Lucene search
K

36114 matches found

OSV
OSV
added 2024/06/18 8:29 p.m.28 views

GHSA-M93W-4FXV-R35V PocketBase performs password auth and OAuth2 unverified email linking

In order to be exploited you must have both OAuth2 and Password auth methods enabled. A possible attack scenario could be: - a malicious actor register with the targeted user's email it is unverified - at some later point in time the targeted user stumble on your app and decides to sign-up with...

5.4CVSS5.1AI score0.00289EPSS
Exploits0References5
Openbugbounty
Openbugbounty
added 2024/06/18 10:11 a.m.8 views

sdis70.fr Cross Site Scripting vulnerability OBB-3936192

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/06/17 12:19 p.m.11 views

prostead.com Cross Site Scripting vulnerability OBB-3935890

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/06/17 12:5 p.m.11 views

blind.fish Cross Site Scripting vulnerability OBB-3935857

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
NVD
NVD
added 2024/06/17 6:15 a.m.27 views

CVE-2024-3236

The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting attacks...

5.4CVSS0.00312EPSS
Exploits2References1
CNNVD
CNNVD
added 2024/06/17 12:0 a.m.4 views

WordPress plugin Popup Builder security vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

5.4CVSS6.7AI score0.00312EPSS
Exploits2References2
Openbugbounty
Openbugbounty
added 2024/06/16 4:45 p.m.9 views

kiel-briefmarken.de Cross Site Scripting vulnerability OBB-3935604

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/06/16 4:38 p.m.8 views

homavocats.fr Cross Site Scripting vulnerability OBB-3935588

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/06/16 4:5 p.m.6 views

kpolibrary.ucoz.ru Cross Site Scripting vulnerability OBB-3935519

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/06/16 5:53 a.m.8 views

mangakakalot.com Cross Site Scripting vulnerability OBB-3935476

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/06/15 3:49 p.m.12 views

produktsuche.riadrive.de Cross Site Scripting vulnerability OBB-3935466

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/06/15 1:20 p.m.7 views

twoontwo.blog.fc2.com Cross Site Scripting vulnerability OBB-3935440

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/06/15 12:45 p.m.10 views

job7.ch Cross Site Scripting vulnerability OBB-3935358

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/06/14 12:24 p.m.11 views

twojadieta.iq.pl Cross Site Scripting vulnerability OBB-3935258

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/06/14 11:45 a.m.9 views

grc.cioreview.com Cross Site Scripting vulnerability OBB-3935200

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/06/14 11:45 a.m.11 views

inzainewtown.blog.fc2.com Cross Site Scripting vulnerability OBB-3935202

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/06/14 10:43 a.m.6 views

copenhagenliving.com Cross Site Scripting vulnerability OBB-3935065

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
CVE
CVE
added 2024/06/14 8:22 a.m.45 views

CVE-2024-5996

The CVE has a rejection note in the Initial Description, but connected data provides concrete details: Soar Cloud HR Portal is affected. The PT-Security entry PT-2024-37301 reports that notification emails from Soar Cloud HR Portal include links with embedded session data and are sent without enc...

8.6AI score
Exploits0
Vulnrichment
Vulnrichment
added 2024/06/14 7:18 a.m.21 views

CVE-2024-5995 Soar Cloud HR Portal - Insufficient Session Expiration

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be reused...

8.8CVSS7AI score0.0037EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/06/14 7:18 a.m.34 views

CVE-2024-5995 Soar Cloud HR Portal - Insufficient Session Expiration

The notification emails sent by Soar Cloud HR Portal contain a link with a embedded session. The expiration of the session is not properly configured, remaining valid for more than 7 days and can be reused...

8.8CVSS0.0037EPSS
Exploits0References2
Rows per page
Query Builder