TYPO3 Security Misconfiguration for Backend User Accounts
When using the TYPO3 backend in order to create new backend user accounts, database records containing insecure or empty credentials might be persisted. When the type of user account is changed - which might be entity type or the admin flag for backend users - the backend form is reloaded in order....
SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user's temporary credentials and data. This affects version...
6.4CVSS
An issue was discovered in Samsung Mobile Processor EExynos 2200, Exynos 1480, Exynos 2400. It lacks a check for the validation of native handles, which can result in an Out-of-Bounds...
6.8CVSS
An issue was discovered in Samsung Mobile Processor Exynos 2200, Exynos 1480, Exynos 2400. It lacks a check for the validation of native handles, which can result in code...
8.4CVSS
TYPO3 CMS Possible Insecure Deserialization in Extbase Request Handling
It has been discovered that request handling in Extbase can be vulnerable to insecure deserialization. User submitted payload has to be signed with a corresponding HMAC-SHA1 using the sensitive TYPO3 encryptionKey as secret - invalid or unsigned payload is not deserialized. However, since...
muslimscholars.info Cross Site Scripting vulnerability OBB-3933756
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
Google will start deleting location history
Google announced that it will reduce the amount of personal data it is storing by automatically deleting old data from "Timeline"—the feature that, previously named "Location History," tracks user routes and trips based on a phone’s location, allowing people to revisit all the places they've been.....
cjstudios.info Cross Site Scripting vulnerability OBB-3933754
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
Microsoft Will Switch Off Recall by Default After Security Backlash
After weeks of withering criticism and exposed security flaws, Microsoft has vastly scaled back its ambitions for Recall, its AI-enabled silent recording feature, and added new privacy...
SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user's temporary credentials and data. This affects version...
6.4CVSS
CVE-2024-37163 SkyScrape Secure API Requests
SkyScrape is a GUI Dashboard for AWS Infrastructure and Managing Resources and Usage Costs. SkyScrape's API requests are currently unsecured HTTP requests, leading to potential vulnerabilities for the user's temporary credentials and data. This affects version...
6.4CVSS
custonline.com Improper Access Control vulnerability OBB-3933751
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
dam.portal.gov.bd Improper Access Control vulnerability OBB-3933752
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
cubes-asia.com Improper Access Control vulnerability OBB-3933749
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
cryptoweekly.co Improper Access Control vulnerability OBB-3933748
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
CVE-2020-19695 affecting package nginx for versions less than 1.22.1-5
CVE-2020-19695 affecting package nginx for versions less than 1.22.1-5. This CVE either no longer is or was never...
9.8CVSS
7.5AI Score
CVE-2023-24538 affecting package golang for versions less than 1.19.8-1
CVE-2023-24538 affecting package golang for versions less than 1.19.8-1. A patched version of the package is...
9.8CVSS
10AI Score
CVE-2022-41725 affecting package msft-golang for versions less than 1.19.6-1
CVE-2022-41725 affecting package msft-golang for versions less than 1.19.6-1. A patched version of the package is...
7.5CVSS
9.1AI Score
CVE-2022-38096 affecting package kernel for versions less than 5.15.159.1-1
CVE-2022-38096 affecting package kernel for versions less than 5.15.159.1-1. No patch is available...
6.3CVSS
5.4AI Score
CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5
CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5. No patch is available...
7.5CVSS
7.8AI Score
CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5
CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5. No patch is available...
7.5CVSS
7.8AI Score
CVE-2023-24536 affecting package msft-golang for versions less than 1.20.7-1
CVE-2023-24536 affecting package msft-golang for versions less than 1.20.7-1. A patched version of the package is...
7.5CVSS
7.3AI Score
CVE-2023-24537 affecting package msft-golang for versions less than 1.20.11-1
CVE-2023-24537 affecting package msft-golang for versions less than 1.20.11-1. A patched version of the package is...
7.5CVSS
7.3AI Score
CVE-2022-41725 affecting package golang for versions less than 1.19.5-1
CVE-2022-41725 affecting package golang for versions less than 1.19.5-1. A patched version of the package is...
7.5CVSS
9.1AI Score
CVE-2022-41724 affecting package golang for versions less than 1.19.6-1
CVE-2022-41724 affecting package golang for versions less than 1.19.6-1. A patched version of the package is...
7.5CVSS
9.1AI Score
CVE-2018-14040 affecting package reaper for versions less than 3.1.1-1
CVE-2018-14040 affecting package reaper for versions less than 3.1.1-1. A patched version of the package is...
6.1CVSS
6.7AI Score
CVE-2023-24537 affecting package golang for versions less than 1.20.7-1
CVE-2023-24537 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...
