PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS
PT-2021-02: Encryption bypass when downloading a firmware update in Diebold-Nixdorf RM3/CRS RM3/CRS dispenser firmware (all versions up to and including 41128 1002 RM3_CRS.BTR + 170329 2332 RM3_CRS.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...
2.1AI Score
PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5
PT-2021-01: Encryption bypass when downloading a firmware update in Diebold-Nixdorf CMDv5 CMDv5 dispenser firmware (all versions up to and including 141128 1002 CD5_ATM.BTR + 170329 2332 CD5_ATM.FRM) Severity: Severity level: High Encryption bypass when downloading a firmware update in...
2.1AI Score
In the Linux kernel, the following vulnerability has been resolved: net: fix out-of-bounds access in ops_init net_alloc_generic is called by net_alloc, which is called without any locking. It reads max_gen_ptrs, which is changed under pernet_ops_rwsem. It is read twice, first to allocate an array,....
7.1AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: dask-gateway, aws-ebs-csi-driver, nri-rabbitmq, goreleaser, kyverno-policy-reporter, lazygit, prometheus-operator, kubernetes-csi-external-resizer, s5cmd, actions-runner-controller, nri-nginx, nats-server, nats, nri-mssql, kube-rbac-proxy, gitlab-logger, up, gobuster,....
6.5AI Score
0.0004EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: aws-ebs-csi-driver, terragrunt, sops, oauth2-proxy, goreleaser, kyverno-policy-reporter, atlantis, ollama, cloudflared, kubernetes-csi-external-resizer, osv-scanner, actions-runner-controller, crossplane-provider-aws, prometheus-operator, nats, istio-cni, rekor,...
7.5AI Score
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: dask-gateway, aws-ebs-csi-driver, nri-rabbitmq, goreleaser, kyverno-policy-reporter, lazygit, prometheus-operator, kubernetes-csi-external-resizer, s5cmd, actions-runner-controller, nri-nginx, nats-server, nats, nri-mssql, kube-rbac-proxy, gitlab-logger, up, gobuster,....
7.5AI Score
CVE-2023-45285 vulnerabilities
Vulnerabilities for packages: go-bindata, go-md2man, helm-push, wait-for-port, sops, goreleaser, nsc, nats, aws-flb-cloudwatch, kubernetes-dashboard-metrics-scraper, gitlab-logger, influx, cortex, gobuster, configmap-reload, falco, ip-masq-agent, local-path-provisioner, oras,...
8.2AI Score
0.001EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: dask-gateway, aws-ebs-csi-driver, nri-rabbitmq, goreleaser, kyverno-policy-reporter, lazygit, prometheus-operator, kubernetes-csi-external-resizer, s5cmd, actions-runner-controller, nri-nginx, nats-server, nats, nri-mssql, kube-rbac-proxy, gitlab-logger, up, gobuster,....
6.5AI Score
0.0004EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: aws-ebs-csi-driver, terragrunt, sops, oauth2-proxy, goreleaser, kyverno-policy-reporter, atlantis, ollama, cloudflared, kubernetes-csi-external-resizer, osv-scanner, actions-runner-controller, crossplane-provider-aws, prometheus-operator, nats, istio-cni, rekor,...
6.7AI Score
0.0004EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: dask-gateway, prometheus-operator, nri-nginx, nri-mssql, up, nri-nagios, delve, supercronic, crane, cue, esbuild, opentofu, step, task, prometheus-beat-exporter, tigera-operator, keda, ko, cilium, aws-network-policy-agent, containerd, hcloud, gitsign,...
7AI Score
0.0004EPSS
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: dask-gateway, prometheus-operator, nri-nginx, nri-mssql, up, nri-nagios, delve, supercronic, crane, cue, esbuild, opentofu, step, task, prometheus-beat-exporter, tigera-operator, keda, ko, cilium, aws-network-policy-agent, containerd, hcloud, gitsign,...
7.5AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: dask-gateway, aws-ebs-csi-driver, nri-rabbitmq, goreleaser, kyverno-policy-reporter, lazygit, prometheus-operator, kubernetes-csi-external-resizer, s5cmd, actions-runner-controller, nri-nginx, nats-server, nats, nri-mssql, kube-rbac-proxy, gitlab-logger, up, gobuster,....
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: dask-gateway, aws-ebs-csi-driver, nri-rabbitmq, goreleaser, kyverno-policy-reporter, lazygit, prometheus-operator, kubernetes-csi-external-resizer, s5cmd, actions-runner-controller, nri-nginx, nats-server, nats, nri-mssql, kube-rbac-proxy, gitlab-logger, up, gobuster,....
