Lucene search

K

Interactive Contact Form And Multi Step Form Builder With Drag & Drop Editor Security Vulnerabilities

cve
cve

CVE-2024-37661

TP-LINK TL-7DR5130 v1.0.23 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect...

6.6AI Score

EPSS

2024-06-17 06:15 PM
3
cve
cve

CVE-2024-37664

Redmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by sending out forged TCP RST messages to evict NAT mappings in the...

6.7AI Score

EPSS

2024-06-17 06:15 PM
2
nvd
nvd

CVE-2024-37663

Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect...

EPSS

2024-06-17 06:15 PM
2
nvd
nvd

CVE-2024-36527

puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the...

EPSS

2024-06-17 06:15 PM
3
cve
cve

CVE-2024-36527

puppeteer-renderer v.3.2.0 and before is vulnerable to Directory Traversal. Attackers can exploit the URL parameter using the file protocol to read sensitive information from the...

6.1AI Score

EPSS

2024-06-17 06:15 PM
2
openbugbounty
openbugbounty

alexander-meinzer.de Cross Site Scripting vulnerability OBB-3935984

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:15 PM
2
openbugbounty
openbugbounty

muelltueten.de Cross Site Scripting vulnerability OBB-3935983

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:10 PM
4
openbugbounty
openbugbounty

guersel-transporte.de Cross Site Scripting vulnerability OBB-3935982

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:08 PM
4
openbugbounty
openbugbounty

remember-cars.de Cross Site Scripting vulnerability OBB-3935980

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:05 PM
2
cvelist
cvelist

CVE-2024-6058 LabVantage LIMS cross site scripting

A vulnerability classified as problematic has been found in LabVantage LIMS 2017. This affects an unknown part of the file /labvantage/rc?command=page&page=SampleHistoricalList&_iframename=list&__crc=crc_1701669816260. The manipulation of the argument height/width leads to cross site scripting. It....

3.5CVSS

EPSS

2024-06-17 06:00 PM
1
vulnrichment
vulnrichment

CVE-2024-36973 misc: microchip: pci1xxxx: fix double free in the error handling of gp_aux_bus_probe()

In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: fix double free in the error handling of gp_aux_bus_probe() When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), callback function gp_auxiliary_device_release() calls...

7AI Score

EPSS

2024-06-17 05:51 PM
cvelist
cvelist

CVE-2024-36973 misc: microchip: pci1xxxx: fix double free in the error handling of gp_aux_bus_probe()

In the Linux kernel, the following vulnerability has been resolved: misc: microchip: pci1xxxx: fix double free in the error handling of gp_aux_bus_probe() When auxiliary_device_add() returns error and then calls auxiliary_device_uninit(), callback function gp_auxiliary_device_release() calls...

EPSS

2024-06-17 05:51 PM
2
cvelist
cvelist

CVE-2024-6056 nasirkhan Laravel Starter Password Reset forgot-password observable response discrepancy

A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /forgot-password of the component Password Reset Handler. The manipulation of the argument Email leads to observable response...

3.7CVSS

EPSS

2024-06-17 05:31 PM
openbugbounty
openbugbounty

onlanka.com Cross Site Scripting vulnerability OBB-3935974

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 05:29 PM
1
redhatcve
redhatcve

CVE-2024-24789

The archive/zip package's handling of certain types of invalid zip files differs from the behavior of most zip implementations. This misalignment could be exploited to create an zip file with contents that vary depending on the implementation reading the file. The archive/zip package now rejects...

6.6AI Score

0.0004EPSS

2024-06-17 05:20 PM
openbugbounty
openbugbounty

sepa.gov.rs Open Redirect vulnerability OBB-3935971

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-17 05:15 PM
3
osv
osv

Malicious code in delta0231 (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (7df399fa1580fb8e64d7cd2481b0212f607aa8146a1b904b83a7af05ebb8031b) The OpenSSF Package Analysis project identified 'delta0231' @ 100.0.0 (npm) as malicious. It is considered malicious because: The package...

