Lucene search

K

Microsoft .NET Framework 4.6, 4.6.1, 4.6.2, And 4.7 Security Vulnerabilities

cvelist
cvelist

CVE-2024-5150 Login with phone number <= 1.7.26 - Authentication Bypass due to Missing Empty Value Check

The Login with phone number plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.26. This is due to the 'activation_code' default value is empty, and the not empty check is missing in the 'lwp_ajax_register' function. This makes it possible for...

7.2AI Score

2024-05-29 02:00 AM
1
cvelist
cvelist

CVE-2024-5204 Swiss Toolkit For WP <= 1.0.7 - Authenticated (Contributor+) Authentication Bypass

The Swiss Toolkit For WP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.7. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for authenticated attackers with contributor-level and...

7.1AI Score

2024-05-29 02:00 AM
4
openbugbounty
openbugbounty

engelke-elektro.de Cross Site Scripting vulnerability OBB-3931425

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-29 12:18 AM
6
openvas
openvas

Ubuntu: Security Advisory (USN-6793-1)

The remote host is missing an update for...

7.1AI Score

0.001EPSS

2024-05-29 12:00 AM
1
openvas
openvas

Ubuntu: Security Advisory (USN-6790-1)

The remote host is missing an update for...

7.1AI Score

0.0004EPSS

2024-05-29 12:00 AM
1
openvas
openvas

Ubuntu: Security Advisory (USN-6791-1)

The remote host is missing an update for...

7.1AI Score

2024-05-29 12:00 AM
1
openvas
openvas

Ubuntu: Security Advisory (USN-6795-1)

The remote host is missing an update for...

7.3AI Score

0.0005EPSS

2024-05-29 12:00 AM
2
openvas
openvas

Ubuntu: Security Advisory (USN-6789-1)

The remote host is missing an update for...

7.1AI Score

0.0004EPSS

2024-05-29 12:00 AM
1
openvas
openvas

Ubuntu: Security Advisory (USN-6794-1)

The remote host is missing an update for...

7.1AI Score

0.0004EPSS

2024-05-29 12:00 AM
1
openvas
openvas

Ubuntu: Security Advisory (USN-6792-1)

The remote host is missing an update for...

7.2AI Score

0.001EPSS

2024-05-29 12:00 AM
f5
f5

K000139810: Oracle Java vulnerability CVE-2024-20919

Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK:.....

5.9AI Score

0.0005EPSS

2024-05-29 12:00 AM
4
openvas
openvas

Ubuntu: Security Advisory (USN-6788-1)

The remote host is missing an update for...

7.1AI Score

0.0004EPSS

2024-05-29 12:00 AM
openvas
openvas

Ubuntu: Security Advisory (USN-6787-1)

The remote host is missing an update for...

7.1AI Score

0.0004EPSS

2024-05-29 12:00 AM
1
openvas
openvas

Ubuntu: Security Advisory (USN-6786-1)

The remote host is missing an update for...

7.1AI Score

0.007EPSS

2024-05-29 12:00 AM
openbugbounty
openbugbounty

dailylivenews.in Cross Site Scripting vulnerability OBB-3931420

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-28 11:34 PM
4
openbugbounty
openbugbounty

parakme.de Cross Site Scripting vulnerability OBB-3931419

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-28 11:33 PM
4
cvelist
cvelist

CVE-2024-5437 SourceCodester Simple Online Bidding System save_category cross site scripting

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as problematic. Affected is the function save_category of the file /admin/index.php?page=categories. The manipulation of the argument name leads to cross site scripting. It is possible to launch...

6.4AI Score

2024-05-28 11:31 PM
3
openbugbounty
openbugbounty

eirene.de Cross Site Scripting vulnerability OBB-3931416

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-28 11:20 PM
5
debiancve
debiancve

CVE-2024-36472

In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource...

