Lucene search

K

Interactive Contact Form And Multi Step Form Builder With Drag & Drop Editor Security Vulnerabilities

cve
cve

CVE-2024-25637 Reflected XSS via X-October-Request-Handler Header

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser...

3.1CVSS

6.7AI Score

EPSS

2024-06-26 03:55 PM
1
cvelist
cvelist

CVE-2024-25637 Reflected XSS via X-October-Request-Handler Header

October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser...

3.1CVSS

EPSS

2024-06-26 03:55 PM
openbugbounty
openbugbounty

kcroos.com Open Redirect vulnerability OBB-3939127

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-26 03:47 PM
openbugbounty
openbugbounty

statistics.functioncompute.com Open Redirect vulnerability OBB-3939126

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-26 03:43 PM
openbugbounty
openbugbounty

troytrojans.com Open Redirect vulnerability OBB-3939125

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-26 03:41 PM
wolfi
wolfi

CVE-2024-6104 vulnerabilities

Vulnerabilities for packages: gitlab-kas, crossplane-provider-azure, flux-kustomize-controller, external-dns, slsa-verifier, kubevela, cert-manager, nuclei, falcoctl, guac, aactl, k3d, cosign, flux-notification-controller, gitlab-shell, sigstore-scaffolding, snyk-cli, buildkitd, kargo, keda,...

6CVSS

6.2AI Score

0.0004EPSS

2024-06-26 03:33 PM
6
wolfi
wolfi

CVE-2024-27304 vulnerabilities

Vulnerabilities for packages: spicedb, telegraf, kine, src, amass, ferretdb, step-ca, kots, caddy, trillian, vault, temporal-server, keda, k3s, kube-bench,...

9.8CVSS

9.7AI Score

0.0004EPSS

2024-06-26 03:33 PM
128
wolfi
wolfi

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: terraform-provider-aws, crossplane-provider-azure, cloud-sql-proxy, prometheus-postgres-exporter, restic, cloudflared, aactl, kubeflow-katib, cilium, secrets-store-csi-driver, haproxy-ingress, opentofu, cri-tools, influxd, prometheus-elasticsearch-exporter,...

7.5AI Score

2024-06-26 03:33 PM
180
wolfi
wolfi

GHSA-MRWW-27VC-GGHV vulnerabilities

Vulnerabilities for packages: spicedb, telegraf, kine, src, amass, ferretdb, step-ca, kots, caddy, trillian, vault, temporal-server, keda, k3s, kube-bench,...

7.5AI Score

2024-06-26 03:33 PM
112
wolfi
wolfi

GHSA-VR64-R9QJ-H27F vulnerabilities

Vulnerabilities for packages:...

7.5AI Score

2024-06-26 03:33 PM
70
wolfi
wolfi

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: terraform-provider-aws, crossplane-provider-azure, cloud-sql-proxy, prometheus-postgres-exporter, restic, cloudflared, aactl, kubeflow-katib, cilium, secrets-store-csi-driver, haproxy-ingress, opentofu, cri-tools, influxd, prometheus-elasticsearch-exporter,...

6.8AI Score

0.0004EPSS

2024-06-26 03:33 PM
30
wolfi
wolfi

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: step-issuer, docker-cli, kubeflow-katib, pombump, prometheus-elasticsearch-exporter, nri-mongodb, dynamic-localpv-provisioner, velero-plugin-for-csi, kubernetes-dashboard, gostatsd, cert-exporter, kubernetes-ingress-defaultbackend, shfmt, kube-bench, zarf, atlantis,...

6.8AI Score

0.0004EPSS

2024-06-26 03:33 PM
58
wolfi
wolfi

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, cloudflared, aactl, pombump, go-licenses, gops, docker-credential-ecr-login, secrets-store-csi-driver, kind, cri-tools, clusterctl, dynamic-localpv-provisioner, kubernetes-dashboard, nats-server, gostatsd, flannel, trust-manager,...

