k-infrastructure.com Cross Site Scripting vulnerability OBB-3583969
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
k-and-s.de Cross Site Scripting vulnerability OBB-3583727
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
An authentication bypass vulnerability in Ivanti EPMM 11.10 and older, allows unauthorized users to access restricted functionality or resources of the application without proper authentication. This vulnerability is unique to CVE-2023-35078 announced earlier. Recent assessments: sfewer-r7 at...
9.8CVSS
9.2AI Score
0.968EPSS
Diligere, Equity-Invest Are New Firms of U.K. Con Man
John Clifton Davies, a convicted fraudster estimated to have bilked dozens of technology startups out of more than $30 million through phony investment schemes, has a brand new pair of scam companies that are busy dashing startup dreams: A fake investment firm called Equity-Invest[.]ch, and...
6.9AI Score
16 New CODESYS SDK Flaws Expose OT Environments to Remote Attacks
A set of 16 high-severity security flaws have been disclosed in the CODESYS V3 software development kit (SDK) that could result in remote code execution and denial-of-service under specific conditions, posing risks to operational technology (OT) environments. The flaws, tracked from CVE-2022-47378....
8.8CVSS
8.8AI Score
0.002EPSS
6.5CVSS
6.7AI Score
0.081EPSS
6.5CVSS
6.7AI Score
0.081EPSS
7.8CVSS
7.1AI Score
0.0005EPSS
6.5AI Score
7.8CVSS
7.1AI Score
0.0005EPSS
6.5CVSS
6.5AI Score
EPSS
7.8CVSS
7.8AI Score
EPSS
6.5CVSS
6.7AI Score
0.081EPSS
6.5CVSS
6.7AI Score
0.081EPSS
ScanCode.io command injection in docker image fetch process
Command Injection in docker fetch process Summary A possible command injection in the docker fetch process as it allows to append malicious commands in the docker_reference parameter. Details In the function scanpipe/pipes/fetch.py:fetch_docker_image[1] the parameter docker_reference is user...
8.8CVSS
8AI Score
0.001EPSS
ScanCode.io command injection in docker image fetch process
Command Injection in docker fetch process Summary A possible command injection in the docker fetch process as it allows to append malicious commands in the docker_reference parameter. Details In the function scanpipe/pipes/fetch.py:fetch_docker_image[1] the parameter docker_reference is user...
8.8CVSS
8AI Score
0.001EPSS
Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.This issue affects Kunduz - Homework Helper App: before...
9.8CVSS
9.4AI Score
0.001EPSS
Use of Hard-coded Cryptographic Key vulnerability in Sifir Bes Education and Informatics Kunduz - Homework Helper App allows Authentication Abuse, Authentication Bypass.This issue affects Kunduz - Homework Helper App: before...
9.8CVSS
9.7AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 License Portal System allows SQL Injection.This issue affects License Portal System: before...
9.8CVSS
9.9AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 License Portal System allows SQL Injection.This issue affects License Portal System: before...
9.8CVSS
9.7AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 Camera Trap Tracking System allows SQL Injection.This issue affects Camera Trap Tracking System: before...
9.8CVSS
9.7AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in a2 Camera Trap Tracking System allows SQL Injection.This issue affects Camera Trap Tracking System: before...
9.8CVSS
9.9AI Score
0.001EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Stored XSS.This issue affects E-Commerce Software: before...
5.4CVSS
5.5AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Stored XSS.This issue affects E-Commerce Software: before...
5.4CVSS
5.5AI Score
0.0004EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Reflected XSS.This issue affects E-Commerce Software: before...
6.1CVSS
6.3AI Score
0.0005EPSS
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Digital Ant E-Commerce Software allows Reflected XSS.This issue affects E-Commerce Software: before...
6.1CVSS
6.3AI Score
0.0005EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Ant E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before...
9.8CVSS
9.7AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Digital Ant E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before...
