Mastodon is a free, open-source social network server based on ActivityPub. Mastodon allows new identities from configured authentication providers (CAS, SAML, OIDC) to attach to existing local users with the same e-mail address. This results in a possible account takeover if the authentication...
6.8AI Score
0.0004EPSS
If an attacker comes into the possession of a victim's OctoPrint session cookie through whatever means, the attacker can use this cookie to authenticate as long as the victim's account...
4.6AI Score
0.0004EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. A user with write access to another user can make requests to change the latter's password and then take...
7.4AI Score
0.001EPSS
Atlassian Confluence Server - Local File Inclusion
Atlassian Confluence Server allows remote attackers to view restricted resources via local file inclusion in the /s/...
5AI Score
0.959EPSS
Exploit for Path Traversal in Wso2 Identity Server Analytics
CVE-2022-29464 WSO2 RCE (CVE-2022-29464) exploit and writeup....
10AI Score
0.973EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: fix program check interrupt emergency stack path Emergency stack path was jumping into a 3: label inside the __GEN_COMMON_BODY macro for the normal path after it had finished, rather than jumping over it. By a small...
6.9AI Score
0.0004EPSS
Postal is an open source SMTP server. Postal versions less than 3.0.0 are vulnerable to SMTP Smuggling attacks which may allow incoming e-mails to be spoofed. This, in conjunction with a cooperative outgoing SMTP service, would allow for an incoming e-mail to be received by Postal addressed from a....
7AI Score
0.0004EPSS
8AI Score
0.001EPSS
Non-transparent sharing of branch predictor selectors between contexts in some Intel(R) Processors may allow an authorized user to potentially enable information disclosure via local...
6.5CVSS
6.8AI Score
0.0005EPSS
e-mince.cz Cross Site Scripting vulnerability OBB-3846051
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
8.8AI Score
0.001EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Affected versions have been found to be vulnerable to a SQL injection attack which an attacker could...
7.8AI Score
0.002EPSS
la-melodia-de-linaewenn.es Cross Site Scripting vulnerability OBB-3903068
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. It was found that in affected versions there is an exposure of private information defined in setup of.....
6.5AI Score
0.001EPSS
Prestashop AttributeWizardPro Module - Arbitrary File Upload
In the Attribute Wizard addon 1.6.9 for PrestaShop allows remote attackers to execute arbitrary code by uploading a php...
9.8AI Score
0.201EPSS
[2.28-251.0.2.2] - Forward port of Oracle patches over 2.28-251.2 Reviewed-by: Jose E. Marchesi Oracle history: May-23-2024 Cupertino Miranda - 2.28-251.0.2.1 - Forward port of Oracle patches over 2.28-251.1 Reviewed-by: Jose E....
6.7AI Score
0.0004EPSS
bikersfashion24.de Cross Site Scripting vulnerability OBB-3915445
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: fix program check interrupt emergency stack path Emergency stack path was jumping into a 3: label inside the __GEN_COMMON_BODY macro for the normal path after it had finished, rather than jumping over it. By a small...
7.2AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/vmwgfx: Fix possible null pointer derefence with invalid contexts vmw_context_cotable can return either an error or a null pointer and its usage sometimes went unchecked. Subsequent code would then try to access either a null.....
5.5CVSS
7AI Score
0.0004EPSS
sources-de-confiance.fr Cross Site Scripting vulnerability OBB-3909148
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Exploit for Command Injection in Paloaltonetworks Pan-Os
CVE-2024-3400 ``` import os,base64,time systempth =...
9.8AI Score
0.957EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/64s: fix program check interrupt emergency stack path Emergency stack path was jumping into a 3: label inside the __GEN_COMMON_BODY macro for the normal path after it had finished, rather than jumping over it. By a small...
6.4AI Score
0.0004EPSS
chains24.de Cross Site Scripting vulnerability OBB-3917217
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
de-haardt.com Cross Site Scripting vulnerability OBB-3915788
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Heap-use-after-free in .tmpgt0oOx
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49167 Crash type: Heap-use-after-free READ 8 Crash state: .tmpgt0oOx .tmpgt0oOx...
-0.3AI Score
In the Linux kernel, the following vulnerability has been resolved: s390/qeth: Fix kernel panic after setting hsuid Symptom: When the hsuid attribute is set for the first time on an IQD Layer3 device while the corresponding network interface is already UP, the kernel will try to execute a napi...
