Snapdragon Auto, Snapdragon Compute, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Mobile, Snapdragon Wired Infrastructure And Networking Security Vulnerabilities

dailylivenews.in Cross Site Scripting vulnerability OBB-3931420

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

parakme.de Cross Site Scripting vulnerability OBB-3931419

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-5437 SourceCodester Simple Online Bidding System save_category cross site scripting

A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as problematic. Affected is the function save_category of the file /admin/index.php?page=categories. The manipulation of the argument name leads to cross site scripting. It is possible to launch...

eirene.de Cross Site Scripting vulnerability OBB-3931416

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

dev.biozidauswaschung.de Cross Site Scripting vulnerability OBB-3931415

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

silvesterreisen.de Cross Site Scripting vulnerability OBB-3931413

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-36112 Nautobot dynamic-group-members doesn't enforce permission restrictions on member objects

Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (extras.view_dynamicgroup permission) can use the Dynamic Group detail UI view (/extras/dynamic-groups/<uuid>/) and/or the members REST API view...

webservices.mx Cross Site Scripting vulnerability OBB-3931410

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

dashboard.chamtest.tourone.de Cross Site Scripting vulnerability OBB-3931409

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Wiz launches new data center in UAE, supercharging global operations in the region

Organizations in the region can now benefit from Wiz's cloud security platform while maintaining their data sovereignty and privacy...

dasbrombeerhaus.de Cross Site Scripting vulnerability OBB-3931408

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

dartliga-as.de Cross Site Scripting vulnerability OBB-3931407

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2023-30314

An issue discovered in 360 V6G, 360 T5G, 360 T6M, and 360 P1 routers allows attackers to hijack TCP sessions which could lead to a denial of...

CVE-2023-30312

An issue discovered in routers running Openwrt 18.06, 19.07, 21.02, 22.03 and beyond allows attackers to hijack TCP sessions which could lead to a denial of...

dalui.de Cross Site Scripting vulnerability OBB-3931406

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-21626 vulnerabilities

Vulnerabilities for packages: syft, k3s, skaffold, grype, newrelic-infrastructure-agent, docker, wolfictl, runc, datadog-agent, zarf, kubernetes, nvidia-device-plugin, ctop, trivy, kots, k3d, kubescape, buildkitd, zot, skopeo, nerdctl, cadvisor, telegraf, ingress-nginx-controller, kaniko,...

GHSA-7WW5-4WQC-M92C vulnerabilities

Vulnerabilities for packages: skaffold, grype, newrelic-infrastructure-agent, cert-manager, kubevela, flux-helm-controller, flux-source-controller, up, ctop, cilium-cli, melange, trivy, kots, eksctl, k3d, kubescape, zot, tekton-pipelines, helm-push, telegraf, fuse-overlayfs-snapshotter, kaniko,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-driver-hostpath, newrelic-nri-kube-events, k8sgpt, external-dns, fulcio, istio-operator, grype, litefs, prometheus-elasticsearch-exporter, rabbitmq-messaging-topology-operator, spicedb, thanos-operator, pulumi-language-dotnet,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: kind, external-dns, grype, prometheus-elasticsearch-exporter, pulumi-language-dotnet, vault-csi-provider, cilium-envoy, flux-helm-controller, pulumi-kubernetes-operator, sigstore-scaffolding, cortex, argo-cd, aws-efs-csi-driver, dgraph, node-problem-detector, kaf,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: k8sgpt, litefs, thanos-operator, prometheus-elasticsearch-exporter, swagger, pulumi-language-dotnet, kubebuilder, runc, flux-helm-controller, pulumi-kubernetes-operator, cortex, step, kine, bincapz, loki, melange, memcached-exporter, nri-redis, helm-push,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: k8sgpt, external-dns, thanos-operator, prometheus-elasticsearch-exporter, pulumi-language-dotnet, prometheus-postgres-exporter, vault-csi-provider, kubernetes-csi-external-provisioner, runc, flux-helm-controller, pulumi-kubernetes-operator, sigstore-scaffolding,...

