1157 matches found
FileBrowser Quantum: unauthenticated user share share info
Impact Some sensitive info -- such as source and path can get exposed. Patches Update to the latest version Workarounds no...
GHSA-6JP5-HH4C-8C5H [email protected] contains malware after npm account takeover
Impact On 8 September 2025, an npm publishing account for error-ex was taken over after a phishing attack. Version 1.3.3 was published, functionally identical to the previous patch version, but with a malware payload added attempting to redirect cryptocurrency transactions to the attacker's own...
BIT-DISCOURSE-2024-49765 Bypass of Discourse Connect using other login paths if enabled in Discourse
Discourse is an open source platform for community discussion. Sites that are using discourse connect but still have local logins enabled could allow attackers to bypass discourse connect to create accounts and login. This problem is patched in the latest version of Discourse. Users unable to...
RUSTSEC-2024-0435 Unsound usages of `Vec::from_raw_parts`
The library provides a public safe API transmutevecasbytes, which incorrectly assumes that any generic type T could have stable layout, causing to uninitialized memory exposure if the users pass any types with padding bytes as T and cast it to u8 pointer. In the issue, we develop a PoC to show...
PT-2023-1536
Name of the Vulnerable Software and Affected Versions Cisco IP Phone versions prior to the fixed version Description Multiple vulnerabilities in the web-based management interface of certain Cisco IP Phones could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denia...
SUSE CVE-2021-41134
nbdime provides tools for diffing and merging of Jupyter Notebooks. In affected versions a stored cross-site scripting XSS issue exists within the Jupyter-owned nbdime project. It appears that when reading the file name and path from disk, the extension does not sanitize the string it constructs...
Design/Logic Flaw
soketi is an open-source WebSockets server. There is an unhandled case when reading POST requests which results in the server crashing if it could not read the body of a request. In the event that a POST request is sent to any endpoint of the server with an empty body, even unauthenticated with t...
CVE-2022-21667 Denial of Service in soketi
soketi is an open-source WebSockets server. There is an unhandled case when reading POST requests which results in the server crashing if it could not read the body of a request. In the event that a POST request is sent to any endpoint of the server with an empty body, even unauthenticated with t...
CVE-2022-21667 Denial of Service in soketi
soketi is an open-source WebSockets server. There is an unhandled case when reading POST requests which results in the server crashing if it could not read the body of a request. In the event that a POST request is sent to any endpoint of the server with an empty body, even unauthenticated with t...
justthejob.co.za XSS vulnerability
Vulnerable URL: https://www.justthejob.co.za/?lang=%3CSCRIPT%3Ealert%27OPENBUGBOUNTY.ORG%27%3C/SCRIPT%3E Details: Description| Value ---|--- Patched:| Yes, at 30.11.2017 Latest check for patch:| 30.11.2017 16:16 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...
winsometextile.com XSS vulnerability
Vulnerable URL: http://www.winsometextile.com/search-result.php?cardVolume=%27%22/%3E%3Cscript%3Ealert/OPENBUGBOUNTY/;%3C/script%3E=0=0 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 19.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Ran...
de.pandahall.com XSS vulnerability
Vulnerable URL: http://de.pandahall.com/ProductSearch?keyword=%22%3E%3C%2Fscript%3E%3Cimg+src%3Dx+onerror%3Dprompt%2FOPENBUGBOUNTY%2F%3E%3C%22\n Details: Description| Value ---|--- Patched:| No Latest check for patch:| 18.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed...
app-help.winespectator.com XSS vulnerability
Vulnerable URL: http://app-help.winespectator.com/support/tickets Details: Description| Value ---|--- Patched:| No Latest check for patch:| 18.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Coordinated...
adv.wp.pl Open Redirect vulnerability
Vulnerable URL: http://adv.wp.pl/RM/clicklx.ads/o2.pl/glowna.html/L17/1122618534/x03/OasDefault/94206213815sgo2Aflofarmzaslepkadniowkao224-2603/aflo970x200.html/58436a347431624f3749634144563379?PWAadbd=0&RMREDIR=https://www.xssposed.org\n Details: Description| Value ---|--- Patched:| No Latest...
georgetownhistoricalsociety.org XSS vulnerability
Vulnerable URL: https://georgetownhistoricalsociety.org/genealogy/browsemedia.php?mediasearch=bug=headstones=Relatives=%22%20autofocus%20onfocus=alert%60OPENBUGBOUNTY%60%20 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 17.01.2018 Vulnerability type:| XSS Vulnerability...
loginella.com XSS vulnerability
Vulnerable URL: http://www.loginella.com/a/'%7D%7D%7D;alert'XSSPOSED';function%7Bxz=%7Bx:%7By:'x Details: Description| Value ---|--- Patched:| No Latest check for patch:| 16.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 325527 VIP website status:| No...
smithsworldwide.org XSS vulnerability
Vulnerable URL: http://www.smithsworldwide.org/tng/browsemedia.php?mediasearch=bug=headstones=Relatives=%22%20autofocus%20onfocus=alert%60OPENBUGBOUNTY%60%20 Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 18.11.2017 Vulnerability type:| XSS...
genealogy.rossvillelibrary.org XSS vulnerability
Vulnerable URL: http://genealogy.rossvillelibrary.org/browsemedia.php?mediasearch=bug=headstones=Relatives=%22%20autofocus%20onfocus=alert%60OPENBUGBOUNTY%60%20 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 17.01.2018 Vulnerability type:| XSS Vulnerability status:|...
quelestlemeilleur.net XSS vulnerability
Vulnerable URL: https://www.quelestlemeilleur.net/form-subscription.php?urlretour=xss%22%3E%3Csvg/onload=prompt/openbugbounty/%3E=862f7c0d3f00617b509266f1a29b52c0 Details: Description| Value ---|--- Patched:| No Latest check for patch:| 16.01.2018 Vulnerability type:| XSS Vulnerability status:|...
metalnobrepresentes.com.br XSS vulnerability
Vulnerable URL: http://www.metalnobrepresentes.com.br/index.php?lk=busca Details: Description| Value ---|--- Patched:| No Latest check for patch:| 15.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP website status:| No Coordinated...