Lucene search
K

283 matches found

Citrix
Citrix
added 2023/08/31 12:0 a.m.8 views

On-Prem ADM automatic backups failure for ADC instance

ADM auto backup ADC instance operation failed. End user may haveEmail alert if email notification enabled in ADM...

7.1AI score
Exploits0
RedHat Linux
RedHat Linux
added 2023/03/01 9:58 p.m.129 views

Important: Red Hat Security Advisory: Red Hat Single Sign-On 7.6.2 security update

A security update is now available for Red Hat Single Sign-On 7.6 from the Customer Portal. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

9.8CVSS7.6AI score0.99615EPSS
Exploits41References33
HackRead
HackRead
added 2023/01/24 6:50 p.m.20 views

Sophisticated SMS Phishing scam Dupes Zendesk Staff

By Habiba Rashid Although the company did not put out an official notice or announcement on its website, impacted customers were emailed with details regarding the security incident. This is a post from HackRead.com Read the original post: Sophisticated SMS Phishing scam Dupes Zendesk Staff...

2.7AI score
Exploits0
Prion
Prion
added 2023/01/13 7:15 p.m.16 views

Improper access control

Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that...

3.5CVSS3.8AI score0.00555EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2023/01/13 6:3 p.m.6 views

CVE-2023-22489 Flarum is missing authorization in discussion replies

Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that...

3.5CVSS4.1AI score0.00555EPSS
Exploits0References3
Cvelist
Cvelist
added 2023/01/13 6:3 p.m.41 views

CVE-2023-22489 Flarum is missing authorization in discussion replies

Flarum is a discussion platform for websites. If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that...

3.5CVSS4.1AI score0.00555EPSS
Exploits0References3
CVE
CVE
added 2023/01/13 6:3 p.m.98 views

CVE-2023-22489

CVE-2023-22489 affects Flarum, a discussion platform. When the first post of a discussion is permanently deleted but the discussion remains visible, any user who can view the discussion can create a new reply via the REST API, regardless of reply permissions or lock status. This affects users inc...

3.5CVSS3.7AI score0.00555EPSS
Exploits0References3Affected Software1
Github Security Blog
Github Security Blog
added 2023/01/10 10:28 p.m.45 views

Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted

If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that don't have a validated email. Guests cannot...

3.5CVSS4.3AI score0.00555EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2023/01/10 10:28 p.m.45 views

GHSA-HPH3-HV3C-7725 Any Flarum user including unactivated can reply in public discussions whose first post was permanently deleted

If the first post of a discussion is permanently deleted but the discussion stays visible, any actor who can view the discussion is able to create a new reply via the REST API, no matter the reply permission or lock status. This includes users that don't have a validated email. Guests cannot...

3.5CVSS3.6AI score0.00555EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2023/01/10 12:0 a.m.5 views

PT-2023-18539 · Flarum · Flarum

Name of the Vulnerable Software and Affected Versions: Flarum versions prior to 1.6.3 Description: The issue allows an actor to read restricted or private content and bypass access checks by using the notifications feature. The notification-sending component does not verify if the subject of the...

6.8CVSS5.7AI score0.00397EPSS
Exploits0References10
NVD
NVD
added 2022/11/23 9:15 p.m.45 views

CVE-2022-41933

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the reset a forgotten password feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only...

6.5CVSS0.0045EPSS
Exploits0References5
Prion
Prion
added 2022/11/23 9:15 p.m.18 views

Default credentials

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the reset a forgotten password feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only...

4.3CVSS6.6AI score0.0045EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2022/11/23 12:0 a.m.52 views

CVE-2022-41933 Plaintext storage of password in org.xwiki.platform:xwiki-platform-security-authentication-default

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the reset a forgotten password feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only...

6.2CVSS7.2AI score0.0045EPSS
Exploits0References5
CVE
CVE
added 2022/11/23 12:0 a.m.75 views

CVE-2022-41933

CVE-2022-41933 describes plaintext storage of user passwords via XWiki’s “Reset forgotten password” path. Affected: XWiki Platform (noted for 13.1RC1 and newer; only the reset-password flow stores passwords in clear text, not general password change). Impact: potential exposure of passwords in th...

6.5CVSS6.9AI score0.0045EPSS
Exploits0References5Affected Software1
OSV
OSV
added 2022/11/23 12:0 a.m.38 views

CVE-2022-41933 Plaintext storage of password in org.xwiki.platform:xwiki-platform-security-authentication-default

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. When the reset a forgotten password feature of XWiki was used, the password was then stored in plain text in database. This only concerns XWiki 13.1RC1 and newer versions. Note that it only...

6.2CVSS6.6AI score0.0045EPSS
Exploits0References7
OSV
OSV
added 2022/11/21 11:53 p.m.16 views

GHSA-7X4W-J98P-854X Cross site scripting vulnerability with discussion titles

Flarum's page title system allowed for page titles to be converted into HTML DOM nodes when pages were rendered. The change was made after v1.5 and was not noticed. This allowed an attacker to inject malicious HTML markup using a discussion title input, either by creating a new discussion or...

9CVSS7.1AI score0.0068EPSS
Exploits0References5
BDU FSTEC
BDU FSTEC
added 2022/06/23 12:0 a.m.5 views

The vulnerability of the e-mail notification component of the PeopleSoft Enterprise HCM Candidate Gateway software allows a malicious individual to gain access to read, modify, add, or delete data.

The vulnerability of the email notification component of the PeopleSoft Enterprise HCM Candidate Gateway software lies in insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to gain access to read, modify, add, or delete data through HTTP requests...

6.5CVSS6.9AI score0.00925EPSS
Exploits0References3Affected Software1
OpenVAS
OpenVAS
added 2022/06/09 12:0 a.m.16 views

WordPress Database Backup for WordPress Plugin < 2.5.2 CSRF Vulnerability

The WordPress plugin Copyright C 2022 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can redistribute it and/or modify it...

5.8CVSS5.6AI score0.00402EPSS
Exploits2References1
ThreatPost
ThreatPost
added 2022/04/06 12:37 p.m.441 views

Attackers Spoof WhatsApp Voice-Message Alerts to Steal Info

Attackers are spoofing voice message notifications from WhatsApp in a malicious phishing campaign that uses a legitimate domain to spread an info-stealing malware, researchers have found. Researchers at cloud email security firm Armorblox discovered the malicious campaign targeting Office 365 and...

8.6AI score
Exploits0References5
Patchstack
Patchstack
added 2022/02/28 12:0 a.m.11 views

WordPress AutoMail – Event-driven Email Automation. Easy email Notification and Auto-reply plugin <= 1.0.0 - Sensitive Information Disclosure vulnerability

Sensitive Information Disclosure vulnerability discovered in WordPress AutoMail – Event-driven Email Automation. Easy email Notification and Auto-reply plugin versions = 1.0.0. Solution Update the WordPress AutoMail – Event-driven Email Automation. Easy email Notification and Auto-reply plugin to...

3AI score
Exploits0References2Affected Software1
Rows per page
Query Builder