CVE-2023-42011 IBM Sterling B2B Integrator Standard Edition tapjacking
IBM Sterling B2B Integrator Standard Edition 6.1 and 6.2 does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. IBM X-Force ID: ...
4.3CVSS
6.4AI Score
0.0004EPSS
CVE-2024-24792 Panic when parsing invalid palette-color images in golang.org/x/image
Parsing a corrupt or malicious image with invalid color indices can cause a...
0.0004EPSS
CVE-2024-35153 IBM WebSphere Application Server cross-site scripting
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...
4.8CVSS
6AI Score
0.0004EPSS
CVE-2024-35153 IBM WebSphere Application Server cross-site scripting
IBM WebSphere Application Server 8.5 and 9.0 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM...
4.8CVSS
0.0004EPSS
vdo.ai Cross Site Scripting vulnerability OBB-3939307
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
A company that helps to authenticate users for big brands had a set of administration credentials exposed online for over a year, potentially allowing access to user identity documents such as driving licenses. As more and more legislation emerges requiring websites and platforms—like gambling...
7.4AI Score
Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in...
5.9CVSS
0.0004EPSS
Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in...
5.9CVSS
6.9AI Score
0.0004EPSS
Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in...
5.9CVSS
6.8AI Score
0.0004EPSS
TELSAT marKoni FM Transmitters are vulnerable to a command injection vulnerability through the manipulation of settings and could allow an attacker to gain unauthorized access to the system with administrative...
0.0004EPSS
TELSAT marKoni FM Transmitters are vulnerable to users gaining unauthorized access to sensitive information or performing actions beyond their designated...
0.0004EPSS
IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: ...
5.3CVSS
5.2AI Score
0.0004EPSS
TELSAT marKoni FM Transmitters are vulnerable to an attacker bypassing authentication and gaining administrator...
6.8AI Score
0.0004EPSS
TELSAT marKoni FM Transmitters are vulnerable to an attacker bypassing authentication and gaining administrator...
0.0004EPSS
TELSAT marKoni FM Transmitters are vulnerable to users gaining unauthorized access to sensitive information or performing actions beyond their designated...
6.2AI Score
0.0004EPSS
TELSAT marKoni FM Transmitters are vulnerable to an attacker exploiting a hidden admin account that can be accessed through the use of hard-coded...
0.0004EPSS
TELSAT marKoni FM Transmitters are vulnerable to a command injection vulnerability through the manipulation of settings and could allow an attacker to gain unauthorized access to the system with administrative...
7.4AI Score
0.0004EPSS
TELSAT marKoni FM Transmitters are vulnerable to an attacker exploiting a hidden admin account that can be accessed through the use of hard-coded...
6.5AI Score
0.0004EPSS
IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: ...
5.3CVSS
0.0004EPSS
IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: ...
6.2CVSS
0.0004EPSS
IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: ...
6.2CVSS
5.8AI Score
0.0004EPSS
CVE-2024-39376 Improper Access Control In TELSAT MarKoni FM Transmitter
TELSAT marKoni FM Transmitters are vulnerable to users gaining unauthorized access to sensitive information or performing actions beyond their designated...
6.5AI Score
0.0004EPSS
CVE-2024-39376 Improper Access Control In TELSAT MarKoni FM Transmitter
TELSAT marKoni FM Transmitters are vulnerable to users gaining unauthorized access to sensitive information or performing actions beyond their designated...
0.0004EPSS
CVE-2024-39375 Use of Client-Side Authentication in TELSAT marKoni FM Transmitter
TELSAT marKoni FM Transmitters are vulnerable to an attacker bypassing authentication and gaining administrator...
0.0004EPSS
CVE-2024-39375 Use of Client-Side Authentication in TELSAT marKoni FM Transmitter
TELSAT marKoni FM Transmitters are vulnerable to an attacker bypassing authentication and gaining administrator...
7.1AI Score
0.0004EPSS
CVE-2024-39374 Use of Hard-coded Credentials in TELSAT marKoni FM Transmitter
TELSAT marKoni FM Transmitters are vulnerable to an attacker exploiting a hidden admin account that can be accessed through the use of hard-coded...
0.0004EPSS
TELSAT marKoni FM Transmitters are vulnerable to a command injection vulnerability through the manipulation of settings and could allow an attacker to gain unauthorized access to the system with administrative...
