Lucene search
K

55 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/04 5:52 p.m.8 views

CVE-2026-41236

Froxlor is open source server administration software. Version 2.3.6 contains a symlink-following flaw in the root-owned SSH key synchronization path used for customer FTP users. The provisioning code appends public keys to /.ssh/authorizedkeys under a customer-controlled home directory without...

8.8CVSS5.9AI score0.00366EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/03/11 12:0 a.m.5 views

PT-2026-24794

Shopware is an open commerce platform. Prior to 6.7.8.1 and 6.6.10.15, the Store API login endpoint POST /store-api/account/login returns different error codes depending on whether the submitted email address belongs to a registered customer CHECKOUT CUSTOMER AUTH BAD CREDENTIALS or is unknown...

5.3CVSS5.8AI score0.00218EPSS
Exploits0References4
EUVD
EUVD
added 2026/02/06 8:47 p.m.6 views

EUVD-2026-5580

PrestaShop is an open source e-commerce web application. Prior to 8.2.4 and 9.0.3, there is a time-based user enumeration vulnerability in the user authentication functionality of PrestaShop. This vulnerability allows an attacker to determine whether a customer account exists in the system by...

5.3CVSS5.5AI score0.00269EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.6 views

PrestaShop 安全漏洞

PrestaShop is an open-source e-commerce solution developed by the PrestaShop company in the United States. This solution offers various payment methods, SMS notifications, and features like image scaling for products. There were security vulnerabilities in versions of PrestaShop before 8.2.4 and...

5.3CVSS5.8AI score0.00269EPSS
Exploits0References4
CISA KEV Catalog
CISA KEV Catalog
added 2025/10/24 12:0 a.m.26 views

Adobe Commerce and Magento Improper Input Validation Vulnerability

Adobe Commerce and Magento Open Source contain an improper input validation vulnerability that could allow an attacker to take over customer accounts through the Commerce REST API...

9.1CVSS7AI score0.96742EPSS
In wildExploits9
Krebs on Security
Krebs on Security
added 2025/10/17 11:26 a.m.7 views

Email Bombs Exploit Lax Authentication in Zendesk

Cybercriminals are abusing a widespread lack of authentication in the customer service platform Zendesk to flood targeted email inboxes with menacing messages that come from hundreds of Zendesk corporate customers simultaneously. Zendesk is an automated help desk service designed to make it simpl...

7AI score
Exploits0
EUVD
EUVD
added 2025/10/03 8:7 p.m.10 views

EUVD-2022-51593

Malicious code in bioql PyPI...

5.4CVSS5.8AI score0.00566EPSS
Exploits1References1
Wired Threat Level
Wired Threat Level
added 2025/09/18 3:9 p.m.3 views

This Microsoft Entra ID Vulnerability Could Have Been Catastrophic

A pair of flaws in Microsoft's Entra ID identity and access management system could have allowed an attacker to gain access to virtually all Azure customer accounts...

7.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/07/08 2:51 p.m.13 views

Behind the Booking: How Bots Are Undermining Airline Revenue

The airline industry is under constant attack from malicious bots. Bad actors use automation to scrape fares, hoard inventory, commit fraud, and compromise customer accounts. While every airline faces its own unique challenges, the business impacts are remarkably consistent—lost revenue, inflated...

7.2AI score
Exploits0
The Hacker News
The Hacker News
added 2025/05/28 6:11 a.m.7 views

Apple Blocks $9 Billion in Fraud Over 5 Years Amid Rising App Store Threats

Apple on Tuesday revealed that it prevented over $9 billion in fraudulent transactions in the last five years, including more than $2 billion in 2024 alone. The company said the App Store is confronted by a wide range of threats that seek to defraud users in various ways, ranging from "deceptive...

6.3AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 12:27 a.m.8 views

CVE-2022-4235

RushBet version 2022.23.1-b490616d allows a remote attacker to steal customer accounts via use of a malicious application. This is possible because the application exposes an activity and does not properly validate the data it receives...

5.4CVSS7AI score0.00566EPSS
Exploits1References1
CNNVD
CNNVD
added 2025/05/22 12:0 a.m.4 views

fc-stable-diffusion 安全漏洞

fc-stable-diffusion is an open source tool from Serverless Devs Registry for deploying stable-diffusion to AliCloud Functional Computing. A security vulnerability exists in fc-stable-diffusion v1.0.18, which stems from improper privileges and could lead to elevated privileges and customer cloud...

8.8CVSS6.7AI score0.00302EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/06/22 5:0 a.m.38 views

CVE-2024-21517

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account...

4.2CVSS0.00391EPSS
Exploits1References2
Cvelist
Cvelist
added 2024/06/19 12:0 a.m.25 views

CVE-2024-36677

In the module "Login as customer PRO" loginascustomerpro 1.2.7 from Weblir for PrestaShop, a guest can access direct link to connect to each customer account of the Shop if the module is not installed OR if a secret accessible to administrator is stolen...

0.00379EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2024/06/19 12:0 a.m.4 views

PT-2024-27120 · Weblir · Weblir Login As Customer Pro

Name of the Vulnerable Software and Affected Versions: Weblir Login as customer PRO module versions prior to 1.2.7 Description: The issue allows a guest to access a direct link to connect to each customer account of the shop if the module is not installed or if a secret accessible to the...

7.5CVSS7.2AI score0.00379EPSS
Exploits0References2
CISA
CISA
added 2024/06/03 12:0 p.m.7 views

Snowflake Recommends Customers Take Steps to Prevent Unauthorized Access

On June 2, Snowflake indicated a recent increase in cyber threat activity targeting customer accounts on its cloud data platform. Snowflake issued a recommendation for users to query for unusual activity and conduct further analysis to prevent unauthorized user access. Users and administrators ar...

7.1AI score
Exploits0References1
hivepro
hivepro
added 2023/02/10 12:41 p.m.15 views

An Authentication Vulnerability Discovered in Jira Service Management Server and Data Center

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary A security vulnerability was found in Jira Service Management Server and Data Center versions 5.3.0 to 5.5.0 which allows an attacker to access a Jira Service Management instance by impersonating...

4.7AI score
Exploits0
Prion
Prion
added 2023/02/01 7:15 p.m.34 views

Authentication flaw

An authentication vulnerability was discovered in Jira Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a Jira Service Management instance under certain circumstances. With write access to a User Directory and outgoing email enabled...

7.5CVSS9.4AI score0.15978EPSS
Exploits0References1Affected Software1
Krebs on Security
Krebs on Security
added 2023/01/20 4:9 a.m.20 views

New T-Mobile Breach Affects 37 Million Accounts

T-Mobile today disclosed a data breach affecting tens of millions of customer accounts, its second major data exposure in as many years. In a filing with federal regulators, T-Mobile said an investigation determined that someone abused its systems to harvest subscriber data tied to approximately ...

6.6AI score
Exploits0
The Hacker News
The Hacker News
added 2023/01/19 5:33 a.m.2 views

Mailchimp Suffers Another Security Breach Compromising Some Customers' Information

Popular email marketing and newsletter service Mailchimp has disclosed yet another security breach that enabled threat actors to access an internal support and account admin tool to obtain information about 133 customers. "The unauthorized actor conducted a social engineering attack on Mailchimp...

6.3AI score
Exploits0
Rows per page
Query Builder