Lucene search

K

'MyPallete' And Some Of The Android Banking Applications That Use 'MyPallete' Security Vulnerabilities

openbugbounty
openbugbounty

wintercup2022.japanbasketball.jp Cross Site Scripting vulnerability OBB-3935031

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:25 AM
4
openbugbounty
openbugbounty

vintageguy.ultimatecardstore.com Cross Site Scripting vulnerability OBB-3935030

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:25 AM
4
openbugbounty
openbugbounty

takasaki.mypl.net Cross Site Scripting vulnerability OBB-3935026

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:23 AM
3
openbugbounty
openbugbounty

shimonoseki.mypl.net Cross Site Scripting vulnerability OBB-3935025

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:23 AM
4
openbugbounty
openbugbounty

kfo.pik-potsdam.de Cross Site Scripting vulnerability OBB-3935020

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:21 AM
1
openbugbounty
openbugbounty

m.baystatebanner.com Cross Site Scripting vulnerability OBB-3935021

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:21 AM
3
openbugbounty
openbugbounty

japan.unifrance.org Cross Site Scripting vulnerability OBB-3935019

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:20 AM
3
openbugbounty
openbugbounty

edicionesdeldomo.altervista.org Cross Site Scripting vulnerability OBB-3935014

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:18 AM
3
openbugbounty
openbugbounty

esrp.rcast.u-tokyo.ac.jp Cross Site Scripting vulnerability OBB-3935016

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:18 AM
3
openbugbounty
openbugbounty

diagnostics.medgenome.com Cross Site Scripting vulnerability OBB-3935012

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:17 AM
2
openbugbounty
openbugbounty

dr.golfdigest.co.jp Cross Site Scripting vulnerability OBB-3935013

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:17 AM
4
cve
cve

CVE-2024-3912

Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the...

9.8CVSS

10AI Score

0.001EPSS

2024-06-14 10:15 AM
16
osv
osv

CVE-2024-5685

Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through...

6.9AI Score

0.0004EPSS

2024-06-14 10:15 AM
1
nvd
nvd

CVE-2024-34012

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build...

4.4CVSS

0.0004EPSS

2024-06-14 10:15 AM
2
nvd
nvd

CVE-2024-5685

Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through...

0.0004EPSS

2024-06-14 10:15 AM
2
nvd
nvd

CVE-2024-3912

Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the...

9.8CVSS

0.001EPSS

2024-06-14 10:15 AM
2
cve
cve

CVE-2024-34012

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build...

4.4CVSS

7.3AI Score

0.0004EPSS

2024-06-14 10:15 AM
8
cve
cve

CVE-2024-5685

Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through...

6.7AI Score

0.0004EPSS

2024-06-14 10:15 AM
19
nvd
nvd

CVE-2024-2472

The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to...

9.1CVSS

0.001EPSS

2024-06-14 10:15 AM
2
cve
cve

CVE-2024-2472

The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to...

9.1CVSS

9AI Score

0.001EPSS

2024-06-14 10:15 AM
9
cvelist
cvelist

CVE-2024-5685 Broken Function Level Authorization (BFLA) in snipe/snipe-it

Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through...

0.0004EPSS

2024-06-14 09:54 AM
3
vulnrichment
vulnrichment

CVE-2024-34012

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build...

4.4CVSS

7.5AI Score

0.0004EPSS

2024-06-14 09:43 AM
cvelist
cvelist

CVE-2024-34012

Local privilege escalation due to insecure folder permissions. The following products are affected: Acronis Cloud Manager (Windows) before build...

4.4CVSS

0.0004EPSS

2024-06-14 09:43 AM
2
cvelist
cvelist

CVE-2024-2472 LatePoint Plugin <= 4.9.9 - Missing Authorization and Sensitive Information Exposure via IDOR

The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to...

9.1CVSS

0.001EPSS

2024-06-14 09:36 AM
5
vulnrichment
vulnrichment

CVE-2024-2472 LatePoint Plugin <= 4.9.9 - Missing Authorization and Sensitive Information Exposure via IDOR

The LatePoint Plugin plugin for WordPress is vulnerable to unauthorized access of data and modification of data due to a missing capability check on the 'start_or_use_session_for_customer' function in all versions up to and including 4.9.9. This makes it possible for unauthenticated attackers to...

9.1CVSS

6.7AI Score

0.001EPSS

2024-06-14 09:36 AM
vulnrichment
vulnrichment

CVE-2024-3912 ASUS Router - Upload arbitrary firmware

Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the...

9.8CVSS

8.1AI Score

0.001EPSS

2024-06-14 09:29 AM
5
cvelist
cvelist

CVE-2024-3912 ASUS Router - Upload arbitrary firmware

Certain models of ASUS routers have an arbitrary firmware upload vulnerability. An unauthenticated remote attacker can exploit this vulnerability to execute arbitrary system commands on the...