7.3AI Score
In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix OOB in nilfs_set_de_type The size of the nilfs_type_by_mode array in the fs/nilfs2/dir.c file is defined as "S_IFMT >> S_SHIFT", but the nilfs_set_de_type() function, which uses this array, specifies the index to ...
6.6AI Score
0.0004EPSS
izodom2000.de Cross Site Scripting vulnerability OBB-3915546
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Travelpayouts <= 1.1.16 - Open Redirect
The plugin is vulnerable to Open Redirect due to insufficient validation on the travelpayouts_redirect variable. This makes it possible for unauthenticated attackers to redirect users to potentially malicious sites if they can successfully trick them into performing an...
6.4AI Score
0.001EPSS
jahrestreffen21.de Cross Site Scripting vulnerability OBB-3915887
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
A vulnerability, which was classified as problematic, was found in Opencaching Deutschland oc-server3. Affected is an unknown function of the file htdocs/lang/de/ocstyle/varset.inc.php. The manipulation of the argument varvalue leads to cross site scripting. It is possible to launch the attack...
6.2AI Score
0.001EPSS
me-studio.it Improper Access Control vulnerability OBB-3841572
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
Active Directory Certificate Services (ADCS) privilege escalation (Certifried)
This module exploits a privilege escalation vulnerability in Active Directory Certificate Services (ADCS) to generate a valid certificate impersonating the Domain Controller (DC) computer account. This certificate is then used to authenticate to the target as the DC account using PKINIT...
9.3AI Score
0.071EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique. GLPI is a Free Asset and IT Management Software package that provides ITIL Service Desk features, licenses tracking and software auditing. Usage of RSS feeds or an external calendar in planning is subject to SSRF exploit. In case a remote...
6.9AI Score
0.001EPSS
Exploit for Vulnerability in Microsoft
CVE-2023-36427 This repo contains the report and exploit of...
7.5AI Score
0.002EPSS
GLPI stands for Gestionnaire Libre de Parc Informatique and is a Free Asset and IT Management Software package, that provides ITIL Service Desk features, licenses tracking and software auditing. Information associated to registration key are not properly escaped in registration key configuration...
6.7AI Score
0.001EPSS
libexpat through 2.6.1 allows an XML Entity Expansion attack when there is isolated use of external parsers (created via XML_ExternalEntityParserCreate). Bugs https://github.com/libexpat/libexpat/issues/839 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1065868...
7.3AI Score
0.0004EPSS
e-business.ne.jp Improper Access Control vulnerability OBB-3845265
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
9.8AI Score
0.004EPSS
8.4AI Score
0.0005EPSS
Argo CD's API server does not enforce project sourceNamespaces
Impact I can convince the UI to let me do things with an invalid Application. 1. Admin gives me p, michael, applications, , demo/ , allow, where demo can just deploy to the demo namespace 2. Admin gives me AppProject dev which reconciles from ns dev-apps 3. Admin gives me p, michael,...
6.9AI Score
0.0004EPSS
8AI Score
Web Directory Free < 1.7.0 - Unauthenticated SQL Injection
Description The plugin does not sanitise and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection with different techniques like UNION, Time-Based and...
7.5AI Score
OctoPrint is a web interface for 3D printers. OctoPrint versions up until and including 1.9.2 contain a vulnerability that allows malicious admins to configure a specially crafted GCODE script that will allow code execution during rendering of that script. An attacker might use this to extract...
8.3AI Score
0.0004EPSS
OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up until and including 1.10.0 contain a vulnerability that allows an unauthenticated attacker to completely bypass the authentication if the autologinLocal option is enabled within config.yaml, even if they....
6.8AI Score
0.0004EPSS
e-heiniger.ch Cross Site Scripting vulnerability OBB-3914241
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
e-temps.ch Cross Site Scripting vulnerability OBB-3914551
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Wordpress Hash Form – Drag & Drop Form Builder <= 1.1.0 -...
8.5AI Score
0.001EPSS
The Tabellen von faustball.com plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
4.4CVSS
6.1AI Score
0.0004EPSS
e-ppe.com Cross Site Scripting vulnerability OBB-3844854
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score