Server-Side Request Forgery in github.com/greenpau/caddy-security
Server-Side Request Forgery in...
5.3CVSS
6.8AI Score
0.001EPSS
Authentik vulnerable to PKCE downgrade attack in goauthentik.io
Authentik vulnerable to PKCE downgrade attack in...
8.8CVSS
6.7AI Score
0.001EPSS
6.1CVSS
6.4AI Score
0.0004EPSS
CubeFS leaks magic secret key when starting Blobstore access service in github.com/cubefs/cubefs
CubeFS leaks magic secret key when starting Blobstore access service in...
9.8CVSS
6.7AI Score
0.001EPSS
CubeFS timing attack can leak user passwords in github.com/cubefs/cubefs
CubeFS timing attack can leak user passwords in...
6.5CVSS
6.7AI Score
0.001EPSS
Insufficient Session Expiration in github.com/greenpau/caddy-security
Insufficient Session Expiration in...
4.8CVSS
6.7AI Score
0.0004EPSS
Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Mattermost fails to limit the number of role names in...
4.3CVSS
6.6AI Score
0.0004EPSS
Insecure random string generator used for sensitive data in github.com/cubefs/cubefs
Insecure random string generator used for sensitive data in...
9.8CVSS
6.7AI Score
0.001EPSS
The DES/3DES cipher was used as part of the TLS protocol by installation tools in...
7.1AI Score
SFTP is possible on the Proxy server for any user with SFTP access in...
7.2AI Score
Etcd pkg Insecure ciphers are allowed by default in go.etcd.io/etcd/client/pkg/v3
Etcd pkg Insecure ciphers are allowed by default in...
7.1AI Score
Moby Docker cp broken with debian containers in github.com/moby/moby
Moby Docker cp broken with debian containers in...
9.8CVSS
6.6AI Score
0.016EPSS
Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability in...
7.5CVSS
6.6AI Score
0.001EPSS
Authenticated users can crash the CubeFS servers with maliciously crafted requests in...
6.5CVSS
6.7AI Score
0.0004EPSS
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF in...
8.8CVSS
6.5AI Score
0.001EPSS
Mattermost vulnerable to denial of service via large number of emoji reactions in...
4.3CVSS
6.5AI Score
0.0005EPSS
Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
Argo-cd authenticated users can enumerate clusters by name in...
4.3CVSS
6.5AI Score
0.0004EPSS
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec in...
6.9AI Score
EPSS
Evmos is missing precompile checks in github.com/evmos/evmos
Evmos is missing precompile checks in...
3.5CVSS
6.6AI Score
0.0004EPSS
Rancher's External RoleTemplates can lead to privilege escalation in github.com/rancher/rancher
Rancher's External RoleTemplates can lead to privilege escalation in...
7.1AI Score
EPSS
SpiceDB exclusions can result in no permission returned when permission expected in...
3.7CVSS
6.7AI Score
0.0004EPSS
ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability in...
5.5CVSS
6.7AI Score
0.0004EPSS
AdGuardHome privilege escalation vulnerability in github.com/AdguardTeam/AdGuardHome
AdGuardHome privilege escalation vulnerability in...
7AI Score
0.0004EPSS
Openshift/telemeter: iss check during jwt authentication can be bypassed in...
7.5CVSS
7AI Score
0.001EPSS
Improper trust check in Bazel Build intellij plugin in github.com/bazelbuild/intellij
Improper trust check in Bazel Build intellij plugin in...
6.9AI Score
0.0004EPSS
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider in...
6.8AI Score
EPSS
Minder affected by denial of service from maliciously configured Git repository in...
5.7CVSS
6.7AI Score
0.0004EPSS
SQL injection vulnerability in Gin-vue-admin in github.com/flipped-aurora/gin-vue-admin
SQL injection vulnerability in Gin-vue-admin in...
8.8CVSS
7.9AI Score
0.0004EPSS
SFTPGo has insufficient access control for password reset in github.com/drakkan/sftpgo
SFTPGo has insufficient access control for password reset in...
5.4CVSS
7AI Score
0.0004EPSS
Evmos is missing create validator check in github.com/evmos/evmos
Evmos is missing create validator check in...
3.5CVSS
3.9AI Score
0.0004EPSS
app.lotterease.com Cross Site Scripting vulnerability OBB-3939482
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
bridalpartytees.com Cross Site Scripting vulnerability OBB-3939481
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords
Update #1: As of 12:36PM EST, another plugin has been infected. We've updated the list below to include this fourth plugin and the plugins team has been notified. Update #2: As of 2:20 PM EST, two more plugins appear to have malicious commits, however, the releases have not officially been made...
7.2AI Score
tgpecatsib.tatamotors.com Cross Site Scripting vulnerability OBB-3939480
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
9.8CVSS
7.4AI Score
0.038EPSS
hanson.ad Cross Site Scripting vulnerability OBB-3939478
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
gratisspil.dk Cross Site Scripting vulnerability OBB-3939476
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
fysikoaerioellados.gr Cross Site Scripting vulnerability OBB-3939475
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
lasalina.es Cross Site Scripting vulnerability OBB-3939474
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CometBFT is unstability during blocksync when syncing from malicious peer
Name: ASA-2024-008: Instability during blocksync when syncing from malicious peer Component: CometBFT Criticality: Medium (ACMv1: I:Moderate; L: Possible) Affected versions: < v0.38.7 Summary An issue was identified for nodes syncing on an existing network during blocksync in which a malicious.....
6.7AI Score
CometBFT is unstability during blocksync when syncing from malicious peer
Name: ASA-2024-008: Instability during blocksync when syncing from malicious peer Component: CometBFT Criticality: Medium (ACMv1: I:Moderate; L: Possible) Affected versions: < v0.38.7 Summary An issue was identified for nodes syncing on an existing network during blocksync in which a malicious.....
6.7AI Score
search.staffs.ac.uk Cross Site Scripting vulnerability OBB-3939471
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
campion.edu.ro Cross Site Scripting vulnerability OBB-3939472
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
probabilistic-robotics.org Cross Site Scripting vulnerability OBB-3939470
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
sesrc.wsu.edu Cross Site Scripting vulnerability OBB-3939469
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
filmisub.cc Cross Site Scripting vulnerability OBB-3939468
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
vedanasbavi.cz Cross Site Scripting vulnerability OBB-3939467
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
ueltschi.org Cross Site Scripting vulnerability OBB-3939466
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
filepursuit.com Cross Site Scripting vulnerability OBB-3939465
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
marefelice.it Cross Site Scripting vulnerability OBB-3939464
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score