Security
Headlines
HeadlinesLatestCVEs

Tag

#auth

CVE-2023-6341: Courts & Land Records Solutions for Government from Catalis

Catalis (previously Icon Software) CMS360 allows a remote, unauthenticated attacker to view sensitive court documents by modifying document and other identifiers in URLs. The impact varies based on the intention and configuration of a specific CMS360 installation.

CVE
#auth
CVE-2023-6376: Henschen & Associates, Inc

Henschen & Associates court document management software does not sufficiently randomize file names of cached documents, allowing a remote, unauthenticated attacker to access restricted documents.

Feds Seize 'Sinbad' Crypto Mixer Used by North Korea's Lazarus

The prolific threat actor has laundered hundreds of millions of dollars in stolen virtual currency through the service.

CVE-2023-47875: WordPress Perfmatters plugin <= 2.1.6 - Multiple Cross Site Request Forgery (CSRF) vulnerabilities - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Perfmatters allows Cross Site Request Forgery.This issue affects Perfmatters: from n/a through 2.1.6.

CVE-2023-25057: WordPress Libsyn Publisher Hub plugin 1.3.2 - Sensitive Data Exposure vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Libsyn Libsyn Publisher Hub.This issue affects Libsyn Publisher Hub: from n/a through 1.3.2.

CVE-2023-26533: WordPress Zippy plugin <= 1.6.1 - Sensitive Data Exposure vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Gesundheit Bewegt GmbH Zippy.This issue affects Zippy: from n/a through 1.6.1.

CVE-2023-36507: WordPress BookingPress plugin <= 1.0.64 - Unauth. Server Information Disclosure vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Repute Infosystems BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin.This issue affects BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin: from n/a through 1.0.64.

CVE-2023-48754: WordPress Delete Post Revisions In WordPress plugin <= 4.6 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Wap Nepal Delete Post Revisions In WordPress allows Cross Site Request Forgery.This issue affects Delete Post Revisions In WordPress: from n/a through 4.6.

CVE-2023-48328: WordPress WordPress Gallery Plugin – NextGEN Gallery plugin <= 3.37 - Cross Site Request Forgery (CSRF) vulnerability - Patchstack

Cross-Site Request Forgery (CSRF) vulnerability in Imagely WordPress Gallery Plugin – NextGEN Gallery allows Cross Site Request Forgery.This issue affects WordPress Gallery Plugin – NextGEN Gallery: from n/a through 3.37.

CVE-2023-37868: WordPress Premium Addons PRO plugin <= 2.9.0 - Sensitive Data Exposure vulnerability - Patchstack

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Leap13 Premium Addons PRO.This issue affects Premium Addons PRO: from n/a through 2.9.0.