7.7AI Score
0.0004EPSS
TELSAT marKoni FM Transmitters are vulnerable to a command injection vulnerability through the manipulation of settings and could allow an attacker to gain unauthorized access to the system with administrative...
0.0004EPSS
CVE-2023-30430 IBM Security Verify Access information disclosure
IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: ...
6.2CVSS
0.0004EPSS
CVE-2023-30430 IBM Security Verify Access information disclosure
IBM Security Verify Access 10.0.0 through 10.0.7.1 could allow a local user to obtain sensitive information from trace logs. IBM X-Force ID: ...
6.2CVSS
5.7AI Score
0.0004EPSS
CVE-2024-31883 IBM Security Verify Access denial of service
IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: ...
5.3CVSS
0.0004EPSS
CVE-2024-31883 IBM Security Verify Access denial of service
IBM Security Verify Access 10.0.0.0 through 10.0.7.1, under certain configurations, could allow an unauthenticated attacker to cause a denial of service due to asymmetric resource consumption. IBM X-Force ID: ...
5.3CVSS
6.5AI Score
0.0004EPSS
Marco Trevisan discovered that the Ubuntu Advantage Desktop Daemon, before version 1.12, leaks the Pro token to unprivileged users by passing the token as an argument in...
5.9CVSS
0.0004EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 17, 2024 to June 23, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
10CVSS
9.7AI Score
EPSS
aftodioikisi.gr Cross Site Scripting vulnerability OBB-3939285
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
frdb.dk Cross Site Scripting vulnerability OBB-3939281
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Improper Access Control vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before...
4.3CVSS
0.001EPSS
Improper Access Control vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before...
4.3CVSS
4.7AI Score
0.001EPSS
Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before...
8.8CVSS
8.7AI Score
0.001EPSS
Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before...
8.8CVSS
0.001EPSS
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF006. Vulnerability Details ** CVEID: CVE-2024-22329 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3 are vulnerable to...
7.5CVSS
7.8AI Score
0.0004EPSS
CVE-2024-1153 Improper Access Control in Talya Informatics' Travel APPS
Improper Access Control vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before...
4.3CVSS
0.001EPSS
CVE-2024-1153 Improper Access Control in Talya Informatics' Travel APPS
Improper Access Control vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before...
4.3CVSS
6.9AI Score
0.001EPSS
CVE-2024-1107 IDOR in Talya Informatics' Travel APPS
Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before...
8.8CVSS
6.9AI Score
0.001EPSS
CVE-2024-1107 IDOR in Talya Informatics' Travel APPS
Authorization Bypass Through User-Controlled Key vulnerability in Talya Informatics Travel APPS allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Travel APPS: before...
8.8CVSS
0.001EPSS
‘Poseidon’ Mac stealer distributed via Google ads
On June 24, we observed a new campaign distributing a stealer targeting Mac users via malicious Google ads for the Arc browser. This is the second time in the past couple of months where we see Arc being used as a lure, certainly a sign of its popularity. It was previously used to drop a Windows...
6.5AI Score
Yokogawa FAST/TOOLS and CI Server
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 6.9 ATTENTION: Exploitable remotely/low attack complexity Vendor: Yokogawa Equipment: FAST/TOOLS and CI Server Vulnerabilities: Cross-site Scripting, Empty Password in Configuration File 2. RISK EVALUATION Successful exploitation of these vulnerabilities...
5.8CVSS
7.7AI Score
0.0004EPSS
View CSAF 1. EXECUTIVE SUMMARY CVSS v4 9.3 ATTENTION: Exploitable remotely/low attack complexity Vendor: SDG Technologies Equipment: PnPSCADA Vulnerability: Missing Authorization 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to attach various entities...
6.4AI Score
0.0004EPSS
Johnson Controls Illustra Essentials Gen 4
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely/low attack complexity Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability...
7.5AI Score
EPSS
Johnson Controls Illustra Essentials Gen 4
View CSAF 1. EXECUTIVE SUMMARY CVSS v3 6.8 ATTENTION: Exploitable remotely Vendor: Johnson Controls, Inc. Equipment: Illustra Essentials Gen 4 Vulnerability: Storing Passwords in a Recoverable Format 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an authenticated...
6.8AI Score
EPSS