CVE-2024-48032

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in sumitsurai Featured Posts with Multiple Custom Groups FPMCG featured-posts-with-multiple-custom-groups-fpmcg allows Reflected XSS.This issue affects Featured Posts with Multiple Custom Groups FPMCG...

CVE-2024-48031

Cross-Site Request Forgery CSRF vulnerability in sumitsurai Featured Posts with Multiple Custom Groups FPMCG featured-posts-with-multiple-custom-groups-fpmcg allows Cross Site Request Forgery.This issue affects Featured Posts with Multiple Custom Groups FPMCG: from n/a through = 4.0...

U.S. Charges Two Sudanese Brothers for Record 35,000 DDoS Attacks

Federal prosecutors in the U.S. have charged two Sudanese brothers with running a distributed denial-of-service DDoS botnet for hire that conducted a record 35,000 DDoS attacks in a single year, including those that targeted Microsoft's services in June 2023. The attacks, which were facilitated b...

PT-2024-32950 · Unknown · Featured Posts With Multiple Custom Groups

Name of the Vulnerable Software and Affected Versions: Featured Posts with Multiple Custom Groups FPMCG versions n/a through 4.0 Description: This issue is related to an Improper Neutralization of Input During Web Page Generation, also known as Cross-site Scripting XSS. It allows for Reflected XS...

PT-2024-32949 · Unknown · Featured Posts With Multiple Custom Groups

Name of the Vulnerable Software and Affected Versions: Featured Posts with Multiple Custom Groups FPMCG versions n/a through 4.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows Cross Site Request Forgery. Recommendations: For versions n/a through 4.0, update ...

WordPress plugin Featured Posts with Multiple Custom Groups 跨站请求伪造漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

WordPress plugin Featured Posts with Multiple Custom Groups 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation, a blogging platform developed in the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site scripting vulnerability exists in WordPress...

Hackers Abuse EDRSilencer Tool to Bypass Security and Hide Malicious Activity

Threat actors are attempting to abuse the open-source EDRSilencer tool as part of efforts to tamper endpoint detection and response EDR solutions and hide malicious activity. Trend Micro said it detected "threat actors attempting to integrate EDRSilencer in their attacks, repurposing it as a mean...

CVE-2021-3738

...

PT-2024-7225 · Pfsense · Pfsense

Name of the Vulnerable Software and Affected Versions: pfsense version 2.5.2 Description: A cross-site scripting XSS vulnerability in pfsense allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the $pconfig variable at "interfaces groups edit.php". This...

WordPress Featured Posts with Multiple Custom Groups (FPMCG) plugin <= 4.0 - Reflected Cross Site Scripting (XSS) vulnerability

Reflected Cross Site Scripting XSS vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Featured Posts with Multiple Custom Groups FPMCG versions = 4.0...

WordPress Featured Posts with Multiple Custom Groups (FPMCG) plugin <= 4.0 - Cross-Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery CSRF vulnerability discovered by Mika Patchstack Alliance in WordPress Plugin Featured Posts with Multiple Custom Groups FPMCG versions = 4.0...

EulerOS 2.0 SP12 : docker-engine (EulerOS-SA-2024-2500)

According to the versions of the docker-engine packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Moby is an open source container framework that is a key component of Docker Engine, Docker Desktop, and other distributions of container...

CVE-2024-45051

CVE-2024-45051 affects Discourse: a vulnerability that lets an attacker bypass domain-based restrictions by using a maliciously crafted (encoded) email address, enabling access to private sites, categories and groups. Connected sources confirm this is a Discourse authorization bypass tied to how ...

CVE-2024-45051 Bypass of email address validation via encoded email addresses in Discourse

Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed versio...

CVE-2024-9574 SQL Injection vulnerability in SOPlanning

SQL injection vulnerability in SOPlanning 1.45, via /soplanning/www/usergroupes.php in the by parameter, which could allow a remote user to submit a specially crafted query, allowing an attacker to retrieve all the information stored in the DB...

Discourse 授权问题漏洞

Discourse is an open source community discussion platform from Discourse Open Source. The platform includes community, email, and chat room features. Discourse suffers from an authorization issue vulnerability that stems from the presence of maliciously crafted email addresses that allow an...

PT-2024-31403 · Discourse · Discourse

Name of the Vulnerable Software and Affected Versions: Discourse versions prior to the latest stable, beta and tests-passed version Description: A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories, and/or...

Cross Site Scripting(XSS)

librenms/librenms is vulnerable to Cross Site ScriptingXSS. The vulnerability is due to improper input sanitization in the Device Groups name, allowing JavaScript code to be executed when the details of the Device Group are viewed...

Fake Job Applications Deliver Dangerous More_eggs Malware to HR Professionals

A spear-phishing email campaign has been observed targeting recruiters with a JavaScript backdoor called Moreeggs, indicating persistent efforts to single out the sector under the guise of fake job applications. "A sophisticated spear-phishing lure tricked a recruitment officer into downloading a...