CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: prometheus-adapter-fips, cert-manager-fips, gatekeeper-fips, tigera-operator, vault-k8s-fips, kots, kubernetes-dashboard, flux-kustomize-controller-0.37, flux-notification-controller, boring-registry, tekton-pipelines, bank-vaults-fips, gobuster, grpc-health-probe,...
6.7AI Score
0.962EPSS
Vulnerabilities for packages: prometheus-adapter-fips, cert-manager-fips, kots, kubernetes-dashboard, metacontroller, flux-kustomize-controller-0.37, flux-notification-controller, pulumi-language-yaml, bank-vaults-fips, gobuster, kubernetes-csi-external-resizer-fips, fuse-overlayfs-snapshotter,...
6.3AI Score
0.001EPSS
GHSA-JQ35-85CJ-FJ4P vulnerabilities
Vulnerabilities for packages: cert-manager-fips, flux-image-reflector-controller, kubescape, prometheus-fips, scorecard, slsa-verifier, tekton-pipelines, ctop, telegraf, aactl, k3d, skaffold, paranoia, k3s, prometheus, kpt, bom, flux-source-controller-2.0, falco, cert-manager, falcoctl-fips, loki,....
7.3AI Score
GHSA-XW73-RW38-6VJC vulnerabilities
Vulnerabilities for packages: kots, cert-manager-fips, datadog-agent, nerdctl, zarf, flux-image-reflector-controller, kubescape, prometheus-fips, scorecard, slsa-verifier, tekton-pipelines, datadog-agent-fips, ctop, istio-fips, newrelic-infrastructure-agent, istio-operator, telegraf,...
7.3AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: prometheus-adapter-fips, cert-manager-fips, vault-k8s-fips, kots, kubernetes-dashboard, metacontroller, flux-kustomize-controller-0.37, flux-notification-controller, pulumi-language-yaml, bank-vaults-fips, gobuster, kubernetes-csi-external-resizer-fips,...
7.3AI Score
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: keda-fips, tekton-pipelines, kubernetes-csi-livenessprobe-fips, extism, aws-flb-kinesis-fips, azure-aad-pod-identity-mic, cert-manager-webhook-pdns-fips, dynamic-localpv-provisioner, spark-operator, bom, karpenter-fips, k8sgpt, rclone, neuvector-scanner, cue,...
6.3AI Score
0.0004EPSS
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: keda-fips, datadog-agent, dataplaneapi, cluster-api-controller, gobuster, kubernetes-csi-node-driver-registrar, configmap-reload, kubernetes-csi-livenessprobe-fips, gitlab-logger, dynamic-localpv-provisioner, azure-aad-pod-identity-mic, spark-operator, goreleaser,...
7.3AI Score
CVE-2024-24557 vulnerabilities
Vulnerabilities for packages: kots, cert-manager-fips, datadog-agent, nerdctl, zarf, flux-image-reflector-controller, kubescape, prometheus-fips, scorecard, slsa-verifier, tekton-pipelines, datadog-agent-fips, ctop, istio-fips, newrelic-infrastructure-agent, istio-operator, telegraf,...
7.6AI Score
0.001EPSS
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: prometheus-adapter-fips, gatekeeper-fips, vault-k8s-fips, kots, metacontroller, flux-kustomize-controller-0.37, flux-notification-controller, pulumi-language-yaml, bank-vaults-fips, gobuster, kubernetes-csi-external-resizer-fips, fuse-overlayfs-snapshotter,...
7.3AI Score
GHSA-9F76-WG39-X86H vulnerabilities
Vulnerabilities for packages: prometheus-adapter-fips, tigera-operator, bank-vaults-fips, gobuster, aws-ebs-csi-driver, metrics-server, configmap-reload, kubernetes-csi-livenessprobe-fips, kubernetes-csi-node-driver-registrar-fips, gosu, gitlab-logger, nri-discovery-kubernetes, goreleaser,...
7.3AI Score
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: prometheus-adapter-fips, cert-manager-fips, kots, kubernetes-dashboard, metacontroller, flux-kustomize-controller-0.37, flux-notification-controller, pulumi-language-yaml, bank-vaults-fips, gobuster, kubernetes-csi-external-resizer-fips, fuse-overlayfs-snapshotter,...
7.3AI Score
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: prometheus-adapter-fips, gatekeeper-fips, kots, flux-kustomize-controller-0.37, flux-notification-controller, pulumi-language-yaml, bank-vaults-fips, kubernetes-csi-external-resizer-fips, kubernetes-csi-node-driver-registrar, aws-ebs-csi-driver, metrics-server,...
7.3AI Score
GHSA-7WW5-4WQC-M92C vulnerabilities
Vulnerabilities for packages: kots, cert-manager-fips, kubescape, tekton-pipelines, fuse-overlayfs-snapshotter, ctop, newrelic-infrastructure-agent, telegraf, flux-source-controller-0.37, k3d, skaffold, helm, flux-source-controller, helm-push, flux-helm-controller-0.37, flux-source-controller-2.0,....
7.3AI Score
GHSA-R53H-JV2G-VPX6 vulnerabilities
Vulnerabilities for packages: kots, cert-manager-fips, zarf, kubescape, istio-fips, istio-operator, istio-operator-fips, flux-source-controller, helm-push, k9s, k8sgpt, cert-manager, flux-helm-controller, helm-operator, cilium-cli, chartmuseum, up, eksctl, zot,...
