140 matches found
Inside the Multimillion-Dollar Gray Market for Video Game Cheats
Gaming cheats are the bane of the video game industry—and a hot commodity. A recent study found that cheat creators are making a fortune from gamers looking to gain a quick edge...
Unsecured Database Exposes Data of 3.6 Million Passion.io Creators
A massive data leak has put the personal information of over 3.6 million app creators, influencers, and entrepreneurs…...
CVE-2024-52347
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpwebsitecreator Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera wp-website-creator allows Stored XSS.This issue affects Website remote Install vor Gravity, WPForms,...
CVE-2022-39270
DiscoTOC is a Discourse theme component that generates a table of contents for topics. Users that can create topics in TOC-enabled categories and have sufficient trust level - configured in component's settings are able to inject arbitrary HTML on that topic's page. The issue has been fixed on th...
CVE-2022-2498
An issue in pipeline subscriptions in GitLab EE affecting all versions from 12.8 prior to 15.0.5, 15.1 prior to 15.1.4, and 15.2 prior to 15.2.1 triggered new pipelines with the person who created the tag as the pipeline creator instead of the subscription's author...
Malware Hidden in Fake Business Proposals Hits YouTube Creators
Cybercriminals are targeting YouTube creators with sophisticated phishing attacks disguised as brand collaborations. Learn how to identify these scams, protect your data, and safeguard your online presence...
CVE-2023-36531
CVE-2023-36531 concerns the WordPress plugin LiquidPoll – Advanced Polls for Creators and Brands (WP-Poll) with versions
postgresql: PostgreSQL relation replacement during pg_dump executes arbitrary SQL
A vulnerability was found in PostgreSQL. A Race condition in pgdump allows an object creator to execute arbitrary SQL functions as the user running pgdump, which is often a superuser...
CVE-2024-39655
LiquidPoll – Advanced Polls for Creators and Brands (WP plugin) contains an unauthenticated XSS in versions up to 3.3.77; the issue is caused by improper neutralization of input during web page generation. Publicly documented impact is cross-site scripting, affecting affected sites that run the p...
WordPress LiquidPoll – Advanced Polls for Creators and Brands Plugin <= 3.3.77 is vulnerable to Cross Site Scripting (XSS)
Software LiquidPoll – Advanced Polls for Creators and Brands Type Plugin Vulnerable versions = 3.3.77 Fixed in 3.3.78 OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2024-39655 Patch priority Medium CVSS severity Medium 6.5 Developer Claim ownership PSID a190a4c0c44f...
Malicious code in down_load_epub_creators_take_control_mdnbf4 (npm)
--- -= Per source details. Do not edit below this line.=-...
CVE-2024-34418
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in Tech9logy Creators WPCS WordPress Custom Search allows Stored XSS.This issue affects WPCS WordPress Custom Search : from n/a through 1.1...
CVE-2024-34418
CVE-2024-34418 concerns Tech9logy Creators WPCS (WordPress Custom Search). The issue is a Stored XSS caused by improper neutralization of input during web page generation. Affects WPCS versions from not specified (n/a) up to 1.1. The connected Red Hat entry repeats the same description. Public de...
New Latrodectus Downloader Malware Linked to IcedID and Qbot Creators
By Waqas Another day, another malware threat! This is a post from HackRead.com Read the original post: New Latrodectus Downloader Malware Linked to IcedID and Qbot Creators...
WordPress LiquidPoll – Advanced Polls for Creators and Brands Plugin <= 3.3.76 is vulnerable to Sensitive Data Exposure
Software LiquidPoll – Advanced Polls for Creators and Brands Type Plugin Vulnerable versions = 3.3.76 Fixed in 3.3.77 OWASP Top 10 A3: Sensitive Data Exposure Classification Sensitive Data Exposure CVE CVE-2024-2080 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID...
Plv8 Code Issues Vulnerabilities
Plv8 is a shared library that provides the PostgreSQL procedural language supported by the V8 Javascript engine. A security vulnerability exists in Plv8 version 3.2.1, which originates from the ability of a user who creates objects in the database to execute delayed triggers as a superuser during...
Google Is Getting Thousands of Deepfake Porn Complaints
Content creators are using copyright laws to get nonconsensual deepfakes removed from the web. With the complaints covering nearly 30,000 URLs, experts say Google should do more to help...
Incomplete Creator Rewards in Auction Settlement
Lines of code Vulnerability details Summary During the settlement of auctions in the AuctionHouse, the proceeds meant for creators are not accurately distributed, leading to potential loss of funds for the creators. Vulnerability Details In the process of settling auctions...
Two items having same number of votes above the quorum can lead to invariant violation and unfairness towards either of the item
Lines of code Vulnerability details Impact When an item is dropped or extracted from the maxHeap tree, it is directly done so from the item at the root of the tree i.e. index 0. Although this is expected, if one of the child itemIds have number of votes equal to that of the root node, this would ...
CultureIndex.sol#_vote() - Creators of certain piece can vote for their piece
Lines of code Vulnerability details Impact In CultureIndex there is a function vote that allows users to vote for a piece to get sold on the auction house. Each piece has creators that get cut of the sale. The problem is that there is no checks if the user voting for a certain piece is it's own...