SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response...
7.5CVSS
7.5AI Score
EPSS
SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response...
7.5CVSS
EPSS
7cups.com Cross Site Scripting vulnerability OBB-3939147
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CVE-2024-38520 SoftEther VPN with L2TP - 2.75x Amplification
SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response...
7.5CVSS
EPSS
brightbluewater.co.th Cross Site Scripting vulnerability OBB-3939145
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
boathouseh2o.com Cross Site Scripting vulnerability OBB-3939144
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
yorkcarerscentre.co.uk Cross Site Scripting vulnerability OBB-3939143
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
ps4portal.de Open Redirect vulnerability OBB-3939142
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
War Crime Prosecutions Enter a New Digital Age
A custom platform developed by SITU Research aided the International Criminal Court’s prosecution in a war crimes trial for the first time. It could change how justice is enacted on an international...
7.3AI Score
In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with...
6.8AI Score
EPSS
In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with...
EPSS
roskilde.dk Open Redirect vulnerability OBB-3939140
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with...
EPSS
In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with...
6.8AI Score
EPSS
Episode 2: Behind the Scenes of a Tailor-Made Massive Phishing Campaign Part 2
Executive Summary Last summer, we investigated a massive, global phishing campaign impersonating almost 350 legitimate companies. Our continued investigation into this expansive phishing campaign revealed leaked backend source code, shedding light on the infrastructure behind the operation. This...
7AI Score
go.squidapp.co Open Redirect vulnerability OBB-3939138
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
Summary IBM Storage Protect for Virtual Environments: Data Protection for Hyper-V can be affected by a security flaw in IBM WebSphere Application Server Liberty. The flaw can lead to weaker than expected security for outbound TLS connections, as described in the "Vulnerability Details" section....
5.3CVSS
5.8AI Score
0.0004EPSS
Summary IBM Storage Protect for Virtual Environments: Data Protection for VMware can be affected by a security flaw in IBM WebSphere Application Server Liberty. The flaw can lead to weaker than expected security for outbound TLS connections, as described in the "Vulnerability Details" section....
5.3CVSS
5.8AI Score
0.0004EPSS
Summary IBM Storage Protect Backup-Archive Client can be affected by security flaws in IBM WebSphere Application Server Liberty and libcurl. The flaws can lead to weaker than expected security for outbound TLS connections and bypass of security restrictions, as described in the "Vulnerability...
6.5CVSS
7AI Score
0.001EPSS
Summary IBM Operator for Apache Flink is vulnerable to a denial of service attack due to the Apache Commons Compress component. Apache Flink uses Commons Compress for handling compressed files and formats, enabling efficient data processing and storage. Vulnerability Details ** CVEID:...
8.1CVSS
6.9AI Score
0.001EPSS
fondazionetorinomusei.it Cross Site Scripting vulnerability OBB-3939133
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
thekrazycouponlady.digidip.net Open Redirect vulnerability OBB-3939132
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
redirect.jotform.io Open Redirect vulnerability OBB-3939131
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
ftj.agh.edu.pl Cross Site Scripting vulnerability OBB-3939130
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps
Summary Multiple vulnerabilities were addressed in IBM Cloud Pak for AIOps version 4.6.0 Vulnerability Details ** CVEID: CVE-2022-25857 DESCRIPTION: **Java package org.yaml:snakeyam is vulnerable to a denial of service, caused by missing to nested depth limitation for collections. By sending a...
9.8CVSS
10AI Score
EPSS
Multiple vulnerabilities in TP-Link Omada system could lead to root access
The TP-Link Omada system is a software-defined networking solution for small to medium-sized businesses. It touts cloud-managed devices and local management for all Omada devices. The supported devices in this ecosystem vary greatly but include wireless access points, routers, switches, VPN...
8.1CVSS
9.4AI Score
0.001EPSS
kcroos.com Open Redirect vulnerability OBB-3939127
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
statistics.functioncompute.com Open Redirect vulnerability OBB-3939126
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
troytrojans.com Open Redirect vulnerability OBB-3939125
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
api.ffm.to Open Redirect vulnerability OBB-3939124
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
hpackagetrackerguru.com Open Redirect vulnerability OBB-3939123
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
EPSS
6.7AI Score
EPSS
iqconnect.lmhostediq.com Open Redirect vulnerability OBB-3939120
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
Summary IBM WebSphere Application Server, which is bundled with IBM Cloud Pak for Applications, is vulnerable to cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions...
5.9AI Score
EPSS
New MOVEit Transfer Vulnerability Under Active Exploitation - Patch ASAP!
A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that...
9.8CVSS
9.8AI Score
0.969EPSS
Summary Potential follow-redirects arbitrary phishing attack vulnerability ( CVE-2023-26159) has been identified that may affect IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability have been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...
7.3CVSS
6.5AI Score
0.001EPSS
Summary IBM WebSphere Application Server, which is bundled with IBM WebSphere Hybrid Edition, is vulnerable to cross-site scripting in the administrative console. Vulnerability Details Refer to the security bulletin(s) listed in the Remediation/Fixes section Affected Products and Versions Affected....
5.9AI Score
EPSS
huidhuis.nl Cross Site Scripting vulnerability OBB-3939118
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Summary IBM Edge Application Manager 4.5.6 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2024-29018 DESCRIPTION: **moby could allow a remote attacker to obtain sensitive information, caused by incorrect resource transfer between spheres. By...
7.8CVSS
7.5AI Score
0.001EPSS
ergonomio.nl Cross Site Scripting vulnerability OBB-3939117
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
About a year ago I wrote that "I want to use XAES-256-GCM/11, which has a number of nice properties and only the annoying defect of not existing." Well, there is now an XAES-256-GCM specification. (Had to give up on the /11 part, but that was just a performance optimization.) XAES-256-GCM is an...
7.3AI Score
Summary Potential unspecified vulnerability in Java SE related to the VM component (CVE-2024-20952) has been identified that affects IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details ** CVEID:...
7.4CVSS
7.3AI Score
0.001EPSS
Federal Reserve “breached” data may actually belong to Evolve Bank
A shockwave went through the financial world when ransomware group LockBit claimed to have breached the US Federal Reserve, the central banking system of the United States. On LockBit's dark web leak site, the group threatened to release over 30 TB of banking information containing Americans'...
7.4AI Score
Summary There are multiple vulnerabilities in Node.js and IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor (CVE-2024-27983, CVE-2024-27980, CVE-2024-22329, CVE-2024-27982, CVE-2024-22354, CVE-2024-4068). Vulnerability Details ** CVEID: CVE-2024-27983 DESCRIPTION:...
7.5CVSS
9.2AI Score
EPSS
en.radreisen.at Cross Site Scripting vulnerability OBB-3939116
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Exploit for Path Traversal in Apache Http Server
CVE-2021-42013: Apache HTTP Server Path Traversal and Remote...
9.8CVSS
9.6AI Score
0.974EPSS
doineedajacket.com Cross Site Scripting vulnerability OBB-3939113
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
jazz2-0.com Cross Site Scripting vulnerability OBB-3939115
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
sunellsecurity.com Cross Site Scripting vulnerability OBB-3939114
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score