6.4AI Score

2024-05-28 11:09 PM
5
openbugbounty
openbugbounty

dev.biozidauswaschung.de Cross Site Scripting vulnerability OBB-3931415

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-28 11:08 PM
4
openbugbounty
openbugbounty

silvesterreisen.de Cross Site Scripting vulnerability OBB-3931413

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-28 10:46 PM
4
cvelist
cvelist

CVE-2024-36112 Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects

Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (extras.view_dynamicgroup permission) can use the Dynamic Group detail UI view (/extras/dynamic-groups/&lt;uuid&gt;/) and/or the members REST API view...

7AI Score

2024-05-28 10:26 PM
4
openbugbounty
openbugbounty

webservices.mx Cross Site Scripting vulnerability OBB-3931410

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-28 10:18 PM
4
openbugbounty
openbugbounty

dashboard.chamtest.tourone.de Cross Site Scripting vulnerability OBB-3931409

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-28 09:57 PM
5
wizblog
wizblog

Wiz launches new data center in UAE, supercharging global operations in the region

Organizations in the region can now benefit from Wiz's cloud security platform while maintaining their data sovereignty and privacy...

7.3AI Score

2024-05-28 09:54 PM
6
openbugbounty
openbugbounty

dasbrombeerhaus.de Cross Site Scripting vulnerability OBB-3931408

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-28 09:50 PM
5
openbugbounty
openbugbounty

dartliga-as.de Cross Site Scripting vulnerability OBB-3931407

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-28 09:42 PM
5
cvelist
cvelist

CVE-2023-30314

An issue discovered in 360 V6G, 360 T5G, 360 T6M, and 360 P1 routers allows attackers to hijack TCP sessions which could lead to a denial of...

7AI Score

2024-05-28 09:37 PM
5
cvelist
cvelist

CVE-2023-30312

An issue discovered in routers running Openwrt 18.06, 19.07, 21.02, 22.03 and beyond allows attackers to hijack TCP sessions which could lead to a denial of...

7AI Score

2024-05-28 09:33 PM
4
openbugbounty
openbugbounty

dalui.de Cross Site Scripting vulnerability OBB-3931406

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-28 09:33 PM
4
github
github

SimpleSAMLphp Information Disclosure vulnerability

Background SimpleSAMLphp 1.17 includes a preview of the new user interface to be included in the future version 2.0. This new user interface can be enabled by setting the usenewui configuration option to true, and it includes a new admin interface in a module called admin, which can be disabled....

6.8AI Score

2024-05-28 09:26 PM
5
osv
osv

SimpleSAMLphp Information Disclosure vulnerability

Background SimpleSAMLphp 1.17 includes a preview of the new user interface to be included in the future version 2.0. This new user interface can be enabled by setting the usenewui configuration option to true, and it includes a new admin interface in a module called admin, which can be disabled....

6.8AI Score

2024-05-28 09:26 PM
4
github
github

ansibleguy-webui Cross-site Scripting vulnerability

Impact Multiple forms in version &lt;0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser. Patches We recommend to upgrade to version &gt;= 0.0.21 References Report GitHub Issue...

6.6AI Score

2024-05-28 09:23 PM
3
osv
osv

ansibleguy-webui Cross-site Scripting vulnerability

Impact Multiple forms in version &lt;0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser. Patches We recommend to upgrade to version &gt;= 0.0.21 References Report GitHub Issue...

6.9AI Score

2024-05-28 09:23 PM
4
osv
osv

dbt allows Binding to an Unrestricted IP Address via socketsocket

Summary Binding to INADDR_ANY (0.0.0.0) or IN6ADDR_ANY (::) exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDR_ANY by passing "" as the address....

6.5AI Score

2024-05-28 09:19 PM
5
github
github

dbt allows Binding to an Unrestricted IP Address via socketsocket

Summary Binding to INADDR_ANY (0.0.0.0) or IN6ADDR_ANY (::) exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDR_ANY by passing "" as the address....