7.3AI Score

2024-06-17 04:55 PM
osv
osv

Malicious code in commando333333 (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (3da17f518475bb94d3d0740d0e1fc486dcce1f4fd1c8f86b9578176c4ea04a03) The OpenSSF Package Analysis project identified 'commando333333' @ 10.0.0 (npm) as malicious. It is considered malicious because: The package...

7.3AI Score

2024-06-17 04:35 PM
githubexploit
githubexploit

Exploit for Path Traversal in Aiohttp

CVE-2024-23334 Exploit and PoC This repository contains a...

7.5CVSS

6.8AI Score

0.052EPSS

2024-06-17 04:28 PM
2
hackread
hackread

Critical Vulnerabilities Exposing Chinese Biometric Readers to Unauthorized Access

Is your fingerprint scanner safe? New research reveals 24 vulnerabilities in ZKTeco biometric access systems. This exposes critical facilities and businesses to a range of security risks. Learn how to protect yourself from unauthorized access, data theft, and system...

7.5AI Score

2024-06-17 04:24 PM
1
malwarebytes
malwarebytes

(Almost) everything you always wanted to know about cybersecurity, but were too afraid to ask, with Tjitske de Vries: Lock and Code S05E13

This week on the Lock and Code podcast… Ready to know what Malwarebytes knows? Ask us your questions and get some answers. What is a passphrase and what makes it—what’s the word? Strong? Every day, countless readers, listeners, posters, and users ask us questions about some of the most commonly...

7.3AI Score

2024-06-17 04:17 PM
1
nvd
nvd

CVE-2024-0397

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such...

EPSS

2024-06-17 04:15 PM
1
cve
cve

CVE-2024-0397

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such...

6.3AI Score

EPSS

2024-06-17 04:15 PM
3
openbugbounty
openbugbounty

ufa.topmuz.ru Cross Site Scripting vulnerability OBB-3935966

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 04:04 PM
3
openbugbounty
openbugbounty

cyberbelka.ru Cross Site Scripting vulnerability OBB-3935965

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 03:59 PM
4
ibm
ibm

Security Bulletin: IBM Sterling B2B Integrator - The Document Service Container in IBM Sterling B2B Integrator is vulnerable to denial of service due to jackson-core (256137)

Summary The Document Service Container in IBM Sterling B2B Integrator is vulnerable to a denial of service due to jackson-core (256137). IBM Sterling B2B Integrator has addressed the vulnerabilty in the Remediation/Fixes section of this bulletin. Vulnerability Details ** IBM X-Force ID: 256137 ...

6.9AI Score

2024-06-17 03:53 PM
ibm
ibm

Security Bulletin: A vulnerability in Apache Xerces C++ XML parser may affect IBM Storage Protect HSM for Windows

Summary IBM Storage Protect HSM for Windows can be affected by a security flaw in Apache Xerces C++ XML parser. The flaw can lead to arbitrary code execution, as described in the "Vulnerability Details" section. CVE-2024-23807. Vulnerability Details ** CVEID: CVE-2024-23807 DESCRIPTION: **Apache...

8AI Score

0.0004EPSS

2024-06-17 03:46 PM
osv
osv

Malicious code in dc-test1-asdf (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (04026ef40e4abce9afd70341d1bbb7d8907a917e7a6bd0fd6b7ffb15623a30c0) The OpenSSF Package Analysis project identified 'dc-test1-asdf' @ 1.0.1 (npm) as malicious. It is considered malicious because: The package...

7.3AI Score

2024-06-17 03:46 PM
openbugbounty
openbugbounty

kabelkonfektion-neumann.de Cross Site Scripting vulnerability OBB-3935964

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 03:45 PM
2
openbugbounty
openbugbounty

geliebto.de Cross Site Scripting vulnerability OBB-3935963

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 03:42 PM
3
openbugbounty
openbugbounty

wemo-trockenbau.de Cross Site Scripting vulnerability OBB-3935962

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 03:38 PM
3
nvd
nvd

CVE-2024-4032

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

EPSS

2024-06-17 03:15 PM
2
cve
cve

CVE-2024-4032

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

6.4AI Score

EPSS

2024-06-17 03:15 PM
3
osv
osv

PSF-2024-4

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such...

