KoodousFinder - A Simple Tool To Allows Users To Search For And Analyze Android Apps For Potential Security Threats And Vulnerabilities

A simple tool to allows users to search for and analyze android apps for potential security threats and vulnerabilities Account and API Key Create a Koodous account and get your api key https://koodous.com/settings/developers Install $ pip install koodousfinder Arguments Param | description ---|-...

Azure vs. AWS Developer Tools Guide

Azure vs. AWS — which should you use for your DevOps environment? Discover the differences, similarities, and use cases to make an informed decision...

Apple Thwarts $2 Billion in App Store Fraud, Rejects 1.7 Million App Submissions

Apple has announced that it prevented over $2 billion in potentially fraudulent transactions and rejected roughly 1.7 million app submissions for privacy and security violations in 2022. The computing giant said it terminated 428,000 developer accounts for potential fraudulent activity, blocked...

Apple Thwarts $2 Billion in App Store Fraud, Rejects 1.7 Million App Submissions

Apple has announced that it prevented over $2 billion in potentially fraudulent transactions and rejected roughly 1.7 million app submissions for privacy and security violations in 2022. The computing giant said it terminated 428,000 developer accounts for potential fraudulent activity, blocked...

WordPress SEO Change Monitor Plugin <= 1.2 is vulnerable to SQL Injection

Software SEO Change Monitor Type Plugin Vulnerable versions = 1.2 Fixed in 1.3 OWASP Top 10 A1: Injection Classification SQL Injection CVE CVE-2023-33209 Patch priority High CVSS severity High 8.5 Developer Claim ownership PSID 184c1106a607 Credits Nithissh S Required privilege Subscriber Publish...

Umbraco 安全漏洞

Umbraco is an open source Content Management System CMS written in C by the Danish company Umbraco. A security vulnerability exists in Umbraco CMS version 7.12.4, which originates from a vulnerability that allows an authenticated administrator to execute remote code via msxsl:script in...

WordPress Simple Page Ordering Plugin <= 2.5.0 is vulnerable to Broken Access Control

Software Simple Page Ordering Type Plugin Vulnerable versions = 2.5.0 Fixed in 2.5.1 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32798 Patch priority Low CVSS severity Low 5.3 Developer Claim ownership PSID bde37994ef19 Credits Mika Required privilege...

Malicious code in pywhool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 54738d1aef580f087fec1311b411aa6ddd2d7affb4b44353dd7f3d6a569a0ed9 Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...

WordPress Waiting: One-click countdowns Plugin <= 0.6.2 is vulnerable to Cross Site Scripting (XSS)

Software Waiting: One-click countdowns Type Plugin Vulnerable versions = 0.6.2 Fixed in N/A OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-2757 Patch priority High CVSS severity High 6.5 Developer Claim ownership PSID 5e454859cceb Credits István...

WordPress Fitness Park Theme <= 1.0.6 is vulnerable to Broken Access Control

Software Fitness Park Type Theme Vulnerable versions = 1.0.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 10be7ca03521 Credits Dave Jong Patchstack Required...

WordPress Kingcabs Theme <= 1.1.6 is vulnerable to Broken Access Control

Software Kingcabs Type Theme Vulnerable versions = 1.1.6 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 2d230f2e2cbf Credits Dave Jong Patchstack Required...

WordPress Chaty Plugin <= 3.0.9 is vulnerable to Cross Site Scripting (XSS)

Software Chaty Type Plugin Vulnerable versions = 3.0.9 Fixed in 3.1 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-25019 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID 46b92040d289 Credits Rafie Muhammad Patchstack...

WordPress Craft Blog Theme <= 1.0.7 is vulnerable to Broken Access Control

Software Craft Blog Type Theme Vulnerable versions = 1.0.7 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 962dfabf18a9 Credits Dave Jong Patchstack Required...

WordPress MetroStore Theme <= 1.3.2 is vulnerable to Broken Access Control

Software MetroStore Type Theme Vulnerable versions = 1.3.2 Fixed in N/A OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-32959 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID d697dae9407a Credits Dave Jong Patchstack Required...

WordPress AutomateWoo Plugin <= 5.7.1 is vulnerable to Cross Site Request Forgery (CSRF)

Software AutomateWoo Type Plugin Vulnerable versions = 5.7.1 Fixed in 5.7.2 OWASP Top 10 A5: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-32745 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 2ce50834e16e Credits Rafie Muhammad Patchsta...

WordPress Essential Addons for Elementor Pro Plugin <= 5.4.8 is vulnerable to Server Side Request Forgery (SSRF)

Software Essential Addons for Elementor Pro Type Plugin Vulnerable versions = 5.4.8 Fixed in 5.4.9 OWASP Top 10 A5: Broken Access Control Classification Server Side Request Forgery SSRF CVE CVE-2023-32245 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 6f79f41d4291 Credits...

WordPress WPCS Plugin <= 1.1.9 is vulnerable to Broken Access Control

Software WPCS Type Plugin Vulnerable versions = 1.1.9 Fixed in 1.2.0 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-2556 Patch priority Medium CVSS severity Medium 4.3 Developer Claim ownership PSID 05cf802e36e5 Credits Alex Thomas Required privilege...

WordPress Bit Form – Contact Form Plugin Plugin < 1.9 is vulnerable to Remote Code Execution (RCE)

Software Bit Form – Contact Form Plugin Type Plugin Vulnerable versions 1.9 Fixed in 1.9 OWASP Top 10 A1: Injection Classification Remote Code Execution RCE CVE CVE-2022-4774 Patch priority High CVSS severity High 10 Developer Claim ownership PSID 4efef0b2be54 Credits Felipe Restrepo Rodríguez...

WordPress WP SMS Plugin <= 6.1.4 is vulnerable to Cross Site Scripting (XSS)

Software WP SMS Type Plugin Vulnerable versions = 6.1.4 Fixed in 6.1.5 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-32742 Patch priority Medium CVSS severity Medium 7.1 Developer Claim ownership PSID aa3cfae9ba33 Credits Le Ngoc Anh Required...

Malicious code in pywool (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: checkmarx 1ba602a97accda8e614fcf38d1af1cb7f1878bf2bd450b21f1be16a4c260123a Malicious packages campaign targeting developers, payload is hidden using Steganography, exfiltrate host information...