1756-EN2FK Series A, B Security Vulnerabilities
ena.ipps.org Cross Site Scripting vulnerability OBB-3937072
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
droits.nvo.fr Cross Site Scripting vulnerability OBB-3937069
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
elenavorobiova.ucoz.ru Cross Site Scripting vulnerability OBB-3937071
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
ancien.cgteduc.fr Cross Site Scripting vulnerability OBB-3937058
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
anapa-kraeved.ucoz.ru Cross Site Scripting vulnerability OBB-3937057
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
14-shtrafbat.ucoz.ru Cross Site Scripting vulnerability OBB-3937054
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CVE-2024-5859 Appointment Booking and Online Scheduling <= 4.4.2 - Reflected Cross-Site Scripting
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘d’ parameter in all versions up to, and including, 4.4.2 due to insufficient input sanitization and output escaping. This makes it possible for...
6.1CVSS
EPSS
saokhueconsult.com.vn Cross Site Scripting vulnerability OBB-3937052
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
US bans Kaspersky, warns: “Immediately stop using that software”
The US government will ban the sale of Kaspersky antivirus products to new customers in the United States starting July 20, with a follow-on deadline to prohibit the cybersecurity company from providing users with software updates after September 29. The move follows years of allegations that the.....
7.1AI Score
elibrary.asabe.org Cross Site Scripting vulnerability OBB-3937050
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.5 (and 7.5.1 for the Pro version) due to insufficient input sanitization and output escaping. This makes it...
4.4CVSS
4.3AI Score
0.0004EPSS
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.5 (and 7.5.1 for the Pro version) due to insufficient input sanitization and output escaping. This makes it...
4.4CVSS
0.0004EPSS
Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from...
7.3CVSS
0.0004EPSS
The WP SVG Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in all versions up to, and including, 4.2 due to insufficient input sanitization. This makes it possible for authenticated attackers, with Author-level access and above, who have...
6.4CVSS
0.0004EPSS
The WP SVG Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in all versions up to, and including, 4.2 due to insufficient input sanitization. This makes it possible for authenticated attackers, with Author-level access and above, who have...
6.4CVSS
5.8AI Score
0.0004EPSS
Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from...
7.3CVSS
7.4AI Score
0.0004EPSS
CVE-2024-5945 WP SVG Images <= 4.2 - Authenticated (Author+) Stored Cross-Site Scripting via SVG
The WP SVG Images plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘type’ parameter in all versions up to, and including, 4.2 due to insufficient input sanitization. This makes it possible for authenticated attackers, with Author-level access and above, who have...
6.4CVSS
0.0004EPSS
The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.1.5 (and 7.5.1 for the Pro version) due to insufficient input sanitization and output escaping. This makes it...
4.4CVSS
0.0004EPSS
Was T-Mobile compromised by a zero-day in Jira?
A moderator of the notorious data breach trading platform BreachForums is offering data for sale they claim comes from a data breach at T-Mobile. The moderator, going by the name of IntelBroker, describes the data as containing source code, SQL files, images, Terraform data, t-mobile.com...
10CVSS
8.2AI Score
0.001EPSS
Summary IBM Storage Protect for Space Management can be affected by security flaws in IBM Java. The flaws can lead to denial of service, confidentiality impact, integrity impact, availability impact, and sensitive information disclosure, as described in the "Vulnerability Details" section....
7.5CVSS
7.7AI Score
0.001EPSS
A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...
4.9CVSS
5.1AI Score
0.0004EPSS
CVE-2024-2003 Local Privilege Escalation in Quarantine of ESET products for Windows
Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from...
7.3CVSS
7.1AI Score
0.0004EPSS
CVE-2024-2003 Local Privilege Escalation in Quarantine of ESET products for Windows
Local privilege escalation vulnerability allowed an attacker to misuse ESET's file operations during a restore operation from...
7.3CVSS
0.0004EPSS
A high-privileged user, allowed to create custom osquery packs 17 could affect the availability of Kibana by uploading a maliciously crafted osquery...
4.9CVSS
5.1AI Score
0.0004EPSS
The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'rest_api_change_profile_image' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with.....
4.3CVSS
0.001EPSS
The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mime_types’ parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
5.8AI Score
0.001EPSS
The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'rest_api_change_profile_image' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with.....
4.3CVSS
4.4AI Score
0.001EPSS
The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mime_types’ parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
0.001EPSS
An issue was discovered in the friendlycaptcha_official (aka Integration of Friendly Captcha) extension before 0.1.4 for TYPO3. The extension fails to check the requirement of the captcha field in submitted form data, allowing a remote user to bypass the captcha check. This only affects the...
5.3CVSS
7.2AI Score
0.0004EPSS
An issue was discovered in the friendlycaptcha_official (aka Integration of Friendly Captcha) extension before 0.1.4 for TYPO3. The extension fails to check the requirement of the captcha field in submitted form data, allowing a remote user to bypass the captcha check. This only affects the...
5.3CVSS
0.0004EPSS
The Branda – White Label WordPress, Custom Login Page Customizer plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mime_types’ parameter in all versions up to, and including, 3.4.17 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
0.001EPSS
The User Profile Picture plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.6.1 via the 'rest_api_change_profile_image' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with.....
4.3CVSS
0.001EPSS
One day, I saw this Repositories about CVE-2024-29973 .But...
9.8CVSS
9.8AI Score
0.937EPSS
The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF...
0.0004EPSS
The Widget Bundle WordPress plugin through 2.0.0 does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF...
6.4AI Score
0.0004EPSS
The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF...
6.4AI Score
0.0004EPSS
The Widget Bundle WordPress plugin through 2.0.0 does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF...
0.0004EPSS
The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to...
0.0004EPSS
The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated...
6AI Score
0.0004EPSS
The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to...
5.6AI Score
0.0004EPSS
The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF...
0.0004EPSS
The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF...
6.4AI Score
0.0004EPSS
The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated...
0.0004EPSS
The DOP Shortcodes WordPress plugin through 1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
0.0004EPSS
The DOP Shortcodes WordPress plugin through 1.2 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.6AI Score
0.0004EPSS
The PayPal Pay Now, Buy Now, Donation and Cart Buttons Shortcode WordPress plugin through 1.7 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to...
0.0004EPSS
CVE-2024-4969 Widget Bundle <= 2.0.0 - Widget Disable/Enable via CSRF
The Widget Bundle WordPress plugin through 2.0.0 does not have CSRF checks when logging Widgets, which could allow attackers to make logged in admin enable/disable widgets via a CSRF...
0.0004EPSS
CVE-2024-4616 Widget Bundle <= 2.0.0 - Unauthencated Reflected XSS
The Widget Bundle WordPress plugin through 2.0.0 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against only unauthenticated...
0.0004EPSS
CVE-2024-4474 WP Logs Book <= 1.0.1 - Disable Logging via CSRF
The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF...
0.0004EPSS
CVE-2024-4475 WP Logs Book <= 1.0.1 - Log Clearing via CSRF
The WP Logs Book WordPress plugin through 1.0.1 does not have CSRF check when clearing logs, which could allow attackers to make a logged in admin clear the logs them via a CSRF...
0.0004EPSS