Lucene search
K

380 matches found

Rapid7 Blog
Rapid7 Blog
added 2026/02/17 4:0 p.m.8 views

Building the Future of Cloud Security: Rapid7 Recognized in Cloud Native Application Protection, Q1 2026

We are excited to share Rapid7’s recognition in The Forrester Wave™: Cloud Native Application Protection Solutions CNAPP , Q1 2026 1. We see this acknowledgment as a milestone that highlights our strategic evolution and continued drive to help security teams shift from reactive defense to...

5.8AI score
Exploits0
Vulnrichment
Vulnrichment
added 2026/02/14 6:42 a.m.4 views

CVE-2026-1303 MailChimp Campaigns <= 3.2.4 - Missing Authorization to Authenticated (Subscriber+) MailChimp App Disconnection

The MailChimp Campaigns plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.2.4. This is due to missing capability checks on the mailchimpcampaignsmanagerdisconnectapp function that is hooked to the AJAX action of the same name. This makes it possib...

5.3CVSS5.3AI score0.00287EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/02/14 12:0 a.m.10 views

PT-2026-8072

The MailChimp Campaigns plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.2.4. This is due to missing capability checks on the mailchimp campaigns manager disconnect app function that is hooked to the AJAX action of the same name. This makes it...

5.3CVSS5.3AI score0.00287EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/02/12 10:55 p.m.29 views

CVE-2026-26188 Solspace Freeform plugin affected by Stored Cross-Site Scripting (XSS) in Freeform Craft Plugin CP UI (builder/integrations)

Solspace Freeform plugin for Craft CMS 5.x is a super flexible form-building tool. An authenticated, low-privilege user able to create/edit forms can inject arbitrary HTML/JS into the Craft Control Panel CP builder and integrations views. User-controlled form labels and integration metadata are...

5.1CVSS0.00253EPSS
Exploits1References3
Wiz blog
Wiz blog
added 2026/01/29 12:0 p.m.6 views

Introducing the WIN Partner Index: The Integrations That Powered Modern Cloud Security in 2025

A data-driven industry benchmark showing how integrations are adopted, gain traction, and deliver value across modern cloud security programs...

5.9AI score
Exploits0
HackRead
HackRead
added 2026/01/25 6:22 p.m.5 views

7 Top Endpoint Security Platforms for 2026

Endpoints remain primary entry for attacks. In 2026, endpoint platforms must deliver behavior context, automation, investigations, and integrations...

5.4AI score
Exploits0
EUVD
EUVD
added 2026/01/22 9:41 p.m.12 views

EUVD-2026-3782

Freeform Craft Plugin CP UI builder/integrations has Stored Cross-Site Scripting XSS issue...

5.3AI score
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/01/22 9:41 p.m.12 views

Freeform Craft Plugin CP UI (builder/integrations) has Stored Cross-Site Scripting (XSS) issue

Summary An authenticated, low-privilege user able to create/edit forms can inject arbitrary HTML/JS into the Craft Control Panel CP builder and integrations views. User-controlled form labels and integration metadata are rendered with dangerouslySetInnerHTML without sanitization, leading to store...

5.4CVSS5.9AI score0.00253EPSS
Exploits1References5Affected Software1
Spring Security Advisories
Spring Security Advisories
added 2026/01/20 12:0 a.m.10 views

This Week in Spring - January 20th, 2026

Hi, Spring fans! Welcome to another installment of This Week in Spring! It's already the 20th of January and we are off on yet another rip roarin' adventure as we look at the week that has been... this week in Spring! even more good stuff from Spring AI team legend Christian Tsolov, this one on...

5.6AI score
Exploits0
Snyk
Snyk
added 2026/01/16 4:43 p.m.4 views

Malicious Package

Overview lusha-integrations-widgets is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

9.8CVSS6.8AI score
Exploits0References2
EUVD
EUVD
added 2026/01/16 12:10 a.m.5 views

EUVD-2026-3067

Malicious code in lusha-integrations-widgets npm...

6.6AI score
Exploits0References1
OSSF Malicious Packages
OSSF Malicious Packages
added 2026/01/16 12:10 a.m.10 views

Malicious code in lusha-integrations-widgets (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34c074752069ec179f6a9024d48a4edfb67538c8a3b7d1dfc9959e6b61d9b27f The package lusha-integrations-widgets was found to contain malicious code. Source: ghsa-malware...

6.9AI score
Exploits0References1
OSV
OSV
added 2026/01/16 12:10 a.m.3 views

MAL-2026-292 Malicious code in lusha-integrations-widgets (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34c074752069ec179f6a9024d48a4edfb67538c8a3b7d1dfc9959e6b61d9b27f The package lusha-integrations-widgets was found to contain malicious code. Source: ghsa-malware...

6.8AI score
Exploits0References1
NVD
NVD
added 2026/01/07 12:16 p.m.5 views

CVE-2025-14901

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

6.5CVSS0.0035EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/01/07 6:35 a.m.5 views

CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

6.5CVSS5.5AI score0.0035EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/01/07 6:35 a.m.26 views

CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay

The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...

6.5CVSS0.0035EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/07 12:0 a.m.6 views

PT-2026-1572

Name of the Vulnerable Software and Affected Versions Bit Form – Contact Form Plugin versions prior to 2.21.7 Description The Bit Form – Contact Form Plugin for WordPress has a flaw allowing unauthorized workflow execution. The triggerWorkFlow function lacks proper authorization, specifically in...

6.5CVSS6.7AI score0.0035EPSS
Exploits0References6
Patchstack
Patchstack
added 2025/12/31 12:0 a.m.6 views

WordPress Popup - MailChimp, GetResponse and ActiveCampaign Intergrations plugin <= 3.2.6 - Unauthenticated SQL Injection vulnerability

WordPress Popup - MailChimp, GetResponse and ActiveCampaign Intergrations plugin = 3.2.6 - Unauthenticated SQL Injection vulnerability discovered by Lucio Sá in WordPress Plugin Popup – MailChimp, GetResponse and ActiveCampaign Intergrations versions = 3.2.6...

7.5CVSS5.7AI score0.0096EPSS
Exploits0References1Affected Software1
SUSE CVE
SUSE CVE
added 2025/12/17 2:19 a.m.7 views

SUSE CVE-2017-18870

An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case...

4.3CVSS7AI score0.00614EPSS
Exploits0References2
Grafana
Grafana
added 2025/12/16 12:0 a.m.13 views

Information Leakage in Grafana Alerting

In Grafana’s alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role “Contact Point Writer”, which is part of the basic role Editor - can edit...

6.5CVSS5.8AI score0.00255EPSS
Exploits0
Rows per page
Query Builder