6.5AI Score

0.0004EPSS

2024-06-26 03:33 PM
21
wolfi
wolfi

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, cloudflared, aactl, pombump, go-licenses, gops, docker-credential-ecr-login, secrets-store-csi-driver, kind, cri-tools, clusterctl, dynamic-localpv-provisioner, kubernetes-dashboard, nats-server, gostatsd, flannel, trust-manager,...

7.5AI Score

2024-06-26 03:33 PM
16
wolfi
wolfi

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: step-issuer, kubeflow-katib, pombump, prometheus-elasticsearch-exporter, nri-mongodb, nerdctl, dynamic-localpv-provisioner, velero-plugin-for-csi, kubernetes-dashboard, gostatsd, cert-exporter, helm-docs, kubernetes-ingress-defaultbackend, shfmt, kube-bench, zarf,...

5.5CVSS

6.1AI Score

0.0004EPSS

2024-06-26 03:33 PM
24
wolfi
wolfi

GHSA-V6V8-XJ6M-XWQH vulnerabilities

Vulnerabilities for packages: gitlab-kas, crossplane-provider-azure, flux-kustomize-controller, external-dns, slsa-verifier, kubevela, cert-manager, nuclei, falcoctl, guac, aactl, k3d, cosign, flux-notification-controller, gitlab-shell, sigstore-scaffolding, snyk-cli, buildkitd, kargo, keda,...

7.5AI Score

2024-06-26 03:33 PM
wolfi
wolfi

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: terraform-provider-aws, crossplane-provider-azure, cloud-sql-proxy, prometheus-postgres-exporter, cloudflared, aactl, kubeflow-katib, go-licenses, secrets-store-csi-driver, haproxy-ingress, opentofu, influxd, nerdctl, dynamic-localpv-provisioner, kubernetes-dashboard,....

5.9CVSS

7.1AI Score

0.963EPSS

2024-06-26 03:33 PM
134
wolfi
wolfi

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: external-secrets-operator, flux-kustomize-controller, fluent-bit-plugin-loki, external-dns, nuclei, cert-manager, restic, falcoctl, guac, step, sigstore-scaffolding, cosign, filebeat, py3-azure-identity, tempo, timestamp-authority, buildkitd, keda, teleport, rclone,...

5.5CVSS

6AI Score

0.0004EPSS

2024-06-26 03:33 PM
15
wolfi
wolfi

GHSA-M5VV-6R4H-3VJ9 vulnerabilities

Vulnerabilities for packages: external-secrets-operator, flux-kustomize-controller, fluent-bit-plugin-loki, external-dns, nuclei, cert-manager, restic, falcoctl, guac, step, sigstore-scaffolding, cosign, filebeat, py3-azure-identity, tempo, timestamp-authority, buildkitd, keda, teleport, rclone,...

7.5AI Score

2024-06-26 03:33 PM
7
wolfi
wolfi

CVE-2024-27289 vulnerabilities

Vulnerabilities for packages: telegraf, argo-workflows, kots, caddy, trillian, vault,...

8.1CVSS

8.2AI Score

0.0004EPSS

2024-06-26 03:33 PM
22
wolfi
wolfi

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, cloudflared, aactl, pombump, go-licenses, gops, docker-credential-ecr-login, secrets-store-csi-driver, kind, cri-tools, clusterctl, dynamic-localpv-provisioner, kubernetes-dashboard, nats-server, gostatsd, flannel, trust-manager,...

7.5AI Score

2024-06-26 03:33 PM
21
wolfi
wolfi

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: step-issuer, docker-cli, kubeflow-katib, pombump, prometheus-elasticsearch-exporter, nri-mongodb, dynamic-localpv-provisioner, velero-plugin-for-csi, kubernetes-dashboard, gostatsd, cert-exporter, kubernetes-ingress-defaultbackend, shfmt, kube-bench, zarf, atlantis,...

7.5AI Score

2024-06-26 03:33 PM
20
wolfi
wolfi

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: step-issuer, kubeflow-katib, pombump, prometheus-elasticsearch-exporter, nri-mongodb, nerdctl, dynamic-localpv-provisioner, velero-plugin-for-csi, kubernetes-dashboard, gostatsd, cert-exporter, helm-docs, kubernetes-ingress-defaultbackend, shfmt, kube-bench, zarf,...

