EUVD-2022-7146

Malicious code in bioql PyPI...

RUSTSEC-2024-0344 Timing variability in `curve25519-dalek`'s `Scalar29::sub`/`Scalar52::sub`

Timing variability of any kind is problematic when working with potentially secret values such as elliptic curve scalars, and such issues can potentially leak private keys and other secrets. Such a problem was recently discovered in curve25519-dalek. The Scalar29::sub 32-bit and Scalar52::sub...

cluster.itwm.fraunhofer.de Cross Site Scripting vulnerability OBB-3606132

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

cluster.itwm.fraunhofer.de Cross Site Scripting vulnerability OBB-3419903

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

irb.fraunhofer.de Cross Site Scripting vulnerability OBB-3346767

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

fraunhofertheater.de Cross Site Scripting vulnerability OBB-3257363

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

fraunhofer-innovisions.de Cross Site Scripting vulnerability OBB-3193447

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress WPSmartContracts plugin <= 1.3.11 - Auth. SQL Injection (SQLi) vulnerability

Auth. SQL Injection SQLi vulnerability discovered by Kunal Sharma University of Kaiserslautern and Daniel Krohmer Fraunhofer IESE in the WordPress WPSmartContracts plugin versions = 1.3.11 Solution Update the WordPress WPSmartContracts plugin to the latest available version at least 1.3.12...

WordPress WP User Merger plugin <= 1.5.2 - Auth. SQL Injection (SQLi) vulnerability

Auth. SQL Injection SQLi vulnerability discovered by Kunal Sharma University of Kaiserslautern, Germany and Daniel Krohmer Fraunhofer IESE, Germany in the WordPress WP User Merger plugin versions = 1.5.2. Solution Update the WordPress WP User Merger plugin to the latest available version at least...

WordPress WP User Merger plugin <= 1.5.2 - Auth. SQL Injection (SQLi) vulnerability

Auth. SQL Injection SQLi vulnerability discovered by Kunal Sharma University of Kaiserslautern and Daniel Krohmer Fraunhofer IESE in the WordPress WP User Merger plugin versions = 1.5.2. Solution Update the WordPress WP User Merger plugin to the latest available version at least 1.5.3...

WordPress OWM Weather plugin <= 5.6.8 - Auth. SQL Injection (SQLi) vulnerability

Auth. SQL Injection SQLi vulnerability discovered by Kunal Sharma University of Kaiserslautern and Daniel Krohmer Fraunhofer IESE in the WordPress OWM Weather plugin versions = 5.6.8. Solution Update the WordPress OWM Weather plugin to the latest available version at least 5.6.9...

CVE-2022-3616

Affected software/area: OctoRPKI (github.com/cloudflare/cfrpki) in the octorpki command. Root cause / vulnerability detail: Attackers can construct long chains of Certificate Authorities (CAs) that exhaust the max iterations limit, causing OctoRPKI to crash and fail validation, resulting in a den...

cluster.itwm.fraunhofer.de Cross Site Scripting vulnerability OBB-2815938

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

WordPress CP Image Store with Slideshow plugin <= 1.0.67 - Unauthenticated SQL Injection (SQLi) vulnerability

Unauthenticated SQL Injection SQLi vulnerability was discovered by Daniel Krohmer Fraunhofer IESE, Germany and Shi Chen University of Kaiserslautern, Germany in the WordPress CP Image Store with Slideshow plugin versions = 1.0.67. Solution Update the WordPress CP Image Store with Slideshow plugin...

publica.fraunhofer.de Cross Site Scripting vulnerability OBB-2136562

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Security Advisory 2021-08-01-1 - XSS via missing input validation of host names displayed (CVE-2021-32019)

DESCRIPTION Missing input validation of host names displayed in OpenWrt LuCI web-interface leads to Cross-site scripting, which can be used to gain full control over the affected system. REQUIREMENTS Users need to visit the LuCI “Connection status” page of the router and activate the host name...

bookshop.fraunhofer.de Cross Site Scripting vulnerability OBB-1431326

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

CVE-2020-0355

In libFraunhoferAAC, there is a possible out of bounds read due to a missing bounds check. This could lead to remote information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.Product: AndroidVersions: Android-11Android ID: A-141883493...

Vulnerable Twitter API Leaves Tens of Thousands of iOS Apps Open to Attacks

Researchers are warning that an old Twitter API still used by popular iOS mobile apps that could be abused as part of a man-in-the-middle attack. It could be used to hijack Twitter accounts and compromise other third-party apps that are linked to the same “login with Twitter” feature. According t...

nano.fraunhofer.de XSS vulnerability

Open Bug Bounty ID: OBB-664860 Description| Value ---|--- Affected Website:| nano.fraunhofer.de Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...