Lucene search

K

'MyPallete' And Some Of The Android Banking Applications That Use 'MyPallete' Security Vulnerabilities

openbugbounty
openbugbounty

jethro-tull.at.ua Cross Site Scripting vulnerability OBB-3937573

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-22 09:37 AM
3
openbugbounty
openbugbounty

msh.councilforeconed.org Cross Site Scripting vulnerability OBB-3937574

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-22 09:37 AM
4
openbugbounty
openbugbounty

gloss-e.irht.cnrs.fr Cross Site Scripting vulnerability OBB-3937570

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-22 09:35 AM
3
openbugbounty
openbugbounty

dety.ucoz.com Cross Site Scripting vulnerability OBB-3937564

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-22 09:32 AM
3
openbugbounty
openbugbounty

chscb.ucoz.ru Cross Site Scripting vulnerability OBB-3937563

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-22 09:31 AM
3
openbugbounty
openbugbounty

beatlelogy-inst.ucoz.ru Cross Site Scripting vulnerability OBB-3937560

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-22 09:30 AM
2
openbugbounty
openbugbounty

bibolekma.ucoz.ru Cross Site Scripting vulnerability OBB-3937561

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-22 09:30 AM
2
openbugbounty
openbugbounty

articles.recorder.com Cross Site Scripting vulnerability OBB-3937559

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-22 09:30 AM
3
nvd
nvd

CVE-2024-38379

Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. This issue affects Apache Allura: from 1.4.0 through 1.17.0. Users...

0.0004EPSS

2024-06-22 09:15 AM
2
cve
cve

CVE-2024-38379

Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. This issue affects Apache Allura: from 1.4.0 through 1.17.0. Users...

5.7AI Score

0.0004EPSS

2024-06-22 09:15 AM
11
cvelist
cvelist

CVE-2024-38379 Apache Allura: Stored authenticated XSS

Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. This issue affects Apache Allura: from 1.4.0 through 1.17.0. Users...

0.0004EPSS

2024-06-22 09:09 AM
1
vulnrichment
vulnrichment

CVE-2024-38379 Apache Allura: Stored authenticated XSS

Apache Allura's neighborhood settings are vulnerable to a stored XSS attack. Only neighborhood admins can access these settings, so the scope of risk is limited to configurations where neighborhood admins are not fully trusted. This issue affects Apache Allura: from 1.4.0 through 1.17.0. Users...

5.9AI Score

0.0004EPSS

2024-06-22 09:09 AM
2
openbugbounty
openbugbounty

restaurantkampo.nl Cross Site Scripting vulnerability OBB-3937553

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-22 06:34 AM
6
github
github

Zip slip in opencart

This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An...

7.2CVSS

6.9AI Score

0.0004EPSS

2024-06-22 06:30 AM
github
github

Arbitrary File Creation in opencart

This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including....

7.2CVSS

7.2AI Score

0.0004EPSS

2024-06-22 06:30 AM
github
github

Open redirect in gradio

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others....

5.4CVSS

6.5AI Score

0.001EPSS

2024-06-22 06:30 AM
github
github

Cross site scripting in opencart

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login...

4.7CVSS

6.3AI Score

0.0004EPSS

2024-06-22 06:30 AM
github
github

SQL injection in opencart

This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed (it does not have.....

8.1CVSS

8.8AI Score

0.0004EPSS

2024-06-22 06:30 AM
github
github

Cross site scripting in opencart

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted....

4.7CVSS

6.3AI Score

0.0004EPSS

2024-06-22 06:30 AM
github
github

Cross site scripting in opencart

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account...

6.1CVSS

6AI Score

0.0004EPSS

2024-06-22 06:30 AM
openbugbounty
openbugbounty

ipnp.cz Cross Site Scripting vulnerability OBB-3937552

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-22 06:27 AM
7
openbugbounty
openbugbounty

dwe-oss.eu Cross Site Scripting vulnerability OBB-3937551

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-22 06:25 AM
4
cve
cve

CVE-2024-4940

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others....

5.4CVSS

5.4AI Score

0.001EPSS

2024-06-22 06:15 AM
17
cve
cve

CVE-2024-5596

The ARMember Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.7. This is due to incorrectly implemented nonce validation function on multiple functions. This makes it possible for unauthenticated attackers to modify, or delete user meta...

6.3CVSS

6.3AI Score

0.0005EPSS

2024-06-22 06:15 AM
12
nvd
nvd

CVE-2024-5596

The ARMember Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.7. This is due to incorrectly implemented nonce validation function on multiple functions. This makes it possible for unauthenticated attackers to modify, or delete user meta...

6.3CVSS

0.0005EPSS

2024-06-22 06:15 AM
4
nvd
nvd

CVE-2024-3593

The UberMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the ubermenu_delete_all_item_settings and ubermenu_reset_settings functions. This makes it possible for unauthenticated....

7.2CVSS

0.0005EPSS

2024-06-22 06:15 AM
5
cve
cve

CVE-2024-3593

The UberMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the ubermenu_delete_all_item_settings and ubermenu_reset_settings functions. This makes it possible for unauthenticated....

