CVE-2024-36107 Information disclosure in minio
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. If-Modified-Since and If-Unmodified-Since headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a...
7.1AI Score
The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file are stored in a weakly encoded format. There is no known way to remotely access the file unless it has been manually renamed. However, if an attacker were to....
7.4AI Score
CVE-2024-36109 Cross-site Scripting with Markdown rendering in CoCalc
CoCalc is web-based software that enables collaboration in research, teaching, and scientific publishing. In affected versions the markdown parser allows <script> tags to be included which execute when published. This issue has been addressed in commit 419862a9c9879c. Users are advised to upg...
CVE-2024-36110 Cross-site scripting in ansibleguy-webui
ansibleguy-webui is an open source WebUI for using Ansible. Multiple forms in versions < 0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser. These issues have been addressed in version 0.0.21 (0.0.21.post2 on...
7.2AI Score
accessibyte.com Cross Site Scripting vulnerability OBB-3931400
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
bicicleteriapereyra.com.ar Cross Site Scripting vulnerability OBB-3931399
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged telnet account. The user is not asked to change the credentials after first login. If not changed, attackers can log in to the telnet console and gain administrator...
7.3AI Score
Aten PE6208 2.3.228 and 2.4.232 have default credentials for the privileged web interface account. The user is not asked to change the credentials after first login. If not changed, attackers can log in to the web interface and gain administrator...
7.3AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.2AI Score
aidfadu.com Cross Site Scripting vulnerability OBB-3931397
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
silverstripe/taxonomy SQL Injection vulnerability
There is a vulnerability in silverstripe/taxonomy module that allows SQL injection. This affected controller (TaxonomyDirectoryController) is disabled by default and must be enabled by a developer for the exploit to be...
8.1AI Score
silverstripe/userforms file upload exposure on UserForms module
The userforms module allows CMS administrators to create public facing forms with file upload abilities. These files are uploaded into a predictable public path on the website, unless configured otherwise by the CMS administrator setting up the form. While the name of the uploaded file itself is...
7AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.3AI Score
formwork Cross-site scripting vulnerability in Markdown fields
Impact Users with access to the administration panel with page editing permissions could insert <script> tags in markdown fields, which are exposed on the publicly accessible site pages, leading to potential XSS injections. Patches Formwork 1.13.0 has been released with a patch that solves th...
5.5AI Score
Amazon AWS Client VPN has a buffer overflow that could potentially allow a local actor to execute arbitrary commands with elevated permissions. This is resolved in 3.11.1 on Windows, 3.9.1 on macOS, and 3.12.1 on Linux. NOTE: although the macOS resolution is the same as for CVE-2024-30165, this...
8.1AI Score
plus613.com Cross Site Scripting vulnerability OBB-3931394
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Kaminari Insecure File Permissions Vulnerability
A moderate severity security vulnerability has been identified in the Kaminari pagination library for Ruby on Rails, concerning insecure file permissions. This advisory outlines the vulnerability, affected versions, and provides guidance for mitigation. Impact This vulnerability is of moderate...
6.5AI Score
GHSA-7WW5-4WQC-M92C vulnerabilities
Vulnerabilities for packages: flux-source-controller, telegraf, trivy, cilium-cli, ctop, skaffold, newrelic-infrastructure-agent, kots, kubevela, zot, helm-push, kubescape, cert-manager, tekton-pipelines, gitness, up, k3d, eksctl, fuse-overlayfs-snapshotter, helm, flux-helm-controller, kaniko,...
7.5AI Score
GHSA-R53H-JV2G-VPX6 vulnerabilities
Vulnerabilities for packages: flux-source-controller, kots, up, zarf, k9s, eksctl, cilium-cli, k8sgpt, zot, flux-helm-controller, helm-push, kubescape, helm-operator, cert-manager, trivy, chartmuseum,...
7.5AI Score
7.5AI Score
0.0004EPSS
8.9AI Score
0.0005EPSS
7.5AI Score
7.5AI Score
6.8AI Score
0.0004EPSS
7.5AI Score
7.5AI Score
7.5AI Score
Vulnerabilities for packages: cloudflared, kubernetes-dns-node-cache,...
5.5AI Score
0.0004EPSS
7.5AI Score
7.5AI Score
7.5AI Score
0.001EPSS
7.5AI Score
0.001EPSS
7.5AI Score
0.0004EPSS
6.1AI Score
0.001EPSS
7.5AI Score
7.5AI Score
5.6AI Score
0.0004EPSS
9.7AI Score
0.018EPSS
7.5AI Score
7.5AI Score
7.7AI Score
0.039EPSS
7AI Score
0.001EPSS
8.1AI Score
0.001EPSS
7.6AI Score
0.001EPSS
7.5AI Score
9.1AI Score
0.001EPSS
7.8AI Score
9.7AI Score
7.9AI Score
7.5AI Score