Server-side Request Forgery (SSRF)

Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the proxy endpoint. An attacker can access internal network resources by crafting requests to internal addresses through authenticated sessions. PoC 1. Run Miniflux 2.2.15 with default configuration...

Debian: Security Advisory (DSA-5997-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security Bulletin: IBM Security Verify Governance - Identity Manager Virtual Appliance has multiple vulnerabilities (CVE-2023-35019, CVE-2023-35016)

Summary Multiple security vulnerabilities have been addressed in IBM Security Verify Governance, Identity Manager - Virtual Appliance component. Vulnerability Details CVEID:CVE-2023-35019 DESCRIPTION: IBM Security Verify Governance, Identity Manager could allow a remote authenticated attacker to...

Security Bulletin: A vulnerability in Go affects IBM Robotic Process Automation and may allow an attacker to bypass authorization plugins under specific circumstances (CVE-2024-41110).

Summary A vulnerability in Go affects IBM Robotic Process Automation and may allow an attacker to bypass authorization plugins under specific circumstances. IBM Robotic Process Automation for Cloud Pak uses Go as part of it's operators. This bulletin identifies the fixes required to address the...

Security Bulletin: IBM Maximo Application Suite uses dnspython-2.3.0-py3-none-any.whl which is vulnerable to CVE-2023-29483.

Summary IBM Maximo Application Suite uses dnspython-2.3.0-py3-none-any.whl which is vulnerable to CVE-2023-29483. This bulletin contains information regarding the vulnerability and its fixture. Vulnerability Details CVEID:CVE-2023-29483 DESCRIPTION: Dnspython is vulnerable to a denial of service,...

kristenprogressiv.no Cross Site Scripting vulnerability OBB-3957651

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

odb.dev.odb.org Cross Site Scripting vulnerability OBB-3956875

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

docs.tritondatacenter.com Cross Site Scripting vulnerability OBB-3954840

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Security Bulletin: IBM Cloud Pak for Data is vulnerable due to nth-check ( CVE-2021-3803 )

Summary nth-check is used by IBM Cloud Pak for Data as part of the platform. CVE-2021-3803. Vulnerability Details CVEID:CVE-2021-3803 DESCRIPTION: nth-check is vulnerable to a denial of service, caused by a regular expression denial of service ReDoS flaw. By sending a specially-crafted regex inpu...

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is affected by a arbitrary code execution in OpenSSH server [CVE-2024-6387]

Summary IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is affected by arbitrary code execution in OpenSSH server, caused by a signal handler race condition CVE-2024-6387. Open SSH is a component of a glibc library that is included in our Speech Service Runtimes, but not actively...

greekfamilies.tribalpages.com Cross Site Scripting vulnerability OBB-3951033

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

bywind.se Cross Site Scripting vulnerability OBB-3950748

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

fabrikafabric.com Cross Site Scripting vulnerability OBB-3950427

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

king-navi.biz Cross Site Scripting vulnerability OBB-3949408

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

usis-education.com.xx3.kz Cross Site Scripting vulnerability OBB-3948334

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

igohiresales.com.xx3.kz Cross Site Scripting vulnerability OBB-3948148

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

abudhabiadventure.com Cross Site Scripting vulnerability OBB-3945386

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

kde-espana.org Cross Site Scripting vulnerability OBB-3944295

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

hopkinshomes.co.uk Cross Site Scripting vulnerability OBB-3943365

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

kimiagene.com Cross Site Scripting vulnerability OBB-3942909

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...