Lucene search

K

WPcalc – Create Any Online Calculators Security Vulnerabilities

cve
cve

CVE-2024-6083 PHPVibe Media Upload Page upload-mp3.php unrestricted upload

A vulnerability, which was classified as critical, was found in PHPVibe 11.0.46. Affected is an unknown function of the file /app/uploading/upload-mp3.php of the component Media Upload Page. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack...

6.3CVSS

6.8AI Score

EPSS

2024-06-17 11:31 PM
1
cvelist
cvelist

CVE-2024-6083 PHPVibe Media Upload Page upload-mp3.php unrestricted upload

A vulnerability, which was classified as critical, was found in PHPVibe 11.0.46. Affected is an unknown function of the file /app/uploading/upload-mp3.php of the component Media Upload Page. The manipulation of the argument file leads to unrestricted upload. It is possible to launch the attack...

6.3CVSS

EPSS

2024-06-17 11:31 PM
1
nvd
nvd

CVE-2024-6080

A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-268822 is...

7.8CVSS

EPSS

2024-06-17 11:15 PM
cve
cve

CVE-2024-6082

A vulnerability, which was classified as problematic, has been found in PHPVibe 11.0.46. This issue affects some unknown processing of the file functionalities.global.php of the component Global Options Page. The manipulation of the argument site-logo-text leads to cross site scripting. The attack....

2.4CVSS

3.4AI Score

EPSS

2024-06-17 11:15 PM
1
nvd
nvd

CVE-2024-6082

A vulnerability, which was classified as problematic, has been found in PHPVibe 11.0.46. This issue affects some unknown processing of the file functionalities.global.php of the component Global Options Page. The manipulation of the argument site-logo-text leads to cross site scripting. The attack....

2.4CVSS

EPSS

2024-06-17 11:15 PM
cve
cve

CVE-2024-6080

A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-268822 is...

7.8CVSS

7.7AI Score

EPSS

2024-06-17 11:15 PM
1
cvelist
cvelist

CVE-2024-6082 PHPVibe Global Options Page functionalities.global.php cross site scripting

A vulnerability, which was classified as problematic, has been found in PHPVibe 11.0.46. This issue affects some unknown processing of the file functionalities.global.php of the component Global Options Page. The manipulation of the argument site-logo-text leads to cross site scripting. The attack....

2.4CVSS

EPSS

2024-06-17 11:00 PM
1
cvelist
cvelist

CVE-2024-6080 Intelbras InControl unquoted search path

A vulnerability classified as critical was found in Intelbras InControl 2.21.56. This vulnerability affects unknown code. The manipulation leads to unquoted search path. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. VDB-268822 is...

7.8CVSS

EPSS

2024-06-17 11:00 PM
1
osv
osv

Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec

Impact This issue is only relevant to clusters provisioned using RKE1 with secrets encryption configuration enabled. A vulnerability has been identified in which an RKE1 cluster keeps constantly reconciling when secrets encryption configuration is enabled (please see the RKE documentation). When...

6.1AI Score

EPSS

2024-06-17 10:30 PM
1
osv
osv

Rancher's External RoleTemplates can lead to privilege escalation

Impact A vulnerability has been identified whereby privilege escalation checks are not properly enforced for RoleTemplateobjects when external=true, which in specific scenarios can lead to privilege escalation. The bug in the webhook rule resolver ignores rules from a ClusterRole for external...

6.5AI Score

EPSS

2024-06-17 10:30 PM
osv
osv

rke's credentials are stored in the RKE1 Cluster state ConfigMap

Impact When RKE provisions a cluster, it stores the cluster state in a configmap called full-cluster-state inside the kube-system namespace of the cluster itself. This cluster state object contains information used to set up the K8s cluster, which may include the following sensitive data: ...

6AI Score

EPSS

2024-06-17 10:30 PM
osv
osv

Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider

Impact A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave...

6.5AI Score

EPSS

2024-06-17 10:30 PM
osv
osv

urllib3's Proxy-Authorization request header isn't stripped during cross-origin redirects

When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to accidentally configure the Proxy-Authorization header even though it...

