Lucene search
K

19 matches found

Patchstack
Patchstack
added 2025/06/27 2:40 p.m.10 views

WordPress WooCommerce PDF Invoice Builder plugin <= 1.2.148 - Cross Site Request Forgery (CSRF) Vulnerability

Cross Site Request Forgery CSRF Vulnerability discovered by Nguyen Xuan Chien in WordPress Plugin WooCommerce PDF Invoice Builder versions = 1.2.148...

4.3CVSS6.6AI score0.0014EPSS
Exploits0Affected Software1
OSV
OSV
added 2024/06/25 12:38 p.m.4 views

MAL-2024-2151 Malicious code in down_load_ebook_cambiemos_de_via_by_edgar_morin_s4uv8 (npm)

--- -= Per source details. Do not edit below this line.=-...

7.1AI score
Exploits0
Patchstack
Patchstack
added 2023/10/16 12:0 a.m.9 views

WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.103 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce PDF Invoice Builder Type Plugin Vulnerable versions = 1.2.103 Fixed in 1.2.104 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-46076 Patch priority High CVSS severity High 7.1 Developer Edgar Rojas PSID e196625e8b7e Credits LEE S...

7.1CVSS5.6AI score0.00331EPSS
Exploits0References2Affected Software1
Patchstack
Patchstack
added 2023/08/21 12:0 a.m.11 views

WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.90 is vulnerable to Cross Site Scripting (XSS)

Software WooCommerce PDF Invoice Builder Type Plugin Vulnerable versions = 1.2.90 Fixed in 1.2.91 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-4160 Patch priority Low CVSS severity Low 5.9 Developer Edgar Rojas PSID 27b991f0b0a1 Credits Marco...

4.8CVSS5.8AI score0.00412EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/08/21 12:0 a.m.13 views

WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.91 is vulnerable to Broken Access Control

Software WooCommerce PDF Invoice Builder Type Plugin Vulnerable versions = 1.2.91 Fixed in 1.2.92 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2023-4245 Patch priority Low CVSS severity Low 4.3 Developer Edgar Rojas PSID f1eb4f613ca1 Credits Marco Wotschka...

4.3CVSS6.6AI score0.00432EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/08/14 12:0 a.m.13 views

WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.89 is vulnerable to SQL Injection

Software WooCommerce PDF Invoice Builder Type Plugin Vulnerable versions = 1.2.89 Fixed in 1.2.90 OWASP Top 10 A3: Injection Classification SQL Injection CVE CVE-2023-3677 Patch priority High CVSS severity High 8.5 Developer Edgar Rojas PSID 2cec7ed323a9 Credits Marco Wotschka Required privilege...

8.8CVSS6.8AI score0.00619EPSS
Exploits0References3Affected Software1
Patchstack
Patchstack
added 2023/08/14 12:0 a.m.13 views

WordPress WooCommerce PDF Invoice Builder Plugin <= 1.2.90 is vulnerable to Cross Site Request Forgery (CSRF)

Software WooCommerce PDF Invoice Builder Type Plugin Vulnerable versions = 1.2.90 Fixed in 1.2.91 OWASP Top 10 A1: Broken Access Control Classification Cross Site Request Forgery CSRF CVE CVE-2023-3764 Patch priority Low CVSS severity Low 4.3 Developer Edgar Rojas PSID 32ad6bbe40fc Credits Marco...

4.3CVSS6.6AI score0.00245EPSS
Exploits0References3Affected Software1
Malwarebytes
Malwarebytes
added 2022/10/05 11:30 a.m.14 views

Kim Kardashian gets huge fine for crypto ad

The Securities and Exchange Commission SEC announced in a recent press release that it's charging celebrity influencer Kim Kardashian for violating Section 17b of the Securities Act of 1933, or the anti-touting provision. Kardashian was paid to promote EthereumMax or EMAX, a crypto asset security...

0.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2022/08/23 4:53 p.m.21 views

Avoiding Smash and Grab Under the SEC’s Proposed Cyber Rule

The SEC recently proposed a regulation to require all public companies to report cybersecurity incidents within four days of determining that the incident is material. While Rapid7 generally supports the proposed rule, we are concerned that the rule requires companies to publicly disclose a cyber...

0.1AI score
Exploits0
Openbugbounty
Openbugbounty
added 2020/03/10 7:46 p.m.6 views

edgar.k12.wi.us Cross Site Scripting vulnerability

Open Bug Bounty ID: OBB-1115423 Security Researcher MrRain1996 Helped patch 994 vulnerabilities Received 4 Coordinated Disclosure badges Received 9 recommendations , a holder of 4 badges for responsible and coordinated disclosure, found a security vulnerability affecting edgar.k12.wi.us website a...

