WordPress Social Login And Register (Discord, Google, Twitter, LinkedIn) Security Vulnerabilities

aardvark.com.gr Cross Site Scripting vulnerability OBB-3935809

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-5650

DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to...

CVE-2024-5650

DLL Hijacking vulnerability has been found in CENTUM CAMS Log server provided by Yokogawa Electric Corporation. If an attacker is somehow able to intrude into a computer that installed affected product or access to a shared folder, by replacing the DLL file with a tampered one, it is possible to...

CVE-2024-6047

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...

CVE-2024-6047

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...

CVE-2024-4305

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

CVE-2024-4305

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

CVE-2024-3236

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...

CVE-2024-3236

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...

heerfashion.com Cross Site Scripting vulnerability OBB-3935807

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-3236 Easy Notify Lite < 1.1.33 - Contributor+ Stored XSS

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...

CVE-2024-4305 PostX < 4.1.0 - Contributor+ Stored XSS

The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...

CVE-2024-6047 GeoVision EOL device - OS Command Injection

Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...

mashcall.com Cross Site Scripting vulnerability OBB-3935805

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

NiceRAT Malware Targets South Korean Users via Cracked Software

Threat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which target South Korean users, are designed to propagate the malware under the guise of cracked software, such as Microsoft Windows, or tools that purport to offer license...

CVE-2024-6045

Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....

CVE-2024-6046

SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...

CVE-2024-6045

Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....

CVE-2024-6046

SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...

CVE-2024-6046 SECOM WRTR-304GN-304TW-UPSC - OS Command Injection

SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...

CVE-2024-5163

Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security...

CVE-2024-5163

Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security...

CVE-2024-6045 D-Link router - Hidden Backdoor

Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: nri-f5, runc, clusterctl, docker-cli, etcd, src-fingerprint, flux-helm-controller, terraform-docs, opentofu, nri-cassandra, skaffold, gitlab-logger, nri-couchbase, src, kubevela, fuse-overlayfs-snapshotter, prometheus, ingress-nginx-controller,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: runc, metacontroller, clusterctl, etcd, flux-helm-controller, terraform-docs, opentofu, skaffold, tekton-chains, containerd, cosign, certificate-transparency, kubevela, istio-operator, fuse-overlayfs-snapshotter, skopeo, prometheus, src, ingress-nginx-controller,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: terraform-docs, skaffold, tekton-chains, nri-couchbase, certificate-transparency, kubevela, src, prometheus, terragrunt, kubecolor, kpt, kubernetes, kubernetes-event-exporter, secrets-store-csi-driver-provider-azure, nri-memcached, metrics-server, chezmoi,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: runc, metacontroller, local-static-provisioner, clusterctl, etcd, src-fingerprint, terraform-docs, skaffold, grafana-rollout-operator, nvidia-container-toolkit, containerd, tekton-chains, tempo, cosign, certificate-transparency, skopeo, istio-operator,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: runc, metacontroller, local-static-provisioner, clusterctl, etcd, src-fingerprint, terraform-docs, skaffold, grafana-rollout-operator, nvidia-container-toolkit, containerd, tekton-chains, tempo, cosign, certificate-transparency, skopeo, istio-operator,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: amass, flannel-cni-plugin, dgraph, docker-cli, gosu, ctop, ip-masq-agent, gitlab-logger, petname, go-licenses, prometheus-stackdriver-exporter, gke-gcloud-auth-plugin, mage, cilium-envoy, nsc, sonobuoy, kind, protoc-gen-go-grpc, wait-for-port, sbom-scorecard, influx,.....

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: runc, metacontroller, clusterctl, etcd, flux-helm-controller, terraform-docs, opentofu, skaffold, tekton-chains, containerd, cosign, certificate-transparency, kubevela, istio-operator, fuse-overlayfs-snapshotter, skopeo, prometheus, src, ingress-nginx-controller,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: nri-f5, runc, clusterctl, docker-cli, etcd, src-fingerprint, flux-helm-controller, terraform-docs, opentofu, nri-cassandra, skaffold, gitlab-logger, nri-couchbase, src, kubevela, fuse-overlayfs-snapshotter, prometheus, ingress-nginx-controller,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: nri-f5, runc, clusterctl, docker-cli, etcd, src-fingerprint, flux-helm-controller, terraform-docs, opentofu, nri-cassandra, skaffold, gitlab-logger, nri-couchbase, src, kubevela, fuse-overlayfs-snapshotter, prometheus, ingress-nginx-controller,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: local-static-provisioner, terraform-docs, skaffold, tekton-chains, kafka-proxy, nri-couchbase, certificate-transparency, kubevela, src, prometheus, terragrunt, kubecolor, kpt, kubernetes, kubernetes-event-exporter, secrets-store-csi-driver-provider-azure,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: runc, metacontroller, local-static-provisioner, clusterctl, etcd, src-fingerprint, terraform-docs, skaffold, grafana-rollout-operator, nvidia-container-toolkit, containerd, tekton-chains, tempo, cosign, certificate-transparency, skopeo, istio-operator,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: local-static-provisioner, terraform-docs, skaffold, tekton-chains, kafka-proxy, nri-couchbase, certificate-transparency, kubevela, src, prometheus, terragrunt, kubecolor, kpt, kubernetes, kubernetes-event-exporter, secrets-store-csi-driver-provider-azure,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: terraform-docs, skaffold, tekton-chains, nri-couchbase, certificate-transparency, kubevela, src, prometheus, terragrunt, kubecolor, kpt, kubernetes, kubernetes-event-exporter, secrets-store-csi-driver-provider-azure, nri-memcached, metrics-server, chezmoi,...

