Gallery – Image And Video Gallery With Thumbnails Security Vulnerabilities

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS

PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS RM3/CRS dispenser firmware (all versions up to and including 41128 1002 RM3_CRS.BTR + 170329 2332 RM3_CRS.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5

PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5 CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...

Updated unbound packages fix security vulnerability

Along with various minor bug fixing, this update addresses the security vulnerability CVE-2024-33655 which would have allowed unbound to be used as a...

mail.hritacademy.edu.np Cross Site Scripting vulnerability OBB-3932460

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

admasuniversity.edu.et Cross Site Scripting vulnerability OBB-3932459

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

uac.pt Cross Site Scripting vulnerability OBB-3932458

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

dso-maps.de Cross Site Scripting vulnerability OBB-3932457

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-4344 Shield Security – Smart Bot Blocking & Intrusion Prevention Security <= 19.1.13 - Cross-Site Request Forgery

The Shield Security – Smart Bot Blocking & Intrusion Prevention Security plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 19.1.13. This is due to missing or incorrect nonce validation on the exec function. This makes it possible for...

trinamics.co.uk Cross Site Scripting vulnerability OBB-3932455

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

manchesterneurophysio.co.uk Cross Site Scripting vulnerability OBB-3932453

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: docker, kubeflow-katib, nvidia-device-plugin, flux, temporal-ui-server, kube-bench, nodetaint, secrets-store-csi-driver-provider-aws, secrets-store-csi-driver, gatekeeper, hugo, crossplane-provider-gcp, k3d, scorecard, envoy-ratelimit, ip-masq-agent, atlantis, keda,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, cni-plugins, kubeflow-katib, nvidia-device-plugin, flux, paranoia, nri-kafka, temporal-ui-server, docker-credential-ecr-login, kube-bench, regclient, nri-rabbitmq, nodetaint, secrets-store-csi-driver-provider-aws, gatekeeper, oras,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, flyte, node-feature-discovery, croc, overmind, nvidia-device-plugin, paranoia, docker-credential-ecr-login, kube-bench, regclient, secrets-store-csi-driver-provider-aws, secrets-store-csi-driver, oras, spegel, scorecard,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, flyte, node-feature-discovery, croc, overmind, nvidia-device-plugin, paranoia, docker-credential-ecr-login, kube-bench, regclient, secrets-store-csi-driver-provider-aws, secrets-store-csi-driver, oras, spegel, scorecard,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: kubeflow-katib, nvidia-device-plugin, flux, nodetaint, secrets-store-csi-driver, gatekeeper, hugo, k3d, opentofu, keda, sigstore-scaffolding, crossplane-provider-azure, chartmuseum, flux-helm-controller, haproxy-ingress, kube-fluentd-operator, memcached-exporter,...

CVE-2024-24557 vulnerabilities

Vulnerabilities for packages: gitsign, loki, k9s, kubeflow-katib, guac, k8sgpt, cri-tools, datadog-agent, newrelic-infrastructure-agent, cert-manager, dagger, telegraf, falcoctl, buildkitd, helm-operator, crane, scorecard, policy-controller, bom, filebeat, slsa-verifier, nerdctl, zot,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, cni-plugins, kubeflow-katib, nvidia-device-plugin, flux, paranoia, nri-kafka, temporal-ui-server, docker-credential-ecr-login, kube-bench, regclient, nri-rabbitmq, nodetaint, secrets-store-csi-driver-provider-aws, gatekeeper, oras,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, cni-plugins, kubeflow-katib, nvidia-device-plugin, flux, paranoia, nri-kafka, temporal-ui-server, docker-credential-ecr-login, kube-bench, regclient, nri-rabbitmq, nodetaint, secrets-store-csi-driver-provider-aws, gatekeeper, oras,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: vt-cli, node-feature-discovery, cni-plugins, paranoia, gatekeeper, scorecard, crossplane-provider-gcp, k3d, keda, docker-credential-gcr, velero-plugin-for-csi, gitlab-shell, controller-gen, rekor, gobump, sonobuoy, temporal-server, gosu, eksctl, delve,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: go-licenses, kubeflow-katib, flux, nri-kafka, temporal-ui-server, secrets-store-csi-driver, gatekeeper, hugo, scorecard, k3d, atlantis, opentofu, sigstore-scaffolding, crossplane-provider-azure, caddy, flux-helm-controller, gitlab-shell, rekor, kube-rbac-proxy,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: docker, kubeflow-katib, nvidia-device-plugin, flux, temporal-ui-server, kube-bench, nodetaint, secrets-store-csi-driver-provider-aws, secrets-store-csi-driver, gatekeeper, hugo, crossplane-provider-gcp, k3d, scorecard, envoy-ratelimit, ip-masq-agent, atlantis, keda,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: vt-cli, node-feature-discovery, cni-plugins, paranoia, gatekeeper, scorecard, crossplane-provider-gcp, k3d, keda, docker-credential-gcr, velero-plugin-for-csi, gitlab-shell, controller-gen, rekor, gobump, sonobuoy, temporal-server, gosu, eksctl, delve,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, flyte, node-feature-discovery, croc, overmind, nvidia-device-plugin, paranoia, docker-credential-ecr-login, kube-bench, regclient, secrets-store-csi-driver-provider-aws, secrets-store-csi-driver, oras, spegel, scorecard,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: kubeflow-katib, nvidia-device-plugin, flux, nodetaint, secrets-store-csi-driver, gatekeeper, hugo, k3d, atlantis, keda, opentofu, go, sigstore-scaffolding, crossplane-provider-azure, caddy, chartmuseum, flux-helm-controller, gitlab-shell, haproxy-ingress,...

GHSA-9763-4F94-GFCH vulnerabilities

Vulnerabilities for packages: gitsign, flux-notification-controller, gitness, flux, pulumi-language-yaml, pulumi-kubernetes-operator, kaniko, vault, argo-cd, scorecard, policy-controller, flux-kustomize-controller, wolfictl, boring-registry, slsa-verifier, keda, sops, terraform-provider-google,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, cni-plugins, kubeflow-katib, nvidia-device-plugin, flux, paranoia, nri-kafka, temporal-ui-server, docker-credential-ecr-login, kube-bench, regclient, nri-rabbitmq, nodetaint, secrets-store-csi-driver-provider-aws, gatekeeper, oras,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, cni-plugins, kubeflow-katib, nvidia-device-plugin, flux, paranoia, nri-kafka, temporal-ui-server, docker-credential-ecr-login, kube-bench, regclient, nri-rabbitmq, nodetaint, secrets-store-csi-driver-provider-aws, gatekeeper, oras,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, cni-plugins, kubeflow-katib, nvidia-device-plugin, flux, paranoia, nri-kafka, temporal-ui-server, docker-credential-ecr-login, kube-bench, regclient, nri-rabbitmq, nodetaint, secrets-store-csi-driver-provider-aws, gatekeeper, oras,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, cni-plugins, kubeflow-katib, nvidia-device-plugin, flux, paranoia, nri-kafka, temporal-ui-server, docker-credential-ecr-login, kube-bench, regclient, nri-rabbitmq, nodetaint, secrets-store-csi-driver-provider-aws, gatekeeper, oras,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: kubeflow-katib, nvidia-device-plugin, flux, nodetaint, secrets-store-csi-driver, gatekeeper, hugo, k3d, opentofu, keda, sigstore-scaffolding, crossplane-provider-azure, chartmuseum, flux-helm-controller, haproxy-ingress, kube-fluentd-operator, memcached-exporter,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: kubeflow-katib, nvidia-device-plugin, flux, nodetaint, secrets-store-csi-driver, gatekeeper, hugo, k3d, atlantis, keda, opentofu, go, sigstore-scaffolding, crossplane-provider-azure, caddy, chartmuseum, flux-helm-controller, gitlab-shell, haproxy-ingress,...

GHSA-45X7-PX36-X8W8 vulnerabilities

Vulnerabilities for packages: go-licenses, kubeflow-katib, flux, nri-kafka, temporal-ui-server, secrets-store-csi-driver, gatekeeper, hugo, scorecard, k3d, atlantis, opentofu, sigstore-scaffolding, crossplane-provider-azure, caddy, flux-helm-controller, gitlab-shell, rekor, kube-rbac-proxy,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, cni-plugins, kubeflow-katib, nvidia-device-plugin, flux, paranoia, nri-kafka, temporal-ui-server, docker-credential-ecr-login, kube-bench, regclient, nri-rabbitmq, nodetaint, secrets-store-csi-driver-provider-aws, gatekeeper, oras,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, cni-plugins, kubeflow-katib, nvidia-device-plugin, flux, paranoia, nri-kafka, temporal-ui-server, docker-credential-ecr-login, kube-bench, regclient, nri-rabbitmq, nodetaint, secrets-store-csi-driver-provider-aws, gatekeeper, oras,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, flyte, node-feature-discovery, croc, overmind, nvidia-device-plugin, paranoia, docker-credential-ecr-login, kube-bench, regclient, secrets-store-csi-driver-provider-aws, secrets-store-csi-driver, oras, spegel, scorecard,...

GHSA-XW73-RW38-6VJC vulnerabilities

Vulnerabilities for packages: gitsign, loki, k9s, kubeflow-katib, guac, k8sgpt, cri-tools, datadog-agent, newrelic-infrastructure-agent, cert-manager, dagger, telegraf, falcoctl, buildkitd, helm-operator, crane, scorecard, policy-controller, bom, filebeat, slsa-verifier, nerdctl, zot,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, cni-plugins, kubeflow-katib, nvidia-device-plugin, flux, paranoia, nri-kafka, temporal-ui-server, docker-credential-ecr-login, kube-bench, regclient, nri-rabbitmq, nodetaint, secrets-store-csi-driver-provider-aws, gatekeeper, oras,...

smarttravel.cz Cross Site Scripting vulnerability OBB-3932450

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

smartorder.dreve-america.com Cross Site Scripting vulnerability OBB-3932449

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

bakerfurniture.com Cross Site Scripting vulnerability OBB-3932448

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Ticketmaster confirms customer data breach

Live Nation Entertainment has confirmed what everyone has been speculating on for the last week: Ticketmaster has suffered a data breach. In a filing with the SEC, Live Nation said on May 20th it identified "unauthorized activity within a third-party cloud database environment containing Company...

cv.sipradi.com.np Cross Site Scripting vulnerability OBB-3932446

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

smoothways.net Cross Site Scripting vulnerability OBB-3932443

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

yalebooks.co.uk Cross Site Scripting vulnerability OBB-3932442

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-4148 Redos (Regular Expression Denial of Service) in lunary-ai/lunary

A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary application, version 1.2.10. An attacker can exploit this vulnerability by maliciously manipulating regular expressions, which can significantly impact the response time of the application and potentially...

forum-startup-chemie.de Cross Site Scripting vulnerability OBB-3932439

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

chemicalparks.com Cross Site Scripting vulnerability OBB-3932438

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

dechemax.de Cross Site Scripting vulnerability OBB-3932436

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

informatik.uni-leipzig.de Cross Site Scripting vulnerability OBB-3932433

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

The Ticketmaster Data Breach May Be Just the Beginning

Data breaches at Ticketmaster and financial services company Santander have been linked to attacks against cloud provider Snowflake. Researchers fear more breaches will soon be...