9.8CVSS

9.8AI Score

0.001EPSS

2024-06-26 03:33 PM
49
wolfi
wolfi

GHSA-C5Q2-7R4C-MV6G vulnerabilities

Vulnerabilities for packages: external-secrets-operator, flux-kustomize-controller, istio-operator, slsa-verifier, tekton-chains, cert-manager, minio, falcoctl, cloudflared, aactl, guac, cilium, cosign, oauth2-proxy, sigstore-scaffolding, step, timestamp-authority, istio-cni, kargo, weaviate,...

7.5AI Score

2024-06-26 03:33 PM
26
wolfi
wolfi

CVE-2024-22871 vulnerabilities

Vulnerabilities for packages:...

7.2AI Score

0.0004EPSS

2024-06-26 03:33 PM
8
wolfi
wolfi

GHSA-7JWH-3VRQ-Q3M8 vulnerabilities

Vulnerabilities for packages: spicedb, telegraf, kine, src, amass, ferretdb, step-ca, kots, caddy, trillian, temporal-server, keda, k3s, kube-bench,...

7.5AI Score

2024-06-26 03:33 PM
15
wolfi
wolfi

GHSA-M7WR-2XF7-CM9P vulnerabilities

Vulnerabilities for packages: telegraf, argo-workflows, kots, caddy, trillian, vault,...

7.5AI Score

2024-06-26 03:33 PM
13
wolfi
wolfi

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: step-issuer, kubeflow-katib, pombump, prometheus-elasticsearch-exporter, nri-mongodb, nerdctl, dynamic-localpv-provisioner, velero-plugin-for-csi, kubernetes-dashboard, gostatsd, cert-exporter, helm-docs, kubernetes-ingress-defaultbackend, shfmt, kube-bench, zarf,...

7.5AI Score

2024-06-26 03:33 PM
3
wolfi
wolfi

CVE-2024-28180 vulnerabilities

Vulnerabilities for packages: external-secrets-operator, flux-kustomize-controller, istio-operator, slsa-verifier, tekton-chains, cert-manager, minio, falcoctl, cloudflared, aactl, guac, cilium, cosign, oauth2-proxy, sigstore-scaffolding, step, timestamp-authority, istio-cni, kargo, weaviate,...

4.3CVSS

6AI Score

0.0005EPSS

2024-06-26 03:33 PM
16
wolfi
wolfi

GHSA-45X7-PX36-X8W8 vulnerabilities

Vulnerabilities for packages: terraform-provider-aws, crossplane-provider-azure, cloud-sql-proxy, prometheus-postgres-exporter, cloudflared, aactl, kubeflow-katib, go-licenses, secrets-store-csi-driver, haproxy-ingress, opentofu, influxd, nerdctl, dynamic-localpv-provisioner, kubernetes-dashboard,....

7.5AI Score

2024-06-26 03:33 PM
46
wolfi
wolfi

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: crossplane-provider-azure, cloudflared, aactl, pombump, go-licenses, gops, docker-credential-ecr-login, secrets-store-csi-driver, kind, cri-tools, clusterctl, dynamic-localpv-provisioner, kubernetes-dashboard, nats-server, gostatsd, flannel, trust-manager,...

6.5AI Score

0.0004EPSS

2024-06-26 03:33 PM
18
wolfi
wolfi

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: step-issuer, kubeflow-katib, pombump, prometheus-elasticsearch-exporter, nri-mongodb, nerdctl, dynamic-localpv-provisioner, velero-plugin-for-csi, kubernetes-dashboard, gostatsd, cert-exporter, helm-docs, kubernetes-ingress-defaultbackend, shfmt, kube-bench, zarf,...

