EulerOS 2.0 SP11 : sssd (EulerOS-SA-2024-1847)
According to the versions of the sssd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A race condition flaw was found in sssd where the GPO policy is not consistently applied for authenticated users. This may lead to improper...
7.1CVSS
7.3AI Score
0.0004EPSS
EulerOS 2.0 SP11 : llvm (EulerOS-SA-2024-1839)
According to the versions of the llvm packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : LLVM 15.0.0 has a NULL pointer dereference in the parseOneMetadata() function via a crafted pdflatex.fmt file (or perhaps a crafted .o file) to...
6.8AI Score
0.0004EPSS
EulerOS 2.0 SP11 : nghttp2 (EulerOS-SA-2024-1820)
According to the versions of the nghttp2 package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the...
5.3CVSS
7.3AI Score
0.0004EPSS
AlmaLinux 9 : python3.9 (ALSA-2024:4078)
The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2024:4078 advisory. * python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) * python: The zipfile module is vulnerable to zip-bombs leading to denial of...
7.8CVSS
7.4AI Score
0.0005EPSS
AlmaLinux 9 : python3.11 (ALSA-2024:4077)
The remote AlmaLinux 9 host has packages installed that are affected by a vulnerability as referenced in the ALSA-2024:4077 advisory. * python: Path traversal on tempfile.TemporaryDirectory (CVE-2023-6597) Tenable has extracted the preceding description block directly from the AlmaLinux security...
7.8CVSS
7.1AI Score
0.0004EPSS
EulerOS 2.0 SP11 : openssl (EulerOS-SA-2024-1821)
According to the versions of the openssl packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Issue summary: Some non-default TLS server configurations can cause unbounded memory growth when processing TLSv1.3 sessions Impact summary:...
7.1AI Score
0.0004EPSS
EulerOS 2.0 SP11 : gnutls (EulerOS-SA-2024-1834)
According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS,...
5.3CVSS
7.2AI Score
0.0005EPSS
7AI Score
0.0004EPSS
bistro-invitro.com Cross Site Scripting vulnerability OBB-3938488
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
biggles-online.com Cross Site Scripting vulnerability OBB-3938487
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
bookme.bylancer.com Cross Site Scripting vulnerability OBB-3938486
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
aquent.com Cross Site Scripting vulnerability OBB-3938484
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
onlinecv.fr Cross Site Scripting vulnerability OBB-3938483
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
blog.artsper.com Cross Site Scripting vulnerability OBB-3938482
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
coopercomplete.com Cross Site Scripting vulnerability OBB-3938481
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Security Bulletin: AIX is affected by a denial of service due to Python (CVE-2024-0450)
Summary Vulnerability in Python could allow a remote attacker to cause a denial of service (CVE-2024-0450). Python is used by AIX as part of Ansible node management automation. Vulnerability Details ** CVEID: CVE-2024-0450 DESCRIPTION: **Python CPython is vulnerable to a denial of service, caused.....
6.2CVSS
7.3AI Score
0.0005EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affect AIX
Summary There are multiple vulnerabilities in IBM SDK Java Technology Edition, Version 8 used by AIX. AIX has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-21085 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow a remote...
5.9CVSS
7.2AI Score
0.0004EPSS
Updated python-gunicorn packages fix security vulnerability
Gunicorn fails to properly validate Transfer-Encoding headers, leading to HTTP Request Smuggling (HRS) vulnerabilities. By crafting requests with conflicting Transfer-Encoding headers, attackers can bypass security restrictions and access restricted endpoints. This issue is due to Gunicorn's...
7.5CVSS
7AI Score
0.0004EPSS
Updated chromium-browser-stable packages fix security vulnerabilities
High CVE-2024-6100: Type Confusion in V8. Reported by Seunghyun Lee (@0x10n) participating in SSD Secure Disclosure's TyphoonPWN 2024 on 2024-06-04 High CVE-2024-6101: Inappropriate implementation in WebAssembly. Reported by @ginggilBesel on 2024-05-31 High CVE-2024-6102: Out of bounds memory...
8.8CVSS
7.5AI Score
0.001EPSS
flexbox.at Cross Site Scripting vulnerability OBB-3938480
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7AI Score
Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in.....
0.0004EPSS
Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in.....
6.9AI Score
0.0004EPSS
clintlukensrealty.com Cross Site Scripting vulnerability OBB-3938479
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
mrpoc.net Cross Site Scripting vulnerability OBB-3938478
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
bluearcher.com Cross Site Scripting vulnerability OBB-3938477
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
refurbpro.com Cross Site Scripting vulnerability OBB-3938476
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CVE-2023-45196 Adminer and AdminerEvo denial of service via HTTP redirect
Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in.....
