EUVD-2026-34094

ProjectsAndPrograms school-management-system uses predictable credentials by generating student's and teacher's passwords solely from the user’s date of birth e.g., 12072000 for 12 July 2000. The application does not require or prompt users to change the password upon first login. This behavior...

PT-2025-109: Insufficient authorization in FreeScout

The vulnerability was identified in FreeScout , versions 1.8.182. The discovered vulnerability allows an attacker to bypass access‑control in the Custom Fields module, performing actions not permitted for their role. Vulnerability status: Confirmed by vendor Date of vulnerability remediation:...

PT-2025-102: Deserialization of untrusted data in FreeScout

The vulnerability was identified in FreeScout, version 1.8.182. The discovered vulnerability allows an attacker to deserialize unsafe data, gain control over application objects and impair its operation. Vulnerability status: Confirmed by vendor Date of vulnerability remediation: 19.07.2025...

CVE-2024-36675

creationtimestamp| type| source ---|---|--- 2025-07-17 11:50:29+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-36675.yaml 2025-07-18 21:02:28+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3lubdsqyf772p 2025-08-12...

CVE-2025-4380

creationtimestamp| type| source ---|---|--- 2025-07-09 05:00:00+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2025/CVE-2025-4380.yaml 2025-07-09 21:02:24+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3ltkpmbglm423 2025-08-06...

PT-2025-61: Stored Cross-site scripting in FreeScout

The vulnerability was identified in FreeScout , versions v.1.8.173 and 1.8.174. The discovered vulnerability allows an attacker to store malicious HTML/JavaScript scripts that is later executed in other users’ browsers due to insufficient input validation and sanitization. Vulnerability status:...

linkatomic.com Cross Site Scripting vulnerability OBB-4048293

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

rollupdruck24.at Cross Site Scripting vulnerability OBB-4043446

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

flashtype.de Cross Site Scripting vulnerability OBB-4043035

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2025-2075

creationtimestamp| type| source ---|---|--- 2025-04-04 04:35:20+00:00| seen| https://t.me/DarkWebInformerCVEAlerts/10390 2025-04-04 07:48:28+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114278590519821899 2025-04-04 07:48:28+00:00| seen|...

wheelpros.com Cross Site Scripting vulnerability OBB-4042211

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

thearda.com Cross Site Scripting vulnerability OBB-4042190

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

dietrolle.de Open Redirect vulnerability OBB-4036378

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

cottage.centerblog.net Cross Site Scripting vulnerability OBB-4031653

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

odaah.com Cross Site Scripting vulnerability OBB-4027599

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2025-21246

creationtimestamp| type| source ---|---|--- 2025-01-14 17:29:48+00:00| seen| https://www.thezdi.com/blog/2025/1/14/the-january-2025-security-update-review 2025-01-14 18:18:41+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfpufmfccc2f 2025-01-14 20:41:11+00:00| seen|...

CVE-2024-54763

creationtimestamp| type| source ---|---|--- 2025-01-06 22:24:29+00:00| seen| https://infosec.exchange/users/cve/statuses/113783751871674708 2025-01-06 22:37:11+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/264 2025-01-06 22:38:44+00:00| seen|...

CVE-2024-10327

creationtimestamp| type| source ---|---|--- 2024-10-25 00:21:45+00:00| seen| https://t.me/cvedetector/8865 2024-10-25 09:30:08+00:00| seen| None 2024-10-25 09:30:14+00:00| confirmed| None 2024-10-26 11:38:09+00:00| seen| https://t.me/CyberBulletin/26229 2024-10-26 11:38:09+00:00| seen|...

PT-2024-31: Reflected Cross-Site Scripting (Reflected XSS) in Passwork

The vulnerability was identified in Passwork version 6.4.0. The application does not process the data received from the user, which is necessary for safety use during web page formation. An attacker can inject a malicious script into the request parameters and conduct social engineering attack on...

PT-2024-24: Local privilege escalation (LPE) in ESET products

The vulnerability was identified in the following products: ESET NOD32 Antivirus, ESET Internet Security, ESET Smart Security Premium, ESET Security Ultimate ESET Small Business Security and ESET Safe Server ESET Endpoint Antivirus and ESET Endpoint Security for Windows ESET Server Security for...