EUVD-2024-2888

Malicious code in bioql PyPI...

CVE-2024-45042

Ory Kratos is an identity, user management and authentication system for cloud services. Prior to version 1.3.0, given a number of preconditions, the highestavailable setting will incorrectly assume that the identity’s highest available AAL is aal1 even though it really is aal2. This means that t...

CVE-2024-45042

Summary of CVE-2024-45042 (Ory Kratos) : Before version 1.3.0, under certain preconditions, the setting highest_available can misreport the identity’s highest AAL, reporting it as aal1 instead of the true aal2. This causes the system to behave as if the user has only one factor, allowing requests...

aal-products.com Cross Site Scripting vulnerability OBB-3878749

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

aal-tx.com Cross Site Scripting vulnerability OBB-2844163

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

aal-products.com Cross Site Scripting vulnerability OBB-1278745

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...