sprachlehre.de Cross Site Scripting vulnerability OBB-3927570
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
verben.de Cross Site Scripting vulnerability OBB-3927569
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
verbformen.de Cross Site Scripting vulnerability OBB-3927568
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Summary IBM WebSphere Application Server Liberty could provide weaker than expected security for outbound TLS connections. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this risk, it has been addressed in this bulletin: Jazz Foundation, Global Configuration Management....
6.5AI Score
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability. Following IBM® Engineering Lifecycle Engineering products, exposed to this vulnerability, are been addressed in this bulletin: Jazz...
6.7AI Score
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. The following IBM®...
6.3AI Score
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to server-side request forgery. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering...
6.4AI Score
Summary There is a vulnerability in the jose4j library used by IBM WebSphere Application Server traditional and used by the IBM WebSphere Application Server Liberty. The following IBM® Engineering Lifecycle Engineering products are exposed to this attack and are been addressed in this bulletin:...
6.4AI Score
A week in security (May 6 – May 12)
Last week on Malwarebytes Labs: Dell notifies customers about data breach DocGo patient health data stolen in cyberattack Desperate Taylor Swift fans defrauded by ticket scams Tracing what went wrong in 2012 for today’s teens, with Dr. Jean Twenge: Lock and Code S04E10 Last week on ThreatDown: ...
7.4AI Score
rallies.info Cross Site Scripting vulnerability OBB-3927566
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
clocks.rallies.info Cross Site Scripting vulnerability OBB-3927565
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
froxlor/froxlor is vulnerable to Cross-Site Scripting. The vulnerability is due to inadequate sanitization of user input in the loginname parameter during failed login attempts, which allows attackers to inject and store malicious scripts that are executed when an administrator views the System...
6.7AI Score
metec-tradefair.com Cross Site Scripting vulnerability OBB-3927564
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
noxx.to Cross Site Scripting vulnerability OBB-3927563
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager is vulnerable to a denial of service. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to...
6AI Score
zeinchildcare.nl Cross Site Scripting vulnerability OBB-3927562
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
POS Codekop v2.0 - Broken Authentication
A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling...
7.5CVSS
7.1AI Score
0.001EPSS
golftrolleyspecialist.nl Cross Site Scripting vulnerability OBB-3927559
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
golf-jobs.com Cross Site Scripting vulnerability OBB-3927557
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Exploit for Vulnerability in Reportlab
CODE INJECTION VULNERABILITY IN REPORTLAB PYTHON LIBRARY...
7.8CVSS
7.7AI Score
0.001EPSS
Malicious code in by-dynamic-domain (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (4c793f13f0128e865eaa4b39e8ccadf06126154f88e34537d0b31845a5b5f638) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in by-logger (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (aee582797b8e77f812713bd6e5ef7f9d3f69f9b2b3dc46f1a078c970264de320) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
(RHSA-2024:2822) Important: squid:4 security update
Squid is a high-performance proxy caching server for web clients, supporting FTP, and HTTP data objects. Security Fix(es): Denial of Service in HTTP Chunked Decoding (CVE-2024-25111) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other...
8.6CVSS
6.9AI Score
0.0004EPSS
(RHSA-2024:2821) Important: bind and dhcp security update
The Berkeley Internet Name Domain (BIND) is an implementation of the Domain Name System (DNS) protocols. BIND includes a DNS server (named); a resolver library (routines for applications to use when interfacing with DNS); and tools for verifying that the DNS server is operating correctly. The...
7.5CVSS
8.1AI Score
0.037EPSS
(RHSA-2024:2820) Important: varnish security update
Varnish Cache is a high-performance HTTP accelerator. It stores web pages in memory so web servers don't have to create the same web page over and over again, giving the website a significant speed up. Security Fix(es): varnish: HTTP/2 Broken Window Attack may result in denial of service...
6.8AI Score
0.0004EPSS
Malicious code in qaqazzaaa (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (a988c24a93f210f746c8d5bb91cc35523ab4d02529f4e25e1a2dfd7714ab03c1) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in @asdfvr/qaqazzaaa (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (00ddae9d7021daf95bf5000e1b7f278bcf84e7b46ceba0a5ed05943b9d7ebf57) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in discord-datas (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (cdc0b10c3c3f41706cb302d6e6b02afb133f5baa93c16a2b34c6f32a6a242c22) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in input-fns (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (d97cebe2b3c5f99612c7086d455844599d1f9afef3e76c1c74b54de73ad1ad9b) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Malicious code in encodelen (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (16f1c093c0c4c15a7c9e7438a370a2a3d42de41f0f6cc7a21695023e73647884) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
petitfute.es Cross Site Scripting vulnerability OBB-3927554
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
"HTTP protocol is not supported, please use HTTPS." Error When Adding Object Storage
Veeam Backup & Replication does not support connection to S3 compatible object storage over HTTP. Make sure that your S3 compatible object storage supports HTTPS protocol and has the necessary certificate...
7AI Score
7.4AI Score
7.4AI Score
About the security content of macOS Ventura 13.6.7
About the security content of macOS Ventura 13.6.7 This document describes the security content of macOS Ventura 13.6.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
7.8CVSS
8AI Score
0.001EPSS
7.4AI Score
7.4AI Score
7.4AI Score
About the security content of macOS Monterey 12.7.5
About the security content of macOS Monterey 12.7.5 This document describes the security content of macOS Monterey 12.7.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
7.4AI Score
7.4AI Score
7.4AI Score
About the security content of tvOS 17.5
About the security content of tvOS 17.5 This document describes the security content of tvOS 17.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available....
6.3AI Score
About the security content of macOS Sonoma 14.5
About the security content of macOS Sonoma 14.5 This document describes the security content of macOS Sonoma 14.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are....
5.5CVSS
8AI Score
0.001EPSS
About the security content of watchOS 10.5
About the security content of watchOS 10.5 This document describes the security content of watchOS 10.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
6.3AI Score
Security Advisory Description CVE-2024-20994 Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Information Schema). Supported versions that are affected are 8.0.36 and prior and 8.3.0 and prior. Difficult to exploit vulnerability allows low privileged attacker with...
5.5CVSS
6.5AI Score
0.0004EPSS
7.4AI Score
About the security content of iOS 16.7.8 and iPadOS 16.7.8
About the security content of iOS 16.7.8 and iPadOS 16.7.8 This document describes the security content of iOS 16.7.8 and iPadOS 16.7.8. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and...
7.8CVSS
7.8AI Score
0.001EPSS
About the security content of Safari 17.5
About the security content of Safari 17.5 This document describes the security content of Safari 17.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available......
5.6AI Score
Stable Channel Update for Desktop
The Stable channel has been updated to 124.0.6367.207/.208 for Mac and Windows and 124.0.6367.207 for Linux which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log. The Extended Stable channel has been updated to 124.0.6367.207 for Mac and...
7AI Score
JVN#28869536: Multiple vulnerabilities in Cybozu Garoon
Cybozu Garoon provided by Cybozu, Inc. contains multiple vulnerabilities listed below. Improper handling of data in Mail (CWE-231) CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H Base Score 4.9 CVE-2024-31397 CyVDB-3167 Improper restriction on the output of some API (CWE-201)...
7AI Score