nfe.domcavati.mg.gov.br Cross Site Scripting vulnerability OBB-2418341

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

brookemeyerphotography.com Cross Site Scripting vulnerability OBB-2349546

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

GHSA-QRPM-P2H7-HRV2 Exposure of Sensitive Information to an Unauthorized Actor in nanoid

The package nanoid from 3.0.0, before 3.1.31, are vulnerable to Information Exposure via the valueOf function which allows to reproduce the last id generated...

DEBIAN-CVE-2021-23566

The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf function which allows to reproduce the last id generated...

UBUNTU-CVE-2021-23566

The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf function which allows to reproduce the last id generated...

PT-2022-9413 · Nanoid · Nanoid

Name of the Vulnerable Software and Affected Versions: nanoid versions 3.0.0 through 3.1.30 Description: The issue allows for Information Exposure via the valueOf function, enabling the reproduction of the last generated id. Recommendations: For nanoid versions 3.0.0 through 3.1.30, update to...

nanoid 代码问题漏洞

nanoid is a small, secure, URL-friendly, unique string ID generator for JavaScript. nanoid is vulnerable, stemming from nanoid's vulnerability to information exposure via the valueOf function, which allows the last generated id to be reproduced. no details of the vulnerability are currently...

AlphaGolang - IDApython Scripts For Analyzing Golang Binaries

AlphaGolang is a collection of IDAPython scripts to help malware reverse engineers master Go binaries. The idea is to break the scripts into concrete steps, thus avoiding brittle monolithic scripts, and mimicking the methodology an analyst might follow when tackling a Go binary. Scripts are...

CVE-2021-23824

This affects the package Crow before 0.3+4. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting XSS vulnerability, assuming an attacker can influence the...

Content Injection

Overview Affected versions of this package are vulnerable to Content Injection. When using attributes without quotes in the template, an attacker can manipulate the input to introduce additional attributes, potentially executing code. This may lead to a Cross-site Scripting XSS vulnerability,...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the valueOf function which allows to reproduce the last id generated. PoC javascript import nanoid from 'nanoid'; const makeProxyNumberToReproducePreviousID = = let step = 0; return valueOf // // if !pool ||...

screencloud.com Open Redirect vulnerability OBB-2316139

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

The Biggest Deepfake Abuse Site Is Growing in Disturbing Ways

A referral program and partner sites have spurred the spread of invasive, AI-generated “nude” images...

jasmincare.eu Improper Access Control vulnerability OBB-2263360

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

What is Twitch?

Twitch is primarily a site dedicated to live streaming content. It also offers the ability to chat with others in the Stream you happen to be in via text. The primary draw of Twitch streams is video games and e-sports, leading to the rise of many big name streamers and content creators. Is Twitch...

Simple JWT Login < 3.3.0 - Insecure Password Creation

The plugin can be used to create new WordPress user accounts with a randomly generated password. The password is generated using the strshuffle PHP function that "does not generate cryptographically secure values, and should not be used for cryptographic purposes" according to PHP's documentation...

airportgoldentuliphotel.com Cross Site Scripting vulnerability OBB-2158377

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Identifying Computer-Generated Faces

Its the eyes: The researchers note that in many cases, users can simply zoom in on the eyes of a person they suspect may not be real to spot the pupil irregularities. They also note that it would not be difficult to write software to spot such errors and for social media sites to use it to remove...

location.transdev.com Cross Site Scripting vulnerability OBB-2139704

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Server side request forgery (ssrf)

Nextcloud server is an open source, self hosted personal cloud. Nextcloud supports rendering image previews for user provided file content. For some image types, the Nextcloud server was invoking a third-party library that wasn't suited for untrusted user-supplied content. There are several...