This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
The Login with phone number plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.26. This is due to the 'activation_code' default value is empty, and the not empty check is missing in the 'lwp_ajax_register' function. This makes it possible for...
7.2AI Score
CVE-2024-5204 Swiss Toolkit For WP <= 1.0.7 - Authenticated (Contributor+) Authentication Bypass
The Swiss Toolkit For WP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.7. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for authenticated attackers with contributor-level and...
7.1AI Score
engelke-elektro.de Cross Site Scripting vulnerability OBB-3931425
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.2AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.2AI Score
dailylivenews.in Cross Site Scripting vulnerability OBB-3931420
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
parakme.de Cross Site Scripting vulnerability OBB-3931419
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
eirene.de Cross Site Scripting vulnerability OBB-3931416
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.2AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.2AI Score
dev.biozidauswaschung.de Cross Site Scripting vulnerability OBB-3931415
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Hackers Claim Ticketmaster Data Breach: 560M Users’ Info for Sale at $500K
By Waqas ShinyHunters hacking group has claimed to have breached Ticketmaster, stealing the personal data of 560 million users. The… This is a post from HackRead.com Read the original post: Hackers Claim Ticketmaster Data Breach: 560M Users' Info for Sale at...
7.3AI Score
silvesterreisen.de Cross Site Scripting vulnerability OBB-3931413
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (extras.view_dynamicgroup permission) can use the Dynamic Group detail UI view (/extras/dynamic-groups/<uuid>/) and/or the members REST API view...
7AI Score
webservices.mx Cross Site Scripting vulnerability OBB-3931410
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
dashboard.chamtest.tourone.de Cross Site Scripting vulnerability OBB-3931409
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Wiz launches new data center in UAE, supercharging global operations in the region
Organizations in the region can now benefit from Wiz's cloud security platform while maintaining their data sovereignty and privacy...
7.3AI Score
dasbrombeerhaus.de Cross Site Scripting vulnerability OBB-3931408
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
dartliga-as.de Cross Site Scripting vulnerability OBB-3931407
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
dalui.de Cross Site Scripting vulnerability OBB-3931406
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
SimpleSAMLphp Information Disclosure vulnerability
Background SimpleSAMLphp 1.17 includes a preview of the new user interface to be included in the future version 2.0. This new user interface can be enabled by setting the usenewui configuration option to true, and it includes a new admin interface in a module called admin, which can be disabled....
6.8AI Score
SimpleSAMLphp Information Disclosure vulnerability
Background SimpleSAMLphp 1.17 includes a preview of the new user interface to be included in the future version 2.0. This new user interface can be enabled by setting the usenewui configuration option to true, and it includes a new admin interface in a module called admin, which can be disabled....
6.8AI Score
HCL DRYiCE Optibot Reset Station is impacted by insecure encryption of security questions. This could allow an attacker with access to the database to recover some or all encrypted...
7.2AI Score
6.8AI Score
ansibleguy-webui Cross-site Scripting vulnerability
Impact Multiple forms in version <0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser. Patches We recommend to upgrade to version >= 0.0.21 References Report GitHub Issue...
6.6AI Score
ansibleguy-webui Cross-site Scripting vulnerability
Impact Multiple forms in version <0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser. Patches We recommend to upgrade to version >= 0.0.21 References Report GitHub Issue...
6.9AI Score
dbt allows Binding to an Unrestricted IP Address via socketsocket
Summary Binding to INADDR_ANY (0.0.0.0) or IN6ADDR_ANY (::) exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDR_ANY by passing "" as the address....
6.9AI Score
dbt allows Binding to an Unrestricted IP Address via socketsocket
Summary Binding to INADDR_ANY (0.0.0.0) or IN6ADDR_ANY (::) exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDR_ANY by passing "" as the address....
6.5AI Score
Umbraco Commerce vulnerable to Stored Cross-site Scripting on Print Functionality
Impact Stored Cross-site scripting (XSS) enable attackers to inject malicious code into Print Functionality Patches 12.1.4, 10.0.5 References...
