Interactive Contact Form And Multi Step Form Builder With Drag & Drop Editor Security Vulnerabilities

CVE-2024-25637 Reflected XSS via X-October-Request-Handler Header

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser...

CVE-2024-25637 Reflected XSS via X-October-Request-Handler Header

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser...

kcroos.com Open Redirect vulnerability OBB-3939127

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

statistics.functioncompute.com Open Redirect vulnerability OBB-3939126

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

troytrojans.com Open Redirect vulnerability OBB-3939125

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-6104 vulnerabilities

Vulnerabilities for packages: gitlab-kas, crossplane-provider-azure, flux-kustomize-controller, external-dns, slsa-verifier, kubevela, cert-manager, nuclei, falcoctl, guac, aactl, k3d, cosign, flux-notification-controller, gitlab-shell, sigstore-scaffolding, snyk-cli, buildkitd, kargo, keda,...

CVE-2024-27304 vulnerabilities

Vulnerabilities for packages: spicedb, telegraf, kine, src, amass, ferretdb, step-ca, kots, caddy, trillian, vault, temporal-server, keda, k3s, kube-bench,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: terraform-provider-aws, crossplane-provider-azure, cloud-sql-proxy, prometheus-postgres-exporter, restic, cloudflared, aactl, kubeflow-katib, cilium, secrets-store-csi-driver, haproxy-ingress, opentofu, cri-tools, influxd, prometheus-elasticsearch-exporter,...

GHSA-MRWW-27VC-GGHV vulnerabilities

Vulnerabilities for packages: spicedb, telegraf, kine, src, amass, ferretdb, step-ca, kots, caddy, trillian, vault, temporal-server, keda, k3s, kube-bench,...

GHSA-VR64-R9QJ-H27F vulnerabilities

Vulnerabilities for packages:...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: terraform-provider-aws, crossplane-provider-azure, cloud-sql-proxy, prometheus-postgres-exporter, restic, cloudflared, aactl, kubeflow-katib, cilium, secrets-store-csi-driver, haproxy-ingress, opentofu, cri-tools, influxd, prometheus-elasticsearch-exporter,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: step-issuer, docker-cli, kubeflow-katib, pombump, prometheus-elasticsearch-exporter, nri-mongodb, dynamic-localpv-provisioner, velero-plugin-for-csi, kubernetes-dashboard, gostatsd, cert-exporter, kubernetes-ingress-defaultbackend, shfmt, kube-bench, zarf, atlantis,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, cloudflared, aactl, pombump, go-licenses, gops, docker-credential-ecr-login, secrets-store-csi-driver, kind, cri-tools, clusterctl, dynamic-localpv-provisioner, kubernetes-dashboard, nats-server, gostatsd, flannel, trust-manager,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, cloudflared, aactl, pombump, go-licenses, gops, docker-credential-ecr-login, secrets-store-csi-driver, kind, cri-tools, clusterctl, dynamic-localpv-provisioner, kubernetes-dashboard, nats-server, gostatsd, flannel, trust-manager,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: step-issuer, kubeflow-katib, pombump, prometheus-elasticsearch-exporter, nri-mongodb, nerdctl, dynamic-localpv-provisioner, velero-plugin-for-csi, kubernetes-dashboard, gostatsd, cert-exporter, helm-docs, kubernetes-ingress-defaultbackend, shfmt, kube-bench, zarf,...

GHSA-V6V8-XJ6M-XWQH vulnerabilities

Vulnerabilities for packages: gitlab-kas, crossplane-provider-azure, flux-kustomize-controller, external-dns, slsa-verifier, kubevela, cert-manager, nuclei, falcoctl, guac, aactl, k3d, cosign, flux-notification-controller, gitlab-shell, sigstore-scaffolding, snyk-cli, buildkitd, kargo, keda,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: terraform-provider-aws, crossplane-provider-azure, cloud-sql-proxy, prometheus-postgres-exporter, cloudflared, aactl, kubeflow-katib, go-licenses, secrets-store-csi-driver, haproxy-ingress, opentofu, influxd, nerdctl, dynamic-localpv-provisioner, kubernetes-dashboard,....

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: external-secrets-operator, flux-kustomize-controller, fluent-bit-plugin-loki, external-dns, nuclei, cert-manager, restic, falcoctl, guac, step, sigstore-scaffolding, cosign, filebeat, py3-azure-identity, tempo, timestamp-authority, buildkitd, keda, teleport, rclone,...

GHSA-M5VV-6R4H-3VJ9 vulnerabilities

Vulnerabilities for packages: external-secrets-operator, flux-kustomize-controller, fluent-bit-plugin-loki, external-dns, nuclei, cert-manager, restic, falcoctl, guac, step, sigstore-scaffolding, cosign, filebeat, py3-azure-identity, tempo, timestamp-authority, buildkitd, keda, teleport, rclone,...

CVE-2024-27289 vulnerabilities

Vulnerabilities for packages: telegraf, argo-workflows, kots, caddy, trillian, vault,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, cloudflared, aactl, pombump, go-licenses, gops, docker-credential-ecr-login, secrets-store-csi-driver, kind, cri-tools, clusterctl, dynamic-localpv-provisioner, kubernetes-dashboard, nats-server, gostatsd, flannel, trust-manager,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: step-issuer, docker-cli, kubeflow-katib, pombump, prometheus-elasticsearch-exporter, nri-mongodb, dynamic-localpv-provisioner, velero-plugin-for-csi, kubernetes-dashboard, gostatsd, cert-exporter, kubernetes-ingress-defaultbackend, shfmt, kube-bench, zarf, atlantis,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: step-issuer, kubeflow-katib, pombump, prometheus-elasticsearch-exporter, nri-mongodb, nerdctl, dynamic-localpv-provisioner, velero-plugin-for-csi, kubernetes-dashboard, gostatsd, cert-exporter, helm-docs, kubernetes-ingress-defaultbackend, shfmt, kube-bench, zarf,...

