.m.12 views

Attackers Abuse DocuSign API to Send Authentic-Looking Invoices At Scale

In a concerning trend, cybercriminals are leveraging DocuSign's APIs to send fake invoices that appear strikingly authentic. Unlike traditional phishing scams that rely on deceptively crafted emails and malicious links, these incidents use genuine DocuSign accounts and templates to impersonate...

7.4AI score
Exploits0
NVD
NVDadded 2024/08/21 4:15 p.m.15 views

CVE-2024-39344

An issue was discovered in the Docusign API package 8.142.14 for Salesforce. The ApttusDocuApiDocusignAuthenticationmdt object is installed via the marketplace from this package and stores some configuration information in a manner that could be compromised. With the default settings when install...

8.1CVSS0.005EPSS
Exploits0References2
CNNVD
CNNVDadded 2024/08/21 12:0 a.m.4 views

Docusign API 安全漏洞

The Docusign API is a secure and extensible API from Docusign. A security vulnerability exists in Docusign API version 8.142.14. An attacker has exploited this vulnerability to cause the Docusign account to be completely compromised...

8.1CVSS6.7AI score0.005EPSS
Exploits0References3
Cvelist
Cvelistadded 2024/08/21 12:0 a.m.18 views

CVE-2024-39344

An issue was discovered in the Docusign API package 8.142.14 for Salesforce. The ApttusDocuApiDocusignAuthenticationmdt object is installed via the marketplace from this package and stores some configuration information in a manner that could be compromised. With the default settings when install...

0.005EPSS
Exploits0References2
CVE
CVEadded 2024/08/21 12:0 a.m.81 views

CVE-2024-39344

The CVE-2024-39344 issue affects the Docusign API package version 8.142.14 for Salesforce. The Apttus_DocuApi__DocusignAuthentication__mdt object installed from the package stores configuration information and, under default settings, can be accessed to disclose keys. Those disclosed components c...

8.1CVSS6.6AI score0.005EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2024/08/21 12:0 a.m.14 views

CVE-2024-39344

An issue was discovered in the Docusign API package 8.142.14 for Salesforce. The ApttusDocuApiDocusignAuthenticationmdt object is installed via the marketplace from this package and stores some configuration information in a manner that could be compromised. With the default settings when install...

6.5AI score0.005EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2024/08/21 12:0 a.m.3 views

PT-2024-28462 · Docusign · Docusign Api

Name of the Vulnerable Software and Affected Versions: Docusign API package version 8.142.14 for Salesforce Description: An issue was discovered in the Docusign API package for Salesforce, where the Apttus DocuApi DocusignAuthentication mdt object stores configuration information in a manner that...

8.1CVSS6.7AI score0.005EPSS
Exploits0References6
IBM Security Bulletins
IBM Security Bulletinsadded 2024/05/22 4:16 a.m.20 views

Security Bulletin: IBM App Connect Enterprise is vulnerable to an authenticated user accessing sensitive information (CVE-2024-31893, CVE-2024-31894 & CVE-2024-31895)

Summary IBM App Connect Enterprise Discovery Connector nodes for Calendly, Docusign and Square are vulnerable to an authenticated user accessing sensitive information. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details CVEID:CVE-2024-31893 DESCRIPTION:...

6.5CVSS3.9AI score0.00275EPSS
Exploits0Affected Software1
0day.today
0day.todayadded 2023/08/24 12:0 a.m.526 views

SugarCRM 12.2.0 PHP Object Injection Vulnerability

------------------------------------------------------------------------------- SugarCRM = 12.2.0 DocusignGlobalSettings PHP Object Injection Vulnerability ------------------------------------------------------------------------------- - Software Link: https://www.sugarcrm.com - Affected Versions...

7.2CVSS7.1AI score0.00981EPSS
Exploits2
OSV
OSVadded 2023/06/17 10:15 p.m.3 views

CVE-2023-35810

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing...

7.2CVSS7AI score
Exploits0References3
ATTACKERKB
ATTACKERKBadded 2023/06/17 10:15 p.m.3 views

CVE-2023-35810

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing...

7.2CVSS5.7AI score0.00981EPSS
Exploits2References4
NVD
NVDadded 2023/06/17 10:15 p.m.11 views

CVE-2023-35810

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing...

7.2CVSS7.2AI score0.00981EPSS
Exploits2References3
Prion
Prionadded 2023/06/17 10:15 p.m.13 views

Input validation

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing...

5.8CVSS7.2AI score0.00981EPSS
Exploits2References3Affected Software1
CNNVD
CNNVDadded 2023/06/17 12:0 a.m.3 views

SugarCRM Enterprise 注入漏洞

SugarCRM Enterprise is an enterprise version of an open source Customer Relationship Management CRM system from SugarCRM USA. The system supports differentiated marketing for different customer needs, managing and distributing sales leads, and enabling information sharing and tracking of sales...

7.2CVSS7.1AI score0.00981EPSS
Exploits2References4
CVE
CVEadded 2023/06/17 12:0 a.m.40 views

CVE-2023-35810

CVE-2023-35810 concerns SugarCRM Enterprise (before 11.0.6) and SugarCRM 12.x (before 12.0.3) with a Second-Order PHP Object Injection vulnerability in the DocuSign module. Exploitation requires admin privileges and can be triggered by crafting requests that bypass input validation, allowing inje...

7.2CVSS7.2AI score0.00981EPSS
Exploits2References3Affected Software1
Vulnrichment
Vulnrichmentadded 2023/06/17 12:0 a.m.10 views

CVE-2023-35810

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing...

7.3AI score0.00981EPSS
Exploits2References3
Cvelist
Cvelistadded 2023/06/17 12:0 a.m.17 views

CVE-2023-35810

An issue was discovered in SugarCRM Enterprise before 11.0.6 and 12.x before 12.0.3. A Second-Order PHP Object Injection vulnerability has been identified in the DocuSign module. By using crafted requests, custom PHP code can be injected and executed through the DocuSign module because of missing...

7.4AI score0.00981EPSS
Exploits2References3
Rows per page
Query Builder