ipattorneys.parkerip.com Cross Site Scripting vulnerability OBB-3928113
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
slideserve.com Cross Site Scripting vulnerability OBB-3928104
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
alumninet.yale.edu Cross Site Scripting vulnerability OBB-3928095
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
chem.uni-potsdam.de Cross Site Scripting vulnerability OBB-3928092
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
holidayautos.com Cross Site Scripting vulnerability OBB-3928088
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
gregandbeth.com Cross Site Scripting vulnerability OBB-3928077
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
eubuero.de Cross Site Scripting vulnerability OBB-3928076
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
OpenCFP Framework (Sentry) Account takeover via null password reset codes
OpenCFP, an open-source conference talk submission system written in PHP, contains a security vulnerability in its third-party authentication framework, Sentry, developed by Cartalyst. The vulnerability stems from how Sentry handles password reset checks. Users lacking a password reset token...
cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction
cart2quote/module-quotation-encoded extension may expose a critical security vulnerability by utilizing the unserialize function when processing data from a GET request. This flaw, present in the app/code/community/Ophirah/Qquoteadv/controllers/DownloadController.php and...
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
amphp/artax Cookie leakage to wrong origins and non-restricted cookie acceptance
In artax version before 1.0.6 and 2 before 2.0.6, cookies of foo.bar.example.com were leaked to foo.bar. Additionally, any site could set cookies for any other site. Artax fixed this issue by following newer browser implementations now. Cookies can only be set on domains higher or equal to the...
asymmetricrypt/asymmetricrypt Padding Oracle Vulnerability in RSA Encryption
The encryption and decryption process were vulnerable against the Bleichenbacher's attack, which is a padding oracle vulnerability disclosed in the 98'. The issue was about the wrong padding utilized, which allowed to retrieve the encrypted content. The OPENSSL_PKCS1_PADDING version, aka PKCS v1.5....
ADOdb SQL injection vulnerability
The ADOdb Library for PHP prior to version 5.20.11 is prone to SQL Injection vulnerability in multiple...
7.8CVSS
0.004EPSS
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
Mautic is vulnerable to XSS vulnerability
Impact This is a cross-site scripting vulnerability which affects every version of Mautic and could allow an attacker unauthorised administrator level access to Mautic. This vulnerability was reported by Naveen Sunkavally at Horizon3.ai. Patches Upgrade to 3.2.4 or 2.16.5. Link to patch for 2.x...
9.6CVSS
0.002EPSS
goreleaser shows environment by default
Summary Since #4787 the log output is printed on the INFO level, while previously it was logged on DEBUG. This means if the go build output is non-empty, goreleaser leaks the environment. PoC Create a Go project with dependencies, do not pull them yet (or run goreleaser later in a container, or...
goreleaser shows environment by default
Summary Since #4787 the log output is printed on the INFO level, while previously it was logged on DEBUG. This means if the go build output is non-empty, goreleaser leaks the environment. PoC Create a Go project with dependencies, do not pull them yet (or run goreleaser later in a container, or...
humber.ca Cross Site Scripting vulnerability OBB-3928073
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
Grav Vulnerable to Arbitrary File Read to Account Takeover
Summary A low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - /grav/user/accounts/*.yaml. This file stores hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise.....
Grav Vulnerable to Arbitrary File Read to Account Takeover
Summary A low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - /grav/user/accounts/*.yaml. This file stores hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise.....
Summary Potential Apache ZooKeeper security bypass vulnerabilitiy (CVE-2023-44981) has been identified that affects IBM Watson Assistant for IBM Cloud Pak for Data. The vulnerability has been addressed. Refer to details for additional information. Vulnerability Details ** CVEID: CVE-2023-44981 ...
9.1CVSS
0.004EPSS
Amazon JDBC Driver for Redshift SQL Injection via line comment generation
Impact SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code which has a vulnerable SQL that negates a parameter value. There is no vulnerability in the driver when using the default, extended query mode. Note that...
Amazon JDBC Driver for Redshift SQL Injection via line comment generation
Impact SQL injection is possible when using the non-default connection property preferQueryMode=simple in combination with application code which has a vulnerable SQL that negates a parameter value. There is no vulnerability in the driver when using the default, extended query mode. Note that...
source-controller leaks Azure Storage SAS token into logs
Impact When source-controller is configured to use an Azure SAS token when connecting to Azure Blob Storage, the token was logged along with the Azure URL when the controller encountered a connection error. An attacker with access to the source-controller logs could use the token to gain access to....
source-controller leaks Azure Storage SAS token into logs
Impact When source-controller is configured to use an Azure SAS token when connecting to Azure Blob Storage, the token was logged along with the Azure URL when the controller encountered a connection error. An attacker with access to the source-controller logs could use the token to gain access to....
dev1-store.myracehorse.com Cross Site Scripting vulnerability OBB-3928072
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
dev2-store.myracehorse.com Cross Site Scripting vulnerability OBB-3928071
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
GHSA-95PR-FXF5-86GV vulnerabilities
Vulnerabilities for packages: falcoctl, falco, zarf, spire-server, slsa-verifier, skaffold, zot, wolfictl, flux-source-controller, tekton-chains, kubescape, policy-controller, melange, goreleaser, gitsign, apko, aactl, ko,...
