380 matches found
Building the Future of Cloud Security: Rapid7 Recognized in Cloud Native Application Protection, Q1 2026
We are excited to share Rapid7’s recognition in The Forrester Wave™: Cloud Native Application Protection Solutions CNAPP , Q1 2026 1. We see this acknowledgment as a milestone that highlights our strategic evolution and continued drive to help security teams shift from reactive defense to...
CVE-2026-1303 MailChimp Campaigns <= 3.2.4 - Missing Authorization to Authenticated (Subscriber+) MailChimp App Disconnection
The MailChimp Campaigns plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.2.4. This is due to missing capability checks on the mailchimpcampaignsmanagerdisconnectapp function that is hooked to the AJAX action of the same name. This makes it possib...
PT-2026-8072
The MailChimp Campaigns plugin for WordPress is vulnerable to Missing Authorization in all versions up to, and including, 3.2.4. This is due to missing capability checks on the mailchimp campaigns manager disconnect app function that is hooked to the AJAX action of the same name. This makes it...
CVE-2026-26188 Solspace Freeform plugin affected by Stored Cross-Site Scripting (XSS) in Freeform Craft Plugin CP UI (builder/integrations)
Solspace Freeform plugin for Craft CMS 5.x is a super flexible form-building tool. An authenticated, low-privilege user able to create/edit forms can inject arbitrary HTML/JS into the Craft Control Panel CP builder and integrations views. User-controlled form labels and integration metadata are...
Introducing the WIN Partner Index: The Integrations That Powered Modern Cloud Security in 2025
A data-driven industry benchmark showing how integrations are adopted, gain traction, and deliver value across modern cloud security programs...
7 Top Endpoint Security Platforms for 2026
Endpoints remain primary entry for attacks. In 2026, endpoint platforms must deliver behavior context, automation, investigations, and integrations...
EUVD-2026-3782
Freeform Craft Plugin CP UI builder/integrations has Stored Cross-Site Scripting XSS issue...
Freeform Craft Plugin CP UI (builder/integrations) has Stored Cross-Site Scripting (XSS) issue
Summary An authenticated, low-privilege user able to create/edit forms can inject arbitrary HTML/JS into the Craft Control Panel CP builder and integrations views. User-controlled form labels and integration metadata are rendered with dangerouslySetInnerHTML without sanitization, leading to store...
This Week in Spring - January 20th, 2026
Hi, Spring fans! Welcome to another installment of This Week in Spring! It's already the 20th of January and we are off on yet another rip roarin' adventure as we look at the week that has been... this week in Spring! even more good stuff from Spring AI team legend Christian Tsolov, this one on...
Malicious Package
Overview lusha-integrations-widgets is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...
EUVD-2026-3067
Malicious code in lusha-integrations-widgets npm...
Malicious code in lusha-integrations-widgets (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34c074752069ec179f6a9024d48a4edfb67538c8a3b7d1dfc9959e6b61d9b27f The package lusha-integrations-widgets was found to contain malicious code. Source: ghsa-malware...
MAL-2026-292 Malicious code in lusha-integrations-widgets (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 34c074752069ec179f6a9024d48a4edfb67538c8a3b7d1dfc9959e6b61d9b27f The package lusha-integrations-widgets was found to contain malicious code. Source: ghsa-malware...
CVE-2025-14901
The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...
CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay
The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...
CVE-2025-14901 Bit Form – Contact Form Plugin <= 2.21.6 - Missing Authorization to Unauthenticated Workflow Replay
The Bit Form – Contact Form Plugin plugin for WordPress is vulnerable to unauthorized workflow execution due to missing authorization in the triggerWorkFlow function in all versions up to, and including, 2.21.6. This is due to a logic flaw in the nonce verification where the security check only...
PT-2026-1572
Name of the Vulnerable Software and Affected Versions Bit Form – Contact Form Plugin versions prior to 2.21.7 Description The Bit Form – Contact Form Plugin for WordPress has a flaw allowing unauthorized workflow execution. The triggerWorkFlow function lacks proper authorization, specifically in...
WordPress Popup - MailChimp, GetResponse and ActiveCampaign Intergrations plugin <= 3.2.6 - Unauthenticated SQL Injection vulnerability
WordPress Popup - MailChimp, GetResponse and ActiveCampaign Intergrations plugin = 3.2.6 - Unauthenticated SQL Injection vulnerability discovered by Lucio Sá in WordPress Plugin Popup – MailChimp, GetResponse and ActiveCampaign Intergrations versions = 3.2.6...
SUSE CVE-2017-18870
An issue was discovered in Mattermost Server before 4.5.0, 4.4.5, and 4.3.4. It mishandled webhook access control in the EnableOnlyAdminIntegrations case...
Information Leakage in Grafana Alerting
In Grafana’s alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role “Contact Point Writer”, which is part of the basic role Editor - can edit...