6.6AI Score

EPSS

2024-06-17 03:09 PM
cvelist
cvelist

CVE-2024-0397 Memory race condition in ssl.SSLContext certificate store methods

A defect was discovered in the Python “ssl” module where there is a memory race condition with the ssl.SSLContext methods “cert_store_stats()” and “get_ca_certs()”. The race condition can be triggered if the methods are called at the same time as certificates are loaded into the SSLContext, such...

EPSS

2024-06-17 03:09 PM
1
openbugbounty
openbugbounty

glav-complect.ru Cross Site Scripting vulnerability OBB-3935960

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 03:06 PM
2
osv
osv

PSF-2024-5

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

6.7AI Score

EPSS

2024-06-17 03:05 PM
cvelist
cvelist

CVE-2024-4032 Incorrect IPv4 and IPv6 private ranges

The “ipaddress” module contained incorrect information about whether certain IPv4 and IPv6 addresses were designated as “globally reachable” or “private”. This affected the is_private and is_global properties of the ipaddress.IPv4Address, ipaddress.IPv4Network, ipaddress.IPv6Address, and...

EPSS

2024-06-17 03:05 PM
1
ibm
ibm

Security Bulletin: IBM DevOps Release addresses multiple vulnerabilities.

Summary IBM DevOps Release 7.0.0.2 addresses multiple vulnerabilities. Vulnerability Details ** CVEID: CVE-2014-3643 DESCRIPTION: **Jersey could allow a remote attacker to obtain sensitive information, caused by an XML external entity (XXE) error when processing XML data by jersey SAX parser. By...

9.8CVSS

9.7AI Score

0.794EPSS

2024-06-17 02:48 PM
openbugbounty
openbugbounty

patp2-nv.ru Cross Site Scripting vulnerability OBB-3935958

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 02:48 PM
3
ibm
ibm

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a denial of service due to IBM Java SDK (CVE-2024-38264)

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to a denial of service due to IBM Java SDK, Java Technology Edition. This bulletin identifies the steps to take to address the vulnerability. Vulnerability Details ** CVEID: CVE-2023-38264 DESCRIPTION: **The IBM...

5.9CVSS

6.7AI Score

EPSS

2024-06-17 02:45 PM
openbugbounty
openbugbounty

neosoclit.ru Cross Site Scripting vulnerability OBB-3935955

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 02:41 PM
3
thn
thn

ASUS Patches Critical Authentication Bypass Flaw in Multiple Router Models

ASUS has shipped software updates to address a critical security flaw impacting its routers that could be exploited by malicious actors to bypass authentication. Tracked as CVE-2024-3080, the vulnerability carries a CVSS score of 9.8 out of a maximum of 10.0. "Certain ASUS router models have...

9.8CVSS

9.3AI Score

0.001EPSS

2024-06-17 02:39 PM
7
openbugbounty
openbugbounty

tubidy.fun Cross Site Scripting vulnerability OBB-3935951

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 02:24 PM
3
openbugbounty
openbugbounty

kikialm.de Cross Site Scripting vulnerability OBB-3935950

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 02:22 PM
2
openbugbounty
openbugbounty

sao.ru Cross Site Scripting vulnerability OBB-3935949

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 02:17 PM
3
cve
cve

CVE-2024-37158

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions....

3.5CVSS

3.8AI Score

EPSS

2024-06-17 02:15 PM
2
nvd
nvd

CVE-2024-37158

Evmos is the Ethereum Virtual Machine (EVM) Hub on the Cosmos Network. Preliminary checks on actions computed by the clawback vesting accounts are performed in the ante handler. Evmos core, implements two different ante handlers: one for Cosmos transactions and one for Ethereum transactions....

3.5CVSS

EPSS

2024-06-17 02:15 PM
openbugbounty
openbugbounty

iccaras.ru Cross Site Scripting vulnerability OBB-3935948

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 02:12 PM
2
openbugbounty
openbugbounty

iii.org Cross Site Scripting vulnerability OBB-3935946

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 02:07 PM
2
Total number of security vulnerabilities2828636