18 matches found
CVE-2025-23206
The AWS Cloud Development Kit AWS CDK is an open-source software development framework to define cloud infrastructure in code and provision it through AWS CloudFormation. Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow...
GHSA-V4MQ-X674-FF73 AWS Cloud Development Kit (AWS CDK) IAM OIDC custom resource allows connection to unauthorized OIDC provider
Impact Users who use IAM OIDC custom resource provider package will download CA Thumbprints as part of the custom resource workflow, https://github.com/aws/aws-cdk/blob/d16482fc8a4a3e1f62751f481b770c09034df7d2/packages/%40aws-cdk/custom-resource-handlers/lib/aws-iam/oidc-handler/external.tsL34...
check-jsonschema default caching for remote schemas allows for cache confusion
Impact The default cache strategy uses the basename of a remote schema as the name of the file in the cache, e.g. https://example.org/schema.json will be stored as schema.json. This naming allows for conflicts. If an attacker can get a user to run check-jsonschema against a malicious schema URL,...
CVE-2023-41052 Vyper: incorrect order of evaluation of side effects for some builtins
Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions uint256addmod, uint256mulmod, ecadd and ecmul does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side...
CVE-2023-41052 Vyper: incorrect order of evaluation of side effects for some builtins
Vyper is a Pythonic Smart Contract Language. In affected versions the order of evaluation of the arguments of the builtin functions uint256addmod, uint256mulmod, ecadd and ecmul does not follow source order. This behaviour is problematic when the evaluation of one of the arguments produces side...
Third Flaw Uncovered in MOVEit Transfer App Amidst Cl0p Ransomware Mass Attack
Progress Software on Thursday disclosed a third vulnerability impacting its MOVEit Transfer application, as the Cl0p cybercrime gang deployed extortion tactics against affected companies. The new flaw, which is being tracked as CVE-2023-35708 , also concerns an SQL injection vulnerability that...
alabama-bound.info XSS vulnerability
Vulnerable URL: http://www.alabama-bound.info/browsemedia.php?mediasearch=bug=headstones=Relatives=%22%20autofocus%20onfocus=alert%60OPENBUGBOUNTY%60%20 Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 15.01.2018 Vulnerability type:| XSS Vulnerabilit...
transmission.no XSS vulnerability
Vulnerable URL: http://www.transmission.no/flashdetection.swf?flashContentURL=javascript:alert5389 Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 14.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / No...
elemis.com XSS vulnerability
Vulnerable URL: http://www.elemis.com/catalogsearch/result/?q=%3Cscript%3Ealert%22OPENBUGBOUNTY%22%3C%2Fscript%3E&cfwaftk=091682002m7T2JsimSSzvftkWgTUtLHdCxs Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 07.01.2018 Vulnerability type:| XSS...
pegasus.cc.ucf.edu Open Redirect vulnerability
Vulnerable URL: http://pegasus.cc.ucf.edu/cha/mims/flashdetection.swf?flashContentURL=https://openbugbounty.org Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 07.01.2018 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed...
funk-video.de Open Redirect vulnerability
Vulnerable URL: http://www.funk-video.de/flv/flashdetection.swf?flashContentURL=https://openbugbounty.org Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 07.01.2018 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa...
transmission.no Open Redirect vulnerability
Vulnerable URL: http://www.transmission.no/flashdetection.swf?flashContentURL=https://openbugbounty.org Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 07.01.2018 Vulnerability type:| Open Redirect Vulnerability status:| Publicly disclosed Alexa Ran...
cambridgedirectory.co.uk Open Redirect vulnerability
Vulnerable URL: http://www.cambridgedirectory.co.uk/r?u=data%3Atext%2Fhtml%3Bbase64%2CPHNjcmlwdD5hbGVydCgvT1BFTkJVR0JPVU5UWS8pPC9zY3JpcHQ%2B Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 31.12.2017 Vulnerability type:| Open Redirect Vulnerability...
organixx.com XSS vulnerability
Vulnerable URL: https://organixx.com/?s=%22%2F%3E%27%3E%22%3EI%3Ci%3EI%3Csvg%2Fonload%3Dalert%28%2Fopenbugbounty%2F%29%3E=art Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 26.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclos...
sport-design.pt XSS vulnerability
Vulnerable URL: http://www.sport-design.pt/info/listarcategoria.php?nivelm=categoria%3C!%27/!%22/!%27/%22/--!%3E%3CInput/Type=Text%20AutoFocus%20/;%20OnFocus=confirmOPENBUGBOUNTY%20//%3E%3CSvg%3E=32 Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:|...
t-worksmanager.com XSS vulnerability
Vulnerable URL: http://www.t-worksmanager.com/!prettyPhotogallery1/0,%3Ca%20onclick=%22alert%27OPENBUGBOUNTY%27;%22%3E/ Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 31.10.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Ale...
irttech.ac.in XSS vulnerability
Vulnerable URL: http://irttech.ac.in/mechstaff.htm!prettyPhoto/0,%3Ca%20onclick=%22alert%27OPENBUGBOUNTY%27;%22%3E/ Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 30.10.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa...
306.ch XSS vulnerability
Vulnerable URL: http://www.306.ch/lib/flash/player.swf?debug=alert%28%27XSSPO%20SED%27%29 Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 20.11.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| Unknown / Not...