Secrecy Concerns Mount Over Spy Powers Targeting US Data Centers

A coalition of digital rights groups is demanding the US declassify records that would clarify just how expansive a major surveillance program really is...

CVE-2024-4068

The NPM package braces, versions prior to 3.0.3, fails to limit the number of characters it can handle, which could lead to Memory Exhaustion. In lib/parse.js, if a malicious user sends "imbalanced braces" as input, the parsing will enter a loop, which will cause the program to start allocating...

CVE-2024-3460

In KioWare for Windows versions all through 8.34 it is possible to exit this software and use other already opened applications utilizing a short time window before the forced automatic logout occurs. Then, by using some built-in function of these applications, one may launch any other programs. ...

CVE-2024-3459

KioWare for Windows versions all through 8.34 allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently,...

Revolutionizing WordPress Bug Bounty and Security: Latest Enhancements to the Wordfence Bug Bounty Program

We are excited to share some updates on our Bug Bounty Program today! It has been over six months since the launch of our program, during which weve awarded approximately $242,000 in bounties. Since then, our team has triaged around 2,140 vulnerability submissions, with about 1,320 deemed in-scop...

anncaserep.com Cross Site Scripting vulnerability OBB-3927816

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Intel® Computing Improvement Program Software Advisory

Summary: A potential security vulnerability in some Intel® Computing Improvement Program software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2024-21843 Description: Uncontrolled search path for...

toggy.com Cross Site Scripting vulnerability OBB-3927677

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

rallies.info Cross Site Scripting vulnerability OBB-3927566

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

noxx.to Cross Site Scripting vulnerability OBB-3927563

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

A new alert system from CISA seems to be effective — now we just need companies to sign up

One of the great cybersecurity challenges organizations currently face, especially smaller ones, is that they dont know what they dont know. Its tough to have your eyes on everything all the time, especially with so many pieces of software running and IoT devices extending the reach of networks...

glibc: null pointer dereferences after failed netgroup cache insertion

A flaw was found in the glibc netgroup cache. After a failed cache insertion, addgetnetgrentX tries to send the non-existing response after the not-found header. This can lead to a null pointer dereference that causes a crash or exit...

jobs.meridiantechnologies.net Cross Site Scripting vulnerability OBB-3927194

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2024-3459

KioWare for Windows versions all through 8.34 allows to escape the environment by downloading PDF files, which then by default are opened in an external PDF viewer. By using built-in functions of that viewer it is possible to launch a web browser, search through local files and, subsequently,...

lodelpreprod.univ-rennes2.fr Cross Site Scripting vulnerability OBB-3927118

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

PT-2024-26014 · Unknown · Kioware For Windows

Name of the Vulnerable Software and Affected Versions: KioWare for Windows versions all through 8.34 Description: The issue allows an attacker to exit KioWare for Windows and access other opened applications during a short time window before automatic logout. By utilizing built-in functions of...

pasteur.uy Cross Site Scripting vulnerability OBB-3926714

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

theinsightpartners.com Cross Site Scripting vulnerability OBB-3926624

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

rvworkshop.com Cross Site Scripting vulnerability OBB-3926607

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

kwrwater.nl Cross Site Scripting vulnerability OBB-3926413

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...