7.5CVSS
9AI Score
CVE-2023-25153 affecting package k3s for versions less than 1.25.5-7
CVE-2023-25153 affecting package k3s for versions less than 1.25.5-7. This CVE either no longer is or was never...
6.2CVSS
6.9AI Score
CVE-2022-3638 affecting package nginx for versions less than 1.23.2-1
CVE-2022-3638 affecting package nginx for versions less than 1.23.2-1. This CVE either no longer is or was never...
6.6AI Score
CVE-2023-24534 affecting package msft-golang for versions less than 1.20.7-1
CVE-2023-24534 affecting package msft-golang for versions less than 1.20.7-1. A patched version of the package is...
7.5CVSS
7.3AI Score
CVE-2023-24538 affecting package msft-golang for versions less than 1.20.11-1
CVE-2023-24538 affecting package msft-golang for versions less than 1.20.11-1. A patched version of the package is...
9.8CVSS
7.3AI Score
CVE-2023-24534 affecting package golang for versions less than 1.20.7-1
CVE-2023-24534 affecting package golang for versions less than 1.20.7-1. A patched version of the package is...
7.5CVSS
9.1AI Score
CVE-2022-41724 affecting package msft-golang for versions less than 1.19.6-1
CVE-2022-41724 affecting package msft-golang for versions less than 1.19.6-1. A patched version of the package is...
7.5CVSS
9.1AI Score
CVE-2022-46456 affecting package nasm for versions less than 2.16-1
CVE-2022-46456 affecting package nasm for versions less than 2.16-1. No patch is available...
6.1CVSS
6.4AI Score
CVE-2020-1472 affecting package samba for versions less than 4.12.5-4
CVE-2020-1472 affecting package samba for versions less than 4.12.5-4. A patched version of the package is...
5.5CVSS
7.2AI Score
CVE-2023-0215 affecting package hvloader for versions less than 1.0.1-2
CVE-2023-0215 affecting package hvloader for versions less than 1.0.1-2. This CVE either no longer is or was never...
7.5CVSS
8.2AI Score
CVE-2023-0286 affecting package hvloader for versions less than 1.0.1-2
CVE-2023-0286 affecting package hvloader for versions less than 1.0.1-2. This CVE either no longer is or was never...
7.4CVSS
8.2AI Score
CVE-2023-39326 affecting package golang for versions less than 1.21.6-1
CVE-2023-39326 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...
5.3CVSS
7.3AI Score
CVE-2023-24536 affecting package golang for versions less than 1.21.6-1
CVE-2023-24536 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...
7.5CVSS
7.3AI Score
CVE-2023-45284 affecting package golang for versions less than 1.21.6-1
CVE-2023-45284 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...
5.3CVSS
7.3AI Score
CVE-2023-44487 affecting package golang for versions less than 1.21.6-1
CVE-2023-44487 affecting package golang for versions less than 1.21.6-1. A patched version of the package is...
7.5CVSS
7.3AI Score
CVE-2016-8681 affecting package libdwarf for versions less than 0.9.0
CVE-2016-8681 affecting package libdwarf for versions less than 0.9.0. A patched version of the package is...
5.5CVSS
6AI Score
CVE-2020-8277 affecting package python-gevent for versions less than 21.1.2-3
CVE-2020-8277 affecting package python-gevent for versions less than 21.1.2-3. A patched version of the package is...
7.5CVSS
7.3AI Score
CVE-2023-48795 affecting package moby-engine for versions less than 20.10.27-1
CVE-2023-48795 affecting package moby-engine for versions less than 20.10.27-1. A patched version of the package is...
5.9CVSS
6.8AI Score
CVE-2023-7008 affecting package systemd for versions less than 123
CVE-2023-7008 affecting package systemd for versions less than 123. A patched version of the package is...
5.9CVSS
5.8AI Score
CVE-2023-48795 affecting package jsch for versions less than 0.1.55-2
CVE-2023-48795 affecting package jsch for versions less than 0.1.55-2. A patched version of the package is...
5.9CVSS
6.8AI Score
CVE-2023-5678 affecting package edk2 for versions less than 20230301gitf80f052277c8-38
CVE-2023-5678 affecting package edk2 for versions less than 20230301gitf80f052277c8-38. A patched version of the package is...
5.3CVSS
5.8AI Score
CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10
CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10. A patched version of the package is...
7.5CVSS
7.8AI Score
CVE-2023-44487 affecting package moby-engine for versions less than 20.10.25-2
CVE-2023-44487 affecting package moby-engine for versions less than 20.10.25-2. A patched version of the package is...
7.5CVSS
7.8AI Score
CVE-2023-44487 affecting package moby-cli for versions less than 20.10.25-2
CVE-2023-44487 affecting package moby-cli for versions less than 20.10.25-2. A patched version of the package is...
7.5CVSS
7.8AI Score