CVE-2024-24557 vulnerabilities

Vulnerabilities for packages: k8sgpt, k3s, skaffold, cri-tools, kubeflow-katib, crane, newrelic-infrastructure-agent, prometheus, cert-manager, kubevela, cosign, flux-helm-controller, argo-workflows, istio-pilot-discovery, bom, datadog-agent, falcoctl, timoni, zarf, slsa-verifier,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: kubernetes-csi-driver-hostpath, newrelic-nri-kube-events, k8sgpt, external-dns, fulcio, istio-operator, grype, litefs, prometheus-elasticsearch-exporter, rabbitmq-messaging-topology-operator, spicedb, thanos-operator, pulumi-language-dotnet,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: k8sgpt, litefs, thanos-operator, prometheus-elasticsearch-exporter, swagger, pulumi-language-dotnet, kubebuilder, runc, flux-helm-controller, pulumi-kubernetes-operator, cortex, step, kine, bincapz, loki, melange, memcached-exporter, nri-redis, helm-push,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: kubernetes-ingress-defaultbackend, k8sgpt, external-dns, istio-operator, kind, thanos-operator, prometheus-elasticsearch-exporter, pulumi-language-dotnet, prometheus-postgres-exporter, caddy, vault-csi-provider, kubernetes-csi-external-provisioner, runc,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: k8sgpt, external-dns, thanos-operator, prometheus-elasticsearch-exporter, pulumi-language-dotnet, prometheus-postgres-exporter, vault-csi-provider, kubernetes-csi-external-provisioner, runc, flux-helm-controller, pulumi-kubernetes-operator, sigstore-scaffolding,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: kubernetes-ingress-defaultbackend, k8sgpt, external-dns, istio-operator, kind, thanos-operator, prometheus-elasticsearch-exporter, pulumi-language-dotnet, prometheus-postgres-exporter, caddy, vault-csi-provider, kubernetes-csi-external-provisioner, runc,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: kind, external-dns, grype, prometheus-elasticsearch-exporter, pulumi-language-dotnet, vault-csi-provider, cilium-envoy, flux-helm-controller, pulumi-kubernetes-operator, sigstore-scaffolding, cortex, argo-cd, aws-efs-csi-driver, dgraph, node-problem-detector, kaf,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

GHSA-XW73-RW38-6VJC vulnerabilities

Vulnerabilities for packages: k8sgpt, k3s, skaffold, cri-tools, kubeflow-katib, crane, newrelic-infrastructure-agent, prometheus, cert-manager, kubevela, cosign, flux-helm-controller, argo-workflows, istio-pilot-discovery, bom, datadog-agent, falcoctl, timoni, zarf, slsa-verifier,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...

GHSA-XR7R-F8XQ-VFVV vulnerabilities

Vulnerabilities for packages: syft, k3s, skaffold, grype, newrelic-infrastructure-agent, docker, wolfictl, runc, datadog-agent, zarf, kubernetes, nvidia-device-plugin, ctop, trivy, kots, k3d, kubescape, buildkitd, zot, skopeo, nerdctl, cadvisor, telegraf, ingress-nginx-controller, kaniko,...

garotasdavan.uol.com.br Cross Site Scripting vulnerability OBB-3931403

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

SimpleSAMLphp Reflected Cross-site Scripting vulnerability

Background SimpleSAMLphp uses metadata to determine how to interact with other SAML entities. This metadata includes what’s called endpoints, which are URLs belonging to that entity where SAML messages can be sent. These URLs are used directly by SimpleSAMLphp when a message is sent, either via an....

Treasury Sanctions Creators of 911 S5 Proxy Botnet

The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe....

pcTattleTale spyware leaks database containing victim screenshots, gets website defaced

The idea behind the software is simple. When the spying party installs the stalkerware, they grant permission to record what happens on the targeted Android or Windows device. The observer can then log in on an online portal and activate recording, at which point a screen capture is taken on the...

Mocodo vulnerable to SQL injection in `/web/generate.php`

Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain...

CVE-2024-22641

TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG...

CVE-2024-35240 Stored Cross-site Scripting on Print Functionality in Umbraco Commerce

Umbraco Commerce is an open source dotnet ecommerce solution. In affected versions there exists a stored Cross-site scripting (XSS) issue which would enable attackers to inject malicious code into Print Functionality. This issue has been addressed in versions 12.1.4, and 10.0.5. Users are advised.....

bpag.uol.com.br Cross Site Scripting vulnerability OBB-3931401

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2023-30308

An issue discovered in Ruijie EG210G-P, Ruijie EG105G-V2, Ruijie NBR, and Ruijie EG105G routers allows attackers to hijack TCP sessions which could lead to a denial of...

SimpleSAMLphp signature validation bypass

Background SAML messages are usually signed to prove the identity of the issuer of the message. In the case of SAML authentication responses, correctly verifying the signature is critical to trust that the assertion contained inside the response was issued by a trusted third-party and the identity....