CVE-2022-3735

A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability...

seccome Ehoney 安全漏洞

seccome Ehoney is a secure, fast, highly interactive, enterprise-class honeypot management system open-sourced by China's seccome. A security vulnerability exists in seccome Ehoney, which stems from incorrect access control of some unknown handlers in its file /api/public/signup causing an attack...

CVE-2022-3735 seccome Ehoney signup access control

A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability...

CVE-2022-3735 seccome Ehoney signup access control

A vulnerability was found in seccome Ehoney. It has been rated as critical. This issue affects some unknown processing of the file /api/public/signup. The manipulation leads to improper access controls. The identifier VDB-212417 was assigned to this vulnerability...

PT-2022-23942 · Unknown · Seccome Ehoney

Name of the Vulnerable Software and Affected Versions: seccome Ehoney affected versions not specified Description: A critical issue affects the processing of the file "/api/public/signup", leading to improper access controls. Recommendations: At the moment, there is no information about a newer...

CVE-2022-3735

Incident summary (CVE-2022-3735): A vulnerability in seccome Ehoney affects the file /api/public/signup, where improper access controls could enable privilege escalation. Multiple connected sources confirm the issue as critical with unknown product versions and incomplete details on affected rele...

PT-2022-5667 · Atlassian · Bitbucket Server +1

Name of the Vulnerable Software and Affected Versions: Atlassian Bitbucket Server and Data Center affected versions not specified Description: The issue is related to a command injection vulnerability using environment variables in Bitbucket Server and Data Center. An attacker with permission to...

CVE-2022-1718

The trudesk application allows large characters to insert in the input field "Full Name" on the signup field which can allow attackers to cause a Denial of Service DoS via a crafted HTTP request in GitHub repository polonel/trudesk prior to 1.2.2. This can lead to Denial of service...

CVE-2022-33201

Cross-Site Request Forgery CSRF vulnerability in MailerLite – Signup forms official plugin = 1.5.7 at WordPress allows an attacker to change the API key...

CVE-2022-33201

Cross-Site Request Forgery CSRF vulnerability in MailerLite – Signup forms official plugin = 1.5.7 at WordPress allows an attacker to change the API key...

CVE-2022-33201 WordPress MailerLite – Signup forms (official) plugin <= 1.5.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in MailerLite – Signup forms official plugin = 1.5.7 at WordPress allows an attacker to change the API key...

CVE-2022-33201 WordPress MailerLite – Signup forms (official) plugin <= 1.5.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability in MailerLite – Signup forms official plugin = 1.5.7 at WordPress allows an attacker to change the API key...

CVE-2022-33201

CVE-2022-33201 affects the WordPress MailerLite – Signup forms (official) plugin, version 1.5.7 and earlier. The root cause is a missing CSRF check when updating the API key, enabling an attacker to change the API key via CSRF as described in multiple sources. The vulnerability is reported to imp...

WordPress plugin MailerLite – Signup forms (official) 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A cross-site request forger...

MailerLite - Signup forms (official) < 1.5.7 - API Key Update via CSRF

The plugin does not have CSRF check in place when updating its API key, which could allow attackers to make a logged in admin change it via a CSRF attack...

WordPress MailerLite – Signup forms (official) plugin <= 1.5.7 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability leading to API key change discovered by Muhammad Daffa Patchstack Alliance in WordPress MailerLite – Signup forms official plugin versions = 1.5.7. Solution Update the WordPress MailerLite – Signup forms plugin to the latest available version at least...

CVE-2022-34140

A stored cross-site scripting XSS vulnerability in /index.php?r=site%2Fsignup of Feehi CMS v2.1.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the username field...

Malicious code in signup-ui-core (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 5efd0acaccf47da92b3f4cb09e80de3b56ec88952a48030330e28d308b983e36 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

The vulnerability of the “additional signup fields” function in the Auth0 authentication tool allows a hacker to disclose protected information.

The vulnerability of the “additional signup fields” function in the Auth0 authentication tool is related to the lack of measures for cleaning incoming data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose protected information...

CVE-2022-23067

ToolJet versions v0.5.0 to v1.2.2 are vulnerable to token leakage via Referer header that leads to account takeover . If the user opens the invite link/signup link and then clicks on any external links within the page, it leaks the password set token/signup token in the referer header. Using thes...