7.2CVSS

6.7AI Score

0.0005EPSS

2024-06-22 06:15 AM
13
thn
thn

U.S. Treasury Sanctions 12 Kaspersky Executives Amid Software Ban

The U.S. Department of the Treasury's Office of Foreign Assets Control (OFAC) imposed sanctions against a dozen individuals serving executive and senior leadership roles at Kaspersky Lab, a day after the Russian company was banned by the Commerce Department. The move "underscores our commitment to....

7.2AI Score

2024-06-22 06:00 AM
16
cvelist
cvelist

CVE-2024-3593 UberMenu <= 3.8.3 - Cross-Site Request Forgery to Settings Reset

The UberMenu plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.8.3. This is due to missing or incorrect nonce validation on the ubermenu_delete_all_item_settings and ubermenu_reset_settings functions. This makes it possible for unauthenticated....

7.2CVSS

0.0005EPSS

2024-06-22 05:47 AM
6
cvelist
cvelist

CVE-2024-5596 ARMember Premium <= 6.7 - Cross-Site Request Forgery via multiple functions

The ARMember Premium plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 6.7. This is due to incorrectly implemented nonce validation function on multiple functions. This makes it possible for unauthenticated attackers to modify, or delete user meta...

6.3CVSS

0.0005EPSS

2024-06-22 05:47 AM
4
cvelist
cvelist

CVE-2024-4940 Open Redirect in gradio-app/gradio

An open redirect vulnerability exists in the gradio-app/gradio, affecting the latest version. The vulnerability allows an attacker to redirect users to arbitrary websites, which can be exploited for phishing attacks, Cross-site Scripting (XSS), Server-Side Request Forgery (SSRF), amongst others....

5.4CVSS

0.001EPSS

2024-06-22 05:23 AM
4
nvd
nvd

CVE-2024-21519

This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including....

7.2CVSS

0.0004EPSS

2024-06-22 05:15 AM
3
cve
cve

CVE-2024-21518

This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An...

7.2CVSS

7AI Score

0.0004EPSS

2024-06-22 05:15 AM
12
nvd
nvd

CVE-2024-4874

The Bricks Builder plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.9.8 via the postId parameter due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Contributor-level access and...

4.3CVSS

0.0004EPSS

2024-06-22 05:15 AM
3
cve
cve

CVE-2024-21519

This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including....

7.2CVSS

6.7AI Score

0.0004EPSS

2024-06-22 05:15 AM
12
osv
osv

CVE-2024-21517

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account...

6.1CVSS

6AI Score

0.0004EPSS

2024-06-22 05:15 AM
nvd
nvd

CVE-2024-21517

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account...

6.1CVSS

0.0004EPSS

2024-06-22 05:15 AM
4
osv
osv

CVE-2024-21516

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted....

4.7CVSS

6.3AI Score

0.0004EPSS

2024-06-22 05:15 AM
nvd
nvd

CVE-2024-21515

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login...

4.7CVSS

0.0004EPSS

2024-06-22 05:15 AM
4
osv
osv

CVE-2024-21515

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login...

4.7CVSS

6.3AI Score

0.0004EPSS

2024-06-22 05:15 AM
cve
cve

CVE-2024-21516

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted....

4.7CVSS

4.7AI Score

0.0004EPSS

2024-06-22 05:15 AM
11
cve
cve

CVE-2024-21515

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login...

4.7CVSS

4.7AI Score

0.0004EPSS

2024-06-22 05:15 AM
10
osv
osv

CVE-2024-21514

This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed (it does not have.....

8.1CVSS

8.5AI Score

0.0004EPSS

2024-06-22 05:15 AM
nvd
nvd

CVE-2024-21514

This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed (it does not have.....

8.1CVSS

0.0004EPSS

2024-06-22 05:15 AM
4
cvelist
cvelist

CVE-2024-21516

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted....

4.2CVSS

0.0004EPSS

2024-06-22 05:00 AM
2
vulnrichment
vulnrichment

CVE-2024-21519

This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including....

6.6CVSS

7.3AI Score

0.0004EPSS

2024-06-22 05:00 AM
cvelist
cvelist

CVE-2024-21519

This affects versions of the package opencart/opencart from 4.0.0.0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including....

6.6CVSS

0.0004EPSS

2024-06-22 05:00 AM
4
cvelist
cvelist

CVE-2024-21514

This affects versions of the package opencart/opencart from 0.0.0. An SQL Injection issue was identified in the Divido payment extension for OpenCart, which is included by default in version 3.0.3.9. As an anonymous unauthenticated user, if the Divido payment module is installed (it does not have.....

7.4CVSS

0.0004EPSS

2024-06-22 05:00 AM
2
cvelist
cvelist

CVE-2024-21518

This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An...

7.2CVSS

0.0004EPSS

2024-06-22 05:00 AM
4
cvelist
cvelist

CVE-2024-21517

This affects versions of the package opencart/opencart from 4.0.0.0. A reflected XSS issue was identified in the redirect parameter of customer account/login route. An attacker can inject arbitrary HTML and Javascript into the page response. As this vulnerability is present in the account...

4.2CVSS

0.0004EPSS

2024-06-22 05:00 AM
3
Total number of security vulnerabilities3385146