43 matches found
PT-2026-42559
Concrete CMS 9.5.0 and below is vulnerable to IDOR. The /ccm/frontend/conversations/message detail endpoint returns the full content of any conversation message. An unauthenticated attacker can enumerate all conversation messages, including messages from restricted pages, member-only areas, and t...
CVE-Exploit-Research-Development
Objective To research, replicate, and develop a working expl...
CVE-2025-51479
creationtimestamp| type| source ---|---|--- 2025-07-22 21:14:11+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lulgdh7nd722...
Data-Driven Understanding of Security Issue Reporting in GitHub Repositories of Open Source Npm Packages
The npm Node Package Manager ecosystem is the most important package manager for JavaScript development with millions of users. Consequently, a plethora of earlier work investigated how vulnerability reporting, patch propagation, and in general detection as well as resolution of security issues i...
Fortinet FortiAnalyzer Input Validation Error Vulnerability (CNVD-2025-12793)
Fortinet FortiAnalyzer is a set of centralized network security reporting solutions from the U.S. company Fiat Fortinet. The product is mainly used to collect network log data, and through the reporting suite of security events in the log, network traffic, Web content, etc. to analyze, report,...
bic.at Cross Site Scripting vulnerability OBB-4043498
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
xlivetchat.hautetfort.com Cross Site Scripting vulnerability OBB-4041757
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
michiganassessmentconsortium.org Cross Site Scripting vulnerability OBB-4040560
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
heinonline.org Cross Site Scripting vulnerability OBB-4037903
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
sv-virnsberg.de Cross Site Scripting vulnerability OBB-4033907
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
snowflake-connector-python vulnerable to SQL Injection in write_pandas
Issue Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. A function from the snowflake.connector.pandastools module is vulnerable to SQL injection. This vulnerability affects versions 2.2.5 through 3.13.0. Snowflake fixed the issue in version 3.13.1...
CVE-2024-48125
creationtimestamp| type| source ---|---|--- 2025-01-15 20:57:44+00:00| seen| https://infosec.exchange/users/cve/statuses/113834371576114098 2025-01-15 21:15:41+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lfsor2cczi2t 2025-01-15 21:38:18+00:00| seen|...
CVE-2024-37758
creationtimestamp| type| source ---|---|--- 2024-12-20 19:01:12+00:00| seen| https://infosec.exchange/users/cve/statuses/113686693262617989 2024-12-20 19:15:47+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3ldr3wooi472x 2024-12-20 20:55:57+00:00| seen|...
iranpedia.ir Cross Site Scripting vulnerability OBB-3870563
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
ilportaledeibambini.net Improper Access Control vulnerability OBB-3858348
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
asaasesores.net Improper Access Control vulnerability OBB-3850234
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
siouxfallskitchenandbath.com Improper Access Control vulnerability OBB-3812084
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
royalparadise.com Improper Access Control vulnerability OBB-3809427
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
turisticky-denik.cz Cross Site Scripting vulnerability OBB-3543567
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...
Sysreptor - Fully Customisable, Offensive Security Reporting Tool Designed For Pentesters, Red Teamers And Other Security-Related People Alike
Easy and customisable pentest report creator based on simple web technologies. SysReptor is a fully customisable, offensive security reporting tool designed for pentesters, red teamers and other security-related people alike. You can create designs based on simple HTML and CSS, write your reports...