Form Maker By 10web – Mobile-friendly Drag & Drop Contact Form Builder Security Vulnerabilities

CVE-2024-3995

In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan...

CVE-2024-3995

In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan...

CVE-2024-3995 Command Injection in Helix Sync

In Helix ALM versions prior to 2024.2.0, a local command injection was identified. Reported by Bryan...

CVE-2024-5827 Arbitrary File Write by Prompt Injection via DuckDB SQL in vanna-ai/vanna

Vanna v0.3.4 is vulnerable to SQL injection in its DuckDB integration exposed to its Flask Web APIs. Attackers can inject malicious SQL training data and generate corresponding queries to write arbitrary files on the victim's file system, such as backdoor.php with contents <?php system($_GET[0])...

CVE-2024-35116

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: ...

CVE-2024-35116

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: ...

CVE-2024-25053

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path...

CVE-2024-25053

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path...

CVE-2022-38383

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: ...

CVE-2022-38383

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: ...

CVE-2022-38383 IBM Cloud Pak for Security information disclosure

IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: ...

worldtranscargo.com Cross Site Scripting vulnerability OBB-3939485

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-25053 IBM Cognos Analytics improper certificate validation

IBM Cognos Analytics 11.2.0, 11.2.1, 11.2.2, 11.2.3, 11.2.4, 12.0.0, 12.0.1, and 12.0.2 is vulnerable to improper certificate validation when using the IBM Planning Analytics Data Source Connection. This could allow an attacker to spoof a trusted entity by interfering in the communication path...

spartanien.de Cross Site Scripting vulnerability OBB-3939484

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-35116 IBM MQ denial of service

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS, and 9.3 CD is vulnerable to a denial of service attack caused by an error applying configuration changes. IBM X-Force ID: ...

CVE-2024-31919

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: ...

CVE-2024-31919

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: ...

CVE-2024-31919 IBM MQ denial of service

IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: ...

CVE-2024-6403

A vulnerability, which was classified as critical, has been found in Tenda A301 15.13.08.12. Affected by this issue is the function formWifiBasicSet of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched...

CVE-2024-6403

A vulnerability, which was classified as critical, has been found in Tenda A301 15.13.08.12. Affected by this issue is the function formWifiBasicSet of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched...

CVE-2024-38522

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the tips.hushline.app website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version...

CVE-2024-6402

A vulnerability classified as critical was found in Tenda A301 15.13.08.12. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely.....

CVE-2024-6402

A vulnerability classified as critical was found in Tenda A301 15.13.08.12. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely.....

CVE-2024-38522

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the tips.hushline.app website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version...

CVE-2024-38522 CSP bypass in Hush Line

Hush Line is a free and open-source, anonymous-tip-line-as-a-service for organizations or individuals. The CSP policy applied on the tips.hushline.app website and bundled by default in this repository is trivial to bypass. This vulnerability has been patched in version...

CVE-2024-6403 Tenda A301 SetOnlineDevName formWifiBasicSet stack-based overflow

A vulnerability, which was classified as critical, has been found in Tenda A301 15.13.08.12. Affected by this issue is the function formWifiBasicSet of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack may be launched...

CVE-2024-6402 Tenda A301 SetOnlineDevName fromSetWirelessRepeat stack-based overflow

A vulnerability classified as critical was found in Tenda A301 15.13.08.12. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/SetOnlineDevName. The manipulation of the argument devName leads to stack-based buffer overflow. The attack can be launched remotely.....

Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data

The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that's designed to steal sensitive information as part of an ongoing intelligence collection effort. Zscaler ThreatLabz, which observed the activity in early March 2024, has...

TEMU sued for being “dangerous malware” by Arkansas Attorney General

Chinese online shopping giant Temu is facing a lawsuit filed by State of Arkansas Attorney General Tim Griffin, alleging that the retailer's mobile app spies on users. “Temu purports to be an online shopping platform, but it is dangerous malware, surreptitiously granting itself access to...

CVE-2024-29039

tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...

CVE-2024-29039

tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...

CVE-2024-29039

tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...

Chrome to Distrust Entrust Certificates by November 2024

From Entrust to...

Exploit for Improper Input Validation in Google Android

Exploit for CVE-2022-20186 The write up can be found...

Exploit for Improper Input Validation in Google Android

Exploit for CVE-2022-20186 The write up can be found...

ecnp.eu Cross Site Scripting vulnerability OBB-3939483

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CVE-2024-29039 Missing check in tpm2_checkquote allows attackers to misrepresent the TPM state

tpm2 is the source repository for the Trusted Platform Module (TPM2.0) tools. This vulnerability allows attackers to manipulate tpm2_checkquote outputs by altering the TPML_PCR_SELECTION in the PCR input file. As a result, digest values are incorrectly mapped to PCR slots and banks, providing a...

GHSA-VR64-R9QJ-H27F vulnerabilities

Vulnerabilities for packages:...

CVE-2024-22871 vulnerabilities

Vulnerabilities for packages:...

app.lotterease.com Cross Site Scripting vulnerability OBB-3939482

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

bridalpartytees.com Cross Site Scripting vulnerability OBB-3939481

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords

Update: As of 12:36PM EST, another plugin has been infected. We've updated the list below to include this fourth plugin and the plugins team has been notified. Update: As of 2:20 PM EST, two more plugins appear to have malicious commits, however, the releases have not officially been made meaning.....

tgpecatsib.tatamotors.com Cross Site Scripting vulnerability OBB-3939480

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Exploit for CVE-2024-34102

🇮🇱 **#BringThemHome...

hanson.ad Cross Site Scripting vulnerability OBB-3939478

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

gratisspil.dk Cross Site Scripting vulnerability OBB-3939476

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

fysikoaerioellados.gr Cross Site Scripting vulnerability OBB-3939475

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

lasalina.es Cross Site Scripting vulnerability OBB-3939474

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

CometBFT is unstability during blocksync when syncing from malicious peer

Name: ASA-2024-008: Instability during blocksync when syncing from malicious peer Component: CometBFT Criticality: Medium (ACMv1: I:Moderate; L: Possible) Affected versions: < v0.38.7 Summary An issue was identified for nodes syncing on an existing network during blocksync in which a malicious.....

search.staffs.ac.uk Cross Site Scripting vulnerability OBB-3939471

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...