148 matches found
WordPress plugin Comment Approved Notifier Extended 跨站脚本漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation. WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blogs on PHP and MySQL servers. A cross-site scripting vulnerability exists in WordPress...
CVE-2024-37361 Hitachi Vantara Pentaho Business Analytics Server - Deserialization of Untrusted Data
The application deserializes untrusted data without sufficiently verifying that the resulting data will be valid. CWE-502 Hitachi Vantara Pentaho Business Analytics Server versions before 10.2.0.0 and 9.3.0.9, including 8.3.x, deserialize untrusted JSON data without constraining the parser to...
FBI: Spike in Hacked Police Emails, Fake Subpoenas
The Federal Bureau of Investigation FBI is urging police departments and governments worldwide to beef up security around their email systems, citing a recent increase in cybercriminal services that use hacked police email accounts to send unauthorized subpoenas and customer data requests to...
Malwarebytes awarded Parent Tested Parent Approved Seal of Approval
We’re delighted to say Malwarebytes has been awarded the Parent Tested Parent Approved Seal of Approval for product excellence. The Seal of Approval is given to products that have earned the trust of families, and serves as a quick and reliable indicator of quality and dependability for parents a...
Malicious code in sap-approved (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f7ea6113d473d2b3e05d7ee871a984c4e83dc443b6cd6b5368f47660560c8d8d The OpenSSF Package Analysis project identified 'sap-approved' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...
MAL-2024-7559 Malicious code in sap-approved (npm)
--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis f7ea6113d473d2b3e05d7ee871a984c4e83dc443b6cd6b5368f47660560c8d8d The OpenSSF Package Analysis project identified 'sap-approved' @ 0.0.0 npm as malicious. It is considered malicious because: - The package...
CVE-2024-5071
The Bookster WordPress plugin through 1.1.0 allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment the request body to change its status from pending to approved...
CVE-2024-5071 Bookster <= 1.1.0 - Unauthenticated Appointment Status Update
The Bookster WordPress plugin through 1.1.0 allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment the request body to change its status from pending to approved...
CVE-2024-5071 Bookster <= 1.1.0 - Unauthenticated Appointment Status Update
The Bookster WordPress plugin through 1.1.0 allows adding sensitive parameters when validating appointments allowing attackers to manipulate the data sent when booking an appointment the request body to change its status from pending to approved...
WordPress Plugin Bookster Security Vulnerability
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
PT-2024-34395 · WordPress · The Bookster
Name of the Vulnerable Software and Affected Versions: The Bookster WordPress plugin versions prior to 1.1.1 Description: The issue allows attackers to manipulate the data sent when booking an appointment by adding sensitive parameters when validating appointments, potentially changing the status...
Zoom Adopts NIST-Approved Post-Quantum End-to-End Encryption for Meetings
Popular enterprise services provider Zoom has announced the rollout of post-quantum end-to-end encryption E2EE for Zoom Meetings, with support for Zoom Phone and Zoom Rooms coming in the future. "As adversarial threats become more sophisticated, so does the need to safeguard user data," the compa...
Moderate: freeglut security update
freeglut is a completely open source alternative to the OpenGL Utility Toolkit GLUT library with an OSI approved free software license. Security Fixes: freeglut: memory leak via glutAddSubMenu function CVE-2024-24258 freeglut: memory leak via glutAddMenuEntry function CVE-2024-24259 For more...
Moderate: Red Hat Security Advisory: freeglut security update
An update for freeglut is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...
Moderate: freeglut security update
freeglut is a completely open source alternative to the OpenGL Utility Toolkit GLUT library with an OSI approved free software license. Security Fixes: freeglut: memory leak via glutAddSubMenu function CVE-2024-24258 freeglut: memory leak via glutAddMenuEntry function CVE-2024-24259 For more...
Open redirect
Rejected reason: This candidate is unused by its CNA...
PT-2023-5088 · Microsoft · Exchange Server
Name of the Vulnerable Software and Affected Versions: Microsoft Exchange Server affected versions not specified Description: The issue is related to errors in access control. It allows a remote attacker to execute arbitrary code in the context of the server account by making a network call. This...
CVE-2023-35667
In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
CVE-2023-35667
In updateList of NotificationAccessSettings.java, there is a possible way to hide approved notification listeners in the settings due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
The rUSDY.transferFrom function can cause reentrancy if is a contract been approved
Lines of code Vulnerability details Impact The rUSDY.transferFrom function can cause reentrancy if is a contract been approved, the function looks like: function transferFrom address sender, address recipient, uint256 amount public returns bool uint256 currentAllowance = allowancessendermsg.sende...