7.5AI Score

2024-06-26 03:33 PM
4
openbugbounty
openbugbounty

api.ffm.to Open Redirect vulnerability OBB-3939124

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-26 03:33 PM
1
openbugbounty
openbugbounty

hpackagetrackerguru.com Open Redirect vulnerability OBB-3939123

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-26 03:31 PM
cve
cve

CVE-2024-38271 Denial of Service in Quickshare

There exists a vulnerability in Quickshare/Nearby where an attacker can force the a victim to stay connected to a temporary hotspot created for the share. As part of the sequence of packets in a QuickShare connection over Bluetooth, the attacker forces the victim to connect to the attacker’s WiFi.....

6.5AI Score

EPSS

2024-06-26 03:19 PM
cvelist
cvelist

CVE-2024-38271 Denial of Service in Quickshare

There exists a vulnerability in Quickshare/Nearby where an attacker can force the a victim to stay connected to a temporary hotspot created for the share. As part of the sequence of packets in a QuickShare connection over Bluetooth, the attacker forces the victim to connect to the attacker’s WiFi.....

EPSS

2024-06-26 03:19 PM
openbugbounty
openbugbounty

iqconnect.lmhostediq.com Open Redirect vulnerability OBB-3939120

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-26 03:14 PM
thn
thn

New MOVEit Transfer Vulnerability Under Active Exploitation - Patch ASAP!

A newly disclosed critical security flaw impacting Progress Software MOVEit Transfer is already seeing exploitation attempts in the wild shortly after details of the bug were publicly disclosed. The vulnerability, tracked as CVE-2024-5806 (CVSS score: 9.1), concerns an authentication bypass that...

9.8CVSS

9.8AI Score

0.969EPSS

2024-06-26 02:57 PM
7
openbugbounty
openbugbounty

huidhuis.nl Cross Site Scripting vulnerability OBB-3939118

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-26 02:53 PM
openbugbounty
openbugbounty

ergonomio.nl Cross Site Scripting vulnerability OBB-3939117

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-26 02:28 PM
filippoio
filippoio

XAES-256-GCM

About a year ago I wrote that "I want to use XAES-256-GCM/11, which has a number of nice properties and only the annoying defect of not existing." Well, there is now an XAES-256-GCM specification. (Had to give up on the /11 part, but that was just a performance optimization.) XAES-256-GCM is an...

7.3AI Score

2024-06-26 02:24 PM
1
malwarebytes
malwarebytes

Federal Reserve “breached” data may actually belong to Evolve Bank

A shockwave went through the financial world when ransomware group LockBit claimed to have breached the US Federal Reserve, the central banking system of the United States. On LockBit's dark web leak site, the group threatened to release over 30 TB of banking information containing Americans'...

7.4AI Score

2024-06-26 02:16 PM
github
github

October System module has a Reflected XSS via X-October-Request-Handler Header

Impact The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser interactions. This unescaped value is only detectable when using a proxy...

6.4AI Score

EPSS

2024-06-26 02:08 PM
openbugbounty
openbugbounty

en.radreisen.at Cross Site Scripting vulnerability OBB-3939116

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-26 02:04 PM
1
githubexploit
githubexploit

Exploit for Path Traversal in Apache Http Server

CVE-2021-42013: Apache HTTP Server Path Traversal and Remote...

9.8CVSS

9.5AI Score

0.974EPSS

2024-06-26 01:57 PM
2
openbugbounty
openbugbounty

doineedajacket.com Cross Site Scripting vulnerability OBB-3939113

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-26 01:07 PM
4
openbugbounty
openbugbounty

jazz2-0.com Cross Site Scripting vulnerability OBB-3939115

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-26 01:07 PM
5
openbugbounty
openbugbounty

sunellsecurity.com Cross Site Scripting vulnerability OBB-3939114

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-26 01:07 PM
3
openbugbounty
openbugbounty

momo-net.com Cross Site Scripting vulnerability OBB-3939109

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-26 01:06 PM
5
openbugbounty
openbugbounty

smcstone.com Cross Site Scripting vulnerability OBB-3939110

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-26 01:06 PM
4
Total number of security vulnerabilities2835194