3500 matches found
CVE-2024-48925
Umbraco CMS vulnerability CVE-2024-48925 affects versions 14.0.0–14.3.0. Affected components expose the webhook API due to improper access control, allowing low-privilege users to retrieve information restricted to settings-users. Version 14.3.0 contains the patch; remediation is to upgrade to 14...
CVE-2024-48925 Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API
Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to th...
CVE-2024-48925 Umbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook API
Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. The issue allows low-privilege users to access the webhook API and retrieve information that should be restricted to users with access to th...
PT-2024-33273 · Umbraco · Umbraco
Name of the Vulnerable Software and Affected Versions: Umbraco versions 14.0.0 through 14.2.x Description: The issue is related to improper access control, allowing low-privilege users to access the webhook API and retrieve restricted information. This affects the settings section, where access...
Umbraco CMS 安全漏洞
Umbraco CMS is a content management system from Umbraco, Denmark. A security vulnerability exists in Umbraco CMS version 14.0.0 up to and including version 14.3.0, which stems from an improper access control issue that allows a low-privileged user to access the webhook API and retrieve informatio...
CVE-2023-32193 vulnerabilities
Vulnerabilities for packages: rancher-agent, rancher-webhook...
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 30, 2024 to October 6, 2024)
Calling all superheroes and haunters! Introducing the Cybersecurity Month Spooktacular Haunt and the WordPress Superhero Challenge for the Wordfence Bug Bounty Program! Through November 11th, 2024: All in-scope vulnerability types for WordPress plugins/themes with = 1,000 active installations are...
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 23, 2024 to September 29, 2024)
Did you know Wordfence runs aBug Bounty Program for all WordPress plugins and themes at no cost to vendors? Through October 7th, 2024, XSS vulnerabilities in all plugins and themes with =1,000 Active Installs are in scope for all researchers. In addition, through October 14th, 2024 , r esearchers...
MAL-2024-12351 Malicious code in spy-ai (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 d71096c3aa8cb143ba7fab208ab313a240e8f1f9846b17b947a01f729fc1864a Every time the user sends a message to the AI, the user IP, message as well as the response are exfiltrated to a hardcoded telegram channel. This behaviour is...
MAL-2024-12348 Malicious code in spiderai (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 cfee8e74f278d45135c11ee4ff3f18180cb2423e333934a8ba994f5e8ec48b9a Every time the user sends a message to the AI, the user IP, message as well as the response are exfiltrated to a hardcoded telegram channel. This behaviour is...
Malicious code in discord-token-lib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 44f591d196b048c4cad8da1cc1399681e22a2d5786fb212fda7c920aed8c2b07 osint packages promise to be OSINT tool, however, when providing the username to search for, the package attempts to exfiltrate Discord tokens from the user. T...
Malicious code in osint-tool (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 10a834a37294b0f3aaf52345444f8c5c2a15dde780c8342446c53ecc05d623c0 osint packages promise to be OSINT tool, however, when providing the username to search for, the package attempts to exfiltrate Discord tokens from the user. T...
MAL-2024-12257 Malicious code in discord-token-lib (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 44f591d196b048c4cad8da1cc1399681e22a2d5786fb212fda7c920aed8c2b07 osint packages promise to be OSINT tool, however, when providing the username to search for, the package attempts to exfiltrate Discord tokens from the user. T...
MAL-2024-12320 Malicious code in osint-tool (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 10a834a37294b0f3aaf52345444f8c5c2a15dde780c8342446c53ecc05d623c0 osint packages promise to be OSINT tool, however, when providing the username to search for, the package attempts to exfiltrate Discord tokens from the user. T...
Malicious code in botnetv2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 c81380140d3b7a9d5dddf19a386bb1fc8b9b55044fefc32997fc3d2af9969fcb When running the module, basic information about the user and its location are collected and sent to the author. This is hidden from the user as the package...
Malicious code in mennort (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a18b704aee3dd3fa8d54027bbe2d6634696fcffaf194410e38fb5318d0d2a534 Package sends out the data to a hardcoded webhook. However, it's clearly said in the description, thus - not really malicious. --- Category: PROBABLYPENTEST -...
MAL-2024-12305 Malicious code in mennort (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 a18b704aee3dd3fa8d54027bbe2d6634696fcffaf194410e38fb5318d0d2a534 Package sends out the data to a hardcoded webhook. However, it's clearly said in the description, thus - not really malicious. --- Category: PROBABLYPENTEST -...
Malicious code in easypydb (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6bba8fa7c973e17898962b7fa6aebecdd0d9149b9e3a1f078bbc57f5e4bf7f0a The package is a wrapper around "s1db" package, which offers some kind of easy online database. However, this package silently exfiltrates credentials given by...
MAL-2024-12261 Malicious code in easypydb (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 6bba8fa7c973e17898962b7fa6aebecdd0d9149b9e3a1f078bbc57f5e4bf7f0a The package is a wrapper around "s1db" package, which offers some kind of easy online database. However, this package silently exfiltrates credentials given by...
Malicious code in discself (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 271e2fef9fd10cd1a179df1be1e1f92c837d1ecf3d074451a9b1b6205babe511 Package suggests a code to build bots; however, the code just exfiltrates the token given by the user to the hardcoded Discord webhook. Looking at other activi...