CVE-2024-23692 Rejetto HTTP File Server 2.3m Unauthenticated RCE
Rejetto HTTP File Server, up to and including version 2.3m, is vulnerable to a template injection vulnerability. This vulnerability allows a remote, unauthenticated attacker to execute arbitrary commands on the affected system by sending a specially crafted HTTP request. As of the CVE assignment...
8.1AI Score
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ha-ia-content-button’ parameter in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
5.9AI Score
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'arrow' attribute within the plugin's Post Navigation widget in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping on user supplied attributes.....
5.9AI Score
The Download Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'wpdm-all-packages' shortcode in all versions up to, and including, 3.2.90 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
5.9AI Score
thelia/thelia is vulnerable to Cross-site Scripting. The vulnerability is due to insufficient sanitization within the error.html template of the BackOffice. This allowing attackers to inject malicious scripts that can be executed in the browsers of users visiting the affected...
6.9AI Score
Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. We recommend upgrading to version 12.88 or...
8.2AI Score
virutex.es Cross Site Scripting vulnerability OBB-3931859
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.5AI Score
boutique.requiem.com.es Cross Site Scripting vulnerability OBB-3931858
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
symfony/symfony is vulnerable to Privilege Escalation. The vulnerability is due to a flaw in the handling of user updates in the EntityUserProvider provided by the Doctrine bridge, allowing users to switch to another user by changing their username via a form, despite encountering a validation...
6.9AI Score
Malicious code in numberpy (PyPI)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (e10120613afbbf32d487584c68eaf1ae7f4fc0674f1f119d86beae630a3b9070) The OpenSSF Package Analysis project identified 'numberpy' @ 0.1.0 (pypi) as malicious. It is considered malicious because: The package...
7.1AI Score
typo3/cms-core vulnerable to Authentication Bypass. The vulnerability is due to improper handling of hashing methods related by PHP class inheritance, allowing stored passwords using the blowfish hashing algorithm to be overridden when MD5 is used as the default hashing...
6.9AI Score
Thelia is vulnerable to Cross-site Scripting (XSS). The vulnerability is due to improper sanitization within the error.html template which allows an attacker to inject and execute malicious...
6.8AI Score
Improper privilege management vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows a local user to access the application as an administrator without any provided credentials, allowing the attacker to perform administrative...
8.3CVSS
7.1AI Score
0.0004EPSS
Information exposure vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows unregistered users to access all internal links of the application without providing any...
5.3CVSS
7.2AI Score
0.0004EPSS
SQL injection vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability could allow an authenticated local user to send a specially crafted SQL query to the 'searchString' parameter and retrieve all information stored in the...
8.8CVSS
7.5AI Score
0.0004EPSS
CVE-2024-5436 Type Confusion in Snapchat Lenscore
Type confusion in Snapchat LensCore could lead to denial of service or arbitrary code execution prior to version 12.88. We recommend upgrading to version 12.88 or...
8AI Score
Malicious code in reqwestss (PyPI)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (1b49654324e091538657038a1288d05e2879c02d73bec38baeae681b0a26f5b9) The OpenSSF Package Analysis project identified 'reqwestss' @ 0.1.0 (pypi) as malicious. It is considered malicious because: The package...
7.1AI Score
CVE-2024-24919 Checker A simple bash script to check for the...
7.2AI Score
0.019EPSS
Intro Simple POC Python script that check & leverage Check...
7.3AI Score
0.019EPSS
Symfony is vulnerable to Improper Input Validation. The vulnerability is due to trusting the remote address when at least one trusted proxy is involved, allowing an attacker to manipulate HTTP header...
6.6AI Score
XML External Entity (XXE) Injection
symfony/serializer is vulnerable to XML External Entity (XXE) injection. This vulnerability is due to the failure to disable external entities when parsing XML using the XMLEncoder component, which allows an attacker to include arbitrary files from the file system by exploiting the XXE injection...
7.8AI Score
estilosdevidasaludable.sanidad.gob.es Cross Site Scripting vulnerability OBB-3931855
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
thatquiz.org Cross Site Scripting vulnerability OBB-3931854
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
titon/framework] is vulnerable to remote code execution. The vulnerability is due to calling the unserialize() method on unverified cyphertext, which allows an attacker to execute arbitrary...