4.4CVSS

7AI Score

EPSS

2024-06-17 09:37 PM
osv
osv

LNbits improperly handles potential network and payment failures when using Eclair backend

Summary Paying invoices in Eclair that do not get settled within the internal timeout (about 30s) lead to a payment being considered failed, even though it may still be in flight. Details Using blocking: true on the API call will lead to a timeout error if a payment does not get settled in the 30s....

8.1CVSS

6.7AI Score

0.0004EPSS

2024-06-17 09:24 PM
2
nvd
nvd

CVE-2024-6065

A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument user_email leads to sql injection. The attack may be initiated remotely. The exploit has...

7.3CVSS

EPSS

2024-06-17 09:15 PM
3
cve
cve

CVE-2024-6065

A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument user_email leads to sql injection. The attack may be initiated remotely. The exploit has...

7.3CVSS

7.5AI Score

EPSS

2024-06-17 09:15 PM
3
cvelist
cvelist

CVE-2024-6065 itsourcecode Bakery Online Ordering System index.php sql injection

A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been rated as critical. This issue affects some unknown processing of the file index.php. The manipulation of the argument user_email leads to sql injection. The attack may be initiated remotely. The exploit has...

7.3CVSS

EPSS

2024-06-17 09:00 PM
openbugbounty
openbugbounty

inalco.kosmopolead.com Open Redirect vulnerability OBB-3936005

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-17 08:48 PM
3
wallarmlab
wallarmlab

Zero-Day Marketplace Explained: How Zerodium, BugTraq, and Fear contributed to the Rise of the Zero-Day Vulnerability Black Market

Whenever a company is notified about or discovers a critical flaw in their system/application that has the potential to be exploited by malicious elements, it’s termed a vulnerability. However, every time a flaw being actively exploited is discovered, code red is punched as the organization’s IT...

7.9AI Score

2024-06-17 08:33 PM
1
rapid7blog
rapid7blog

Malvertising Campaign Leads to Execution of Oyster Backdoor

The following analysts contributed to this blog: Thomas Elkins, Daniel Thiede, Josh Lockwood, Tyler McGraw, and Sasha Kovalev. Executive Summary Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and.....

7.2AI Score

2024-06-17 08:28 PM
1
nvd
nvd

CVE-2024-37891

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...

4.4CVSS

EPSS

2024-06-17 08:15 PM
1
cve
cve

CVE-2024-37891

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...

4.4CVSS

4.8AI Score

EPSS

2024-06-17 08:15 PM
openbugbounty
openbugbounty

link.anti-crise.fr Open Redirect vulnerability OBB-3936002

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-17 08:04 PM
4
openbugbounty
openbugbounty

priegeltje.nl Open Redirect vulnerability OBB-3936001

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-17 07:47 PM
6
cvelist
cvelist

CVE-2024-37891 Proxy-Authorization request header isn't stripped during cross-origin redirects in urllib3

urllib3 is a user-friendly HTTP client library for Python. When using urllib3's proxy support with ProxyManager, the Proxy-Authorization header is only sent to the configured proxy, as expected. However, when sending HTTP requests without using urllib3's proxy support, it's possible to...

4.4CVSS

EPSS

2024-06-17 07:18 PM
2
openbugbounty
openbugbounty

api.almapay.co Open Redirect vulnerability OBB-3936000

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-17 07:18 PM
5
cve
cve

CVE-2024-6059

A vulnerability, which was classified as problematic, has been found in Ingenico Estate Manager 2023. This issue affects some unknown processing of the file /emgui/rest/ums/messages of the component News Feed. The manipulation of the argument message leads to cross site scripting. The attack may...

2.4CVSS

3.3AI Score

EPSS

2024-06-17 07:15 PM
3
nvd
nvd

CVE-2024-6059

A vulnerability, which was classified as problematic, has been found in Ingenico Estate Manager 2023. This issue affects some unknown processing of the file /emgui/rest/ums/messages of the component News Feed. The manipulation of the argument message leads to cross site scripting. The attack may...

