19 matches found
CVE-2025-40202
In the Linux kernel, the following vulnerability has been resolved: ipmi: Rework user message limit handling The limit on the number of user messages had a number of issues, improper counting in some cases and a use after free. Restructure how this is all done to handle more in the receive messag...
CVE-2025-40184
In the Linux kernel, the following vulnerability has been resolved: KVM: arm64: Fix debug checking for np-guests using huge mappings When running with transparent huge pages and CONFIGNVHEEL2DEBUG then the debug checking in asserthostsharedguest fails on the launch of an np-guest. This WARNON...
WordPress Gallerio Plugin <= 1.01 is vulnerable to Arbitrary File Upload
Software Gallerio Type Plugin Vulnerable versions = 1.01 Fixed in N/A OWASP Top 10 A3: Injection Classification Arbitrary File Upload CVE CVE-2024-52400 Patch priority High CVSS severity High 9.9 Developer Claim ownership PSID b36e242fa444 Credits CTRL Chance Required privilege Subscriber Publish...
WordPress User Extra Fields Plugin <= 16.6 is vulnerable to Privilege Escalation
Software User Extra Fields Type Plugin Vulnerable versions = 16.6 Fixed in 16.7 OWASP Top 10 A5: Broken Access Control Classification Privilege Escalation CVE CVE-2024-10800 Patch priority High CVSS severity High 8.8 Developer Claim ownership PSID 90d7101cbd67 Credits Tonn Required privilege...
WordPress Debug Tool Plugin <= 2.2 is vulnerable to Remote Code Execution (RCE)
Software Debug Tool Type Plugin Vulnerable versions = 2.2 Fixed in N/A OWASP Top 10 A3: Injection Classification Remote Code Execution RCE CVE CVE-2024-52416 Patch priority Medium CVSS severity Medium 10 Developer Claim ownership PSID d30460ac8a3a Credits Mika Required privilege Unauthenticated...
codika.com.ar Improper Access Control vulnerability OBB-3779594
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
7er-bar.at Improper Access Control vulnerability OBB-3779380
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
my-klein-toys.de Cross Site Scripting vulnerability OBB-3779346
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
transport-zakaz.ru Cross Site Scripting vulnerability OBB-3779275
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
WordPress Delete Duplicate Posts Plugin <= 4.8.9 is vulnerable to Broken Access Control
Software Delete Duplicate Posts Type Plugin Vulnerable versions = 4.8.9 Fixed in 4.9 OWASP Top 10 A1: Broken Access Control Classification Broken Access Control CVE CVE-2023-47754 Patch priority Low CVSS severity Low 4.3 Developer CleverPlugins.com PSID e78902a6f1d5 Credits Huynh Tien Si Required...
WordPress Bus Ticket Booking with Seat Reservation Plugin <= 5.2.5 is vulnerable to Cross Site Scripting (XSS)
Software Bus Ticket Booking with Seat Reservation Type Plugin Vulnerable versions = 5.2.5 Fixed in 5.2.6 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-30496 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID cc34a3da3177...
WordPress Frontend File Manager Plugin < 22.6 is vulnerable to Arbitrary File Download
Software Frontend File Manager Type Plugin Vulnerable versions 22.6 Fixed in 22.6 OWASP Top 10 A5: Broken Access Control Classification Arbitrary File Download CVE CVE-2023-5105 Patch priority Medium CVSS severity Medium 9.1 Developer Claim ownership PSID 66e0e4c68ed0 Credits Dmitrii Ignatyev...
destinationmauivacations.com Cross Site Scripting vulnerability OBB-3052067
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
jimpower.com XSS vulnerability
Open Bug Bounty ID: OBB-697831 Description| Value ---|--- Affected Website:| jimpower.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden unt...
myrapname.com XSS vulnerability
Open Bug Bounty ID: OBB-697658 Description| Value ---|--- Affected Website:| myrapname.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| hidden until disclosure Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| hidden...
velo.hu XSS vulnerability
Open Bug Bounty ID: OBB-411538 Description| Value ---|--- Affected Website:| velo.hu Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...
ecoblog.it XSS vulnerability
Open Bug Bounty ID: OBB-407566 Description| Value ---|--- Affected Website:| ecoblog.it Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Remediation Guide:| OWASP XSS Prevention Cheat Sheet...
dackeskolan.se XSS vulnerability
Vulnerable URL: http://dackeskolan.se/requestXaX404/"';-- Details: Description| Value ---|--- Patched:| No Latest check for patch:| 25.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated Google Pagerank| 0 VIP website status:| No Check...
decathlon.com.br XSS vulnerability
Vulnerable URL: http://www.decathlon.com.br/search/";alert'XSS';var x=" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 30.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 40391 Google Pagerank| 5 VIP website status:| Yes Check...