F-Secure Endpoint Protection Products On Windows And Mac. F-Secure Linux Security (32-bit), F-Secure Linux Security 64, F-Secure Atlant, F-Secure Internet Gatekeeper & F-Secure Security Cloud Security Vulnerabilities

Server-Side Request Forgery in github.com/greenpau/caddy-security

Server-Side Request Forgery in...

Authentik vulnerable to PKCE downgrade attack in goauthentik.io

Authentik vulnerable to PKCE downgrade attack in...

Cross-site Scripting in github.com/greenpau/caddy-security

Cross-site Scripting in...

CubeFS leaks magic secret key when starting Blobstore access service in github.com/cubefs/cubefs

CubeFS leaks magic secret key when starting Blobstore access service in...

CubeFS timing attack can leak user passwords in github.com/cubefs/cubefs

CubeFS timing attack can leak user passwords in...

Insufficient Session Expiration in github.com/greenpau/caddy-security

Insufficient Session Expiration in...

Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server

Mattermost fails to limit the number of role names in...

Insecure random string generator used for sensitive data in github.com/cubefs/cubefs

Insecure random string generator used for sensitive data in...

The DES/3DES cipher was used as part of the TLS protocol by installation tools in github.com/karmada-io/karmada

The DES/3DES cipher was used as part of the TLS protocol by installation tools in...

SFTP is possible on the Proxy server for any user with SFTP access in github.com/gravitational/teleport

SFTP is possible on the Proxy server for any user with SFTP access in...

Etcd pkg Insecure ciphers are allowed by default in go.etcd.io/etcd/client/pkg/v3

Etcd pkg Insecure ciphers are allowed by default in...

Moby Docker cp broken with debian containers in github.com/moby/moby

Moby Docker cp broken with debian containers in...

Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability in github.com/apache/servicecomb-service-center

Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability in...

Authenticated users can crash the CubeFS servers with maliciously crafted requests in github.com/cubefs/cubefs

Authenticated users can crash the CubeFS servers with maliciously crafted requests in...

Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF in github.com/0xJacky/Nginx-UI

Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF in...

Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server

Mattermost vulnerable to denial of service via large number of emoji reactions in...

Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd

Argo-cd authenticated users can enumerate clusters by name in...

Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec in github.com/rancher/rancher

Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec in...

Evmos is missing precompile checks in github.com/evmos/evmos

Evmos is missing precompile checks in...

Rancher's External RoleTemplates can lead to privilege escalation in github.com/rancher/rancher

Rancher's External RoleTemplates can lead to privilege escalation in...

SpiceDB exclusions can result in no permission returned when permission expected in github.com/authzed/spicedb

SpiceDB exclusions can result in no permission returned when permission expected in...

ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability in github.com/traefik/traefik

ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability in...

AdGuardHome privilege escalation vulnerability in github.com/AdguardTeam/AdGuardHome

AdGuardHome privilege escalation vulnerability in...

Openshift/telemeter: iss check during jwt authentication can be bypassed in github.com/openshift/telemeter

Openshift/telemeter: iss check during jwt authentication can be bypassed in...

Improper trust check in Bazel Build intellij plugin in github.com/bazelbuild/intellij

Improper trust check in Bazel Build intellij plugin in...

Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider in github.com/rancher/rancher

Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider in...

Minder affected by denial of service from maliciously configured Git repository in github.com/stacklok/minder

Minder affected by denial of service from maliciously configured Git repository in...

SQL injection vulnerability in Gin-vue-admin in github.com/flipped-aurora/gin-vue-admin

SQL injection vulnerability in Gin-vue-admin in...

SFTPGo has insufficient access control for password reset in github.com/drakkan/sftpgo

SFTPGo has insufficient access control for password reset in...

Evmos is missing create validator check in github.com/evmos/evmos

Evmos is missing create validator check in...

app.lotterease.com Cross Site Scripting vulnerability OBB-3939482

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

bridalpartytees.com Cross Site Scripting vulnerability OBB-3939481

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords

Update #1: As of 12:36PM EST, another plugin has been infected. We've updated the list below to include this fourth plugin and the plugins team has been notified. Update #2: As of 2:20 PM EST, two more plugins appear to have malicious commits, however, the releases have not officially been made...

tgpecatsib.tatamotors.com Cross Site Scripting vulnerability OBB-3939480

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Exploit for CVE-2024-34102

🇮🇱 **#BringThemHome...

hanson.ad Cross Site Scripting vulnerability OBB-3939478

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

gratisspil.dk Cross Site Scripting vulnerability OBB-3939476

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

fysikoaerioellados.gr Cross Site Scripting vulnerability OBB-3939475

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

lasalina.es Cross Site Scripting vulnerability OBB-3939474

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CometBFT is unstability during blocksync when syncing from malicious peer

Name: ASA-2024-008: Instability during blocksync when syncing from malicious peer Component: CometBFT Criticality: Medium (ACMv1: I:Moderate; L: Possible) Affected versions: < v0.38.7 Summary An issue was identified for nodes syncing on an existing network during blocksync in which a malicious.....

CometBFT is unstability during blocksync when syncing from malicious peer

Name: ASA-2024-008: Instability during blocksync when syncing from malicious peer Component: CometBFT Criticality: Medium (ACMv1: I:Moderate; L: Possible) Affected versions: < v0.38.7 Summary An issue was identified for nodes syncing on an existing network during blocksync in which a malicious.....

search.staffs.ac.uk Cross Site Scripting vulnerability OBB-3939471

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

campion.edu.ro Cross Site Scripting vulnerability OBB-3939472

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

probabilistic-robotics.org Cross Site Scripting vulnerability OBB-3939470

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

sesrc.wsu.edu Cross Site Scripting vulnerability OBB-3939469

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

filmisub.cc Cross Site Scripting vulnerability OBB-3939468

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

vedanasbavi.cz Cross Site Scripting vulnerability OBB-3939467

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

ueltschi.org Cross Site Scripting vulnerability OBB-3939466

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

filepursuit.com Cross Site Scripting vulnerability OBB-3939465

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

marefelice.it Cross Site Scripting vulnerability OBB-3939464

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...