Gitea may send release notification emails for private repositories to users whose access has been revoked

Gitea may send release notification emails for private repositories to users whose access has been revoked. When a repository is changed from public to private, users who previously watched the repository may continue to receive release notifications, potentially disclosing release titles, tags,...

CVE-2022-20497

In updatePublicMode of NotificationLockscreenUserManagerImpl.java, there is a possible way to reveal sensitive notifications on the lockscreen due to an incorrect state transition. This could lead to local information disclosure with physical access required and an app that runs above the...

CVE-2021-39628

In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

hiking-bulgaria.com Cross Site Scripting vulnerability OBB-3926248

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

rem-technik.cz Cross Site Scripting vulnerability OBB-3881959

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

pekarna-pecjak.si Cross Site Scripting vulnerability OBB-3589598

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

aitaa-b.com Cross Site Scripting vulnerability OBB-3286366

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Workreap - Freelance Marketplace and Directory < 2.6.3 - Subscriber+ Private Message Disclosure via IDOR

The theme has a vulnerability with the notifications feature as it's possible to read any user's notification employer or freelancer as the notification ID is brute-forceable. PoC POST /testt/wp-admin/admin-ajax.php HTTP/2 Host: host Cookie: Content-Type: application/x-www-form-urlencoded;...

tandemx-science.dlr.de Cross Site Scripting vulnerability OBB-2963400

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

getgspace.com Cross Site Scripting vulnerability OBB-2713829

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

dthompsondds.com Cross Site Scripting vulnerability OBB-2663785

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Design/Logic Flaw

Full list of recipients from customer users in a contact field could be disclosed in notification emails event when the notification is set to be sent to each recipient individually. This issue affects: OTRS AG OTRSCustomContactFields 8.0.x version: 8.0.11 and prior versions...

davidszmiga.com Improper Access Control vulnerability OBB-2341268

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2021-39628

In StatusBar.java, there is a possible disclosure of notification content on the lockscreen due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions:...

cg28.com Cross Site Scripting vulnerability OBB-2152176

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

Woffice < 4.0.2 - Unauthenticated Disclosure of Notification Titles

The theme lacks authentication checks before returning the titles of notifications between the site's users. PoC Any request to the wofficeNotificationGet ajax endpoint will return titles of notifications sent between users. Example:...

keea.info Cross Site Scripting vulnerability OBB-1344544

Following coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: &nbsp&nbsp&nbsp&nbsp&nbsp&nbspa. verified the vulnerability and confirmed its existence; &nbsp&nbsp&nbsp&nbsp&nbsp&nbspb. notified the website operator about its existence...

metallerie.pmg.nl Open Redirect vulnerability

Vulnerable URL: http://metallerie.pmg.nl/nl/redirect/website?url=http://openbugbounty.org/ Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not calculated VIP...

zkorean.com XSS vulnerability

Vulnerable URL: https://zkorean.com/dictionary/searchresults?word=%22%3E%3Cscript%20src=https://openbugbounty.org/1.js%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 374756 VIP...