Lucene search

K

All F-Secure And WithSecure Endpoint Protection Products For Windows & Mac F-Secure Linux Security (32-bit) F-Secure Linux Security (64-bit) F-Secure Atlant F-Secure Internet Gatekeeper Security Vulnerabilities

openbugbounty
openbugbounty

choiceroute.in Cross Site Scripting vulnerability OBB-3938569

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 05:25 PM
5
openbugbounty
openbugbounty

maserp.net Cross Site Scripting vulnerability OBB-3938566

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 05:24 PM
5
openbugbounty
openbugbounty

friends.aipro.tv Cross Site Scripting vulnerability OBB-3938564

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 05:24 PM
3
openbugbounty
openbugbounty

attoohinfo.co.za Cross Site Scripting vulnerability OBB-3938565

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 05:24 PM
5
openbugbounty
openbugbounty

lordtickets.com Cross Site Scripting vulnerability OBB-3938563

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 05:23 PM
5
openbugbounty
openbugbounty

web.colegioingles.edu.uy Cross Site Scripting vulnerability OBB-3938561

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 05:23 PM
5
openbugbounty
openbugbounty

oncomarkers.com.br Cross Site Scripting vulnerability OBB-3938560

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 05:23 PM
4
openbugbounty
openbugbounty

plugintheme.net Cross Site Scripting vulnerability OBB-3938562

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 05:23 PM
3
ibm
ibm

Security Bulletin: This Power System update is being released to address CVE-2023-45857

Summary This affects the BMC's ASMi web application. Vulnerability Details ** CVEID: CVE-2023-45857 DESCRIPTION: **Axios is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By inserting the X-XSRF-TOKEN header using the secret XSRF-TOKEN cookie value.....

6.5CVSS

5.9AI Score

0.001EPSS

2024-06-25 05:22 PM
openbugbounty
openbugbounty

tgfilter.org Cross Site Scripting vulnerability OBB-3938558

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 05:22 PM
3
openbugbounty
openbugbounty

thaince.org Cross Site Scripting vulnerability OBB-3938559

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 05:22 PM
3
openbugbounty
openbugbounty

boubathemasterclass.com Cross Site Scripting vulnerability OBB-3938557

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 05:22 PM
1
openbugbounty
openbugbounty

cifs.com.cy Cross Site Scripting vulnerability OBB-3938556

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 05:21 PM
3
openbugbounty
openbugbounty

flyteachers.com Cross Site Scripting vulnerability OBB-3938555

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-25 05:21 PM
3
ibm
ibm

Security Bulletin: This Power System update is being released to address CVE-2023-37453

Summary This affects the BMC's physical USB ports. Vulnerability Details ** CVEID: CVE-2023-37453 DESCRIPTION: **Linux Kernel is vulnerable to a denial of service, caused by an out-of-bounds flaw in the read_descriptors function in drivers/usb/core/sysfs.c in the USB subsystem. By using a...

4.6CVSS

6.3AI Score

0.0005EPSS

2024-06-25 05:17 PM
cve
cve

CVE-2024-6308

A vulnerability was found in itsourcecode Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit....

7.3CVSS

7.6AI Score

EPSS

2024-06-25 05:15 PM
3
nvd
nvd

CVE-2024-6308

A vulnerability was found in itsourcecode Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit....

7.3CVSS

EPSS

2024-06-25 05:15 PM
1
cve
cve

CVE-2024-6257

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code...

8.4CVSS

7.7AI Score

EPSS

2024-06-25 05:15 PM
1
nvd
nvd

CVE-2024-6257

HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration, potentially leading to arbitrary code...

8.4CVSS

EPSS

2024-06-25 05:15 PM
osv
osv

DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document

Impact In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This attack may only be initialized by a user who already has Submitter...

5.6AI Score

EPSS

2024-06-25 05:07 PM
1
github
github

DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document

Impact In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This attack may only be initialized by a user who already has Submitter...

2.6CVSS

5.5AI Score

EPSS

2024-06-25 05:07 PM
3
cvelist
cvelist

CVE-2024-6308 itsourcecode Simple Online Hotel Reservation System index.php sql injection

A vulnerability was found in itsourcecode Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit....

7.3CVSS

EPSS

2024-06-25 05:00 PM
vulnrichment
vulnrichment

CVE-2024-6308 itsourcecode Simple Online Hotel Reservation System index.php sql injection

A vulnerability was found in itsourcecode Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit....

7.3CVSS

7.8AI Score

EPSS

2024-06-25 05:00 PM
cve
cve

CVE-2023-42014

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

7.2AI Score

2024-06-25 04:50 PM
1
cve
cve

CVE-2023-42011

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

7.2AI Score

2024-06-25 04:50 PM
ibm
ibm

Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to cross-site scripting due to WebSphere Application Server Liberty

Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor (CVE-2024-27270). Vulnerability Details ** CVEID: CVE-2024-27270 DESCRIPTION: **IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site...

4.7CVSS

6.4AI Score

0.0004EPSS

2024-06-25 04:18 PM
2
nvd
nvd

CVE-2024-5989

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager®...

EPSS

2024-06-25 04:15 PM
3
cve
cve

CVE-2024-5990

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected...

