Lucene search

K

Form Maker By 10Web – Mobile-Friendly Drag & Drop Contact Form Builder Security Vulnerabilities

wolfi
wolfi

GHSA-VR64-R9QJ-H27F vulnerabilities

Vulnerabilities for packages:...

7.5AI Score

2024-06-17 09:08 AM
57
wolfi
wolfi

CVE-2024-22871 vulnerabilities

Vulnerabilities for packages:...

7.2AI Score

0.0004EPSS

2024-06-17 09:08 AM
6
openbugbounty
openbugbounty

ermis-suites.gr Cross Site Scripting vulnerability OBB-3935826

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 08:40 AM
3
openbugbounty
openbugbounty

typet.gr Cross Site Scripting vulnerability OBB-3935825

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 08:39 AM
3
openbugbounty
openbugbounty

codepromo-rtbf-be.digidip.net Open Redirect vulnerability OBB-3935824

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-17 08:37 AM
3
openbugbounty
openbugbounty

forumanti-crisefr.digidip.net Open Redirect vulnerability OBB-3935823

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-17 08:33 AM
2
cve
cve

CVE-2024-36289

Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle...

6.7AI Score

0.0004EPSS

2024-06-17 08:15 AM
3
nvd
nvd

CVE-2024-36289

Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle...

0.0004EPSS

2024-06-17 08:15 AM
2
nvd
nvd

CVE-2024-36279

Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a....

0.0004EPSS

2024-06-17 08:15 AM
2
cve
cve

CVE-2024-36279

Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a....

6.7AI Score

0.0004EPSS

2024-06-17 08:15 AM
3
openbugbounty
openbugbounty

avdelidi.gr Cross Site Scripting vulnerability OBB-3935819

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 08:03 AM
2
cvelist
cvelist

CVE-2024-36289

Reusing a nonce, key pair in encryption issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a man-in-the-middle...

0.0004EPSS

2024-06-17 07:34 AM
3
cvelist
cvelist

CVE-2024-36279

Reliance on obfuscation or encryption of security-relevant inputs without integrity checking issue exists in "FreeFrom - the nostr client" App versions prior to 1.3.5 for Android and iOS. If this vulnerability is exploited, the content of direct messages (DMs) between users may be manipulated by a....

0.0004EPSS

2024-06-17 07:34 AM
3
openbugbounty
openbugbounty

img.parismature.com Open Redirect vulnerability OBB-3935815

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-17 07:29 AM
3
openbugbounty
openbugbounty

protectlink.security-mail.net Open Redirect vulnerability OBB-3935814

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-17 07:24 AM
3
cve
cve

CVE-2024-5650

DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to...

8.5CVSS

8.7AI Score

0.0004EPSS

2024-06-17 07:15 AM
2
nvd
nvd

CVE-2024-5650

DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to...

8.5CVSS

0.0004EPSS

2024-06-17 07:15 AM
3
malwarebytes
malwarebytes

A week in security (June 10 – June 16)

Last week on Malwarebytes Labs: Truist bank confirms data breach Update now! Google Pixel vulnerability is under active exploitation Adobe clarifies Terms of Service change, says it doesn’t train AI on customer content 23andMe data breach under joint investigation in two countries When things go...

7AI Score

2024-06-17 07:03 AM
4
openbugbounty
openbugbounty

aardvark.com.gr Cross Site Scripting vulnerability OBB-3935809

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:33 AM
4
thn
thn

Hackers Exploit Legitimate Websites to Deliver BadSpace Windows Backdoor

Legitimate-but-compromised websites are being used as a conduit to deliver a Windows backdoor dubbed BadSpace under the guise of fake browser updates. "The threat actor employs a multi-stage attack chain involving an infected website, a command-and-control (C2) server, in some cases a fake browser....

7.1AI Score

2024-06-17 06:28 AM
4
cvelist
cvelist

CVE-2024-5650

DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to...

8.5CVSS

0.0004EPSS

2024-06-17 06:21 AM
2
nvd
nvd

CVE-2024-4305

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

0.0004EPSS

2024-06-17 06:15 AM
2
cve
cve

CVE-2024-4305

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

5.6AI Score

0.0004EPSS

2024-06-17 06:15 AM
4
nvd
nvd

CVE-2024-3236

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...

0.0004EPSS

2024-06-17 06:15 AM
2
cve
cve

CVE-2024-3236

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...

5.6AI Score

0.0004EPSS

2024-06-17 06:15 AM
6
openbugbounty
openbugbounty

heerfashion.com Cross Site Scripting vulnerability OBB-3935807

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:09 AM
2
cvelist
cvelist

CVE-2024-3236 Easy Notify Lite < 1.1.33 - Contributor+ Stored XSS

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...

