F-Secure Endpoint Protection Products On Windows And Mac. F-Secure Linux Security (32-bit), F-Secure Linux Security 64, F-Secure Atlant, F-Secure Internet Gatekeeper & F-Secure Security Cloud Security Vulnerabilities

dictionary.result.pk Cross Site Scripting vulnerability OBB-3931878

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

dienmaytoancau.com.vn Cross Site Scripting vulnerability OBB-3931879

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

diditeacher.com Cross Site Scripting vulnerability OBB-3931877

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

decofinder.com Cross Site Scripting vulnerability OBB-3931874

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

pt.fonts2u.com Cross Site Scripting vulnerability OBB-3931873

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

ar.fonts2u.com Cross Site Scripting vulnerability OBB-3931872

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

daytonfreight.com Cross Site Scripting vulnerability OBB-3931868

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

daystarr.net Cross Site Scripting vulnerability OBB-3931867

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Exploit for CVE-2024-24919

CVE-2024-24919-Check-Point-Remote-Access-VPN...

Exploit for CVE-2024-24919

Check point:CVE-2024-24919 ...

davidpressleyschool.com Cross Site Scripting vulnerability OBB-3931866

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

datartgroup.cz Cross Site Scripting vulnerability OBB-3931865

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

danuricare.com Cross Site Scripting vulnerability OBB-3931863

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

New banking trojan “CarnavalHeist” targets Brazil with overlay attacks

Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...

Exploit for CVE-2024-24919

CVE-2024-24919-POC Read about it -...

Data Leak Exposes Business Leaders and Top Celebrity Data

By Waqas A data leak incident involving Clarity.fm left the personal data of business leaders and celebrities exposed to public… This is a post from HackRead.com Read the original post: Data Leak Exposes Business Leaders and Top Celebrity...

CVE-2024-5484

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering...

CVE-2024-5538

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering...

CVE-2024-22338

IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: ...

How AI Will Change Democracy

I don't think it's an exaggeration to predict that artificial intelligence will affect every aspect of our society. Not by doing new things. But mostly by doing things that are already being done by humans, perfectly competently. Replacing humans with AIs isn't necessarily interesting. But when an....

Code Injection

symfony is vulnerable to Code Injection. The vulnerability is due to lack of CSRF protection for the import/export feature, allowing attackers to exploit the PHP serialized string...

CVE-2024-22338 IBM Security Verify Access OIDC Provider information disclosure

IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: ...

Exploit for CVE-2024-24919

CVE-2024-24919 An Vulnerability detection and Exploitation...

CVE-2024-5347

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'arrow' attribute within the plugin's Post Navigation widget in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping on user supplied attributes.....

CVE-2024-5041

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ha-ia-content-button’ parameter in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-4160

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm-all-packages' shortcode in all versions up to, and including, 3.2.90 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2024-23692

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment...

SQL Injection

terminal42/contao-tablelookupwizard is vulnerable to SQL Injection. The vulnerability is caused by insufficient sanitization of widget values before they are passed to the database, which allows an attacker to execute arbitrary SQL...

Exploit for CVE-2024-24919

CVE-2024-24919 PoC (but its a CLI) Disclaimer: I am not...

Improper Input Validation

symphony is vulnerable to Improper Input Validation. The vulnerability is due to incorrect parsing of the Authorization header in applications using HTTP basic or digest authentication, which could be exploited in certain server...

CVE-2024-23692 Rejetto HTTP File Server 2.3m Unauthenticated RCE

Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment...

CVE-2024-5041 Happy Addons for Elementor <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Image Accordion

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ha-ia-content-button’ parameter in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...

CVE-2024-5347 Happy Addons for Elementor <= 3.10.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via Post Navigation Widget

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'arrow' attribute within the plugin's Post Navigation widget in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping on user supplied attributes.....

CVE-2024-4160 Download Manager <= 3.2.90 - Authenticated (Contributor+) Stored Cross-Site Scripting via wpdm-all-packages Shortcode

The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm-all-packages' shortcode in all versions up to, and including, 3.2.90 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

Cross-Site Scripting

thelia/thelia is vulnerable to Cross-site Scripting. The vulnerability is due to insufficient sanitization within the error.html template of the BackOffice. This allowing attackers to inject malicious scripts that can be executed in the browsers of users visiting the affected...

virutex.es Cross Site Scripting vulnerability OBB-3931859

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-1295

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

boutique.requiem.com.es Cross Site Scripting vulnerability OBB-3931858

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Privilege Escalation

symfony/symfony is vulnerable to Privilege Escalation. The vulnerability is due to a flaw in the handling of user updates in the EntityUserProvider provided by the Doctrine bridge, allowing users to switch to another user by changing their username via a form, despite encountering a validation...

Authentication Bypass

typo3/cms-core vulnerable to Authentication Bypass. The vulnerability is due to improper handling of hashing methods related by PHP class inheritance, allowing stored passwords using the blowfish hashing algorithm to be overridden when MD5 is used as the default hashing...

Cross-site Scripting (XSS)

Thelia is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to improper sanitization within the error.html template which allows an attacker to inject and execute malicious...

CVE-2024-5523

SQL injection vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability could allow an authenticated local user to send a specially crafted SQL query to the 'searchString' parameter and retrieve all information stored in the...

Improper Input Validation

Symfony is vulnerable to Improper Input Validation. The vulnerability is due to trusting the remote address when at least one trusted proxy is involved, allowing an attacker to manipulate HTTP header...

XML External Entity (XXE) Injection

symfony/serializer is vulnerable to XML External Entity (XXE) injection. This vulnerability is due to the failure to disable external entities when parsing XML using the XMLEncoder component, which allows an attacker to include arbitrary files from the file system by exploiting the XXE injection...

estilosdevidasaludable.sanidad.gob.es Cross Site Scripting vulnerability OBB-3931855

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

thatquiz.org Cross Site Scripting vulnerability OBB-3931854

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Remote Code Execution (RCE)

titon/framework] is vulnerable to remote code execution. The vulnerability is due to calling the unserialize() method on unverified cyphertext, which allows an attacker to execute arbitrary...

Denial Of Service (DoS)

Symfony is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper hostname validation via a regular expression within Request::getHost(), which results in...

CVE-2024-5523 SQL injection vulnerability in Astrotalks

SQL injection vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability could allow an authenticated local user to send a specially crafted SQL query to the 'searchString' parameter and retrieve all information stored in the...

XML Entity Expansion (XEE)

symfony/routing is vulnerable to XML Entity Expansion (XEE). The vulnerability is due to allowing custom entities in PHP, which allows an attacker to submit XML which results in a XEE Quadratic...