8.4AI Score
Malicious code in pinyin-pra (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (9b8720c87d902e268ccf6e9db13f00285998cf35b280a6851ef9c3c23b3f0d6b) The OpenSSF Package Analysis project identified 'pinyin-pra' @ 1.0.3 (npm) as malicious. It is considered malicious because: The package...
7.1AI Score
CVE-2024-5525 Improper privilege management vulnerability in Astrotalks
Improper privilege management vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows a local user to access the application as an administrator without any provided credentials, allowing the attacker to perform administrative...
6.9AI Score
0.0004EPSS
Symfony is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper hostname validation via a regular expression within Request::getHost(), which results in...
6.5AI Score
CVE-2024-5524 Information exposure vulnerability in Astrotalks
Information exposure vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability allows unregistered users to access all internal links of the application without providing any...
7AI Score
0.0004EPSS
CVE-2024-5523 SQL injection vulnerability in Astrotalks
SQL injection vulnerability in Astrotalks affecting version 10/03/2023. This vulnerability could allow an authenticated local user to send a specially crafted SQL query to the 'searchString' parameter and retrieve all information stored in the...
7.3AI Score
0.0004EPSS
symfony/routing is vulnerable to XML Entity Expansion (XEE). The vulnerability is due to allowing custom entities in PHP, which allows an attacker to submit XML which results in a XEE Quadratic...
6.9AI Score
The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and...
6.4CVSS
6.1AI Score
0.001EPSS
zergdir.com Cross Site Scripting vulnerability OBB-3931853
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
symfony/symfony is vulnerable to XML External Entity. The vulnerability is due to the absence of proper validation mechanisms for XML input, which allows attackers to process external entities resulting in the inclusion of arbitrary...
7.2AI Score
insuedthueringen.de Cross Site Scripting vulnerability OBB-3931834
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
houseofhackney.com Cross Site Scripting vulnerability OBB-3931833
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
filmfestival-goeast.de Cross Site Scripting vulnerability OBB-3931831
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
exportersindia.com Cross Site Scripting vulnerability OBB-3931830
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
avise.org Cross Site Scripting vulnerability OBB-3931825
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
beroeinc.com Cross Site Scripting vulnerability OBB-3931826
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
dshop.dietshin.com Cross Site Scripting vulnerability OBB-3931824
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and...
5.9AI Score
0.001EPSS
symfony/symfony is vulnerable to XML Entity Expansion. The vulnerability is due to all extensions that use libxml2 having no defense against Quadratic Blowup Attacks, which involve defining a long entity that is repeatedly referenced within the XML document, thus creating a potential memory sink...
7AI Score
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget in all versions up to, and including, 4.10.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
6.1AI Score
0.001EPSS
The Premium Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Global Tooltip widget in all versions up to, and including, 4.10.31 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for....
5.4CVSS
6.1AI Score
0.001EPSS
The WP STAGING WordPress Backup Plugin WordPress plugin before 3.5.0 does not prevent users with the administrator role from pinging conducting SSRF attacks, which may be a problem in multisite...
6.9AI Score
0.0004EPSS
Missing authorization vulnerability exists in Unifier and Unifier Cast Version.5.0 or later, and the patch "20240527" not applied. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be modified.....
7.8AI Score
0.0004EPSS
The Premium Addons for Elementor plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the get_template_content() function in all versions up to, and including, 4.10.31. This makes it possible for authenticated attackers, with subscriber-level...
4.3CVSS
6.9AI Score
0.001EPSS
Incorrect default permissions issue exists in Unifier and Unifier Cast Version.5.0 or later, and the patch "20240527" not applied. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be modified.....
7.9AI Score
0.0004EPSS
Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 274 Vulnerability Details ** CVEID: CVE-2022-40897 DESCRIPTION: **Pypa Setuptools is vulnerable to a denial of service, caused by improper input validation. By sending request with a...
7.2AI Score
0.005EPSS