anuarioseguros.lat Cross Site Scripting vulnerability OBB-3938257
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
anonymous-tunisia.org Cross Site Scripting vulnerability OBB-3938256
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
ajmrhs.com Cross Site Scripting vulnerability OBB-3938250
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
aaareplicawatch.com Cross Site Scripting vulnerability OBB-3938247
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
action.news Cross Site Scripting vulnerability OBB-3938248
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
villa.marcelline.qc.ca Cross Site Scripting vulnerability OBB-3938244
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
ttu.uloop.com Cross Site Scripting vulnerability OBB-3938243
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
sms.provisioncoalition.com Cross Site Scripting vulnerability OBB-3938240
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
shop.gekirock.com Cross Site Scripting vulnerability OBB-3938239
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
shop.davidbowie.com Cross Site Scripting vulnerability OBB-3938238
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
ressources.shna-ofab.fr Cross Site Scripting vulnerability OBB-3938235
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
news.kiit.ac.in Cross Site Scripting vulnerability OBB-3938233
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
kyosai-web.smrj.go.jp Cross Site Scripting vulnerability OBB-3938231
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
lollms is vulnerable to Path Traversal. The vulnerability is due to inadequate input sanitization of the data.category and data.folder parameters, allowing attackers to navigate beyond the intended directory structure. The attacker can create a config.yaml file in a controllable path, which can be....
9.8CVSS
7.4AI Score
0.0004EPSS
forex-money.ucoz.com Cross Site Scripting vulnerability OBB-3938225
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
encuentra.enfermeria21.com Cross Site Scripting vulnerability OBB-3938222
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
A denial of service (DoS) vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed (\n) characters in component names. When a low-privileged user adds a component through the API endpoint api/v1/workspaces/default/components with a name containing a \n character,....
4.3CVSS
0.0004EPSS
Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could determine cleartext passwords with brute-force attacks due to the inherent speed of SHA-1. In addition, the salt that is computed by Bludit is generated with a non-cryptographically secure...
0.0004EPSS
Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could determine cleartext passwords with brute-force attacks due to the inherent speed of SHA-1. In addition, the salt that is computed by Bludit is generated with a non-cryptographically secure...
6.7AI Score
0.0004EPSS
A denial of service (DoS) vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed (\n) characters in component names. When a low-privileged user adds a component through the API endpoint api/v1/workspaces/default/components with a name containing a \n character,....
4.3CVSS
4.5AI Score
0.0004EPSS
A session fixation vulnerability in Bludit allows an attacker to bypass the server's authentication if they can trick an administrator or any other user into authorizing a session ID of their...
6.8AI Score
0.0004EPSS
A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP...
0.0004EPSS
A session fixation vulnerability in Bludit allows an attacker to bypass the server's authentication if they can trick an administrator or any other user into authorizing a session ID of their...
0.0004EPSS
A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP...
7.6AI Score
0.0004EPSS
A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious...
0.0004EPSS
A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious...
7.7AI Score
0.0004EPSS
studiomitte/friendlycaptcha is vulnerable to Improper Access Control. The vulnerability is due to the extension failing to check the captcha field requirement in submitted form data, which lets an attacker bypass the captcha...
5.3CVSS
6.7AI Score
0.0004EPSS
CVE-2024-24554 Bludit - Insecure Token Generation
Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit...
6.7AI Score
0.0004EPSS
CVE-2024-24554 Bludit - Insecure Token Generation
Bludit uses predictable methods in combination with the MD5 hashing algorithm to generate sensitive tokens such as the API token and the user token. This allows attackers to authenticate against the Bludit...
0.0004EPSS
CVE-2024-24553 Bludit uses SHA1 as Password Hashing Algorithm
Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could determine cleartext passwords with brute-force attacks due to the inherent speed of SHA-1. In addition, the salt that is computed by Bludit is generated with a non-cryptographically secure...
