1756-EN2TXT Series A, B, C Security Vulnerabilities
asdcplib (aka AS-DCP Lib) 2.13.1 has a heap-based buffer over-read in ASDCP::TimedText::MXFReader::h__Reader::MD_to_TimedText_TDesc in AS_DCP_TimedText.cpp in...
7.4AI Score
zfin.org Cross Site Scripting vulnerability OBB-3931815
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
cleverdeal24.de Cross Site Scripting vulnerability OBB-3931814
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
goehring-online.de Cross Site Scripting vulnerability OBB-3931812
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
In the jungle of AWS S3 Enumeration
By Daily Contributors Amazon Web Services (AWS) Simple Storage Service (S3) is a foundational pillar of cloud storage, offering scalable object… This is a post from HackRead.com Read the original post: In the jungle of AWS S3...
7.3AI Score
asdcplib (aka AS-DCP Lib) 2.13.1 has a heap-based buffer over-read in ASDCP::TimedText::MXFReader::h__Reader::MD_to_TimedText_TDesc in AS_DCP_TimedText.cpp in...
7.3AI Score
experten-branchenbuch.de Cross Site Scripting vulnerability OBB-3931811
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
fo-leipzig.schul-webportal.de Cross Site Scripting vulnerability OBB-3931810
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7AI Score
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7AI Score
Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:...
7.9AI Score
Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.2AI Score
Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:...
7.7AI Score
Out of bounds memory access in Keyboard Inputs in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
6.6AI Score
Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.1AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.2AI Score
firephoenix.de Cross Site Scripting vulnerability OBB-3931809
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Use after free in Presentation API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.1AI Score
Out of bounds write in Streams API in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:...
7.5AI Score
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.1AI Score
Use after free in Media Session in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. (Chromium security severity:...
7.9AI Score
Use after free in Dawn in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.1AI Score
Out of bounds memory access in Keyboard Inputs in Google Chrome prior to 125.0.6422.141 allowed a remote attacker who convinced a user to engage in specific UI gestures to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
6.7AI Score
Heap buffer overflow in WebRTC in Google Chrome prior to 125.0.6422.141 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity:...
7.2AI Score
One Phish, Two Phish, Red Phish, Blue Phish
By Daily Contributors One of the interesting things about working for a cybersecurity company is that you get to talk to… This is a post from HackRead.com Read the original post: One Phish, Two Phish, Red Phish, Blue...
7.2AI Score
TYPO3 Frontend vulnerable to Unauthenticated Path Disclosure
It has been discovered, that calling a PHP script which is delivered with TYPO3 for testing purposes, discloses the absolute server path to the TYPO3...
7.1AI Score
Statamic is a, Laravel + Git powered CMS designed for building websites. In affected versions users registering via the user:register_form tag will have their password confirmation stored in plain text in their user file. This only affects sites matching all of the following conditions: 1. Running....
1.8CVSS
6.8AI Score
EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of...
6CVSS
7.2AI Score
TYPO3 Brute Force Protection Bypass in backend login
The backend login has a basic brute force protection implementation which pauses for 5 seconds if wrong credentials are given. This pause however could be bypassed by forging a special request, making brute force attacks on backend editor credentials more...
7.1AI Score
TYPO3 Information Disclosure Vulnerability Exploitable by Editors
It has been discovered, that editors with access to the file list module could list all files names and folder names in the root directory of a TYPO3 installation. Modification of files, listing further nested directories or retrieving file contents was not possible. A valid backend user account...
7AI Score
CVE-2023-24538 affecting package golang for versions less than 1.19.8-1
CVE-2023-24538 affecting package golang for versions less than 1.19.8-1. A patched version of the package is...
10AI Score
0.003EPSS
CVE-2022-41725 affecting package msft-golang for versions less than 1.19.6-1
CVE-2022-41725 affecting package msft-golang for versions less than 1.19.6-1. A patched version of the package is...
9.1AI Score
0.001EPSS
CVE-2023-24540 affecting package msft-golang for versions less than 1.20.11-1
CVE-2023-24540 affecting package msft-golang for versions less than 1.20.11-1. A patched version of the package is...
7.3AI Score
0.002EPSS
CVE-2023-24539 affecting package msft-golang for versions less than 1.20.11-1
CVE-2023-24539 affecting package msft-golang for versions less than 1.20.11-1. A patched version of the package is...
7.3AI Score
0.001EPSS
CVE-2023-29400 affecting package golang for versions less than 1.20.7-1
CVE-2023-29400 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...
7.3AI Score
0.001EPSS
CVE-2023-24537 affecting package msft-golang for versions less than 1.20.11-1
CVE-2023-24537 affecting package msft-golang for versions less than 1.20.11-1. A patched version of the package is...
7.3AI Score
0.001EPSS
CVE-2022-41725 affecting package golang for versions less than 1.19.5-1
CVE-2022-41725 affecting package golang for versions less than 1.19.5-1. A patched version of the package is...
9.1AI Score
0.001EPSS
CVE-2022-41724 affecting package golang for versions less than 1.19.6-1
CVE-2022-41724 affecting package golang for versions less than 1.19.6-1. A patched version of the package is...
9.1AI Score
0.001EPSS
CVE-2018-14040 affecting package reaper for versions less than 3.1.1-1
CVE-2018-14040 affecting package reaper for versions less than 3.1.1-1. A patched version of the package is...
6.7AI Score
0.008EPSS
CVE-2023-29400 affecting package msft-golang for versions less than 1.20.7-1
CVE-2023-29400 affecting package msft-golang for versions less than 1.20.7-1. A patched version of the package is...
7.3AI Score
0.001EPSS
CVE-2023-24539 affecting package golang for versions less than 1.20.7-1
CVE-2023-24539 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...
8.9AI Score
0.001EPSS
CVE-2023-24536 affecting package msft-golang for versions less than 1.20.7-1
CVE-2023-24536 affecting package msft-golang for versions less than 1.20.7-1. A patched version of the package is...
7.3AI Score
0.005EPSS
CVE-2023-24537 affecting package golang for versions less than 1.20.7-1
CVE-2023-24537 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...
9AI Score
0.001EPSS
CVE-2023-24534 affecting package msft-golang for versions less than 1.20.7-1
CVE-2023-24534 affecting package msft-golang for versions less than 1.20.7-1. A patched version of the package is...
7.3AI Score
0.002EPSS
CVE-2023-24538 affecting package msft-golang for versions less than 1.20.11-1
CVE-2023-24538 affecting package msft-golang for versions less than 1.20.11-1. A patched version of the package is...
7.3AI Score
0.003EPSS
CVE-2023-24534 affecting package golang for versions less than 1.20.7-1
CVE-2023-24534 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...
9.1AI Score
0.002EPSS
CVE-2022-41724 affecting package msft-golang for versions less than 1.19.6-1
CVE-2022-41724 affecting package msft-golang for versions less than 1.19.6-1. A patched version of the package is...
9.1AI Score
0.001EPSS
CVE-2020-1472 affecting package samba for versions less than 4.12.5-4
CVE-2020-1472 affecting package samba for versions less than 4.12.5-4. A patched version of the package is...
7.2AI Score
0.511EPSS
CVE-2023-0215 affecting package hvloader for versions less than 1.0.1-2
CVE-2023-0215 affecting package hvloader for versions less than 1.0.1-2. A patched version of the package is...
7AI Score
0.004EPSS
CVE-2023-0286 affecting package hvloader for versions less than 1.0.1-2
CVE-2023-0286 affecting package hvloader for versions less than 1.0.1-2. A patched version of the package is...
7AI Score
0.003EPSS