7.5AI Score
CVE-2024-29018 vulnerabilities
Vulnerabilities for packages: docker-compose, buildkitd, spire-server, cadvisor, zot, up, crossplane, grype, syft, wolfictl, kargo, kubescape, loki, melange, ctop, kaniko, prometheus, telegraf, aactl, ko, buf, dagger, trivy, conftest, datadog-agent,...
5.9CVSS
5.9AI Score
0.0004EPSS
GHSA-MQ39-4GV4-MVPX vulnerabilities
Vulnerabilities for packages: docker-compose, buildkitd, spire-server, cadvisor, zot, up, crossplane, grype, syft, wolfictl, kargo, kubescape, loki, melange, ctop, kaniko, prometheus, telegraf, aactl, ko, buf, dagger, trivy, conftest, datadog-agent,...
7.5AI Score
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: traefik, falco, spire-server, vault, cert-manager, cloudflared, sops, dex, slsa-verifier, rekor, terragrunt, kots, flux-source-controller, tekton-chains, kubescape, flux-kustomize-controller, argo-workflows, external-secrets-operator, cosign, gitsign, argo-cd, vexctl,....
7.5AI Score
GHSA-JQ35-85CJ-FJ4P vulnerabilities
Vulnerabilities for packages: falco, bom, cert-manager, slsa-verifier, skaffold, k3d, up, chartmuseum, tekton-chains, kubescape, k3s, loki, scorecard, paranoia, ctop, prometheus, aactl, kpt,...
7.5AI Score
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: tctl, traefik, zarf, vault-k8s, cloud-sql-proxy, fuse-overlayfs-snapshotter, kor, step-ca, cluster-proportional-autoscaler, kubernetes, kubernetes-csi-external-attacher, secrets-store-csi-driver-provider-gcp, sops, spark-operator, volume-modifier-for-k8s,...
7.5AI Score
GHSA-MRWW-27VC-GGHV vulnerabilities
Vulnerabilities for packages: argo-workflows, caddy, kube-bench, amass, kine, kots, ferretdb, keda, step-ca, temporal-server, vault, src, k3s, trillian, spicedb,...
7.5AI Score
CVE-2024-27304 vulnerabilities
Vulnerabilities for packages: argo-workflows, caddy, kube-bench, amass, kine, kots, ferretdb, keda, step-ca, temporal-server, vault, src, k3s, trillian, spicedb,...
9.8CVSS
9.7AI Score
0.0004EPSS
GHSA-232P-VWFF-86MP vulnerabilities
Vulnerabilities for packages: up, apko, melange, bom, ko, ctop,...
7.5AI Score
7.5AI Score
Vulnerabilities for packages: kubeflow-pipelines, argo-cd, calico, aws-efs-csi-driver,...
8.8CVSS
8.9AI Score
0.001EPSS
CVE-2023-46402 vulnerabilities
Vulnerabilities for packages: argo-workflows, melange, flux-notification-controller, argo-cd,...
7.5CVSS
7.8AI Score
0.0005EPSS
5.5CVSS
7.1AI Score
0.0004EPSS
7.5AI Score
7.5AI Score
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: tctl, vault-k8s, cloud-sql-proxy, flannel-cni-plugin, fuse-overlayfs-snapshotter, kor, cluster-proportional-autoscaler, kubernetes, kubernetes-csi-external-attacher, secrets-store-csi-driver-provider-gcp, spark-operator, volume-modifier-for-k8s, ytt, golangci-lint,...
7.7AI Score
0.0004EPSS
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: tctl, traefik, fuse-overlayfs-snapshotter, spark-operator, kubernetes-csi-external-attacher, secrets-store-csi-driver-provider-gcp, nvidia-device-plugin, gatekeeper, pulumi-language-dotnet, ollama, gomplate, kubescape, nginx-stable, newrelic-infrastructure-agent,...
7.5CVSS
8.8AI Score
0.72EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: traefik, vault-k8s, fuse-overlayfs-snapshotter, step-ca, tempo, kubernetes, kubernetes-csi-external-attacher, secrets-store-csi-driver-provider-gcp, sops, spark-operator, volume-modifier-for-k8s, golangci-lint, go-bindata, nvidia-device-plugin, http-echo,...
7.5AI Score