Lucene search

K

Form Maker By 10Web – Mobile-Friendly Drag & Drop Contact Form Builder Security Vulnerabilities

openbugbounty
openbugbounty

campidiot.com Cross Site Scripting vulnerability OBB-3935057

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:40 AM
6
openbugbounty
openbugbounty

bessofhardwick.org Cross Site Scripting vulnerability OBB-3935051

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:37 AM
4
openbugbounty
openbugbounty

bbb-umwelt.com Cross Site Scripting vulnerability OBB-3935049

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:36 AM
4
openbugbounty
openbugbounty

ateism.ru Cross Site Scripting vulnerability OBB-3935046

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:35 AM
1
openbugbounty
openbugbounty

artecuador.com Cross Site Scripting vulnerability OBB-3935045

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:30 AM
4
openbugbounty
openbugbounty

anpb.net Cross Site Scripting vulnerability OBB-3935043

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:30 AM
3
openbugbounty
openbugbounty

altexsl.es Cross Site Scripting vulnerability OBB-3935042

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:29 AM
1
openbugbounty
openbugbounty

allseasonscarwashnj.com Cross Site Scripting vulnerability OBB-3935041

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:29 AM
3
openbugbounty
openbugbounty

bargam.portalservices.it Cross Site Scripting vulnerability OBB-3935039

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:28 AM
4
openbugbounty
openbugbounty

360samsun.com Cross Site Scripting vulnerability OBB-3935032

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:26 AM
5
openbugbounty
openbugbounty

wintercup2022.japanbasketball.jp Cross Site Scripting vulnerability OBB-3935031

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:25 AM
4
openbugbounty
openbugbounty

vintageguy.ultimatecardstore.com Cross Site Scripting vulnerability OBB-3935030

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:25 AM
4
openbugbounty
openbugbounty

takasaki.mypl.net Cross Site Scripting vulnerability OBB-3935026

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:23 AM
3
openbugbounty
openbugbounty

shimonoseki.mypl.net Cross Site Scripting vulnerability OBB-3935025

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:23 AM
4
openbugbounty
openbugbounty

kfo.pik-potsdam.de Cross Site Scripting vulnerability OBB-3935020

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:21 AM
1
openbugbounty
openbugbounty

m.baystatebanner.com Cross Site Scripting vulnerability OBB-3935021

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:21 AM
3
openbugbounty
openbugbounty

japan.unifrance.org Cross Site Scripting vulnerability OBB-3935019

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:20 AM
3
openbugbounty
openbugbounty

edicionesdeldomo.altervista.org Cross Site Scripting vulnerability OBB-3935014

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:18 AM
3
openbugbounty
openbugbounty

esrp.rcast.u-tokyo.ac.jp Cross Site Scripting vulnerability OBB-3935016

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:18 AM
3
openbugbounty
openbugbounty

diagnostics.medgenome.com Cross Site Scripting vulnerability OBB-3935012

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:17 AM
2
openbugbounty
openbugbounty

dr.golfdigest.co.jp Cross Site Scripting vulnerability OBB-3935013

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 10:17 AM
4
osv
osv

CVE-2024-5685

Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through...

6.9AI Score

0.0004EPSS

2024-06-14 10:15 AM
1
nvd
nvd

CVE-2024-5685

Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through...

0.0004EPSS

2024-06-14 10:15 AM
2
cve
cve

CVE-2024-5685

Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through...

6.7AI Score

0.0004EPSS

2024-06-14 10:15 AM
23
cvelist
cvelist

CVE-2024-5685 Broken Function Level Authorization (BFLA) in snipe/snipe-it

Users with "User:edit" and "Self:api" permissions can promote or demote themselves or other users by performing changes to the group's memberships via API call.This issue affects snipe-it: from v4.6.17 through...

0.0004EPSS

2024-06-14 09:54 AM
4
cve
cve

CVE-2024-5996

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the...

8.8CVSS

8.6AI Score

0.001EPSS

2024-06-14 09:15 AM
10
nvd
nvd

CVE-2024-5996

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the...

8.8CVSS

0.001EPSS

2024-06-14 09:15 AM
2
nvd
nvd

CVE-2024-4863

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

0.0004EPSS

2024-06-14 09:15 AM
5
cve
cve

CVE-2024-4863

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

5.8AI Score

0.0004EPSS

2024-06-14 09:15 AM
11
cve
cve

CVE-2024-5730

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

7AI Score

2024-06-14 09:09 AM
3
veracode
veracode

Denial Of Service (DoS)

github.com/klauspost/compress/zstd is vulnerable to a Denial of service (DoS). The vulnerability is due to its zstd decompression implementation not respecting the limits imposed by gRPC, which allows attacker to trigger rapid and uncontrolled increases in memory usage on the server or...