7.3AI Score
A vulnerability, which was classified as problematic, was found in SourceCodester Simple Inventory System 1.0. Affected is an unknown function of the file /tableedit.php#page=editprice. The manipulation of the argument itemnumber leads to cross-site request forgery. It is possible to launch the...
4.8AI Score
0.0004EPSS
[SECURITY] Fedora 39 Update: buildah-1.35.4-1.fc39
The buildah package provides a command line tool which can be used to * create a working container from scratch or * create a working container from an image as a starting point * mount/umount a working container's root file system for manipulation * save container's root file system layer to...
7.4AI Score
0.0004EPSS
A vulnerability classified as problematic was found in Hipcam Device up to 20240511. This vulnerability affects unknown code of the file /log/wifi.mac of the component MAC Address Handler. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been.....
5.3CVSS
6.5AI Score
0.0004EPSS
CVE-2024-5096 Hipcam Device MAC Address wifi.mac information disclosure
A vulnerability classified as problematic was found in Hipcam Device up to 20240511. This vulnerability affects unknown code of the file /log/wifi.mac of the component MAC Address Handler. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been.....
5.3AI Score
0.0004EPSS
[SECURITY] Fedora 38 Update: mingw-python-werkzeug-2.2.3-2.fc38
MinGW Windows Python Werkzeug...
7.3AI Score
0.0004EPSS
Linux-Smart-Enumeration - Linux Enumeration Tool For Pentesting And CTFs With Verbosity Levels
First, a couple of useful oneliners ;) wget "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" -O lse.sh;chmod 700 lse.sh curl "https://github.com/diego-treitos/linux-smart-enumeration/releases/latest/download/lse.sh" -Lo lse.sh;chmod 700 lse.sh Note...
7.7AI Score
(Pwn2Own) QNAP TS-464 HLS_tmp Directory Traversal Arbitrary File Creation Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the handling of the HLS_tmp parameter provided to the share.cgi endpoint. The...
8.7CVSS
7.4AI Score
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
6.8AI Score
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
6.8AI Score
Adobe Acrobat Reader DC PDF File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the....
6AI Score
Adobe Acrobat Reader DC PDF File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
6.9AI Score
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
6.8AI Score
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
6.8AI Score
(Pwn2Own) QNAP TS-464 File Upload Directory Traversal Arbitrary File Creation Vulnerability
This vulnerability allows remote attackers to create arbitrary files on affected installations of QNAP TS-464 NAS devices. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of file uploads. The issue results from the lack of proper...
8.7CVSS
6.7AI Score
7.4AI Score
Adobe Acrobat Reader DC Annotation Use-After-Free Remote Code Execution Vulnerability
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Acrobat Reader DC. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...
6.8AI Score
Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with displayLoginChunkedImages) and write operations (with...
7.3AI Score
Kiteworks Totemomail 7.x and 8.x before 8.3.0 allows /responsiveUI/EnvelopeOpenServlet messageId directory traversal for unauthenticated file read and delete operations (with displayLoginChunkedImages) and write operations (with...
7AI Score
A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This issue affects some unknown processing of the file view_payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has....
7.3CVSS
7.7AI Score
question_image.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink...
5.8AI Score
question_image.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink...
6AI Score
CVE-2024-5094 SourceCodester Best House Rental Management System view_payment.php sql injection
A vulnerability was found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This issue affects some unknown processing of the file view_payment.php. The manipulation of the argument id leads to sql injection. The attack may be initiated remotely. The exploit has....
7.7AI Score
question_image.ts in SurveyJS Form Library before 1.10.4 allows contentMode=youtube XSS via the imageLink...
5.8AI Score
A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The...
7.3CVSS
7.8AI Score
CVE-2024-5093 SourceCodester Best House Rental Management System login.php sql injection
A vulnerability has been found in SourceCodester Best House Rental Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack can be initiated remotely. The...
7.8AI Score
9.9AI Score
0.0004EPSS
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes...
9.8CVSS
6.4AI Score
0.0004EPSS
The Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the /wp-json/fluentform/v1/managers REST API endpoint in all versions up to, and including, 5.1.16. This makes...
7.2AI Score
0.0004EPSS
The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectar_icon' shortcode 'icon_linea' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...
7.5CVSS
7.5AI Score
0.001EPSS
The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.3 via the 'icon' shortcode 'image' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...
8.8CVSS
7.5AI Score
0.001EPSS
The Salient Core plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.0.7 via the 'nectar_icon' shortcode 'icon_linea' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...
7.8AI Score
0.001EPSS
The Salient Shortcodes plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.5.3 via the 'icon' shortcode 'image' attribute. This makes it possible for authenticated attackers, with contributor-level and above permissions, to include and execute...
8.9AI Score
0.001EPSS
In the Linux kernel, the following vulnerability has been resolved: powerpc/ps3_defconfig: Disable PPC64_BIG_ENDIAN_ELF_ABI_V2 Commit 8c5fa3b5c4df ("powerpc/64: Make ELFv2 the default for big-endian builds"), merged in Linux-6.5-rc1 changes the calling ABI in a way that is incompatible with the...
6.6AI Score
7.7AI Score
0.072EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix reserve_cblocks counting error when out of space When a file only needs one direct_node, performing the following operations will cause the file to be unrepairable: unisoc # ./f2fs_io compress test.apk unisoc...
6.4AI Score
In the Linux kernel, the following vulnerability has been resolved: ext4: fix corruption during on-line resize We observed a corruption during on-line resize of a file system that is larger than 16 TiB with 4k block size. With having more then 2^32 blocks resize_inode is turned off by default by...
6.4AI Score