Lucene search
K

119 matches found

NVD
NVD
added last week8 views

CVE-2026-12134

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.7.8. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00232EPSS
Exploits0References8
CVE
CVE
added last week12 views

CVE-2026-12134

The CVE concerns the WordPress plugin JoomSport – for Sports: Team & League, Football, Hockey & more (up to and including version 5.7.8). It describes an authorization bypass where authenticated users with subscriber-level access and above can create arbitrary season groups or modify group names,...

4.3CVSS5.9AI score0.00232EPSS
Exploits0References8
Cvelist
Cvelist
added last week40 views

CVE-2026-12134 JoomSport <= 5.7.8 - Authenticated (Subscriber+) Missing Authorization to Arbitrary Group Creation/Modification via season_groupedit AJAX action

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 5.7.8. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for...

4.3CVSS0.00232EPSS
Exploits0References8
NVD
NVD
added 2026/07/01 5:16 a.m.7 views

CVE-2026-12133

The JoomSport – for Sports: Team & League, Football, Hockey & more plugin for WordPress is vulnerable to Missing Authorization to Arbitrary Group Deletion in versions up to, and including, 5.7.8. This is due to a missing capability check in the joomsportseasongroupdel AJAX handler, which only...

4.3CVSS0.0025EPSS
Exploits0References10
CVE
CVE
added 2026/07/01 3:43 a.m.13 views

CVE-2026-12133

Summary: The JoomSport – for Sports: Team & League, Football & more plugin for WordPress (up to version 5.7.8) is vulnerable to Missing Authorization to Arbitrary Group Deletion via the joomsport_season_groupdel() AJAX handler. The issue arises from a missing capability check; the handler only ve...

4.3CVSS5.9AI score0.0025EPSS
Exploits0References10
GithubExploit
GithubExploit
added 2026/05/30 5:59 a.m.127 views

HTB-Machines-writeups

somdv3 — HTB Writeups Personal HackTheBox writeup repository...

5.8AI score
Exploits0
The Hacker News
The Hacker News
added 2026/03/23 10:55 a.m.4 views

Microsoft Warns IRS Phishing Hits 29,000 Users, Deploys RMM Malware

Microsoft has warned of fresh campaigns that are capitalizing on the upcoming tax season in the U.S. to harvest credentials and deliver malware. The email campaigns take advantage of the urgency and time-sensitive nature of emails to send phishing messages masquerading as refund notices, payroll...

6AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/03/19 3:0 p.m.7 views

When tax season becomes cyberattack season: Phishing and malware campaigns using tax-related lures

In this article 1. A wide range of tax-themed campaigns 2. How to protect users and organization against tax-themed campaigns 3. Microsoft Defender detection and hunting guidance 4. Indicators of compromise During tax season, threat actors reliably take advantage of the urgency and familiarity of...

5.9AI score
Exploits0
Microsoft Secure
Microsoft Secure
added 2026/03/19 3:0 p.m.5 views

When tax season becomes cyberattack season: Phishing and malware campaigns using tax-related lures

In this article 1. A wide range of tax-themed campaigns 2. How to protect users and organization against tax-themed campaigns 3. Microsoft Defender detection and hunting guidance 4. Indicators of compromise During tax season, threat actors reliably take advantage of the urgency and familiarity of...

6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/19 11:33 a.m.7 views

Your tax forms sell for $20 on the dark web

Tax season is also peak season for identity theft. Criminals use stolen personal data to file fake tax returns and claim refunds before the real taxpayer does. Here’s how the fraud works, and how to protect yourself. What is Stolen Identity Refund Fraud SIRF? Stolen Identity Refund Fraud SIRF is ...

6AI score
Exploits0
Malwarebytes
Malwarebytes
added 2026/03/16 7:16 a.m.13 views

A week in security (March 9 &#8211; March 15)

Last week on Malwarebytes Labs: Watch out for fake Malwarebytes renewal notices in your calendar Google patches two Chrome zero-days under active attack. Update now Attackers impersonate Temu in ClickFix $Temu airdrop scam Apple patches Coruna exploit kit flaws for older iOS versions This Android...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/02/14 3:6 p.m.210 views

HTB-Season-10

HTB-Season-10 HTB Season 10 — Competiti...

5.5AI score
Exploits0
Rapid7 Blog
Rapid7 Blog
added 2026/02/03 2:23 p.m.7 views

ICYMI: Experts on Experts – Season One Roundup

In 2025, we launched Experts on Experts: Commanding Perspectives as a pilot video series designed to spotlight the ideas shaping cybersecurity, directly from the people driving them. Over five episodes, Rapid7 leaders shared short, candid conversations on topics like agentic AI, MDR ROI,...

5.7AI score
Exploits0
Akamai Blog
Akamai Blog
added 2025/12/17 2:0 p.m.5 views

Peak Season Isn’t a Season. It’s the World You Operate In.

Peak season isn’t seasonal anymore. Learn why modern surges stem from security risks, not traffic, and how Akamai keeps businesses resilient every day...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2025/12/08 11:58 a.m.7 views

How Can Retailers Cyber-Prepare for the Most Vulnerable Time of the Year?

The holiday season compresses risk into a short, high-stakes window. Systems run hot, teams run lean, and attackers time automated campaigns to get maximum return. Multiple industry threat reports show that bot-driven fraud, credential stuffing and account takeover attempts intensify around peak...

7.1AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/12/03 9:40 a.m.5 views

’Tis the Season to Be Cyber-Wary: How Thales Protects Against Account Takeover During Peak Shopping Season

The holiday shopping season is the busiest time of year for online retailers, and increasingly the most dangerous. As traffic surges and customers rush to place orders, cybercriminals use the distraction and volume to blend in. Account Takeover ATO attacks spike sharply in November and December,...

7.1AI score
Exploits0
Talos Blog
Talos Blog
added 2025/11/26 5:0 p.m.6 views

Care that you share

Welcome to this week's edition of the Threat Source newsletter. Back in April, I wrote about the risks of unintentionally leaking information while using search engines. Since then, I've been thinking: Life doesn't just happen in front of a keyboard. There's a social side, too or so I'm told. Wit...

6.9AI score
Exploits0
Imperva Blog
Imperva Blog
added 2025/11/26 10:44 a.m.6 views

How Thales Protects Online Retail Sites from AI-Driven Bots during Holiday Shopping Season

Every November and December, online retailers gear up for their biggest revenue surge of the year. But while the traffic and transactions climb, so does the threat level. Cybercriminals know exactly when customer activity and the pressure on retail systems is at its highest and they’re automating...

6.9AI score
Exploits0
Schneier on Security
Schneier on Security
added 2025/11/07 10:1 p.m.6 views

Friday Squid Blogging: Squid Game: The Challenge, Season Two

The second season of the Netflix reality competition show Squid Game: The Challenge has dropped. Too many links to pick a few--search for it. As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Blog moderation policy...

6.9AI score
Exploits0
The Hacker News
The Hacker News
added 2025/10/13 11:50 a.m.8 views

Why Unmonitored JavaScript Is Your Biggest Holiday Security Risk

Think your WAF has you covered? Think again. This holiday season, unmonitored JavaScript is a critical oversight allowing attackers to steal payment data while your WAF and intrusion detection systems see nothing. With the 2025 shopping season weeks away, visibility gaps must close now. Get the...

6.8AI score
Exploits0
Rows per page
Query Builder