Wiser For C-Bus Automation Controller, LSS5500SHAC Security Vulnerabilities

goettrupvand.dk Cross Site Scripting vulnerability OBB-3939282

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

khabarbharat24.co.in Cross Site Scripting vulnerability OBB-3939277

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

sameera.co.in Cross Site Scripting vulnerability OBB-3939274

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-4994

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-4025

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

CVE-2024-2177

This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...

‘Poseidon’ Mac stealer distributed via Google ads

On June 24, we observed a new campaign distributing a stealer targeting Mac users via malicious Google ads for the Arc browser. This is the second time in the past couple of months where we see Arc being used as a lure, certainly a sign of its popularity. It was previously used to drop a Windows...

arnd.nl Cross Site Scripting vulnerability OBB-3939273

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

goedbezigvalkenswaard.nl Cross Site Scripting vulnerability OBB-3939272

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Snowflake isn’t an outlier, it’s the canary in the coal mine

By Nick Biasini with contributions from Kendall McKay and Guilherme Venere Headlines continue to roll in about the many implications and follow-on attacks originating from leaked and/or stolen credentials for the Snowflake cloud data platform. Adversaries obtained stolen login credentials for...

The Secrets of Hidden AI Training on Your Data

While some SaaS threats are clear and visible, others are hidden in plain sight, both posing significant risks to your organization. Wing's research indicates that an astounding 99.7% of organizations utilize applications embedded with AI functionalities. These AI-driven tools are indispensable,...

eromon.net Open Redirect vulnerability OBB-3939266

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-6262

The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....

CVE-2024-6262

The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....

CVE-2024-5535

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...

CVE-2024-5535

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...

CVE-2024-6262 Portfolio Gallery – Image Gallery Plugin <= 1.6.4 - Authenticated (Contributor+) DOM-Based Stored Cross-Site Scripting

The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....

lectitopublishing.nl Cross Site Scripting vulnerability OBB-3939260

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

pusob.edu.np Open Redirect vulnerability OBB-3939259

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-5535 SSL_select_next_proto buffer overread

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...

CVE-2024-5535 SSL_select_next_proto buffer overread

Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...

CVE-2024-0949

Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows...

CVE-2024-0949

Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows...

Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks

Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE-2024-5565 (CVSS score: 8.1), relates to a case of prompt...

CVE-2024-0949 Improper Access Control in Talya Informatics' Elektraweb

Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows...

How to Use Python to Build Secure Blockchain Applications

Did you know it's now possible to build blockchain applications, known also as decentralized applications (or "dApps" for short) in native Python? Blockchain development has traditionally required learning specialized languages, creating a barrier for many developers… until now. AlgoKit, an...

CVE-2024-4983

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘video_color’ parameter in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output...

CVE-2024-4983

The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘video_color’ parameter in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output...

CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5

CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5. No patch is available...

CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5

CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5. No patch is available...

CVE-2020-1472 affecting package samba for versions less than 4.12.5-4

CVE-2020-1472 affecting package samba for versions less than 4.12.5-4. A patched version of the package is...

GHSA-95PR-FXF5-86GV vulnerabilities

Vulnerabilities for packages: neuvector-sigstore-interface, tkn, slsa-verifier, spire-server, flux-source-controller, wolfictl, policy-controller, falco, aactl, melange, gitsign, vexctl, tekton-chains, goreleaser, zot, falcoctl, kubescape, zarf, apko, ko,...

CVE-2024-29018 vulnerabilities

Vulnerabilities for packages: grype, loki, buildkitd, crossplane, up, kaniko, tkn, docker-compose, ctop, spire-server, syft, wolfictl, conftest, prometheus, datadog-agent, aactl, melange, trivy, goreleaser, dagger, zot, buf, kubescape, cadvisor, ko, kargo,...

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: keda, tkn, slsa-verifier, spire-server, flux-source-controller, traefik, cilium-envoy, cloudflared, oauth2-proxy, terragrunt, cert-manager, kyverno, dex, falco, aactl, istio-pilot-discovery, gitsign, sops, vexctl, tekton-chains, kots, rekor, flux-kustomize-controller,....

GHSA-JQ35-85CJ-FJ4P vulnerabilities

Vulnerabilities for packages: loki, kpt, up, slsa-verifier, ctop, cert-manager, prometheus, falco, aactl, chartmuseum, paranoia, tekton-chains, k3d, goreleaser, scorecard, kubescape, skaffold, bom, tekton-pipelines,...

GHSA-MQ39-4GV4-MVPX vulnerabilities

Vulnerabilities for packages: grype, loki, buildkitd, crossplane, up, kaniko, tkn, docker-compose, ctop, spire-server, syft, wolfictl, conftest, prometheus, datadog-agent, aactl, melange, trivy, goreleaser, dagger, zot, buf, kubescape, cadvisor, ko, kargo,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: helm-push, clusterctl, prometheus-redis-exporter, cass-operator, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, aws-load-balancer-controller, k8sgpt, velero, docker-cli, kpt, kubewatch, secrets-store-csi-driver-provider-azure,...

GHSA-CFGP-2977-2FMM vulnerabilities

Vulnerabilities for packages: calico,...

GHSA-VR64-R9QJ-H27F vulnerabilities

Vulnerabilities for packages:...

CVE-2024-29131 vulnerabilities

Vulnerabilities for packages: trino, neo4j,...

GHSA-7WW5-4WQC-M92C vulnerabilities

Vulnerabilities for packages: helm-push, grype, eksctl, helm, up, kaniko, ctop, flux-source-controller, fuse-overlayfs-snapshotter, cert-manager, newrelic-infrastructure-agent, melange, cilium-cli, kubevela, trivy, k3d, kots, neuvector-agent, zot, flux-helm-controller, gitness, kubescape,...

CVE-2024-25620 vulnerabilities

Vulnerabilities for packages: helm-push, k9s, kubescape, cert-manager, zot, trivy, k8sgpt, kots, zarf, eksctl, helm-operator, chartmuseum, flux-source-controller, up, cilium-cli, flux-helm-controller,...

GHSA-5R57-JCC8-JHH3 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-5493 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-5494 vulnerabilities

Vulnerabilities for packages:...

GHSA-P8V3-5HQQ-7C5R vulnerabilities

Vulnerabilities for packages:...

CVE-2024-6103 vulnerabilities

Vulnerabilities for packages:...

GHSA-M848-8F5R-6J4G vulnerabilities

Vulnerabilities for packages:...

GHSA-RPVG-H6P6-42QJ vulnerabilities

Vulnerabilities for packages:...

CVE-2024-5830 vulnerabilities

Vulnerabilities for packages:...