Lucene search
K

100 matches found

Malwarebytes
Malwarebytes
added 2026/03/18 8:51 a.m.5 views

Inside a network of 20,000+ fake shops

We mapped a sprawling fake shop operation of over 20,000 domains, dozens of shared IP addresses and identical storefronts with different names pasted on top. They exist for one purpose: to steal your payment details and personal data. The thread that ties them all together is a browser tab title...

5.7AI score
Exploits0
HackRead
HackRead
added 2026/02/26 5:18 p.m.8 views

Fake Avast Website Targets Users With €499 Phishing Refund Scam

Fraudsters clone Avast’s website to target French users with a €499 phishing scam, using urgency tactics, live chat, and card validation to steal payment data...

5.5AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/02/12 2:35 p.m.5 views

Outlook add-in goes rogue and steals 4,000 credentials and payment data

Researchers found a malicious Microsoft Outlook add-in which was able to steal 4,000 stolen Microsoft account credentials, credit card numbers, and banking security answers. How is it possible that the Microsoft Office Add-in Store ended listing an add-in that silently loaded a phishing kit insid...

5.5AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/21 6:33 a.m.17 views

CVE-2025-14977

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.2.4 via the /wp-json/dokan/v1/settings REST API endpoint due to missing validation on a...

8.1CVSS5.5AI score0.00265EPSS
Exploits0References1
NVD
NVD
added 2026/01/20 5:16 a.m.10 views

CVE-2025-14977

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.2.4 via the /wp-json/dokan/v1/settings REST API endpoint due to missing validation on a...

8.1CVSS0.00265EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/01/20 4:35 a.m.4 views

CVE-2025-14977

The Dokan: AI Powered WooCommerce Multivendor Marketplace Solution – Build Your Own Amazon, eBay, Etsy plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 4.2.4 via the /wp-json/dokan/v1/settings REST API endpoint due to missing validation on a...

8.1CVSS5.4AI score0.00265EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2026/01/20 12:0 a.m.7 views

PT-2026-3536

Name of the Vulnerable Software and Affected Versions Dokan versions up to and including 4.2.4 Description The Dokan plugin for WordPress is susceptible to an Insecure Direct Object Reference issue. This flaw stems from a lack of validation on a user-controlled key within the...

8.1CVSS5.3AI score0.00265EPSS
Exploits0References9
Veracode
Veracode
added 2026/01/09 10:48 a.m.5 views

Improper Authorization

shopware/core is vulnerable to Improper Authorization.The vulnerability is due to media visibility restrictions not being enforced on aggregation API requests, which allows an attacker with low-privilege backend access to bypass authorization checks using crafted aggregation queries and disclose...

6.8AI score
Exploits0
Malwarebytes
Malwarebytes
added 2025/12/22 1:44 p.m.11 views

Pornhub tells users to expect sextortion emails after data exposure

After a recent data breach that affected Pornhub Premium members, Pornhub has updated its online statement to warn users about potential direct contact from cybercriminals. “We are aware that the individuals responsible for this incident have threatened to contact impacted Pornhub Premium users...

6.6AI score
Exploits0
EUVD
EUVD
added 2025/12/02 7:24 a.m.4 views

EUVD-2025-200214

The Zigaform plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 7.6.5. This is due to the plugin exposing a public AJAX endpoint that retrieves form submission data without performing authorization checks to verify ownership or access rights. Th...

5.3CVSS5.4AI score0.00265EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2025/11/20 12:0 a.m.8 views

TencentOS Server 3: firefox (TSSA-2025:0452)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0452 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

8.1CVSS7.4AI score0.00412EPSS
Exploits0References7
CNVD
CNVD
added 2025/11/18 12:0 a.m.2 views

WordPress Welcart e-Commerce Plugin Unauthorized Access Vulnerability

WordPress Welcart e-Commerce Plugin is an e-commerce plugin designed for WordPress to build and manage online stores. WordPress Welcart e-Commerce Plugin suffers from an unauthorized access vulnerability that stems from a lack of capability checking in the uscesexport operation, which can be...

5.3CVSS6.7AI score0.00213EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/11/11 12:0 a.m.6 views

WordPress plugin Hydra Booking — Appointment Scheduling & Booking Calendar 安全漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application that can be install...

5.3CVSS5.8AI score0.00291EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/27 7:46 p.m.3 views

EUVD-2025-36366

Landlord Onboarding & Rental Signup introduces the landlord onboarding workflow and rental signup system for VivaTurbo Rentals & Property Services. In 2.0.0 and earlier, a vulnerability was identified in the TurboTenant property listing activation workflow that could allow unauthorized access to...

9.8CVSS6.2AI score
Exploits0References1
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2006-0210

Malware in sbrugna...

3.6CVSS6.4AI score0.00339EPSS
Exploits0References7
Tenable Nessus
Tenable Nessus
added 2025/10/07 12:0 a.m.1 views

Unity Linux 20.1070a Security Update: firefox (UTSA-2025-987415)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987415 advisory. A clickjacking vulnerability could have been used to trick a user into leaking saved payment card details to a malicious page. This vulnerability affects Firefox 139...

5.4CVSS6.4AI score0.00227EPSS
Exploits0References4
AstraLinux
AstraLinux
added 2025/06/16 11:28 a.m.5 views

Astra Linux – Vulnerability in Firefox and Thunderbird

A clickjacking vulnerability could have been exploited to trick users into revealing their saved payment card details to a malicious page. This vulnerability has been fixed in Firefox 139, Firefox ESR 128.11, Thunderbird 139, and Thunderbird 128.11...

5.4CVSS6.5AI score0.00227EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/05/23 9:58 a.m.9 views

CVE-2024-1645

The Mollie Forms plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the exportRegistrations function in all versions up to, and including, 2.6.3. This makes it possible for authenticated attackers, with subscriber access or higher, to export...

4.3CVSS6.5AI score0.00455EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:30 p.m.6 views

CVE-2022-1250

The LifterLMS PayPal WordPress plugin before 1.4.0 does not sanitise and escape some parameters from the payment confirmation page before outputting them back in the page, leading to a Reflected Cross-Site Scripting issue...

6.1CVSS6.1AI score0.00918EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:27 a.m.9 views

CVE-2019-13292

A SQL Injection issue was discovered in webERP 4.15. Payments.php accepts payment data in base64 format. After this is decoded, it is deserialized. Then, this deserialized data goes directly into a SQL query, with no sanitizing checks...

9.8CVSS8.1AI score0.06509EPSS
Exploits1References1
Rows per page
Query Builder