0.0004EPSS

2024-06-17 06:00 AM
1
openbugbounty
openbugbounty

mashcall.com Cross Site Scripting vulnerability OBB-3935805

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 05:41 AM
2
thn
thn

NiceRAT Malware Targets South Korean Users via Cracked Software

Threat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which target South Korean users, are designed to propagate the malware under the guise of cracked software, such as Microsoft Windows, or tools that purport to offer license...

6.9AI Score

2024-06-17 05:11 AM
9
nvd
nvd

CVE-2024-6045

Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....

8.8CVSS

0.001EPSS

2024-06-17 04:15 AM
3
cve
cve

CVE-2024-6045

Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....

8.8CVSS

8.4AI Score

0.001EPSS

2024-06-17 04:15 AM
9
nvd
nvd

CVE-2024-6044

Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the...

6.5CVSS

0.001EPSS

2024-06-17 03:15 AM
5
cve
cve

CVE-2024-5163

Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security...

7.4AI Score

0.0004EPSS

2024-06-17 03:15 AM
5
nvd
nvd

CVE-2024-5163

Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security...

0.0004EPSS

2024-06-17 03:15 AM
4
cve
cve

CVE-2024-6044

Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the...

6.5CVSS

6.5AI Score

0.001EPSS

2024-06-17 03:15 AM
3
cvelist
cvelist

CVE-2024-6045 D-Link router - Hidden Backdoor

Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....

8.8CVSS

0.001EPSS

2024-06-17 03:12 AM
5
cvelist
cvelist

CVE-2024-5163

Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security...

0.0004EPSS

2024-06-17 03:07 AM
cvelist
cvelist

CVE-2024-6044 D-Link router - Arbitrary File Reading

Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the...

6.5CVSS

0.001EPSS

2024-06-17 02:30 AM
2
cve
cve

CVE-2024-6042

A vulnerability was found in itsourcecode Real Estate Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file property-detail.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The...

7.3CVSS

6.8AI Score

0.0004EPSS

2024-06-17 12:15 AM
3
nvd
nvd

CVE-2024-6042

A vulnerability was found in itsourcecode Real Estate Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file property-detail.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The...

7.3CVSS

0.0004EPSS

2024-06-17 12:15 AM
3
cvelist
cvelist

CVE-2024-6042 itsourcecode Real Estate Management System property-detail.php sql injection

A vulnerability was found in itsourcecode Real Estate Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file property-detail.php. The manipulation of the argument id leads to sql injection. The attack may be launched remotely. The...

7.3CVSS

0.0004EPSS

2024-06-16 11:31 PM
2
cve
cve

CVE-2024-6041

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The...

6.3CVSS

6.8AI Score

0.0004EPSS

2024-06-16 11:15 PM
4
nvd
nvd

CVE-2024-6041

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The...

6.3CVSS

0.0004EPSS

2024-06-16 11:15 PM
1
cvelist
cvelist

CVE-2024-6041 itsourcecode Gym Management System manage_user.php sql injection

A vulnerability was found in itsourcecode Gym Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file manage_user.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely. The...

6.3CVSS

0.0004EPSS

2024-06-16 11:00 PM
2
cve
cve

CVE-2024-34451

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For...

7.5AI Score

0.0004EPSS

2024-06-16 10:15 PM
4
nvd
nvd

CVE-2024-34451

Ghost through 5.85.1 allows remote attackers to bypass an authentication rate-limit protection mechanism by using many X-Forwarded-For headers with different values. NOTE: the vendor's position is that Ghost should be installed with a reverse proxy that allows only trusted X-Forwarded-For...

0.0004EPSS

2024-06-16 10:15 PM
5
nvd
nvd

CVE-2023-27636

Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF...

0.001EPSS

2024-06-16 09:15 PM
5
nvd
nvd

CVE-2024-38396

An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...

0.0004EPSS

2024-06-16 09:15 PM
6
cve
cve

CVE-2024-38396

An issue was discovered in iTerm2 3.5.x before 3.5.2. Unfiltered use of an escape sequence to report a window title, in combination with the built-in tmux integration feature (enabled by default), allows an attacker to inject arbitrary code into the terminal, a different vulnerability than...

7.2AI Score

0.0004EPSS

2024-06-16 09:15 PM
6
cve
cve

CVE-2023-27636

Progress Sitefinity before 15.0.0 allows XSS by authenticated users via the content form in the SF...

6AI Score

0.001EPSS

2024-06-16 09:15 PM
5
Total number of security vulnerabilities2099150