ofi.la.gov Cross Site Scripting vulnerability OBB-3855835

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

maharashtranursingcouncil.co.in Cross Site Scripting vulnerability OBB-3855834

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Kimsuky Exploits Legitimate Certificate to Disseminate TrollAgent

Summary: The Kimsuky group, backed by North Korea, used TrollAgent malware via a fake security program to target a Korean construction associations website, stealing data and enabling remote control between December 2023 and January 2024. Threat Level - Amber | Attack Report For a detailed threat...

formazione.fuoriluogo.it Improper Access Control vulnerability OBB-3855773

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Unsecured Database Leaks 153 GB of Filipino Student and Family Data

By Deeba Ahmed Personal Information of 200,000+ Exposed in Philippine School Voucher Program Portal Data Leak. This is a post from HackRead.com Read the original post: Unsecured Database Leaks 153 GB of Filipino Student and Family Data...

net-matrix.com Cross Site Scripting vulnerability OBB-3855763

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

license.novelgames.com Cross Site Scripting vulnerability OBB-3855612

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

thewebaround.com Cross Site Scripting vulnerability OBB-3855586

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

graphx-werbestudio.de Cross Site Scripting vulnerability OBB-3855573

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

e-joaillerie.com Improper Access Control vulnerability OBB-3855554

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

direct-d-sign.com Improper Access Control vulnerability OBB-3855516

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

ASA-2024-002: Default `PrepareProposalHandler` may produce invalid proposals when used with default `SenderNonceMempool`

ASA-2024-002: Default PrepareProposalHandler may produce invalid proposals when used with default SenderNonceMempool Component: Cosmos SDK Criticality: Medium Affected Versions: Cosmos SDK versions = 0.50.3; = 0.47.8 Affected Users: Chain developers, Validator and Node operators Impact: Denial of...

ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module

ASA-2024-003: Missing BlockedAddressed Validation in Vesting Module Component: Cosmos SDK Criticality: Low Affected Versions: Cosmos SDK versions = 0.50.3; = 0.47.8 Affected Users: Chain developers, Validator and Node operators Impact: Denial of Service Description A vulnerability was identified ...

GHSA-4J93-FM92-RP4M ASA-2024-003: Missing `BlockedAddressed` Validation in Vesting Module

ASA-2024-003: Missing BlockedAddressed Validation in Vesting Module Component: Cosmos SDK Criticality: Low Affected Versions: Cosmos SDK versions = 0.50.3; = 0.47.8 Affected Users: Chain developers, Validator and Node operators Impact: Denial of Service Description A vulnerability was identified ...

indiscretion.us Cross Site Scripting vulnerability OBB-3855444

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

aemc.com Cross Site Scripting vulnerability OBB-3855433

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-21682

This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 all versions. Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or...

CVE-2024-21678

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...

Cross site scripting

This High severity Stored XSS vulnerability was introduced in version 2.7.0 of Confluence Data Center. This Stored XSS vulnerability, with a CVSS Score of 8.5, allows an authenticated attacker to execute arbitrary HTML or JavaScript code on a victims browser which has high impact to...

CVE-2024-21682

This High severity Injection vulnerability was introduced in Assets Discovery 1.0 - 6.2.0 all versions. Assets Discovery, which can be downloaded via Atlassian Marketplace, is a network scanning tool that can be used with or without an agent with Jira Service Management Cloud, Data Center or...