Image And Video Lightbox, Image PopUp Security Vulnerabilities

hennweb.de Cross Site Scripting vulnerability OBB-3931463

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-28826 Unrestricted upload and download paths in check_sftp

Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configure the check to read and write local files on the Checkmk site...

pictory.ai Cross Site Scripting vulnerability OBB-3931461

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

vdwsaar.de Cross Site Scripting vulnerability OBB-3931462

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

tobecoupon.com Cross Site Scripting vulnerability OBB-3931458

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

forpress.ru Cross Site Scripting vulnerability OBB-3931456

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

ruspravochnik.com Cross Site Scripting vulnerability OBB-3931454

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

kosmetista.ru Cross Site Scripting vulnerability OBB-3931455

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

adme.media Cross Site Scripting vulnerability OBB-3931453

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

vposter.ru Cross Site Scripting vulnerability OBB-3931452

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

podster.fm Cross Site Scripting vulnerability OBB-3931451

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

otzyv.guru Cross Site Scripting vulnerability OBB-3931450

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

elibrary.ru Cross Site Scripting vulnerability OBB-3931449

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

24-review.ru Cross Site Scripting vulnerability OBB-3931448

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

gamemag.ru Cross Site Scripting vulnerability OBB-3931447

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

epochta.ru Cross Site Scripting vulnerability OBB-3931446

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

biolabscientific.com Cross Site Scripting vulnerability OBB-3931443

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

eventoeduteka.com Cross Site Scripting vulnerability OBB-3931442

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

biochemistry.indiana.edu Cross Site Scripting vulnerability OBB-3931440

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

my.sitebar.org Cross Site Scripting vulnerability OBB-3931439

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

astemplates.com Cross Site Scripting vulnerability OBB-3931437

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

bilmagasinet.dk Cross Site Scripting vulnerability OBB-3931438

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

bieliace-pasiky.com Cross Site Scripting vulnerability OBB-3931436

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

belici-pasky.com Cross Site Scripting vulnerability OBB-3931432

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

be.lv Cross Site Scripting vulnerability OBB-3931431

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-36472

In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource...

CVE-2024-3412 WP STAGING WordPress Backup Plugin – Migration Backup Restore <= 3.4.3 - Authenticated (Admin+) Arbitrary File Upload

The WP STAGING WordPress Backup Plugin – Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpstg_processing AJAX action in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers,...

CVE-2024-36015 ppdev: Add an error check in register_device

In the Linux kernel, the following vulnerability has been resolved: ppdev: Add an error check in register_device In register_device, the return value of ida_simple_get is unchecked, in witch ida_simple_get will use an invalid index value. To address this issue, index should be checked after...

CVE-2024-5086 Essential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Builders <= 5.8.14 - Authenticated (Contributor+) Stored Cross-Site Scripting via Team Member Carousel Widget

The Essential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team Member Carousel widget in all Pro versions up to, and including, 5.8.14 due to insufficient input...

CVE-2024-21512

Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using nestTables. Mitigation...

Wordpress Country State City Dropdown <=2.7.2 - SQL Injection

The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it....

CVE-2024-3937 Playlist for Youtube <= 1.32 - Editor+ Stored XSS

The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2024-3921 Gianism <= 5.1.0 - Admin+ Stored XSS

The Gianism WordPress plugin through 5.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...

CVE-2024-4419 Fetch JFT <= 1.8.3 - Authenticated (Administrator+) Stored Cross-Site Scripting

The Fetch JFT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...

CVE-2024-21512

Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using...

CVE-2024-4611 AppPresser <= 4.3.2 - Improper Missing Encryption Exception Handling to Authentication Bypass

The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the...

CVE-2023-6743 Unlimited Elements for Elementor <= 1.5.89 - Authenticated(Contributor+) Remote Code Execution via template import

The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with contributor access and...

CVE-2024-0434 WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly <= 1.7.1 - Missing Authorization via ttbm_new_place_save

The WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ttbm_new_place_save' function in all versions up to, and including, 1.7.1. This makes it possible for...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: skaffold, eksctl, nri-couchbase, clusterctl, nri-mssql, secrets-store-csi-driver-provider-gcp, kpt, task, q, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, mage, prometheus-mongodb-exporter, sonobuoy, capslock,....

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: skaffold, eksctl, clusterctl, secrets-store-csi-driver-provider-gcp, kpt, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, prometheus-mongodb-exporter, sonobuoy, istio-operator, capslock, haproxy-ingress,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: nri-mssql, kpt, nsc, kaf, yam, http-echo, docker-credential-gcr, chezmoi, nfs-subdir-external-provisioner, newrelic-infra-operator, cluster-api-controller, containerd, kyverno-policy-reporter-kyverno-plugin, kaniko, protoc-gen-go, kor, kwok, aws-flb-kinesis, ollama,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: skaffold, eksctl, clusterctl, secrets-store-csi-driver-provider-gcp, kpt, q, cri-tools, logstash-exporter, terraform-docs, kaf, ferretdb, kubernetes-dashboard, mage, sonobuoy, vault-k8s, istio-operator, capslock, wait-for-port, flux-source-controller, http-echo,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: skaffold, eksctl, clusterctl, secrets-store-csi-driver-provider-gcp, kpt, q, cri-tools, logstash-exporter, terraform-docs, kaf, ferretdb, kubernetes-dashboard, mage, sonobuoy, vault-k8s, istio-operator, capslock, wait-for-port, flux-source-controller, http-echo,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: skaffold, secrets-store-csi-driver-provider-gcp, kpt, thanos-operator, kaf, kubernetes-dashboard, k3s, prometheus-mongodb-exporter, vault-k8s, haproxy-ingress, kube-logging-operator, flux-source-controller, metrics-server, zot, influxd, minio, prometheus-alertmanager,....

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: eksctl, nri-mssql, terraform-docs, nsc, kaf, ferretdb, k3s, kubernetes-dashboard, prometheus-mongodb-exporter, vault-k8s, istio-operator, haproxy-ingress, libssh, flux-source-controller, metrics-server, zot, influxd, up, caddy, prometheus-alertmanager,...

CVE-2024-24557 vulnerabilities

Vulnerabilities for packages: skaffold, eksctl, skopeo, goreleaser, trivy, kubeflow-katib, cri-tools, scorecard, crane, cosign, dagger, guac, k3s, aactl, kubevela, zot, up, docker-credential-gcr, flux-image-reflector-controller, gitlab-runner, kots, policy-controller, tekton-chains, telegraf,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: skaffold, eksctl, clusterctl, secrets-store-csi-driver-provider-gcp, kpt, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, prometheus-mongodb-exporter, sonobuoy, istio-operator, capslock, haproxy-ingress,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: skaffold, eksctl, nri-couchbase, clusterctl, nri-mssql, secrets-store-csi-driver-provider-gcp, kpt, task, q, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, mage, prometheus-mongodb-exporter, sonobuoy, capslock,....

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: skaffold, eksctl, nri-couchbase, clusterctl, nri-mssql, secrets-store-csi-driver-provider-gcp, kpt, task, q, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, mage, prometheus-mongodb-exporter, sonobuoy, capslock,....

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: nri-mssql, kpt, nsc, kaf, yam, http-echo, docker-credential-gcr, chezmoi, nfs-subdir-external-provisioner, newrelic-infra-operator, cluster-api-controller, containerd, kyverno-policy-reporter-kyverno-plugin, kaniko, protoc-gen-go, kor, kwok, aws-flb-kinesis, ollama,...