37 matches found
WordPress Responsive Filterable Portfolio Plugin <= 1.0.22 is vulnerable to Server Side Request Forgery (SSRF)
Software Responsive Filterable Portfolio Type Plugin Vulnerable versions = 1.0.22 Fixed in 1.0.23 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-51785 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID...
GHSA-CJ55-GC7M-WVCQ req may send an unintended request when a malformed URL is provided
The req library is a widely used HTTP library in Go. However, it does not handle malformed URLs effectively. As a result, after parsing a malformed URL, the library may send HTTP requests to unexpected destinations, potentially leading to security vulnerabilities or unintended behavior in...
CVE-2024-22219
XML External Entity XXE vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as accessing the underlying server, remote code execution RCE, or...
CVE-2024-22218
CVE-2024-22218/22219 describe an XXE vulnerability in Terminalfour versions 8.0.0001–8.3.18 and XML JDBC up to 1.0.4. An authenticated user can submit malicious XML via unspecified features, potentially leading to accessing the underlying server, remote code execution (RCE), or Server-Side Reques...
CVE-2024-22219
XML External Entity XXE vulnerability in Terminalfour 8.0.0001 through 8.3.18 and XML JDBC versions up to 1.0.4 allows authenticated users to submit malicious XML via unspecified features which could lead to various actions such as accessing the underlying server, remote code execution RCE, or...
WordPress Edubin Theme <= 9.2.0 is vulnerable to Server Side Request Forgery (SSRF)
Software Edubin Type Theme Vulnerable versions = 9.2.0 Fixed in N/A OWASP Top 10 A5: Security Misconfiguration Classification Server Side Request Forgery SSRF CVE CVE-2024-39637 Patch priority Low CVSS severity Low 5.4 Developer Claim ownership PSID 8bcffc66bb53 Credits Ananda Dhakal Patchstack...
CVE-2024-40642
The CVE-2024-40642 issue affects the Netty incubator codec.bhttp BinaryHttpParser in affected releases, where readRequestHead mis-validates input values. This grants attackers significant control over HTTP requests constructed from parsed output, enabling injection attacks such as HTTP request sm...
CVE-2024-40543
PublicCMS v4.0.202302.e was discovered to contain a Server-Side Request Forgery SSRF via the component /admin/ueditor?action=catchimage...
WordPress JSON Content Importer Plugin <= 1.5.6 is vulnerable to Server Side Request Forgery (SSRF)
Software JSON Content Importer Type Plugin Vulnerable versions = 1.5.6 Fixed in 1.6.0 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-38723 Patch priority Low CVSS severity Low 6.4 Developer Claim ownership PSID f916d2cf2c68 Credits...
XML External Entity (XXE)
org.cyclonedx:cyclonedx-core-java is vulnerable to XML External Entity XXE.The vulnerability is caused due to improper configuration of the DocumentBuilderFactory used to evaluate XPath expressions to determine the schema version of the BOM before deserializing CycloneDX Bill of Materials in XML...
WordPress WP Scraper Plugin <= 5.7 is vulnerable to Server Side Request Forgery (SSRF)
Software WP Scraper Type Plugin Vulnerable versions = 5.7 Fixed in 5.8 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-37208 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID f83430a2f6b5 Credits Majed Refaea...
WordPress Memberpress Plugin <= 1.11.29 is vulnerable to Server Side Request Forgery (SSRF)
Software Memberpress Type Plugin Vulnerable versions = 1.11.29 Fixed in 1.11.30 OWASP Top 10 A1: Injection Classification Server Side Request Forgery SSRF CVE CVE-2024-5031 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID fdb3181ef572 Credits stealthcopter Required privileg...
Security Bulletin: Due to the use of IBM Websphere Application Server Liberty, IBM TXSeries for Multiplatforms is vulnerable to Denial of Service, Weaker than exected security, Cross-site scripting and Server-side request forgery (SSRF).
Summary There are vulnerabilities in IBM WebSphere Application Server Liberty related packages that are shipped with IBM TXSeries for Multiplatforms. The version of IBM WebSphere Application Server Liberty shipped with IBM TXSeries for Multiplatforms has been updated to address the applicable...
CVE-2024-32718 WordPress The Pack Elementor addons plugin <= 2.0.8.2 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery SSRF vulnerability in Webangon The Pack Elementor.This issue affects The Pack Elementor addons: from n/a through 2.0.8.2...
WordPress Appointment Bookings for Zoom GoogleMeet and more – Wappointment Plugin <= 2.6.0 is vulnerable to Server Side Request Forgery (SSRF)
Software Appointment Bookings for Zoom GoogleMeet and more – Wappointment Type Plugin Vulnerable versions = 2.6.0 Fixed in 2.6.1 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-32454 Patch priority Low CVSS severity Low 4.4 Developer...
WordPress ActiveCampaign Plugin <= 8.1.14 is vulnerable to Server Side Request Forgery (SSRF)
Software ActiveCampaign Type Plugin Vulnerable versions = 8.1.14 Fixed in 8.1.15 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-32430 Patch priority Low CVSS severity Low 4.4 Developer Claim ownership PSID 8ad18b5a9350 Credits Yuche...
WordPress Gutenberg Blocks by Kadence Blocks Plugin <= 3.2.25 is vulnerable to Server Side Request Forgery (SSRF)
Software Gutenberg Blocks by Kadence Blocks Type Plugin Vulnerable versions = 3.2.25 Fixed in 3.2.26 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-24888 Patch priority Low CVSS severity Low 6.4 Developer KadenceWP PSID ca4cec35c250...
WordPress Sirv Plugin <= 7.2.0 is vulnerable to Server Side Request Forgery (SSRF)
Software Sirv Type Plugin Vulnerable versions = 7.2.0 Fixed in 7.2.1 OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-27949 Patch priority Low CVSS severity Low 5.4 Developer Sirv PSID 2040cb82998c Credits CatFather Required privilege...
WordPress Contact Form 7 Extension For Mailchimp Plugin <= 0.5.70 is vulnerable to Server Side Request Forgery (SSRF)
Software Contact Form 7 Extension For Mailchimp Type Plugin Vulnerable versions = 0.5.70 Fixed in N/A OWASP Top 10 A10: Server-Side Request Forgery SSRF Classification Server Side Request Forgery SSRF CVE CVE-2024-22134 Patch priority Low CVSS severity Low 4.9 Developer Claim ownership PSID...
Attacks, Vulnerabilities and Actors 25 December to 31 December 2023
For a detailed threat digest, download the pdf file here Summary HiveForce Labs has recently made several significant discoveries related to cybersecurity threats. Over the past week, we identified a total of eight executed attacks, four instances of adversary activity, and five exploited...