2.4CVSS

EPSS

2024-06-17 07:15 PM
openbugbounty
openbugbounty

api.linkr.bio Open Redirect vulnerability OBB-3935999

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-17 07:10 PM
4
openbugbounty
openbugbounty

nissim.slama.free.fr Open Redirect vulnerability OBB-3935997

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

7AI Score

2024-06-17 07:06 PM
5
openbugbounty
openbugbounty

groschbau.de Cross Site Scripting vulnerability OBB-3935996

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 07:03 PM
3
openbugbounty
openbugbounty

kartoffel-salat.de Cross Site Scripting vulnerability OBB-3935995

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 07:00 PM
3
openbugbounty
openbugbounty

sosyre.de Cross Site Scripting vulnerability OBB-3935994

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:52 PM
4
openbugbounty
openbugbounty

sg-balk.de Cross Site Scripting vulnerability OBB-3935993

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:49 PM
3
openbugbounty
openbugbounty

mixedcocktails.de Cross Site Scripting vulnerability OBB-3935992

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:47 PM
4
openbugbounty
openbugbounty

studyator.de Cross Site Scripting vulnerability OBB-3935991

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:44 PM
4
openbugbounty
openbugbounty

joy-livemusic.de Cross Site Scripting vulnerability OBB-3935990

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:42 PM
4
cvelist
cvelist

CVE-2024-6059 Ingenico Estate Manager News Feed messages cross site scripting

A vulnerability, which was classified as problematic, has been found in Ingenico Estate Manager 2023. This issue affects some unknown processing of the file /emgui/rest/ums/messages of the component News Feed. The manipulation of the argument message leads to cross site scripting. The attack may...

2.4CVSS

EPSS

2024-06-17 06:31 PM
2
openbugbounty
openbugbounty

motu-almanach.de Cross Site Scripting vulnerability OBB-3935989

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:30 PM
4
openbugbounty
openbugbounty

bunifoto.de Cross Site Scripting vulnerability OBB-3935988

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:25 PM
2
openbugbounty
openbugbounty

d-zent-web.de Cross Site Scripting vulnerability OBB-3935987

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:23 PM
4
openbugbounty
openbugbounty

mager-web.de Cross Site Scripting vulnerability OBB-3935986

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:21 PM
3
openbugbounty
openbugbounty

diepianistin.de Cross Site Scripting vulnerability OBB-3935985

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

6.2AI Score

2024-06-17 06:19 PM
2
nvd
nvd

CVE-2024-6058

A vulnerability classified as problematic has been found in LabVantage LIMS 2017. This affects an unknown part of the file /labvantage/rc?command=page&page=SampleHistoricalList&_iframename=list&__crc=crc_1701669816260. The manipulation of the argument height/width leads to cross site scripting. It....

3.5CVSS

EPSS

2024-06-17 06:15 PM
1
nvd
nvd

CVE-2024-6056

A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /forgot-password of the component Password Reset Handler. The manipulation of the argument Email leads to observable response...

3.7CVSS

EPSS

2024-06-17 06:15 PM
2
cve
cve

CVE-2024-6056

A vulnerability was found in nasirkhan Laravel Starter up to 11.8.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /forgot-password of the component Password Reset Handler. The manipulation of the argument Email leads to observable response...

3.7CVSS

4.2AI Score

EPSS

2024-06-17 06:15 PM
2
cve
cve

CVE-2024-6058

A vulnerability classified as problematic has been found in LabVantage LIMS 2017. This affects an unknown part of the file /labvantage/rc?command=page&page=SampleHistoricalList&_iframename=list&__crc=crc_1701669816260. The manipulation of the argument height/width leads to cross site scripting. It....

3.5CVSS

3.6AI Score

EPSS

2024-06-17 06:15 PM
3
nvd
nvd

CVE-2024-37664

Redmi router RB03 v1.0.57 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by sending out forged TCP RST messages to evict NAT mappings in the...

EPSS

2024-06-17 06:15 PM
2
cve
cve

CVE-2024-37663

Redmi router RB03 v1.0.57 is vulnerable to forged ICMP redirect message attacks. An attacker in the same WLAN as the victim can hijack the traffic between the victim and any remote server by sending out forged ICMP redirect...

6.6AI Score

EPSS

2024-06-17 06:15 PM
2
nvd
nvd

CVE-2024-37662

TP-LINK TL-7DR5130 v1.0.23 is vulnerable to TCP DoS or hijacking attacks. An attacker in the same WLAN as the victim can disconnect or hijack the traffic between the victim and any remote server by sending out forged TCP RST messages to evict NAT mappings in the...

EPSS

2024-06-17 06:15 PM
3
Total number of security vulnerabilities1538731