Exploits0
vulnersOsv
vulnersOsv
added 2020/02/19 4:43 p.m.5 views

@angstone/micro (=0.0.1), @angstone/microservice (=0.0.17) +4 more potentially affected by CVE-2019-10790 via taffy (=2.6.2)

taffy NPM version =2.6.2 is affected by a known vulnerability. The following packages have a transitive dependency on taffy and may be impacted: - @angstone/micro =0.0.1 - @angstone/microservice =0.0.17 - anrajs =1.0.0, =0.0.1, =0.0.7, =1.0.6 - neyka =3.0.0 Source cves: CVE-2019-10790 Source...

7.5CVSS7.1AI score0.01877EPSS
Exploits1
vulnersOsv
vulnersOsv
added 2020/02/05 4:4 p.m.6 views

@angstone/micro (=0.0.1), @angstone/microservice (=0.0.17) +4 more potentially affected by CVE-2019-10790 via taffy (=2.6.2)

taffy NPM version =2.6.2 is affected by a known vulnerability. The following packages have a transitive dependency on taffy and may be impacted: - @angstone/micro =0.0.1 - @angstone/microservice =0.0.17 - anrajs =1.0.0, =0.0.1, =0.0.7, =1.0.6 - neyka =3.0.0 Source cves: CVE-2019-10790 Source...

7.5CVSS7.1AI score0.01877EPSS
Exploits1
ThreatPost
ThreatPost
added 2019/01/16 4:47 p.m.26 views

U.S. Issues Multiple Charges For 2016 SEC Hack

Two Ukrainains have been indicted in hacking the U.S. Securities and Exchange Commission SEC in order to steal and sell non-public, confidential information from publicly-traded companies. The two have been charged as part of a large-scale conspiracy to hack the SEC’s computer systems and profit ...

0.5AI score
Exploits0References5
The Hacker News
The Hacker News
added 2019/01/15 7:34 p.m.3 views

Two Hackers Charged with Hacking SEC System in Stock-Trading Scheme

The U.S. authorities have charged two Ukrainian hackers for hacking into the Securities and Exchange Commission's EDGAR filing system and stealing sensitive market-moving reports of companies before their public release. EDGAR, or Electronic Data Gathering, Analysis, and Retrieval, is an online...

6.8AI score
Exploits0
The Hacker News
The Hacker News
added 2019/01/15 7:34 p.m.101 views

Two Hackers Charged with Hacking SEC System in Stock-Trading Scheme

The U.S. authorities have charged two Ukrainian hackers for hacking into the Securities and Exchange Commission's EDGAR filing system and stealing sensitive market-moving reports of companies before their public release. EDGAR, or Electronic Data Gathering, Analysis, and Retrieval, is an online...

0.8AI score
Exploits0
ThreatPost
ThreatPost
added 2017/09/22 11:47 a.m.18 views

2016 SEC Hack May Have Benefited Insider Trading

The U.S. Securities and Exchange Commission, the watchdog of Wall Street, said this week that hackers infiltrated one of its systems last year, something that likely facilitated insider trading. The SEC waited nearly nine months to disclose the hack. SEC Chairman Jay Clayton devoted four sentence...

6.9AI score
Exploits0References6
The Hacker News
The Hacker News
added 2017/09/20 11:43 p.m.7 views

SEC Discloses Hackers Broke Into Edgar Corporate Filing System Last Year

This month has been full of breaches. Now, the Securities and Exchange Commission SEC, the top U.S. markets regulator, has disclosed that hackers managed to hack into its financial document filing system and may have illegally profited from the stolen information. On Wednesday, the SEC announced...

6.6AI score
Exploits0
Openbugbounty
Openbugbounty
added 2017/09/13 10:2 a.m.12 views

edgarwinter.com XSS vulnerability

Vulnerable URL: http://www.edgarwinter.com/gallery/display.php?ID=74%22%27--!%3E%3Cscript%3EalertOPENBUGBOUNTY%3C/script%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 13.12.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 3950927 V...

6.3AI score
Exploits0
VMware
VMware
added 2016/10/11 12:0 a.m.31 views

vRealize Operations (vROps) updates address privilege escalation vulnerability

vROps privilege escalation issue vROps contains a privilege escalation vulnerability. Exploitation of this issue may allow a vROps user who has been assigned a low-privileged role to gain full access over the application. In addition it may be possible to stop and delete Virtual Machines managed ...

8CVSS3.1AI score0.03183EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder