Lucene search

K

Ibtana – WordPress Website Builder Security Vulnerabilities

openbugbounty
openbugbounty

borrellassociates.com Cross Site Scripting vulnerability OBB-3938475

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 08:46 PM
4
openbugbounty
openbugbounty

uoanbar.edu.iq Cross Site Scripting vulnerability OBB-3938474

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 07:17 PM
5
openbugbounty
openbugbounty

bioindustry.org Cross Site Scripting vulnerability OBB-3938467

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 06:06 PM
3
openbugbounty
openbugbounty

support.realtech.com Cross Site Scripting vulnerability OBB-3938464

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 05:35 PM
4
openbugbounty
openbugbounty

genoverband.de Cross Site Scripting vulnerability OBB-3938463

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 05:21 PM
6
malwarebytes
malwarebytes

Change Healthcare confirms the customer data stolen in ransomware attack

For the first time since news broke about a ransomware attack on Change Healthcare, the company has released details about the data stolen during the attack. First, a quick refresher: On February 21, 2024, Change Healthcare experienced serious system outages due to a cyberattack. The incident led.....

7.4AI Score

2024-06-24 04:42 PM
2
githubexploit
githubexploit

Exploit for OS Command Injection in Dolibarr Dolibarr Erp/Crm

Readme.md CVE-2023-30253 CVE-2023-30253 is a...

8.8CVSS

7.6AI Score

0.008EPSS

2024-06-24 04:22 PM
46
openbugbounty
openbugbounty

jkpanchayat.jk.gov.in Cross Site Scripting vulnerability OBB-3938462

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 04:19 PM
6
openbugbounty
openbugbounty

ucly.fr Cross Site Scripting vulnerability OBB-3938461

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 04:07 PM
8
openbugbounty
openbugbounty

esdes.fr Cross Site Scripting vulnerability OBB-3938460

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 04:04 PM
5
openbugbounty
openbugbounty

axent.com.au Cross Site Scripting vulnerability OBB-3938459

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 03:51 PM
5
openbugbounty
openbugbounty

ductmann.co.uk Cross Site Scripting vulnerability OBB-3938458

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 03:35 PM
4
wordfence
wordfence

Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins

On Monday June 24th, 2024 the Wordfence Threat Intelligence team became aware of a plugin, Social Warfare, that was injected with malicious code on June 22, 2024 based on a forum post by the WordPress.org Plugin Review team. We immediately checked the malicious file and uploaded it to our internal....

7.1AI Score

2024-06-24 03:21 PM
3
openbugbounty
openbugbounty

viskefi.com Cross Site Scripting vulnerability OBB-3938457

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 03:20 PM
3
openbugbounty
openbugbounty

knsolutionedu.com Cross Site Scripting vulnerability OBB-3938456

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 03:18 PM
openbugbounty
openbugbounty

miraclus.com Cross Site Scripting vulnerability OBB-3938455

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 03:12 PM
3
openbugbounty
openbugbounty

basoindia.org Cross Site Scripting vulnerability OBB-3938451

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 02:55 PM
openbugbounty
openbugbounty

bbmdr.it Cross Site Scripting vulnerability OBB-3938449

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 02:46 PM
3
openbugbounty
openbugbounty

ediliziapubblicapratese.it Cross Site Scripting vulnerability OBB-3938448

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 02:44 PM
3
openbugbounty
openbugbounty

montealato.it Cross Site Scripting vulnerability OBB-3938447

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 02:39 PM
3
cve
cve

CVE-2024-4748

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which...

8.8CVSS

8.9AI Score

0.0004EPSS

2024-06-24 02:15 PM
10
nvd
nvd

CVE-2024-4748

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which...

8.8CVSS

0.0004EPSS

2024-06-24 02:15 PM
4
openbugbounty
openbugbounty

sujeetind.com Cross Site Scripting vulnerability OBB-3938444

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 02:01 PM
2
openbugbounty
openbugbounty

career.cesindia.org Cross Site Scripting vulnerability OBB-3938443

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 01:58 PM
3
nuclei
nuclei

3DPrint Lite < 1.9.1.5 - Arbitrary File Upload

The plugin does not have any authorisation and does not check the uploaded file in its p3dlite_handle_upload AJAX action , allowing unauthenticated users to upload arbitrary file to the web server. However, there is a .htaccess, preventing the file to be accessed on Web servers such as...

9.8CVSS

7.1AI Score

0.188EPSS

2024-06-24 01:55 PM
vulnrichment
vulnrichment

CVE-2024-4748 RCE in Cruddiy

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which...

8.8CVSS

8.9AI Score

0.0004EPSS

2024-06-24 01:52 PM
cvelist
cvelist

CVE-2024-4748 RCE in Cruddiy

The CRUDDIY project is vulnerable to shell command injection via sending a crafted POST request to the application server. The exploitation risk is limited since CRUDDIY is meant to be launched locally. Nevertheless, a user with the project running on their computer might visit a website which...

