Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

6 matches found

The Hacker News
The Hacker Newsadded 2025/01/28 2:2 p.m.16 views

OAuth Redirect Flaw in Airline Travel Integration Exposes Millions to Account Hijacking

Cybersecurity researchers have disclosed details of a now-patched account takeover vulnerability affecting a popular online travel service for hotel and car rentals. "By exploiting this flaw, attackers can gain unauthorized access to any user’s account within the system, effectively allowing them...

7.6AI score
Exploits0
CVE
CVEadded 2024/11/08 9:29 a.m.46 views

CVE-2024-10187

CVE-2024-10187 affects the WordPress plugin myCred – Points Management System (Gamification). It enables Stored Cross-Site Scripting via the mycred_link shortcode due to insufficient input sanitization and output escaping on user-supplied attributes, affecting all versions up to 2.7.4. An attacke...

6.4CVSS5.4AI score0.00305EPSS
Exploits0References3Affected Software1
Cvelist
Cvelistadded 2024/09/25 5:32 a.m.13 views

CVE-2024-8658 myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification <= 2.7.3 - Missing Authorization to Unauthenticated Database Upgrade

The myCred – Loyalty Points and Rewards plugin for WordPress and WooCommerce – Give Points, Ranks, Badges, Cashback, WooCommerce rewards, and WooCommerce credits for Gamification plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the...

5.3CVSS0.00218EPSS
Exploits0References2
OSV
OSVadded 2024/01/16 9:15 p.m.1 views

CVE-2023-48926

An issue in 202 ecommerce Advanced Loyalty Program: Loyalty Points before v2.3.4 for PrestaShop allows unauthenticated attackers to arbitrarily change an order status...

5.3CVSS5.8AI score0.00259EPSS
Exploits0References1
CVE
CVEadded 2024/01/16 12:0 a.m.43 views

CVE-2023-48926

CVE-2023-48926 affects the PrestaShop extension: 202 ecommerce Advanced Loyalty Program, Loyalty Points before v2.3.4. The vulnerability allows unauthenticated attackers to arbitrarily change an order status. Documents cite a CVSS v3.1 base score of 5.3 (Medium) with impact limited to integrity. ...

5.3CVSS5.4AI score0.00259EPSS
Exploits0References1Affected Software1
Imperva Blog
Imperva Blogadded 2022/11/07 11:17 a.m.19 views

The Worrying Rise of Cybercrime as a Service (CaaS)

What is CaaS? Put simply, Cybercrime as a Service CaaS means black hat hackers for hire. Now, any ex-employee with a grudge, any disgruntled customer, any troubled ex-partner, or vindictive competitor, literally anyone with the right browser, can hire a dark web bad actor to perform...

Exploits0
Rows per page
Query Builder