Lucene search
K

38 matches found

The Hacker News
The Hacker News
added 2026/06/01 11:30 a.m.25 views

The Security Growth Platform: Why MSPs Are Moving Beyond vCISO Tools

Three years ago, the practical question for an MSP building a cybersecurity practice was which "vCISO platform" to buy. The term was good shorthand for the work at the time: assessments, advisory, reporting, maybe a compliance module bolted on the side. The work has since outgrown the descriptor....

5.8AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2024-32166

Malicious code in bioql PyPI...

6.4CVSS6.5AI score0.00377EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 9:26 a.m.8 views

CVE-2024-3587

The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Portfolios Widget in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

6.4CVSS5.8AI score0.00377EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 8:21 a.m.3 views

CVE-2024-1384

The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auxrecentportfoliosgrid' shortcode in all versions up to, and including, 2.3.4 due to insufficient input sanitization and output escaping on user supplied attributes...

6.4CVSS6.1AI score0.00358EPSS
Exploits0References1
OSV
OSV
added 2024/08/29 1:15 p.m.3 views

CVE-2024-1384

The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'auxrecentportfoliosgrid' shortcode in all versions up to, and including, 2.3.3 due to insufficient input sanitization and output escaping on user supplied attributes...

5.4CVSS5.9AI score0.00358EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/08/29 12:0 a.m.6 views

PT-2024-17996 · WordPress · Premium Portfolio Features For Phlox

Name of the Vulnerable Software and Affected Versions: Premium Portfolio Features for Phlox theme plugin for WordPress versions up to, and including, 2.3.3 Description: The issue is related to Stored Cross-Site Scripting via the plugin's 'aux recent portfolios grid' shortcode due to insufficient...

6.4CVSS5.9AI score0.00358EPSS
Exploits0References9
OSV
OSV
added 2024/07/16 9:15 a.m.5 views

CVE-2024-3587

The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Grid Portfolios Widget in all versions up to, and including, 2.3.2 due to insufficient input sanitization and output escaping on user supplied attributes. This makes i...

5.4CVSS6AI score0.00377EPSS
Exploits0References3
CVE
CVE
added 2024/07/16 8:32 a.m.53 views

CVE-2024-3587

CVE-2024-3587 affects Premium Portfolio Features for Phlox theme (WordPress). The vulnerability is a Stored XSS in the Grid Portfolios Widget present in all versions up to and including 2.3.2, caused by insufficient input sanitization and output escaping on user-supplied attributes. Exploitation ...

6.4CVSS5.5AI score0.00377EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2024/07/16 2:19 a.m.4 views

WordPress Premium Portfolio Features for Phlox theme plugin <= 2.3.2 - Authenticated (Contributor+) Stored Cross-Site Scripting via ' Grid Portfolios' vulnerability

Authenticated Contributor+ Stored Cross-Site Scripting via ' Grid Portfolios' vulnerability discovered by wesley wcraft in WordPress Plugin Phlox Portfolio versions = 2.3.2...

6.4CVSS5.8AI score0.00377EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2024/07/16 12:0 a.m.7 views

PT-2024-26765 · WordPress · Premium Portfolio Features For Phlox

Name of the Vulnerable Software and Affected Versions: Premium Portfolio Features for Phlox theme plugin for WordPress versions up to, and including, 2.3.2 Description: The issue is related to Stored Cross-Site Scripting via the plugin's Grid Portfolios Widget due to insufficient input sanitizati...

6.4CVSS5.9AI score0.00377EPSS
Exploits0References8
Imperva Blog
Imperva Blog
added 2022/09/07 12:53 p.m.16 views

Why the Search for Best-Of-Breed Tooling is Causing Issues for Security Teams

The growing need to consolidate vendor portfolios The adoption of best-of-breed security solutions has led to unforeseen problems for SOCs. Onboarding a new solution increases complexity; it requires configuration, integration with existing tools, fine-tuning policies, and the ability to create...

7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2022/05/14 3:16 a.m.24 views

Moodle Portfolio forum caller class allows a user to download any file

An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL...

6.5CVSS6.5AI score0.01201EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2022/05/14 3:16 a.m.20 views

GHSA-VXMV-74RF-VQGP Moodle Portfolio forum caller class allows a user to download any file

An issue was discovered in Moodle 3.x. Students who posted on forums and exported the posts to portfolios can download any stored Moodle file by changing the download URL...

6.5CVSS6.5AI score0.01201EPSS
Exploits0References4
OSV
OSV
added 2022/05/13 1:49 a.m.16 views

GHSA-XJX9-7C29-PWMM Moodle Improper Privilege Management

An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL...

6.5CVSS6.5AI score0.01026EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2022/05/13 1:49 a.m.21 views

Moodle Improper Privilege Management

An issue was discovered in Moodle 3.x. Students who submitted assignments and exported them to portfolios can download any stored Moodle file by changing the download URL...

6.5CVSS6.5AI score0.01026EPSS
Exploits0References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2022/02/10 4:15 p.m.2 views

CVE-2022-24111

In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known...

5.3CVSS5.3AI score0.00824EPSS
Exploits0References3
OSV
OSV
added 2022/02/10 4:15 p.m.21 views

CVE-2022-24111

In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known...

5.3CVSS6.7AI score
Exploits0References2
Cvelist
Cvelist
added 2022/02/10 4:1 p.m.25 views

CVE-2022-24111

In Mahara 21.04 before 21.04.3 and 21.10 before 21.10.1, portfolios created in groups that have not been shared with non-group members and portfolios created on the site and institution levels can be viewed without requiring a login if the URL to these portfolios is known...

5.5AI score0.00824EPSS
Exploits0References2
CVE
CVE
added 2022/02/10 4:1 p.m.92 views

CVE-2022-24111

Summary: CVE-2022-24111 affects Mahara 21.04 prior to 21.04.3 and 21.10 prior to 21.10.1. The vulnerability allows portfolios (including group-based portfolios and site/institution-level portfolios) to be viewed without authentication if the URL is known, constituting an information-disclosure is...

5.3CVSS5.2AI score0.00824EPSS
Exploits0References2Affected Software1
BDU FSTEC
BDU FSTEC
added 2021/09/15 12:0 a.m.4 views

The vulnerability of the `get_portfolios()` and `get_portfolio_attributes()` functions in the Portfolio Responsive Gallery plugin of the WordPress content management system allows a hacker to execute arbitrary SQL code.

The vulnerability of the getportfolios and getportfolioattributes functions in the Portfolio Responsive Gallery plugin of the WordPress content management system is related to the lack of protective measures for the SQL query structure. Exploiting this vulnerability could allow a remote attacker ...

9.8CVSS8.1AI score0.01373EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder