Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified th ...
Continue Reading
August 01, 2024
It was discovered that prometheus-alertmanager didn't properly sanitize input it received through an API endpoint. An attacker with permission to send requests to this endpoint could potentiall ...
Continue Reading
August 01, 2024
The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various commo ...
Continue Reading
August 01, 2024
It was discovered that OpenSSL incorrectly handled TLSv1.3 sessions when certain non-default TLS server configurations were in use. A remote attacker could possibly use this issue to cause OpenSSL to ...
Continue Reading
August 01, 2024
USN-6913-1 fixed CVE-2022-39369 for Ubuntu 20.04 LTS and Ubuntu 22.04 LTS. This update provides the corresponding fix for Ubuntu 16.04 LTS. Original advisory details: Filip Hejsek discovered that phpC ...
Continue Reading
August 01, 2024
Impact Harbor fails to validate the maintainer role permissions when creating/updating/deleting project configurations - API call: PUT /projects/{project_name_or_id}/metadatas/{meta_name} POST /proje ...
Continue Reading
August 01, 2024
CVE-2022-41544 Exploit Script This repository contains a script to exploit CVE-2022-41544 vulnerability in GetSimple CMS. The script performs several steps to check for vulnerabilities, leak API keys, ...
Continue Reading
August 01, 2024
com.graphql-java: graphql-java is vulnerable to Denial Of Service (DoS). The vulnerability is due to improper handling of ExecutableNormalizedFields (ENFs) in introspection queries, allowing attackers ...
Continue Reading
August 01, 2024
Back to Main