8.8CVSS

0.0004EPSS

2024-06-24 01:52 PM
4
openbugbounty
openbugbounty

digitallatte.in Cross Site Scripting vulnerability OBB-3938441

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 01:51 PM
4
openbugbounty
openbugbounty

anandengg.in Cross Site Scripting vulnerability OBB-3938440

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 01:48 PM
5
openbugbounty
openbugbounty

lobbi.mk Cross Site Scripting vulnerability OBB-3938439

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 01:24 PM
3
openbugbounty
openbugbounty

mi-farma.it Cross Site Scripting vulnerability OBB-3938438

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-24 01:21 PM
6
cve
cve

CVE-2024-37231

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through...

8.6CVSS

8.6AI Score

0.0004EPSS

2024-06-24 01:15 PM
8
cve
cve

CVE-2024-37233

Improper Authentication vulnerability in Play.Ht allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Play.Ht: from n/a through...

4.3CVSS

4.8AI Score

0.0004EPSS

2024-06-24 01:15 PM
9
nvd
nvd

CVE-2024-37233

Improper Authentication vulnerability in Play.Ht allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Play.Ht: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-24 01:15 PM
2
nvd
nvd

CVE-2024-37231

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through...

8.6CVSS

0.0004EPSS

2024-06-24 01:15 PM
4
cve
cve

CVE-2024-37111

Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a through...

7.5CVSS

7.6AI Score

0.0004EPSS

2024-06-24 01:15 PM
7
cve
cve

CVE-2024-37109

Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a through...

9.9CVSS

9.7AI Score

0.0004EPSS

2024-06-24 01:15 PM
7
nvd
nvd

CVE-2024-37228

Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through...

10CVSS

0.0004EPSS

2024-06-24 01:15 PM
2
cve
cve

CVE-2024-37092

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through...

8.5CVSS

8.5AI Score

0.0004EPSS

2024-06-24 01:15 PM
6
cve
cve

CVE-2024-37228

Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through...

10CVSS

9.7AI Score

0.0004EPSS

2024-06-24 01:15 PM
8
nvd
nvd

CVE-2024-37109

Improper Control of Generation of Code ('Code Injection') vulnerability in Membership Software WishList Member X allows Code Injection.This issue affects WishList Member X: from n/a through...

9.9CVSS

0.0004EPSS

2024-06-24 01:15 PM
cve
cve

CVE-2024-37107

Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a through...

8.8CVSS

8.8AI Score

0.0004EPSS

2024-06-24 01:15 PM
8
nvd
nvd

CVE-2024-37107

Improper Privilege Management vulnerability in Membership Software WishList Member X allows Privilege Escalation.This issue affects WishList Member X: from n/a through...

8.8CVSS

0.0004EPSS

2024-06-24 01:15 PM
3
nvd
nvd

CVE-2024-37092

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in StylemixThemes Consulting Elementor Widgets allows PHP Local File Inclusion.This issue affects Consulting Elementor Widgets: from n/a through...

8.5CVSS

0.0004EPSS

2024-06-24 01:15 PM
nvd
nvd

CVE-2024-37111

Missing Authorization vulnerability in Membership Software WishList Member X.This issue affects WishList Member X: from n/a through...

7.5CVSS

0.0004EPSS

2024-06-24 01:15 PM
1
cvelist
cvelist

CVE-2024-37233 WordPress Play.ht plugin <= 3.6.4 - Broken Access Control vulnerability

Improper Authentication vulnerability in Play.Ht allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Play.Ht: from n/a through...

4.3CVSS

0.0004EPSS

2024-06-24 12:47 PM
3
cvelist
cvelist

CVE-2024-37231 WordPress Salon booking system plugin <= 9.9 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through...

8.6CVSS

0.0004EPSS

2024-06-24 12:39 PM
2
vulnrichment
vulnrichment

CVE-2024-37231 WordPress Salon booking system plugin <= 9.9 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Salon Booking System Salon booking system allows File Manipulation.This issue affects Salon booking system: from n/a through...

8.6CVSS

6.8AI Score

0.0004EPSS

2024-06-24 12:39 PM
2
cvelist
cvelist

CVE-2024-37228 WordPress InstaWP Connect plugin <= 0.1.0.38 - Arbitrary File Upload vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through...

10CVSS

0.0004EPSS

2024-06-24 12:35 PM
3
vulnrichment
vulnrichment

CVE-2024-37228 WordPress InstaWP Connect plugin <= 0.1.0.38 - Arbitrary File Upload vulnerability

Improper Control of Generation of Code ('Code Injection') vulnerability in InstaWP Team InstaWP Connect allows Code Injection.This issue affects InstaWP Connect: from n/a through...

10CVSS

7.1AI Score

0.0004EPSS

2024-06-24 12:35 PM
Total number of security vulnerabilities1409391