7AI Score

2024-06-14 08:49 AM
1
cvelist
cvelist

CVE-2024-4863 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

0.0004EPSS

2024-06-14 08:35 AM
2
vulnrichment
vulnrichment

CVE-2024-4863 Gutenberg Blocks by Kadence Blocks – Page Builder Features <= 3.2.38 - Authenticated (Contributor+) Stored Cross-Site Scripting via titleFont Parameter

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘titleFont’ parameter in all versions up to, and including, 3.2.38 due to insufficient input sanitization and output escaping. This makes it possible for...

6.4CVSS

5.9AI Score

0.0004EPSS

2024-06-14 08:35 AM
cvelist
cvelist

CVE-2024-5996 Soar Cloud HR Portal - Cleartext Transmission of Sensitive Information

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. These emails are sent without using an encrypted transmission protocol. If an attacker intercepts the packets, they can obtain the plaintext session information and use it to log into the...

8.8CVSS

0.001EPSS

2024-06-14 08:22 AM
1
cve
cve

CVE-2024-5995

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be...

8.8CVSS

8.8AI Score

0.001EPSS

2024-06-14 08:15 AM
13
nvd
nvd

CVE-2024-5995

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be...

8.8CVSS

0.001EPSS

2024-06-14 08:15 AM
4
openbugbounty
openbugbounty

sailwave.com Cross Site Scripting vulnerability OBB-3935003

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 08:10 AM
3
thn
thn

ZKTeco Biometric System Found Vulnerable to 24 Critical Security Flaws

An analysis of a hybrid biometric access system from Chinese manufacturer ZKTeco has uncovered two dozen security flaws that could be used by attackers to defeat authentication, steal biometric data, and even deploy malicious backdoors. "By adding random user data to the database or using a fake...

10CVSS

9.6AI Score

0.0004EPSS

2024-06-14 08:09 AM
4
openbugbounty
openbugbounty

ciof.org.uk Cross Site Scripting vulnerability OBB-3935002

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 08:07 AM
1
githubexploit
githubexploit

Exploit for Path Traversal in Solarwinds Serv-U

Exploit For CVE-2024-28995 On June 5, 2024, SolarWinds...

8.6CVSS

7AI Score

0.113EPSS

2024-06-14 08:04 AM
74
openbugbounty
openbugbounty

victimandwitnesscare.org.uk Cross Site Scripting vulnerability OBB-3935001

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 07:46 AM
1
cvelist
cvelist

CVE-2024-5995 Soar Cloud HR Portal - Insufficient Session Expiration

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be...

8.8CVSS

0.001EPSS

2024-06-14 07:18 AM
4
nvd
nvd

CVE-2024-5994

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator, with...

6.4CVSS

0.001EPSS

2024-06-14 07:15 AM
5
cve
cve

CVE-2024-5994

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator, with...

6.4CVSS

6AI Score

0.001EPSS

2024-06-14 07:15 AM
12
redhatcve
redhatcve

CVE-2024-23443

A flaw was found in Kibana. A high-privileged user, allowed to create custom osquery packs, could affect the availability of Kibana by uploading a maliciously crafted osquery...

6.9AI Score

EPSS

2024-06-14 07:12 AM
2
cvelist
cvelist

CVE-2024-5994 WP Go Maps (formerly WP Google Maps) <= 9.0.38 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator, with...

6.4CVSS

0.001EPSS

2024-06-14 06:53 AM
3
vulnrichment
vulnrichment

CVE-2024-5994 WP Go Maps (formerly WP Google Maps) <= 9.0.38 - Authenticated (Contributor+) Stored Cross-Site Scripting

The WP Go Maps (formerly WP Google Maps) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Custom JS option in versions up to, and including, 9.0.38. This makes it possible for authenticated attackers that have been explicitly granted permissions by an administrator, with...

6.4CVSS

6AI Score

0.001EPSS

2024-06-14 06:53 AM
thn
thn

North Korean Hackers Target Brazilian Fintech with Sophisticated Phishing Tactics

Threat actors linked to North Korea have accounted for one-third of all the phishing activity targeting Brazil since 2020, as the country's emergence as an influential power has drawn the attention of cyber espionage groups. "North Korean government-backed actors have targeted the Brazilian...

7.1AI Score

2024-06-14 06:45 AM
openbugbounty
openbugbounty

directory.hardmantrust.org.uk Cross Site Scripting vulnerability OBB-3934998

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-14 06:30 AM
4
cve
cve

CVE-2024-4751

The WP Prayer II WordPress plugin through 2.4.7 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF...

6.4AI Score

0.0004EPSS

2024-06-14 06:15 AM
12
Total number of security vulnerabilities2099150