7.2AI Score

EPSS

2024-06-25 04:15 PM
1
nvd
nvd

CVE-2024-5990

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected...

EPSS

2024-06-25 04:15 PM
1
cve
cve

CVE-2024-5989

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager®...

9.1AI Score

EPSS

2024-06-25 04:15 PM
2
nvd
nvd

CVE-2024-0171

Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized...

5.3CVSS

EPSS

2024-06-25 04:15 PM
3
nvd
nvd

CVE-2024-5988

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager®...

EPSS

2024-06-25 04:15 PM
1
cve
cve

CVE-2024-0171

Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized...

5.3CVSS

7AI Score

EPSS

2024-06-25 04:15 PM
1
cve
cve

CVE-2024-5988

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager®...

7.5AI Score

EPSS

2024-06-25 04:15 PM
cvelist
cvelist

CVE-2024-5990 ThinManager® ThinServer™ Improper Input Validation Vulnerability

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to a monitor thread within Rockwell Automation ThinServer™ and cause a denial-of-service condition on the affected...

EPSS

2024-06-25 04:11 PM
vulnrichment
vulnrichment

CVE-2024-5989 Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager®...

8.8AI Score

EPSS

2024-06-25 04:01 PM
cvelist
cvelist

CVE-2024-5989 Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke SQL injection into the program and cause a remote code execution condition on the Rockwell Automation ThinManager®...

EPSS

2024-06-25 04:01 PM
cvelist
cvelist

CVE-2024-5988 Rockwell Automation ThinManager® ThinServer™ Improper Input Validation Vulnerability

Due to an improper input validation, an unauthenticated threat actor can send a malicious message to invoke a local or remote executable and cause a remote code execution condition on the Rockwell Automation ThinManager®...

EPSS

2024-06-25 03:53 PM
2
ibm
ibm

Security Bulletin: IBM Sterling B2B Integrator Standard Edition does not correctly restrict frame objects

Summary IBM Sterling B2B Integrator Standard Edition does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Vulnerability Details ** CVEID:...

6.6AI Score

EPSS

2024-06-25 03:49 PM
2
wordfence
wordfence

WordPress 6.5.5 Security Release – What You Need to Know

Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...

5.4AI Score

2024-06-25 03:38 PM
2
ibm
ibm

Security Bulletin: Sterling B2B Integrator Standard Edition is vulnerable to cross-site scripting ( CVE-2023-42014).

Summary In Sterling B2B Integrator Standard Edition Console, the Content-Security-Policy header in the console for B2Bi is not set to the stictest available value. The Content-Security-Policy that is set by the server allows inline Javascript and "eval" functions in the browser. Allowing inline...

6.2AI Score

EPSS

2024-06-25 03:36 PM
2
wolfi
wolfi

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: grpcurl, git-lfs, calico, nri-prometheus, gitness, kubewatch, cilium-envoy, stakater-reloader, secrets-store-csi-driver, gomplate, amass, hey, nginx-stable, dotnet, terraform-provider-azurerm, envoy-ratelimit, secrets-store-csi-driver-provider-gcp, kind,...

7.5CVSS

9AI Score

0.732EPSS

2024-06-25 03:33 PM
608
wolfi
wolfi

CVE-2024-4368 vulnerabilities

Vulnerabilities for packages:...

7.5AI Score

0.0004EPSS

2024-06-25 03:33 PM
43
wolfi
wolfi

CVE-2024-3177 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-driver-hostpath, kubernetes-dns-node-cache, ip-masq-agent, local-static-provisioner, calico, spark-operator, aws-ebs-csi-driver, kubernetes, cluster-autoscaler, node-feature-discovery,...

2.7CVSS

4.3AI Score

0.0004EPSS

2024-06-25 03:33 PM
75
wolfi
wolfi

GHSA-C5PJ-MQFH-RVC3 vulnerabilities

Vulnerabilities for packages: buildah,...

7.5AI Score

2024-06-25 03:33 PM
68
wolfi
wolfi

CVE-2024-23652 vulnerabilities

Vulnerabilities for packages: docker, skaffold, guac, zot, trivy, scorecard, conftest, kubescape, datadog-agent, buildkitd,...

10CVSS

9.7AI Score

0.001EPSS

2024-06-25 03:33 PM
265
wolfi
wolfi

GHSA-JM46-725R-HH9V vulnerabilities

Vulnerabilities for packages: python,...

7.5AI Score

2024-06-25 03:33 PM
99
wolfi
wolfi

CVE-2024-26130 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines, az, py3-cryptography, ggshield,...

7.5CVSS

7.8AI Score

0.0004EPSS

2024-06-25 03:33 PM
139
wolfi
wolfi

GHSA-V5QP-MX94-J49V vulnerabilities

Vulnerabilities for packages:...

7.5AI Score

2024-06-25 03:33 PM
125
wolfi
wolfi

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: grpcurl, argo-workflows, cri-tools, metallb, timoni, cilium, aws-load-balancer-controller, calico, tekton-pipelines, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, secrets-store-csi-driver, kubernetes-csi-external-snapshotter, nuclei,...

7.5AI Score

2024-06-25 03:33 PM
179
Total number of security vulnerabilities3304550