Lucene search
K

36104 matches found

Openbugbounty
Openbugbounty
added 2024/08/02 8:43 a.m.4 views

botsimulator.com Cross Site Scripting vulnerability OBB-3952912

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/08/02 8:40 a.m.6 views

payment-and-card.cioreview.com Cross Site Scripting vulnerability OBB-3952903

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/08/02 8:36 a.m.5 views

teamsets4u.com Cross Site Scripting vulnerability OBB-3952892

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/08/02 8:6 a.m.15 views

shop.oji-salmon.co.jp Cross Site Scripting vulnerability OBB-3952822

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
NVD
NVD
added 2024/08/01 9:16 p.m.28 views

CVE-2024-7093

Dispatch's notification service uses Jinja templates to generate messages to users. Jinja permits code execution within blocks, which were neither properly sanitized nor sandboxed. This vulnerability enables users to construct command line scripts in their custom message templates, which are then...

9.4CVSS0.00508EPSS
Exploits0References1
CVE
CVE
added 2024/08/01 9:7 p.m.52 views

CVE-2024-7093

CVE-2024-7093 affects Dispatch’s notification service that renders user messages via Jinja templates. The underlying issue is that Jinja blocks can execute code and were neither sanitized nor sandboxed, allowing an attacker to craft templates containing command-line scripts that execute when noti...

9.4CVSS7.1AI score0.00508EPSS
Exploits0References1
Openbugbounty
Openbugbounty
added 2024/08/01 2:42 p.m.9 views

cellaredbeerfesr.bpt.me Cross Site Scripting vulnerability OBB-3952593

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/08/01 2:17 p.m.7 views

kirjalabyrintti.net Cross Site Scripting vulnerability OBB-3952522

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/08/01 12:34 p.m.7 views

hinterglas-und-kupferstich.de Cross Site Scripting vulnerability OBB-3952428

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
CVE
CVE
added 2024/08/01 4:31 a.m.109 views

CVE-2024-7342

Baidu UEditor 1.4.3.3 contains an unrestricted upload vulnerability in the endpoint /ueditor/php/controller.php?action=uploadfile&encode=utf-8, triggered by manipulating the upfile parameter. The issue enables remote initiation and has publicly disclosed exploits; multiple sources corroborate the...

6.1CVSS4AI score0.00428EPSS
Exploits1References4Affected Software1
Positive Technologies
Positive Technologies
added 2024/08/01 12:0 a.m.4 views

PT-2024-38072 · Dispatch +1 · Dispatch +1

Name of the Vulnerable Software and Affected Versions: Dispatch affected versions not specified Description: The issue arises from Dispatch's notification service utilizing Jinja templates to generate user messages. Since Jinja allows code execution within blocks and these blocks were not properl...

9.4CVSS7.6AI score0.00508EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2024/07/31 8:59 p.m.14 views

ZITADEL has improper HTML sanitization in emails and Console UI

Impact ZITADEL uses HTML for emails and renders certain information such as usernames dynamically. That information can be entered by users or administrators. Due to a missing output sanitization, these emails could include malicious code. This may potentially lead to a threat where an attacker,...

6.1CVSS6.5AI score0.00608EPSS
Exploits0References18Affected Software1
OSV
OSV
added 2024/07/31 4:42 p.m.21 views

CVE-2024-41953 Zitadel improperly sanitizes HTML in emails and Console UI

Zitadel is an open source identity management system. ZITADEL uses HTML for emails and renders certain information such as usernames dynamically. That information can be entered by users or administrators. Due to a missing output sanitization, these emails could include malicious code. This may...

4.3CVSS6.5AI score0.00608EPSS
Exploits0References17
OSV
OSV
added 2024/07/31 5:59 a.m.2 views

BELL-CVE-2024-42118

Bulletin has no description...

7.8CVSS6.6AI score0.00235EPSS
Exploits0References1
OSV
OSV
added 2024/07/31 5:58 a.m.1 views

BELL-CVE-2024-41065

Bulletin has no description...

5.5CVSS6.9AI score0.00225EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/07/30 8:37 a.m.15 views

CVE-2024-40895

FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the...

8.1AI score0.00438EPSS
Exploits0References4
Cvelist
Cvelist
added 2024/07/30 8:37 a.m.31 views

CVE-2024-40895

FFRI AMC versions 3.4.0 to 3.5.3 and some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 allow a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an environment where the notification program setting is enabled and the...

0.00438EPSS
Exploits0References4
CVE
CVE
added 2024/07/30 8:37 a.m.57 views

CVE-2024-40895

FFRI AMC contains an OS command injection (CWE-78) vulnerability affecting versions 3.4.0–3.5.3 (and some OEM bundles) where, if the notification program setting is enabled and the executable path ends with a batch/command file, a remote unauthenticated attacker can execute arbitrary OS commands....

6.4CVSS7.8AI score0.00438EPSS
Exploits0References4
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/07/30 7:40 a.m.3 views

FFRI AMC vulnerable to OS command injection

Overview FFRI AMC provided by FFRI Security, Inc. is a management console for the endpoint security product FFRI yarai and ActSecure X. FFRI AMC contains an OS command injection vulnerability CWE-78. It is exploitable when the notification program setting is enabled, the executable file path is...

8.1CVSS7.2AI score0.00438EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2024/07/30 12:0 a.m.4 views

PT-2024-29133 · Ffri · Ffri Amc

Name of the Vulnerable Software and Affected Versions: FFRI AMC versions 3.4.0 to 3.5.3 Some OEM products that implement/bundle FFRI AMC versions 3.4.0 to 3.5.3 Description: The issue allows a remote unauthenticated attacker to execute arbitrary OS commands when certain conditions are met in an...

6.4CVSS7.9AI score0.00438EPSS
Exploits0References7
Rows per page
Query Builder