MAL-2025-159551 Malicious code in manaf-yuki-majadidad (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f4232cb6b828ae10178ac7692a7f817767c3d81c2e203a391fae7b4c17ea7f8c This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2024-17664

Malicious code in bioql PyPI...

CVE-2024-1388

The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to res...

CVE-2024-1943

The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the resetcustomizeroptions function. This makes it possible for unauthenticated attackers to reset the themes settings via ...

LDAPNightmare PoC Exploit Crashes LSASS and Reboots Windows Domain Controllers

A proof-of-concept PoC exploit has been released for a now-patched security flaw impacting Windows Lightweight Directory Access Protocol LDAP that could trigger a denial-of-service DoS condition. The out-of-bounds reads vulnerability is tracked as CVE-2024-49113 CVSS score: 7.5. It was addressed ...

USN-7133-1: HAProxy vulnerability

Yuki Mogi discovered that HAProxy incorrectly handled the interpretation of certain HTTP requests. A remote attacker could possibly use this issue to perform a request smuggling attack and obtain sensitive information...

Congratulations to the Top MSRC 2024 Q2 Security Researchers!

Congratulations to all the researchers recognized in this quarter’s Microsoft Researcher Recognition Program leaderboard! Thank you to everyone for your hard work and continued partnership to secure customers. The top three researchers of the 2024 Q2 Security Researcher Leaderboard are Yuki Chen,...

CVE-2024-1943

The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the resetcustomizeroptions function. This makes it possible for unauthenticated attackers to reset the themes settings via ...

CVE-2024-1943

The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the resetcustomizeroptions function. This makes it possible for unauthenticated attackers to reset the themes settings via ...

CVE-2024-1388

The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to res...

CVE-2024-1388

The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to res...

Design/Logic Flaw

The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to res...

Cross site request forgery (csrf)

The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the resetcustomizeroptions function. This makes it possible for unauthenticated attackers to reset the themes settings via ...

CVE-2024-1943 Yuki <= 1.3.14 - Cross-Site Request Forgery to Theme Setting Reset

The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the resetcustomizeroptions function. This makes it possible for unauthenticated attackers to reset the themes settings via ...

CVE-2024-1943 Yuki <= 1.3.14 - Cross-Site Request Forgery to Theme Setting Reset

The Yuki theme for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including 1.3.14. This is due to missing or incorrect nonce validation on the resetcustomizeroptions function. This makes it possible for unauthenticated attackers to reset the themes settings via ...

CVE-2024-1943

CVE-2024-1943 affects the Yuki WordPress theme (up to version 1.3.14). The vulnerability is a Cross-Site Request Forgery due to missing/incorrect nonce validation in reset_customizer_options, allowing unauthenticated attackers to reset theme settings if they can lure an admin to click a forged li...

CVE-2024-1388 Yuki <= 1.3.13 - Missing Authorization to Authenticated (Subscriber+) Theme Setting Reset

The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to res...

CVE-2024-1388

CVE-2024-1388 affects the Yuki WordPress theme. Root cause: missing capability check in reset_customizer_options(), affecting all versions up to and including 1.3.13. Impact: authenticated users with subscriber+ can reset the theme settings, enabling unauthorized modification of data. Remediation...

CVE-2024-1388 Yuki <= 1.3.13 - Missing Authorization to Authenticated (Subscriber+) Theme Setting Reset

The Yuki theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the resetcustomizeroptions function in all versions up to, and including, 1.3.13. This makes it possible for authenticated attackers, with subscriber-level access and above, to res...

WordPress Yuki Theme <= 1.3.13 is vulnerable to Broken Access Control

Software Yuki Type Theme Vulnerable versions = 1.3.13 Fixed in 1.3.14 OWASP Top 10 A5: Broken Access Control Classification Broken Access Control CVE CVE-2024-1388 Patch priority Low CVSS severity Low 4.3 Developer Claim ownership PSID bc04919f893e Credits Lucio Sá Required privilege Subscriber...