0.0004EPSS
CVE-2024-24553 Bludit uses SHA1 as Password Hashing Algorithm
Bludit uses the SHA-1 hashing algorithm to compute password hashes. Thus, attackers could determine cleartext passwords with brute-force attacks due to the inherent speed of SHA-1. In addition, the salt that is computed by Bludit is generated with a non-cryptographically secure...
7AI Score
0.0004EPSS
CVE-2024-24552 Bludit is Vulnerable to Session Fixation
A session fixation vulnerability in Bludit allows an attacker to bypass the server's authentication if they can trick an administrator or any other user into authorizing a session ID of their...
0.0004EPSS
CVE-2024-24552 Bludit is Vulnerable to Session Fixation
A session fixation vulnerability in Bludit allows an attacker to bypass the server's authentication if they can trick an administrator or any other user into authorizing a session ID of their...
7.1AI Score
0.0004EPSS
CVE-2024-24551 Bludit - Remote Code Execution (RCE) through Image API
A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP...
7.9AI Score
0.0004EPSS
CVE-2024-24551 Bludit - Remote Code Execution (RCE) through Image API
A security vulnerability has been identified in Bludit, allowing authenticated attackers to execute arbitrary code through the Image API. This vulnerability arises from improper handling of file uploads, enabling malicious actors to upload and execute PHP...
0.0004EPSS
ezsystems/ezplatform-user is vulnerable to Brute Force Attack. The vulnerability is due to the password reset functionality not having sufficient protections against brute force attacks, allowing attackers to repeatedly attempt different passwords to gain unauthorized access to user...
7.5AI Score
A week in security (June 17 – June 23)
Last week on Malwarebytes Labs: Microsoft Recall delayed after privacy and security concerns (Almost) everything you always wanted to know about cybersecurity, but were too afraid to ask, with Tjitske de Vries: Lock and Code S05E13 43% of couples experience pressure to share logins and locations,.....
7.6AI Score
CVE-2024-24550 Bludit - Remote Code Execution (RCE) through File API
A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious...
0.0004EPSS
CVE-2024-24550 Bludit - Remote Code Execution (RCE) through File API
A security vulnerability has been identified in Bludit, allowing attackers with knowledge of the API token to upload arbitrary files through the File API which leads to arbitrary code execution on the server. This vulnerability arises from improper handling of file uploads, enabling malicious...
8AI Score
0.0004EPSS
azarinecosmetic.com Cross Site Scripting vulnerability OBB-3938215
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Insecure Direct Object Reference (IDOR)
jweiland/events2 is vulnerable to Insecure Direct Object Reference (IDOR). The vulnerability is due to missing access checks in the management plugin, which allows an attacker to activate or delete events without...
5.4CVSS
6.6AI Score
0.0004EPSS
CVE-2024-4460 DoS Vulnerability in zenml-io/zenml
A denial of service (DoS) vulnerability exists in zenml-io/zenml version 0.56.3 due to improper handling of line feed (\n) characters in component names. When a low-privileged user adds a component through the API endpoint api/v1/workspaces/default/components with a name containing a \n character,....
4.3CVSS
0.0004EPSS
web1.spartanien.de Cross Site Scripting vulnerability OBB-3938214
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
spartanien.de Cross Site Scripting vulnerability OBB-3938213
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
[SECURITY] Fedora 40 Update: python-PyMySQL-1.1.1-1.fc40
This package contains a pure-Python MySQL client library. The goal of PyMyS QL is to be a drop-in replacement for MySQLdb and work on CPython, PyPy, IronPyth on and...
7.2AI Score
0.0004EPSS
showcase.kumparan.com Cross Site Scripting vulnerability OBB-3938212
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
salleurl.edu Cross Site Scripting vulnerability OBB-3938211
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious...
0.0004EPSS
The SEOPress WordPress plugin before 7.8 does not sanitise and escape some of its Post settings, which could allow high privilege users such as contributor to perform Stored Cross-Site Scripting...
0.0004EPSS
The SEOPress WordPress plugin before 7.8 does not validate and escape one of its Post settings, which could allow contributor and above role to perform Open redirect attacks against any user viewing a malicious...
6.4AI Score
0.0004EPSS