Lucene search
K

1628 matches found

Positive Technologies
Positive Technologies
added 2026/06/12 12:0 a.m.13 views

PT-2026-48862

Quest Bot is an opensource Discord Bot. Prior to version 1.1.8, any user who can access the ticket panel can repeatedly create new ticket channels. The latest release still creates a new database ticket and Discord channel for every completed ticket modal submission, without checking whether the...

5.3CVSS5.2AI score0.00235EPSS
Exploits0References3
NVD
NVD
added 2026/06/11 7:16 p.m.10 views

CVE-2026-47177

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.4, a user who can configure bot settings can set the ticket transcript channel to a channel they can read. When tickets are closed, the bot exports the full ticket history and sends it ...

5.7CVSS0.00251EPSS
Exploits0References2
CVE
CVE
added 2026/06/11 7:5 a.m.31 views

CVE-2024-32110

CVE-2024-32110 is a CSRF vulnerability in the WordPress plugin Event Manager and Tickets Selling Plugin for WooCommerce (WpEvently) for versions up to 4.1.2. The connected Wordfence listing confirms the issue exists and notes a patch status of Patched, indicating a fix has been applied by the ven...

4.3CVSS5.4AI score0.001EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 7:5 a.m.32 views

CVE-2024-32110 WordPress Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 4.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site request forgery CSRF vulnerability in Magepeople inc. WpEvently allows Cross Site Request Forgery. This issue affects WpEvently: from n/a through 4.1.2...

4.3CVSS0.001EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/11 7:5 a.m.9 views

CVE-2024-32110 WordPress Event Manager and Tickets Selling Plugin for WooCommerce plugin <= 4.1.2 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site request forgery CSRF vulnerability in Magepeople inc. WpEvently allows Cross Site Request Forgery. This issue affects WpEvently: from n/a through 4.1.2...

4.3CVSS5.4AI score0.001EPSS
Exploits0References1
NVD
NVD
added 2026/06/10 12:16 a.m.14 views

CVE-2026-46491

SimpleSAMLphp-casserver is a CAS 1.0 and 2.0 compliant CAS server in the form of a SimpleSAMLphp module. Prior to version 7.0.3, simplesamlphp-module-casserver builds file paths for the file-based CAS ticket store by directly concatenating the configured ticket directory with an attacker-controll...

8.6CVSS0.00422EPSS
Exploits0References3
EUVD
EUVD
added 2026/06/06 12:31 a.m.11 views

EUVD-2026-34931

The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capturepayment AJAX handler registered via wpajaxnoprivemcapturepayment trusting...

5.3CVSS5.6AI score0.00165EPSS
Exploits0References6
CVE
CVE
added 2026/06/05 11:28 p.m.36 views

CVE-2026-8608

The CVE affects the WordPress plugin “Event Monster” (Event Monster – Event Management, Events Calendar, Tickets) up to version 2.1.0. The root cause is Insufficient Verification of Data Authenticity in the capture_payment() AJAX handler (wp_ajax_nopriv_em_capture_payment), which trusts client-su...

5.3CVSS5.6AI score0.00165EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/06/05 11:28 p.m.38 views

CVE-2026-8608 Event Monster <= 2.1.0 - Unauthenticated Insufficient Verification of Data Authenticity to Payment Bypass via em_capture_payment AJAX Action

The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capturepayment AJAX handler registered via wpajaxnoprivemcapturepayment trusting...

5.3CVSS0.00165EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/06/05 11:28 p.m.9 views

CVE-2026-8608

The Event Monster – Event Management, Events Calendar, Tickets plugin for WordPress is vulnerable to Insufficient Verification of Data Authenticity in versions up to, and including, 2.1.0. This is due to the capturepayment AJAX handler registered via wpajaxnoprivemcapturepayment trusting...

5.3CVSS5.6AI score0.00165EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2026/06/05 7:27 p.m.11 views

CVE-2026-40229

Helpy contains a stored cross-site scripting vulnerability in the post author display logic. Any registered user can persist arbitrary HTML in their account name field and cause it to be rendered unescaped in public forum threads where they participate, in the admin ticket view, and in HTML...

5.4CVSS5.3AI score0.00177EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:26 p.m.13 views

CVE-2026-48210

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend This issue...

5.7CVSS5.5AI score0.00248EPSS
Exploits0References1
HackRead
HackRead
added 2026/06/05 5:16 p.m.16 views

Atlas Menu Data Breach Exposes 64,000 GTA V and CS2 Cheat Service Users

Atlas Menu Data Breach exposes 64,000 GTA V and CS2 cheat service users, leaking emails, IPs, support tickets and hashed passwords...

5.4AI score
Exploits0
The Hacker News
The Hacker News
added 2026/06/05 7:1 a.m.17 views

FIFA World Cup 2026 Scams Are Already Live: Fake Sites, Banking Malware, and Stolen Logins

Security researchers and the FBI are warning that a wave of FIFA-themed fraud is already hitting World Cup 2026 fans, days before the June 11 kickoff. Recent reports describe thousands of lookalike FIFA domains, banking malware hidden inside pirate streaming apps, and at least one operation that...

5.5AI score
Exploits0
EUVD
EUVD
added 2026/06/01 12:30 a.m.25 views

EUVD-2026-33518

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend This issue...

5.7CVSS5.8AI score0.00248EPSS
Exploits0References2
NVD
NVD
added 2026/05/31 10:16 p.m.16 views

CVE-2026-48210

An improper default configuration in OTRS 2026.3.1 causes ticket article forwarding actions to enforce the “Is visible for customer” flag by default and prevent users from disabling it via the UI. This leads to unintended exposure of internal ticket information to the External Frontend This issue...

5.7CVSS0.00248EPSS
Exploits0References1
CVE
CVE
added 2026/05/31 9:11 p.m.29 views

CVE-2026-48210

CVE-2026-48210 concerns an improper default configuration in OTRS 2026.3.1 . The vulnerability makes ticket article forwarding enforce the “Is visible for customer” flag by default and prevents users from disabling it via the UI. This causes unintended exposure of internal ticket information to t...

5.7CVSS5.8AI score0.00248EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/26 12:0 a.m.10 views

PT-2026-47000

GnuTLS 3.6.x before 3.6.14 uses incorrect cryptography for encrypting a session ticket a loss of confidentiality in TLS 1.2, and an authentication bypass in TLS 1.3. The earliest affected version is 3.6.4 2018-09-24 because of an error in a 2018-09-18 commit. Until the first key rotation, the TLS...

5.5AI score
Exploits0References11
Imperva Blog
Imperva Blog
added 2026/05/22 7:9 a.m.11 views

Real-Time Webhook Notifications: No More Lost Security Alerts

Every security team knows the pain: a critical alert lands in someone’s inbox, buried under dozens of other emails, or filtered out by a spam rule. By the time anyone sees it, the incident is already in full swing—no ticket opened, no Slack message sent, no automated workflow triggered. The...

5.7AI score
Exploits0
NVD
NVD
added 2026/05/21 6:16 p.m.14 views

CVE-2026-48248

Open ISES Tickets before 3.44.2 disables TLS certificate verification in incs/login.inc.php by setting CURLOPTSSLVERIFYPEER to false and not setting CURLOPTSSLVERIFYHOST when issuing outbound HTTPS requests issued during the login/authentication flow. An attacker positioned on the network path...

8.2CVSS0.00205EPSS
Exploits0References3
Rows per page
Query Builder