GHSA-9763-4F94-GFCH vulnerabilities

Vulnerabilities for packages: boring-registry, kubescape, gitness, pulumi-language-java, skaffold, wolfictl, tekton-chains, cosign, gitsign, keda, kubevela, rclone, terragrunt, tkn, vault, pulumi-kubernetes-operator, flux-image-automation-controller, falco, scorecard, flux-source-controller,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: nri-f5, runc, clusterctl, docker-cli, etcd, src-fingerprint, flux-helm-controller, terraform-docs, opentofu, nri-cassandra, skaffold, gitlab-logger, nri-couchbase, src, kubevela, fuse-overlayfs-snapshotter, prometheus, ingress-nginx-controller,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: nri-f5, runc, clusterctl, docker-cli, etcd, src-fingerprint, flux-helm-controller, terraform-docs, opentofu, nri-cassandra, skaffold, gitlab-logger, nri-couchbase, src, kubevela, fuse-overlayfs-snapshotter, prometheus, ingress-nginx-controller,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: nri-f5, runc, clusterctl, docker-cli, etcd, src-fingerprint, flux-helm-controller, terraform-docs, opentofu, nri-cassandra, skaffold, gitlab-logger, nri-couchbase, src, kubevela, fuse-overlayfs-snapshotter, prometheus, ingress-nginx-controller,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: local-static-provisioner, terraform-docs, skaffold, tekton-chains, kafka-proxy, nri-couchbase, certificate-transparency, kubevela, src, prometheus, terragrunt, kubecolor, kpt, kubernetes, kubernetes-event-exporter, secrets-store-csi-driver-provider-azure,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: amass, flannel-cni-plugin, dgraph, docker-cli, gosu, ctop, ip-masq-agent, gitlab-logger, petname, go-licenses, prometheus-stackdriver-exporter, gke-gcloud-auth-plugin, mage, cilium-envoy, nsc, sonobuoy, kind, protoc-gen-go-grpc, wait-for-port, sbom-scorecard, influx,.....

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: amass, flannel-cni-plugin, dgraph, docker-cli, gosu, ctop, ip-masq-agent, gitlab-logger, petname, go-licenses, prometheus-stackdriver-exporter, gke-gcloud-auth-plugin, mage, cilium-envoy, nsc, sonobuoy, kind, protoc-gen-go-grpc, wait-for-port, sbom-scorecard, influx,.....

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: amass, flannel-cni-plugin, dgraph, docker-cli, gosu, ctop, ip-masq-agent, gitlab-logger, petname, go-licenses, prometheus-stackdriver-exporter, gke-gcloud-auth-plugin, mage, cilium-envoy, nsc, sonobuoy, kind, protoc-gen-go-grpc, wait-for-port, sbom-scorecard, influx,.....

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: nri-f5, runc, clusterctl, docker-cli, etcd, src-fingerprint, flux-helm-controller, terraform-docs, opentofu, nri-cassandra, skaffold, gitlab-logger, nri-couchbase, src, kubevela, fuse-overlayfs-snapshotter, prometheus, ingress-nginx-controller,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: nri-f5, runc, clusterctl, docker-cli, etcd, src-fingerprint, flux-helm-controller, terraform-docs, opentofu, nri-cassandra, skaffold, gitlab-logger, nri-couchbase, src, kubevela, fuse-overlayfs-snapshotter, prometheus, ingress-nginx-controller,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: nri-f5, runc, clusterctl, docker-cli, etcd, src-fingerprint, flux-helm-controller, terraform-docs, opentofu, nri-cassandra, skaffold, gitlab-logger, nri-couchbase, src, kubevela, fuse-overlayfs-snapshotter, prometheus, ingress-nginx-controller,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: runc, metacontroller, local-static-provisioner, clusterctl, etcd, src-fingerprint, terraform-docs, skaffold, grafana-rollout-operator, nvidia-container-toolkit, containerd, tekton-chains, tempo, cosign, certificate-transparency, skopeo, istio-operator,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: local-static-provisioner, terraform-docs, skaffold, tekton-chains, kafka-proxy, nri-couchbase, certificate-transparency, kubevela, src, prometheus, terragrunt, kubecolor, kpt, kubernetes, kubernetes-event-exporter, secrets-store-csi-driver-provider-azure,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: nri-f5, runc, clusterctl, docker-cli, etcd, src-fingerprint, flux-helm-controller, terraform-docs, opentofu, nri-cassandra, skaffold, gitlab-logger, nri-couchbase, src, kubevela, fuse-overlayfs-snapshotter, prometheus, ingress-nginx-controller,...