dfamilk.com Cross Site Scripting vulnerability OBB-3939908
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
The Basil recipe theme for WordPress is vulnerable to Persistent Cross-Site Scripting (XSS) via the post_title parameter in versions up to, and including, 2.0.4 due to insufficient input sanitization and output escaping. This vulnerability allows authenticated attackers with contributor-level...
5.4CVSS
EPSS
aps-livno.com Cross Site Scripting vulnerability OBB-3939907
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Parse Server is an open source backend that can be deployed to any infrastructure that can run Node.js. A vulnerability in versions prior to 6.5.7 and 7.1.0 allows SQL injection when Parse Server is configured to use the PostgreSQL database. The algorithm to detect SQL injection has been improved.....
9.8CVSS
EPSS
The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass. This vulnerability is present in all Entra-supported deployments of N-central prior to...
9.1CVSS
EPSS
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipulated for owner session hijacking Compromising a victim’s session will result in a full takeover of.....
8CVSS
7.9AI Score
EPSS
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all...
9.9CVSS
9.6AI Score
EPSS
Envoy is a cloud-native, open source edge and service proxy. Prior to versions 1.30.4, 1.29.7, 1.28.5, and 1.27.7. Envoy references already freed memory when route hash policy is configured with cookie attributes. Note that this vulnerability has been fixed in the open as the effect would be...
6.5CVSS
EPSS
Envoy is a cloud-native, open source edge and service proxy. Prior to versions 1.30.4, 1.29.7, 1.28.5, and 1.27.7. Envoy references already freed memory when route hash policy is configured with cookie attributes. Note that this vulnerability has been fixed in the open as the effect would be...
6.5CVSS
6.5AI Score
EPSS
The N-central server is vulnerable to session rebinding of already authenticated users when using Entra SSO, which can lead to authentication bypass. This vulnerability is present in all Entra-supported deployments of N-central prior to...
9.1CVSS
9.2AI Score
EPSS
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all...
9.9CVSS
EPSS
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipulated for owner session hijacking Compromising a victim’s session will result in a full takeover of.....
8CVSS
EPSS
The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the...
9.1CVSS
EPSS
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. The part of trunk which verifies whether a user has a real email address on signup used a rfc-822 library which executes a shell command to validate the email domain MX records validity. It works via an DNS MX.....
9CVSS
EPSS
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. The part of trunk which verifies whether a user has a real email address on signup used a rfc-822 library which executes a shell command to validate the email domain MX records validity. It works via an DNS MX.....
9CVSS
9.4AI Score
EPSS
The N-central server is vulnerable to an authentication bypass of the user interface. This vulnerability is present in all deployments of N-central prior to 2024.2. This vulnerability was discovered through internal N-central source code review and N-able has not observed any exploitation in the...
9.1CVSS
9.4AI Score
EPSS
zana.ba Cross Site Scripting vulnerability OBB-3939906
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Envoy is a cloud-native, open source edge and service proxy. Prior to versions 1.30.4, 1.29.7, 1.28.5, and 1.27.7. Envoy references already freed memory when route hash policy is configured with cookie attributes. Note that this vulnerability has been fixed in the open as the effect would be...
6.5CVSS
EPSS
CVE-2016-8681 affecting package libdwarf for versions less than 0.9.0
CVE-2016-8681 affecting package libdwarf for versions less than 0.9.0. A patched version of the package is...
5.5CVSS
6AI Score
0.001EPSS
CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10
CVE-2023-44487 affecting package prometheus for versions less than 2.37.0-10. A patched version of the package is...
7.5CVSS
7.8AI Score
0.732EPSS
CVE-2022-3857 affecting package syslinux 6.04-10
CVE-2022-3857 affecting package syslinux 6.04-10. No patch is available...
5.5CVSS
5.5AI Score
0.001EPSS
CVE-2012-3381 affecting package sblim-sfcb 1.4.9-20
CVE-2012-3381 affecting package sblim-sfcb 1.4.9-20. No patch is available...
6.8AI Score
0.0004EPSS
CVE-2012-2653 affecting package arpwatch 2.1a15-51
CVE-2012-2653 affecting package arpwatch 2.1a15-51. No patch is available...
9.5AI Score
0.011EPSS
CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5
CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5. This CVE either no longer is or was never...
7.5CVSS
7AI Score
0.001EPSS
CVE-2023-0687 affecting package glibc 2.35-7
CVE-2023-0687 affecting package glibc 2.35-7. This CVE either no longer is or was never...
9.8CVSS
9.6AI Score
0.001EPSS
CVE-2022-4055 affecting package xdg-utils 1.1.3-7
CVE-2022-4055 affecting package xdg-utils 1.1.3-7. No patch is available...
7.4CVSS
7.5AI Score
0.001EPSS
CVE-2024-23653 affecting package moby-compose for versions less than 2.17.2-7
CVE-2024-23653 affecting package moby-compose for versions less than 2.17.2-7. A patched version of the package is...