0.0004EPSS
CVE-2023-45196 Adminer and AdminerEvo denial of service via HTTP redirect
Adminer and AdminerEvo allow an unauthenticated remote attacker to cause a denial of service by connecting to an attacker-controlled service that responds with HTTP redirects. The denial of service is subject to PHP configuration limits. Adminer is no longer supported, but this issue was fixed in.....
7.2AI Score
0.0004EPSS
borrellassociates.com Cross Site Scripting vulnerability OBB-3938475
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Cloud Software Group Security Advisory for CVE-2024-3661
Cloud Software Group has evaluated the impact of vulnerability CVE-2024-3661 on our products. This vulnerability may allow an attacker on the same local network as the victim to read, disrupt, or modify network traffic expected to be protected by the VPN. Please find below the impact status: ...
7.6CVSS
6.7AI Score
0.0005EPSS
uoanbar.edu.iq Cross Site Scripting vulnerability OBB-3938474
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...
0.0004EPSS
Hangzhou Meisoft Information Technology Co., Ltd. FineSoft <=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...
6.5AI Score
0.0004EPSS
bioindustry.org Cross Site Scripting vulnerability OBB-3938467
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
XWiki programming rights may be inherited by inclusion
Impact The content of a document included using {{include reference="targetdocument"/}} is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the include...
9.9CVSS
7AI Score
0.0004EPSS
XWiki programming rights may be inherited by inclusion
Impact The content of a document included using {{include reference="targetdocument"/}} is executed with the right of the includer and not with the right of its author. This means that any user able to modify the target document can impersonate the author of the content which used the include...
9.9CVSS
7AI Score
0.0004EPSS
support.realtech.com Cross Site Scripting vulnerability OBB-3938464
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
genoverband.de Cross Site Scripting vulnerability OBB-3938463
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The content of a document included using {{include reference="targetdocument"/}} is executed with the right of the includer and not with the right of its author. This means that any user able...
9.9CVSS
9.4AI Score
0.0004EPSS
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The content of a document included using {{include reference="targetdocument"/}} is executed with the right of the includer and not with the right of its author. This means that any user able...
9.9CVSS
0.0004EPSS
In today’s interconnected digital world, the role of web applications and APIs has become central to business operations, acting as gateways to vast amounts of valuable data and services. However, their widespread use and accessibility make them prime targets for cybercriminals, posing substantial....
7.7AI Score
Change Healthcare confirms the customer data stolen in ransomware attack
For the first time since news broke about a ransomware attack on Change Healthcare, the company has released details about the data stolen during the attack. First, a quick refresher: On February 21, 2024, Change Healthcare experienced serious system outages due to a cyberattack. The incident led.....
7.4AI Score
CVE-2024-38369 XWiki programming rights may be inherited by inclusion
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The content of a document included using {{include reference="targetdocument"/}} is executed with the right of the includer and not with the right of its author. This means that any user able...
9.9CVSS
6.8AI Score
0.0004EPSS
CVE-2024-38369 XWiki programming rights may be inherited by inclusion
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The content of a document included using {{include reference="targetdocument"/}} is executed with the right of the includer and not with the right of its author. This means that any user able...
9.9CVSS
0.0004EPSS
9.1CVSS
7AI Score
EPSS
Exploit for OS Command Injection in Dolibarr Dolibarr Erp/Crm
Readme.md CVE-2023-30253 CVE-2023-30253 is a...
8.8CVSS
7.6AI Score
0.008EPSS
jkpanchayat.jk.gov.in Cross Site Scripting vulnerability OBB-3938462
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`
Summary ZIP files uploaded to the server-side endpoint handling a CodeChecker store are not properly sanitized. An attacker can exercise a path traversal to make the CodeChecker server load and display files from an arbitrary location on the server machine. Details Target The vulnerable endpoint...
6.5CVSS
6.7AI Score
0.0004EPSS
CodeChecker has a Path traversal in `CodeChecker server` in the endpoint of `CodeChecker store`
Summary ZIP files uploaded to the server-side endpoint handling a CodeChecker store are not properly sanitized. An attacker can exercise a path traversal to make the CodeChecker server load and display files from an arbitrary location on the server machine. Details Target The vulnerable endpoint...
6.5CVSS
6.7AI Score
0.0004EPSS