easyshiksha.com Cross Site Scripting vulnerability OBB-3939856
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
east1-phpmyadmin.dreamhost.com Cross Site Scripting vulnerability OBB-3939855
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
tv411.senterre.com Cross Site Scripting vulnerability OBB-3939854
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
2a.com.tr Cross Site Scripting vulnerability OBB-3939851
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
psykosteve.com Cross Site Scripting vulnerability OBB-3939853
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Summary IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.4 are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...
5.9CVSS
6.5AI Score
0.0004EPSS
06153.com.ua Cross Site Scripting vulnerability OBB-3939850
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
premiomassimourbani.com Cross Site Scripting vulnerability OBB-3939849
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
b-cdn.foxpornos.com Cross Site Scripting vulnerability OBB-3939847
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Summary IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty 18.0.0.2 through 24.0.0.4 is vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory...
5.9CVSS
6.5AI Score
0.0004EPSS
Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details ** CVEID:.....
7CVSS
7.7AI Score
0.0004EPSS
ag-grid-community were discovered to contain a prototype pollution via the _.mergeDeep function
ag-grid-community v31.3.2 and ag-grid-enterprise v31.3.2 were discovered to contain a prototype pollution via the _.mergeDeep function. This vulnerability allows attackers to execute arbitrary code or cause a Denial of Service (DoS) via injecting arbitrary...
8.2AI Score
EPSS
Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details ** CVEID:.....
4.7CVSS
6.1AI Score
0.0004EPSS
Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details ** CVEID:.....
7.5CVSS
7.7AI Score
0.0004EPSS
Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details ** CVEID:.....
4.3CVSS
5.1AI Score
0.0004EPSS
Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details ** CVEID:.....
5.9CVSS
6.6AI Score
0.0004EPSS
Summary IBM WebSphere Application Server Liberty is shipped with IBM Tivoli Netcool Impact as part of its server infrastructure. Information about a security vulnerability affecting IBM WebSphere Application Server Liberty has been published in a security bulletin. Vulnerability Details ** CVEID:.....
7.5AI Score
0.0004EPSS
Summary IBM PowerVM Novalink is vulnerable because IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to server-side request forgery (SSRF). By sending a specially crafted request, an attacker could exploit this vulnerability to conduct the SSRF attack. X-Force ID:...
4.3CVSS
5.1AI Score
0.0004EPSS
CVE-2024-36401 Remote Code Execution (RCE) vulnerability in evaluating property name expressions
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.6, 2.24.4, and 2.25.2, multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation.....
9.8CVSS
EPSS
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version...
7CVSS
EPSS
A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions,...
5.4CVSS
5.6AI Score
EPSS
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version...
7CVSS
7.3AI Score
EPSS
A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions,...
5.4CVSS
EPSS
GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative...
4.5CVSS
EPSS
Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected...
8.4CVSS
EPSS
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting...
8.4CVSS
8.6AI Score
EPSS
GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative...
4.5CVSS
5AI Score
EPSS
Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected...
8.4CVSS
8.7AI Score
EPSS
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting...
8.4CVSS
EPSS
Memory corruption when an invoke call and a TEE call are bound for the same trusted...
7.3CVSS
EPSS
Memory corruption when an invoke call and a TEE call are bound for the same trusted...
7.3CVSS
7.5AI Score
EPSS
7.8CVSS
7.9AI Score
EPSS
7.8CVSS
EPSS
Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address...
7.1CVSS
EPSS
Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address...
7.1CVSS
6.8AI Score
EPSS
Summary IBM MQ is shipped with IBM WebSphere Remote Server. Information about security vulnerabilities affecting IBM MQ have been published in a security bulletin CVE-2024-25026, CVE-2024-22354, CVE-2024-27268, CVE-2024-22353, CVE-2023-51775, CVE-2024-22329, CVE-2024-31919, CVE-2024-21085,...
7.5CVSS
6.6AI Score
0.0005EPSS
CVE-2024-6376 ejson shell parser in MongoDB Compass maybe bypassed
MongoDB Compass may be susceptible to code injection due to insufficient sandbox protection settings with the usage of ejson shell parser in Compass' connection handling. This issue affects MongoDB Compass versions prior to version...
7CVSS
EPSS
This week on the Lock and Code podcast… More than 20 years ago, a law that the United States would eventually use to justify the warrantless collection of Americans' phone call records actually started out as a warning sign against an entirely different target: Libraries. Not two months after...
7.1AI Score
CVE-2024-6375 Missing authorization check may lead to shard key refinement
A command for refining a collection shard key is missing an authorization check. This may cause the command to run directly on a shard, leading to either degradation of query performance, or to revealing chunk boundaries through timing side channels. This affects MongoDB Server v5.0 versions,...
5.4CVSS
EPSS
Summary IBM® SDK, Java™ Technology Edition is shipped as a supporting program of IBM OpenPages. Information about a security vulnerability affecting IBM SDK, Java Technology Edition has been published in multiple security bulletins. These products have addressed the applicable CVE(s). For a...
7AI Score
CVE-2024-34696 GeoServer's Server Status shows sensitive environmental variables and Java properties
GeoServer is an open source server that allows users to share and edit geospatial data. Starting in version 2.10.0 and prior to versions 2.24.4 and 2.25.1, GeoServer's Server Status page and REST API lists all environment variables and Java properties to any GeoServer user with administrative...
4.5CVSS
EPSS
CVE-2024-23373 Use After Free in Graphics
Memory corruption when IOMMU unmap operation fails, the DMA and anon buffers are getting...
8.4CVSS
EPSS
CVE-2024-23372 Integer Overflow or Wraparound in Graphics
Memory corruption while invoking IOCTL call for GPU memory allocation and size param is greater than expected...
8.4CVSS
EPSS
Memory corruption when allocating and accessing an entry in an SMEM...
7.8CVSS
EPSS
CVE-2024-21469 Permissions, Privileges, and Access Control issues in TZ Secure OS
Memory corruption when an invoke call and a TEE call are bound for the same trusted...
7.3CVSS
EPSS
CVE-2024-21460 Use of Insufficiently Random Values in Core
Information disclosure when ASLR relocates the IMEM and Secure DDR portions as one chunk in virtual address...
7.1CVSS
EPSS
Software: xdg-utils 1.1.3 OS: ROSA-CHROME package_evr_string: xdg-utils-1.1.3-5 CVE-ID: CVE-2020-27748 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: When processing URI mailto: xdg-email allows attachments to be discreetly added via URI when transmitted to Thunderbird. An attacker could potentially...
6.5CVSS
6.7AI Score
0.002EPSS
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache....
7.5CVSS
7.1AI Score
EPSS
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache....
7.5CVSS
EPSS
Improper Neutralization of Input During Web Page Generation vulnerability in SOKRATES-software SOWA OPAC allows a Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects SOWA OPAC...
6AI Score
EPSS