9.8CVSS
7.3AI Score
0.001EPSS
CVE-2023-44487 affecting package cmake for versions less than 3.21.4-10
CVE-2023-44487 affecting package cmake for versions less than 3.21.4-10. A patched version of the package is...
7.5CVSS
7.8AI Score
0.732EPSS
CVE-2022-1941 affecting package grpc 1.42.0-7
CVE-2022-1941 affecting package grpc 1.42.0-7. This CVE either no longer is or was never...
7.5CVSS
8AI Score
0.002EPSS
CVE-2022-40898 affecting package python-wheel 0.33.6-7
CVE-2022-40898 affecting package python-wheel 0.33.6-7. No patch is available...
7.5CVSS
7.7AI Score
0.003EPSS
CVE-2016-2124 affecting package samba 4.12.5-6
CVE-2016-2124 affecting package samba 4.12.5-6. No patch is available...
5.9CVSS
6.8AI Score
0.002EPSS
CVE-2016-4912 affecting package openslp 2.0.0-26
CVE-2016-4912 affecting package openslp 2.0.0-26. No patch is available...
7.5CVSS
7.7AI Score
0.002EPSS
CVE-2022-43552 affecting package cmake 3.21.4-10
CVE-2022-43552 affecting package cmake 3.21.4-10. No patch is available...
5.9CVSS
8AI Score
0.001EPSS
CVE-2020-27748 affecting package xdg-utils 1.1.3-7
CVE-2020-27748 affecting package xdg-utils 1.1.3-7. No patch is available...
6.5CVSS
7.5AI Score
0.002EPSS
CVE-2019-16707 affecting package hunspell 1.7.0-7
CVE-2019-16707 affecting package hunspell 1.7.0-7. This CVE either no longer is or was never...
6.5CVSS
7AI Score
0.003EPSS
CVE-2022-4904 affecting package grpc 1.42.0-7
CVE-2022-4904 affecting package grpc 1.42.0-7. No patch is available...
8.6CVSS
8.9AI Score
0.001EPSS
CVE-2023-23915 affecting package cmake 3.21.4-10
CVE-2023-23915 affecting package cmake 3.21.4-10. No patch is available...
6.5CVSS
8AI Score
0.001EPSS
CVE-2010-4756 affecting package glibc 2.35-7
CVE-2010-4756 affecting package glibc 2.35-7. This CVE either no longer is or was never...
6.4AI Score
0.008EPSS
CVE-2023-23916 affecting package cmake 3.21.4-10
CVE-2023-23916 affecting package cmake 3.21.4-10. No patch is available...
6.5CVSS
8.3AI Score
0.001EPSS
CVE-2023-25153 affecting package k3s for versions less than 1.25.5-7
CVE-2023-25153 affecting package k3s for versions less than 1.25.5-7. This CVE either no longer is or was never...
6.2CVSS
6.9AI Score
0.001EPSS
CVE-2016-1000104 affecting package mod_fcgid 2.3.9-21
CVE-2016-1000104 affecting package mod_fcgid 2.3.9-21. No patch is available...
8.8CVSS
8.9AI Score
0.008EPSS
CVE-2016-2568 affecting package polkit 0.119-3
CVE-2016-2568 affecting package polkit 0.119-3. No patch is available...
7.8CVSS
7.9AI Score
0.0004EPSS
CVE-2021-46023 affecting package rust 1.72.0-7
CVE-2021-46023 affecting package rust 1.72.0-7. This CVE either no longer is or was never...
7.5CVSS
7.6AI Score
0.001EPSS
CVE-2016-3709 affecting package libxml2 2.9.14-3
CVE-2016-3709 affecting package libxml2 2.9.14-3. This CVE either no longer is or was never...
6.1CVSS
9.2AI Score
0.001EPSS
CVE-2021-25741 affecting package kubernetes-1.21.2 1.21.2-7
CVE-2021-25741 affecting package kubernetes-1.21.2 1.21.2-7. No patch is available...
8.8CVSS
8.9AI Score
EPSS
CVE-2016-2568 affecting package polkit 0.116-7
CVE-2016-2568 affecting package polkit 0.116-7. No patch is available...
7.8CVSS
7.5AI Score
0.0004EPSS
CVE-2021-25741 affecting package kubernetes-1.20.9 1.20.9-7
CVE-2021-25741 affecting package kubernetes-1.20.9 1.20.9-7. No patch is available...
8.8CVSS
8.9AI Score
EPSS
CVE-2019-20633 affecting package patch 2.7.6-7
CVE-2019-20633 affecting package patch 2.7.6-7. No patch is available...
5.5CVSS
7.5AI Score
0.001EPSS
CVE-2021-3996 affecting package util-linux 2.32.1-7
CVE-2021-3996 affecting package util-linux 2.32.1-7. This CVE either no longer is or was never...
5.5CVSS
5.9AI Score
0.0004EPSS
CVE-2021-25741 affecting package kubernetes-1.19.11 1.19.11-7
CVE-2021-25741 affecting package kubernetes-1.19.11 1.19.11-7. No patch is available...
8.8CVSS
8.9AI Score
EPSS