6AI Score
Umbraco Commerce vulnerable to Stored Cross-site Scripting on Print Functionality
Impact Stored Cross-site scripting (XSS) enable attackers to inject malicious code into Print Functionality Patches 12.1.4, 10.0.5 References...
6.2AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.2AI Score
CVE-2023-29403 affecting package golang for versions less than 1.20.7-1
CVE-2023-29403 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...
7.3AI Score
0.001EPSS
CVE-2023-29402 affecting package golang for versions less than 1.20.7-1
CVE-2023-29402 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...
9.7AI Score
0.002EPSS
CVE-2023-0464 affecting package kata-containers-cc for versions less than 0.4.1-2
CVE-2023-0464 affecting package kata-containers-cc for versions less than 0.4.1-2. This CVE either no longer is or was never...
8AI Score
0.003EPSS
CVE-2020-19695 affecting package nginx for versions less than 1.22.1-5
CVE-2020-19695 affecting package nginx for versions less than 1.22.1-5. This CVE either no longer is or was never...
7.5AI Score
0.004EPSS
CVE-2023-24538 affecting package golang for versions less than 1.19.8-1
CVE-2023-24538 affecting package golang for versions less than 1.19.8-1. A patched version of the package is...
10AI Score
0.003EPSS
CVE-2022-41725 affecting package msft-golang for versions less than 1.19.6-1
CVE-2022-41725 affecting package msft-golang for versions less than 1.19.6-1. A patched version of the package is...
9.1AI Score
0.001EPSS
CVE-2023-24540 affecting package msft-golang for versions less than 1.20.11-1
CVE-2023-24540 affecting package msft-golang for versions less than 1.20.11-1. A patched version of the package is...
7.3AI Score
0.002EPSS
CVE-2023-24539 affecting package msft-golang for versions less than 1.20.11-1
CVE-2023-24539 affecting package msft-golang for versions less than 1.20.11-1. A patched version of the package is...
7.3AI Score
0.001EPSS
CVE-2023-29400 affecting package golang for versions less than 1.20.7-1
CVE-2023-29400 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...
7.3AI Score
0.001EPSS
CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5
CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5. No patch is available...
7.8AI Score
0.003EPSS
CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5
CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5. No patch is available...
7.8AI Score
0.003EPSS
CVE-2023-0465 affecting package kata-containers-cc for versions less than 0.4.1-2
CVE-2023-0465 affecting package kata-containers-cc for versions less than 0.4.1-2. This CVE either no longer is or was never...
6.9AI Score
0.001EPSS
CVE-2023-29403 affecting package msft-golang for versions less than 1.20.7-1
CVE-2023-29403 affecting package msft-golang for versions less than 1.20.7-1. A patched version of the package is...
7.3AI Score
0.001EPSS
CVE-2023-29400 affecting package msft-golang for versions less than 1.20.7-1
CVE-2023-29400 affecting package msft-golang for versions less than 1.20.7-1. A patched version of the package is...
7.3AI Score
0.001EPSS
CVE-2023-24539 affecting package golang for versions less than 1.20.7-1
CVE-2023-24539 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...
8.9AI Score
0.001EPSS
CVE-2023-24537 affecting package msft-golang for versions less than 1.20.11-1
CVE-2023-24537 affecting package msft-golang for versions less than 1.20.11-1. A patched version of the package is...
7.3AI Score
0.001EPSS
CVE-2023-24536 affecting package msft-golang for versions less than 1.20.7-1
CVE-2023-24536 affecting package msft-golang for versions less than 1.20.7-1. A patched version of the package is...
7.3AI Score
0.005EPSS
CVE-2022-41725 affecting package golang for versions less than 1.19.5-1
CVE-2022-41725 affecting package golang for versions less than 1.19.5-1. A patched version of the package is...
9.1AI Score
0.001EPSS