GHSA-C5Q2-7R4C-MV6G vulnerabilities

Vulnerabilities for packages: external-secrets-operator, flux-kustomize-controller, istio-operator, slsa-verifier, tekton-chains, cert-manager, minio, falcoctl, cloudflared, aactl, guac, cilium, cosign, oauth2-proxy, sigstore-scaffolding, step, timestamp-authority, istio-cni, kargo, weaviate,...

CVE-2024-22871 vulnerabilities

Vulnerabilities for packages:...

GHSA-7JWH-3VRQ-Q3M8 vulnerabilities

Vulnerabilities for packages: spicedb, telegraf, kine, src, amass, ferretdb, step-ca, kots, caddy, trillian, temporal-server, keda, k3s, kube-bench,...

GHSA-M7WR-2XF7-CM9P vulnerabilities

Vulnerabilities for packages: telegraf, argo-workflows, kots, caddy, trillian, vault,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: step-issuer, kubeflow-katib, pombump, prometheus-elasticsearch-exporter, nri-mongodb, nerdctl, dynamic-localpv-provisioner, velero-plugin-for-csi, kubernetes-dashboard, gostatsd, cert-exporter, helm-docs, kubernetes-ingress-defaultbackend, shfmt, kube-bench, zarf,...

CVE-2024-28180 vulnerabilities

Vulnerabilities for packages: external-secrets-operator, flux-kustomize-controller, istio-operator, slsa-verifier, tekton-chains, cert-manager, minio, falcoctl, cloudflared, aactl, guac, cilium, cosign, oauth2-proxy, sigstore-scaffolding, step, timestamp-authority, istio-cni, kargo, weaviate,...

GHSA-45X7-PX36-X8W8 vulnerabilities

Vulnerabilities for packages: terraform-provider-aws, crossplane-provider-azure, cloud-sql-proxy, prometheus-postgres-exporter, cloudflared, aactl, kubeflow-katib, go-licenses, secrets-store-csi-driver, haproxy-ingress, opentofu, influxd, nerdctl, dynamic-localpv-provisioner, kubernetes-dashboard,....

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, cloudflared, aactl, pombump, go-licenses, gops, docker-credential-ecr-login, secrets-store-csi-driver, kind, cri-tools, clusterctl, dynamic-localpv-provisioner, kubernetes-dashboard, nats-server, gostatsd, flannel, trust-manager,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: step-issuer, kubeflow-katib, pombump, prometheus-elasticsearch-exporter, nri-mongodb, nerdctl, dynamic-localpv-provisioner, velero-plugin-for-csi, kubernetes-dashboard, gostatsd, cert-exporter, helm-docs, kubernetes-ingress-defaultbackend, shfmt, kube-bench, zarf,...

api.ffm.to Open Redirect vulnerability OBB-3939124

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

hpackagetrackerguru.com Open Redirect vulnerability OBB-3939123

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-38271 Denial of Service in Quickshare

There exists a vulnerability in Quickshare/Nearby where an attacker can force the a victim to stay connected to a temporary hotspot created for the share. As part of the sequence of packets in a QuickShare connection over Bluetooth, the attacker forces the victim to connect to the attacker’s WiFi.....

CVE-2024-38271 Denial of Service in Quickshare

There exists a vulnerability in Quickshare/Nearby where an attacker can force the a victim to stay connected to a temporary hotspot created for the share. As part of the sequence of packets in a QuickShare connection over Bluetooth, the attacker forces the victim to connect to the attacker’s WiFi.....

iqconnect.lmhostediq.com Open Redirect vulnerability OBB-3939120

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

New MOVEit Transfer Vulnerability Under Active Exploitation - Patch ASAP!

A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that...

huidhuis.nl Cross Site Scripting vulnerability OBB-3939118

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

ergonomio.nl Cross Site Scripting vulnerability OBB-3939117

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

XAES-256-GCM

About a year ago I wrote that "I want to use XAES-256-GCM/11, which has a number of nice properties and only the annoying defect of not existing." Well, there is now an XAES-256-GCM specification. (Had to give up on the /11 part, but that was just a performance optimization.) XAES-256-GCM is an...

Federal Reserve “breached” data may actually belong to Evolve Bank

A shockwave went through the financial world when ransomware group LockBit claimed to have breached the US Federal Reserve, the central banking system of the United States. On LockBit's dark web leak site, the group threatened to release over 30 TB of banking information containing Americans'...

October System module has a Reflected XSS via X-October-Request-Handler Header

Impact The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interactions. This unescaped value is only detectable when using a proxy...

en.radreisen.at Cross Site Scripting vulnerability OBB-3939116

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Exploit for Path Traversal in Apache Http Server

CVE-2021-42013: Apache HTTP Server Path Traversal and Remote...

doineedajacket.com Cross Site Scripting vulnerability OBB-3939113

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

jazz2-0.com Cross Site Scripting vulnerability OBB-3939115

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

sunellsecurity.com Cross Site Scripting vulnerability OBB-3939114

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

momo-net.com Cross Site Scripting vulnerability OBB-3939109

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

smcstone.com Cross Site Scripting vulnerability OBB-3939110

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...