Lyon Bros Turtlapp Turtle Note 跨站脚本漏洞

Lyon Bros Turtlapp Turtle Note is a secure, collaborative notebook from Lyon Bros. Use it to save notes, bookmarks, passwords, ideas, dream journals, photos, documents and anything else you want to keep safe. A security vulnerability exists in Turtlapp Turtle Note version v0.7.2.6, which stems fr...

daraint.org Cross Site Scripting vulnerability OBB-2559905

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

casters.pro Cross Site Scripting vulnerability OBB-2540148

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

se.huaruileddriver.com Cross Site Scripting vulnerability OBB-2535762

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CLSA-2022-1650376845 Update of microcode_ctl

Update Intel CPU microcode to microcode-20220207 release: - Fixes in releasenote.md file...

biology.burke.washington.edu Cross Site Scripting vulnerability OBB-2522542

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Google Releases Security Updates for Chrome

Google has released Chrome version 100.0.4896.127 for Windows, Mac, and Linux. This version addresses a vulnerability that an attacker could exploit to take control of an affected system. This vulnerability has been detected in exploits in the wild. CISA encourages users and administrators to...

CVE-2022-27140

An arbitrary file upload vulnerability in the file upload module of express-fileupload 1.3.1 allows attackers to execute arbitrary code via a crafted PHP file. NOTE: the vendor's position is that the observed behavior can only occur with "intentional misusing of the API": the express-fileupload...

Conti ransomware offshoot targets Russian organizations

Thanks to the Threat Intelligence team for their help with this article. Conti, the infamous ransomware created by a group of Russian and Eastern European cybercriminals, has again made headlines after a hacking group used its leaked source code to create another variant of the ransomware and...

szcodos.ecer.com Cross Site Scripting vulnerability OBB-2498061

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Google Releases Security Updates for Chrome

Google has released Chrome version 100.0.4896.88 for Windows, Mac, and Linux. This version addresses vulnerabilities that an attacker could exploit to take control of an affected system. CISA encourages users and administrators to review the Chrome Release Note and apply the necessary update. Thi...

The vulnerability of the `Exiv2::Internal::Nikon1MakerNote::print0x0088` function in the `nikonmn_int.cpp` component of the Exiv2 metadata management library allows a perpetrator to access confidential data and also trigger a service failure.

The vulnerability of the Exiv2::Internal::Nikon1MakerNote::print0x0088 function in the nikonmnint.cpp component of the Exiv2 metadata management library is related to reading data beyond the allowed buffer size. Exploiting this vulnerability allows an attacker to access confidential data and also...

stage.sternoproducts.com Cross Site Scripting vulnerability OBB-2478798

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

QNAP QTS / QuTS Hero DEADBOLT Ransomware (QSA-22-02)

The version of QNAP QTS / QuTS Hero installed on the remote host is affected by an arbitrary code execution vulnerability which is being actively exploited by the DEADBOLT ransomware. The ransomware encrypts files, renames them with a .deadbolt extension and hijacks the login page with a ransom...

com.brdev.ethereumpostage.info Cross Site Scripting vulnerability OBB-2468930

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

fgblearning.it Cross Site Scripting vulnerability OBB-2468029

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-43721

Leanote 2.7.0 is vulnerable to Cross Site Scripting XSS in the markdown type note. This leads to remote code execution with payload :...

Cross site scripting

Leanote 2.7.0 is vulnerable to Cross Site Scripting XSS in the markdown type note. This leads to remote code execution with payload :...

Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')

Overview git-clone is a Clone a git repository Affected versions of this package are vulnerable to Improper Neutralization of Argument Delimiters in a Command 'Argument Injection' due to insecure usage of the --upload-pack feature of git. Note: A note was added to the README file of the package t...

WordPress Easy Digital Downloads plugin <= 2.11.5 - Arbitrary Payment Note Insertion via Cross-Site Request Forgery (CSRF) vulnerability

Arbitrary Payment Note Insertion via Cross-Site Request Forgery CSRF vulnerability was discovered by Muhamad Hidayat in WordPress Easy Digital Downloads plugin versions = 2.11.5. Solution Update the WordPress Easy Digital Downloads plugin to the latest available version at least 2.11.6...