6.9AI Score

2024-05-28 09:19 PM
3
openbugbounty
openbugbounty

garotasdavan.uol.com.br Cross Site Scripting vulnerability OBB-3931403

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-28 09:04 PM
2
osv
osv

SimpleSAMLphp Reflected Cross-site Scripting vulnerability

Background SimpleSAMLphp uses metadata to determine how to interact with other SAML entities. This metadata includes what’s called endpoints, which are URLs belonging to that entity where SAML messages can be sent. These URLs are used directly by SimpleSAMLphp when a message is sent, either via an....

6AI Score

2024-05-28 08:55 PM
github
github

SimpleSAMLphp Reflected Cross-site Scripting vulnerability

Background SimpleSAMLphp uses metadata to determine how to interact with other SAML entities. This metadata includes what’s called endpoints, which are URLs belonging to that entity where SAML messages can be sent. These URLs are used directly by SimpleSAMLphp when a message is sent, either via an....

6AI Score

2024-05-28 08:55 PM
2
krebs
krebs

Treasury Sanctions Creators of 911 S5 Proxy Botnet

The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe....

7.3AI Score

2024-05-28 08:38 PM
7
malwarebytes
malwarebytes

pcTattleTale spyware leaks database containing victim screenshots, gets website defaced

The idea behind the software is simple. When the spying party installs the stalkerware, they grant permission to record what happens on the targeted Android or Windows device. The observer can then log in on an online portal and activate recording, at which point a screen capture is taken on the...

7.2AI Score

2024-05-28 08:35 PM
4
osv
osv

Mocodo vulnerable to SQL injection in `/web/generate.php`

Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain...

9AI Score

2024-05-28 08:20 PM
github
github

Mocodo vulnerable to SQL injection in `/web/generate.php`

Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain...

9AI Score

2024-05-28 08:20 PM
cvelist
cvelist

CVE-2024-22641

TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG...

7.1AI Score

2024-05-28 08:17 PM
2
cvelist
cvelist

CVE-2024-35240 Stored Cross-site Scripting on Print Functionality in Umbraco Commerce

Umbraco Commerce is an open source dotnet ecommerce solution. In affected versions there exists a stored Cross-site scripting (XSS) issue which would enable attackers to inject malicious code into Print Functionality. This issue has been addressed in versions 12.1.4, and 10.0.5. Users are advised.....

6.2AI Score

2024-05-28 08:15 PM
4
openbugbounty
openbugbounty

bpag.uol.com.br Cross Site Scripting vulnerability OBB-3931401

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-05-28 07:54 PM
4
cvelist
cvelist

CVE-2023-30308

An issue discovered in Ruijie EG210G-P, Ruijie EG105G-V2, Ruijie NBR, and Ruijie EG105G routers allows attackers to hijack TCP sessions which could lead to a denial of...

7AI Score

2024-05-28 07:37 PM
4
github
github

SimpleSAMLphp signature validation bypass

Background SAML messages are usually signed to prove the identity of the issuer of the message. In the case of SAML authentication responses, correctly verifying the signature is critical to trust that the assertion contained inside the response was issued by a trusted third-party and the identity....

7.2AI Score

2024-05-28 07:29 PM
2
osv
osv

SimpleSAMLphp signature validation bypass

Background SAML messages are usually signed to prove the identity of the issuer of the message. In the case of SAML authentication responses, correctly verifying the signature is critical to trust that the assertion contained inside the response was issued by a trusted third-party and the identity....

7.2AI Score

2024-05-28 07:29 PM
cvelist
cvelist

CVE-2023-30307

An issue discovered in TP-LINK TL-R473GP-AC, TP-LINK XDR6020, TP-LINK TL-R479GP-AC, TP-LINK TL-R4239G, TP-LINK TL-WAR1200L, and TP-LINK TL-R476G routers allows attackers to hijack TCP sessions which could lead to a denial of...

7AI Score

2024-05-28 07:28 PM
3
Total number of security vulnerabilities2525824