9.8CVSS

0.001EPSS

2024-06-14 09:29 AM
4
cve
cve

CVE-2024-5996

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the...

8.8CVSS

8.6AI Score

0.001EPSS

2024-06-14 09:15 AM
7
nvd
nvd

CVE-2024-5996

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the...

8.8CVSS

0.001EPSS

2024-06-14 09:15 AM
2
nvd
nvd

CVE-2024-4863

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

0.0004EPSS

2024-06-14 09:15 AM
5
nvd
nvd

CVE-2024-37182

Mattermost Desktop App versions &lt;=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI...

4.7CVSS

0.0004EPSS

2024-06-14 09:15 AM
2
cve
cve

CVE-2024-37182

Mattermost Desktop App versions &lt;=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI...

4.7CVSS

4.9AI Score

0.0004EPSS

2024-06-14 09:15 AM
9
cve
cve

CVE-2024-4863

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-14 09:15 AM
8
osv
osv

CVE-2024-25142

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache...

6.6AI Score

0.0004EPSS

2024-06-14 09:15 AM
nvd
nvd

CVE-2024-25142

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache...

0.0004EPSS

2024-06-14 09:15 AM
1
cve
cve

CVE-2024-25142

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache...

6.3AI Score

0.0004EPSS

2024-06-14 09:15 AM
7
veracode
veracode

Deserialization Of Untrusted Data

MLflow is vulnerable to Deserialization Of Untrusted Data. The vulnerability is due to unsafe handling user-supplied data in the sklearn/init.py within the loadmodelfromlocalfile function, which allows an attacker to inject a malicious pickle object into a model file on upload which will then be...

8.8CVSS

7.5AI Score

0.0004EPSS

2024-06-14 09:11 AM
cve
cve

CVE-2024-5730

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

7AI Score

2024-06-14 09:09 AM
3
veracode
veracode

Denial Of Service (DoS)

github.com/klauspost/compress/zstd is vulnerable to a Denial of service (DoS). The vulnerability is due to its zstd decompression implementation not respecting the limits imposed by gRPC, which allows attacker to trigger rapid and uncontrolled increases in memory usage on the server or...

7AI Score

2024-06-14 08:49 AM
1
cvelist
cvelist

CVE-2024-37182 Lack of permissions prompting when opening external URLs

Mattermost Desktop App versions &lt;=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI...

4.7CVSS

0.0004EPSS

2024-06-14 08:39 AM
1
vulnrichment
vulnrichment

CVE-2024-37182 Lack of permissions prompting when opening external URLs

Mattermost Desktop App versions &lt;=5.7.0 fail to correctly prompt for permission when opening external URLs which allows a remote attacker to force a victim over the Internet to run arbitrary programs on the victim's system via custom URI...

4.7CVSS

7.1AI Score

0.0004EPSS

2024-06-14 08:39 AM
vulnrichment
vulnrichment

CVE-2024-36287 Bypass of TCC restrictions on macOS

Mattermost Desktop App versions &lt;=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on...

3.8CVSS

6.9AI Score

0.0004EPSS

2024-06-14 08:39 AM
cvelist
cvelist

CVE-2024-36287 Bypass of TCC restrictions on macOS

Mattermost Desktop App versions &lt;=5.7.0 fail to disable certain Electron debug flags which allows for bypassing TCC restrictions on...

3.8CVSS

0.0004EPSS

2024-06-14 08:39 AM
2
cvelist
cvelist

CVE-2024-4863 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

0.0004EPSS

2024-06-14 08:35 AM
2
vulnrichment
vulnrichment

CVE-2024-4863 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-06-14 08:35 AM
vulnrichment
vulnrichment

CVE-2024-25142 Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache...

6.3AI Score

0.0004EPSS

2024-06-14 08:25 AM
cvelist
cvelist

CVE-2024-25142 Apache Airflow: Cache Control - Storage of Sensitive Data in Browser Cache

Use of Web Browser Cache Containing Sensitive Information vulnerability in Apache Airflow. Airflow did not return "Cache-Control" header for dynamic content, which in case of some browsers could result in potentially storing sensitive data in local cache of the browser. This issue affects Apache...

0.0004EPSS

2024-06-14 08:25 AM
cvelist
cvelist

CVE-2024-5996 Soar Cloud HR Portal - Cleartext Transmission of Sensitive Information

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the...

8.8CVSS

0.001EPSS

2024-06-14 08:22 AM
1
veracode
veracode

Path Traversal

org.jenkins-ci.plugins:report-info is vulnerable to Path Traversal. The vulnerability is due to lack of path validation in the workspace directory, allowing attackers with Item/Configure permission to access restricted files on the controller file...

6.6AI Score

0.0004EPSS

2024-06-14 08:21 AM
cve
cve

CVE-2024-5995

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be...

8.8CVSS

8.8AI Score

0.001EPSS

2024-06-14 08:15 AM
10
Total number of security vulnerabilities3419572