9.8CVSS
9.9AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Online Collection Software allows SQL Injection.This issue affects Online Collection Software: before...
9.8CVSS
9.9AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Oduyo Online Collection Software allows SQL Injection.This issue affects Online Collection Software: before...
9.8CVSS
9.7AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farmakom Remote Administration Console allows SQL Injection.This issue affects Remote Administration Console: before...
9.8CVSS
9.8AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Farmakom Remote Administration Console allows SQL Injection.This issue affects Remote Administration Console: before...
9.8CVSS
10AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before...
9.8CVSS
9.7AI Score
0.001EPSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mAyaNet E-Commerce Software allows SQL Injection.This issue affects E-Commerce Software: before...
9.8CVSS
9.9AI Score
0.001EPSS
Citrix ADC (NetScaler) Remote Code Execution Exploit
A vulnerability exists within Citrix ADC that allows an unauthenticated attacker to trigger a stack buffer overflow of the nsppe process by making a specially crafted HTTP GET request. Successful exploitation results in remote code execution as...
9.8CVSS
8.3AI Score
0.965EPSS
k-online.de Cross Site Scripting vulnerability OBB-3570715
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
Wrong Implementation of Continuous Gradual Dutch Auction
Lines of code Vulnerability details Impact Breaks the core functionality of the Liquidation Pair contract. Usage of wrong formula for calculation of Continuous Gradual Dutch Auction results in wrong calculation of purchase price which is basically used to find the swapAmountIn during liquidations.....
6.8AI Score
9.8CVSS
7.1AI Score
0.965EPSS
Researchers Discover Bypass for Recently Patched Critical Ivanti EPMM Vulnerability
Cybersecurity researchers have discovered a bypass for a recently fixed actively exploited vulnerability in some versions of Ivanti Endpoint Manager Mobile (EPMM), prompting Ivanti to urge users to update to the latest version of the software. Tracked as CVE-2023-35082 (CVSS score: 10.0) and...
9.4AI Score
0.968EPSS
CVE-2023-35082 - MobileIron Core Unauthenticated API Access Vulnerability
When this blog was originally published on August 2, it said that CVE-2023-35082 only affected MobileIron Core 11.2 and earlier, which are unsupported. On August 7, Ivanti published an updated advisory noting that since originally disclosing CVE-2023-35082, they have continued their investigation.....
9.8CVSS
8.7AI Score
0.968EPSS
Unauthenticated Blind SQL Injection in '/tags/autocomplete'
Description The application was found to be vulnerable to an unauthenticated blind SQL injection in the /tags/autocomplete page. The GET parameter term does not sufficiently sanitize input. # Proof of Concept 1. Make a GET request to...
9.1CVSS
8.1AI Score
0.001EPSS
Public companies must now disclose breaches within 4 days
Public organisations in the US impacted by a cyberattack will now have to disclose it within four days…with some caveats attached. On Wednesday, new rules were approved by the US Securities and Exchange Commission (SEC). These rules mean that publicly traded companies will need to reveal said...
6.7AI Score
k-kiwami.jp Cross Site Scripting vulnerability OBB-3564136
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.1AI Score
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-23:07.bhyve Security Advisory The FreeBSD Project Topic: bhyve privileged guest escape via fwctl Category: core Module: bhyve Announced: 2023-08-01 Credits: Omri....
8.8CVSS
7.7AI Score
0.0004EPSS
6.8AI Score
Citrix ADC (NetScaler) Forms SSO Target RCE
A vulnerability exists within Citrix ADC that allows an unauthenticated attacker to trigger a stack buffer overflow of the nsppe process by making a specially crafted HTTP GET request. Successful exploitation results in remote code execution as...
9.8CVSS
10AI Score
0.965EPSS
7.5CVSS
7.1AI Score
0.055EPSS
7.5CVSS
7.1AI Score
0.055EPSS
7.5CVSS
7.8AI Score
0.055EPSS
9.8CVSS
9.7AI Score
0.076EPSS