Lucene search
K

639 matches found

Fedora
Fedora
added 2026/07/02 1:12 a.m.9 views

[SECURITY] Fedora 43 Update: rclone-1.74.3-1.fc43

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.1CVSS6.3AI score0.00533EPSS
Exploits1
Fedora
Fedora
added 2026/07/02 1:11 a.m.9 views

[SECURITY] Fedora 44 Update: rclone-1.74.3-1.fc44

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.1CVSS6.3AI score0.00533EPSS
Exploits1
OPENSUSE Linux
OPENSUSE Linux
added 2026/06/25 12:0 a.m.7 views

Security update for perl-Net-Dropbox-API (moderate)

openSUSE Security Update: Security update for perl-Net-Dropbox-API Announcement ID: openSUSE-SU-2026:0217-1 Rating: moderate References: 1240884 Cross-References: CVE-2024-58036 Affected Products: openSUSE Backports SLE-15-SP7 An update that fixes one vulnerability is now available. Description:...

5.5CVSS6.1AI score0.00264EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2026/05/13 2:44 p.m.12 views

When IT Support Calls: Dissecting a ModeloRAT Campaign from Teams to Domain Compromise

Overview Attackers do not need to break into the front door when they can convince employees to open it for them through the tools they already trust. In April 2026, Rapid7 investigated an enterprise intrusion that began with a Microsoft Teams message from a fake “IT Support” account and quickly...

6.3AI score
Exploits0
Fedora
Fedora
added 2026/05/11 1:2 a.m.13 views

[SECURITY] Fedora 43 Update: rclone-1.74.0-2.fc43

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.8CVSS5.8AI score0.34734EPSS
Exploits3
Fedora
Fedora
added 2026/05/10 2:55 a.m.10 views

[SECURITY] Fedora 44 Update: rclone-1.74.0-2.fc44

"rsync for cloud storage" - Google Drive, S3, Dropbox, Backblaze B2, One Driv e, Swift, Hubic, Wasabi, Google Cloud Storage, Azure Blob, Azure Files, Yandex Files...

9.8CVSS5.8AI score0.34734EPSS
Exploits3
OSV
OSV
added 2026/04/14 1:7 a.m.7 views

GHSA-9PM8-VWC5-W2HM Fat Free CRM has BOLA in DELETE /emails/:id - Any authenticated user can hit this endpoint and delete emails by ID

Impact Authenticated users can delete emails imported into the system assigned to another user; where the Email Dropbox is in use. Patches Fixed in v0.26.0 Workarounds Disable use of email dropbox...

2.1CVSS5.8AI score
Exploits0References2
Snyk
Snyk
added 2026/04/14 1:7 a.m.5 views

Authorization Bypass Through User-Controlled Key

Overview fatfreecrm is a customer relationship management platform. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key through the destroy action in app/controllers/emailscontroller.rb. An attacker can delete another user’s email record by sending...

4.2CVSS5.8AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/04/14 1:7 a.m.10 views

Fat Free CRM has BOLA in DELETE /emails/:id - Any authenticated user can hit this endpoint and delete emails by ID

Impact Authenticated users can delete emails imported into the system assigned to another user; where the Email Dropbox is in use. Patches Fixed in v0.26.0 Workarounds Disable use of email dropbox...

5.8AI score
Exploits0References2Affected Software1
The Hacker News
The Hacker News
added 2026/03/24 4:35 p.m.8 views

Hackers Use Fake Resumes to Steal Enterprise Credentials and Deploy Crypto Miner

An ongoing phishing campaign is targeting French-speaking corporate environments with fake resumes that lead to the deployment of cryptocurrency miners and information stealers. "The campaign uses highly obfuscated VBScript files disguised as resume/CV documents, delivered through phishing emails...

6AI score
Exploits0
OSV
OSV
added 2026/03/23 12:30 p.m.23 views

GHSA-4G2H-VM7X-747C esaml XXE vulnerability allows local file disclosure and SSRF via crafted SAML messages

XML External Entity XXE vulnerability in esaml and its forks allows an attacker to cause the system to read local files and incorporate their contents into processed SAML documents, and potentially perform SSRF via crafted SAML messages. esaml parses attacker-controlled SAML messages using...

6.3CVSS5.8AI score0.00281EPSS
Exploits0References5
Patchstack
Patchstack
added 2026/02/16 7:50 a.m.6 views

WordPress Product Options and Price Calculation Formulas for WooCommerce - Uni CPO (Premium) plugin <= 4.9.60 - Missing Authorization to Unauthenticated Arbitrary Attachment and Dropbox File Deletion vulnerability

WordPress Product Options and Price Calculation Formulas for WooCommerce - Uni CPO Premium plugin = 4.9.60 - Missing Authorization to Unauthenticated Arbitrary Attachment and Dropbox File Deletion vulnerability discovered by Stefan in WordPress Plugin Uni CPO Premium versions = 4.9.60...

5.8CVSS5.5AI score0.00189EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/02/12 7:28 p.m.7 views

CVE-2025-13391

The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO Premium plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'unicporemovefile' function in all versions up to, and including, 4.9.60. This makes it possible for...

5.8CVSS5.7AI score0.00189EPSS
Exploits0References1
NVD
NVD
added 2026/02/11 5:16 p.m.5 views

CVE-2025-13391

The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO Premium plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'unicporemovefile' function in all versions up to, and including, 4.9.60. This makes it possible for...

5.8CVSS0.00189EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/02/11 4:25 p.m.4 views

CVE-2025-13391

The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO Premium plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'unicporemovefile' function in all versions up to, and including, 4.9.60. This makes it possible for...

5.8CVSS5.7AI score0.00189EPSS
Exploits0References3
Cvelist
Cvelist
added 2026/02/11 4:25 p.m.22 views

CVE-2025-13391 Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) <= 4.9.60 - Missing Authorization to Unauthenticated Arbitrary Attachment and Dropbox File Deletion

The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO Premium plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'unicporemovefile' function in all versions up to, and including, 4.9.60. This makes it possible for...

5.8CVSS0.00189EPSS
Exploits0References2
CVE
CVE
added 2026/02/11 4:25 p.m.20 views

CVE-2025-13391

The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for WordPress is vulnerable due to a missing capability check on uni_cpo_remove_file, allowing unauthenticated attackers to delete arbitrary attachments or files stored in Dropbox when the path is known....

5.8CVSS5.7AI score0.00189EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/02/11 4:25 p.m.6 views

CVE-2025-13391 Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) <= 4.9.60 - Missing Authorization to Unauthenticated Arbitrary Attachment and Dropbox File Deletion

The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO Premium plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'unicporemovefile' function in all versions up to, and including, 4.9.60. This makes it possible for...

5.8CVSS5.7AI score0.00189EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/02/11 12:0 a.m.6 views

PT-2026-7619

The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO Premium plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'uni cpo remove file' function in all versions up to, and including, 4.9.60. This makes it possible for...

5.8CVSS5.7AI score0.00189EPSS
Exploits0References3
HackRead
HackRead
added 2026/02/02 7:30 p.m.8 views

Phishing Scam Uses Clean Emails and PDFs to Steal Dropbox Logins

A multi-stage phishing campaign is targeting business users by exploiting Vercel cloud storage, PDF attachments, and Telegram bots to steal Dropbox credentials...

5.4AI score
Exploits0
Rows per page
Query Builder