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: dask-gateway, aws-ebs-csi-driver, nri-rabbitmq, goreleaser, kyverno-policy-reporter, lazygit, prometheus-operator, kubernetes-csi-external-resizer, s5cmd, actions-runner-controller, nri-nginx, nats-server, nats, nri-mssql, kube-rbac-proxy, gitlab-logger, up, gobuster,....
7.5AI Score
GHSA-5F94-VHJQ-RPG8 vulnerabilities
Vulnerabilities for packages: go-bindata, go-md2man, helm-push, wait-for-port, sops, goreleaser, nsc, nats, aws-flb-cloudwatch, kubernetes-dashboard-metrics-scraper, gitlab-logger, influx, cortex, gobuster, configmap-reload, falco, ip-masq-agent, local-path-provisioner, oras,...
7.5AI Score
GHSA-9F76-WG39-X86H vulnerabilities
Vulnerabilities for packages: go-bindata, go-md2man, helm-push, wait-for-port, sops, goreleaser, nsc, nats, aws-flb-cloudwatch, kubernetes-dashboard-metrics-scraper, gitlab-logger, influx, cortex, gobuster, configmap-reload, falco, ip-masq-agent, local-path-provisioner, oras,...
7.5AI Score
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: dask-gateway, aws-ebs-csi-driver, nri-rabbitmq, goreleaser, kyverno-policy-reporter, lazygit, prometheus-operator, kubernetes-csi-external-resizer, s5cmd, actions-runner-controller, nri-nginx, nats-server, nats, nri-mssql, kube-rbac-proxy, gitlab-logger, up, gobuster,....
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: dask-gateway, aws-ebs-csi-driver, nri-rabbitmq, goreleaser, kyverno-policy-reporter, lazygit, prometheus-operator, kubernetes-csi-external-resizer, s5cmd, actions-runner-controller, nri-nginx, nats-server, nats, nri-mssql, kube-rbac-proxy, gitlab-logger, up, gobuster,....
6.5AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: dask-gateway, aws-ebs-csi-driver, nri-rabbitmq, goreleaser, kyverno-policy-reporter, lazygit, prometheus-operator, kubernetes-csi-external-resizer, s5cmd, actions-runner-controller, nri-nginx, nats-server, nats, nri-mssql, kube-rbac-proxy, gitlab-logger, up, gobuster,....
6.5AI Score
0.0004EPSS
CVE-2023-39326 vulnerabilities
Vulnerabilities for packages: go-bindata, go-md2man, helm-push, wait-for-port, sops, goreleaser, nsc, nats, aws-flb-cloudwatch, kubernetes-dashboard-metrics-scraper, gitlab-logger, influx, cortex, gobuster, configmap-reload, falco, ip-masq-agent, local-path-provisioner, oras,...
7.4AI Score
0.001EPSS
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: dask-gateway, aws-ebs-csi-driver, nri-rabbitmq, goreleaser, kyverno-policy-reporter, lazygit, prometheus-operator, kubernetes-csi-external-resizer, s5cmd, actions-runner-controller, nri-nginx, nats-server, nats, nri-mssql, kube-rbac-proxy, gitlab-logger, up, gobuster,....
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/nouveau/firmware: Fix SG_DEBUG error with nvkm_firmware_ctor() Currently, enabling SG_DEBUG in the kernel will cause nouveau to hit a BUG() on startup: kernel BUG at include/linux/scatterlist.h:187! invalid opcode: 0000 [#1]...
7AI Score
In the Linux kernel, the following vulnerability has been resolved: tipc: fix UAF in error path Sam Page (sam4k) working with Trend Micro Zero Day Initiative reported a UAF in the tipc_buf_append() error path: BUG: KASAN: slab-use-after-free in kfree_skb_list_reason+0x47e/0x4c0...
7AI Score
Exploit for Type Confusion in Google Chrome
Chrome Renderer 1day RCE via Type Confusion in Async Stack...
7.7AI Score
0.001EPSS
EvilSlackbot - A Slack Bot Phishing Framework For Red Teaming Exercises
EvilSlackbot A Slack Attack Framework for conducting Red Team and phishing exercises within Slack workspaces. Disclaimer This tool is intended for Security Professionals only. Do not use this tool against any Slack workspace without explicit permission to test. Use at your own risk. Background...
7AI Score
10AI Score
CVE_2024_24919 Vulnerability Scanner This Java tool scans a...
6.3AI Score
0.019EPSS
CVE_2024_24919 Vulnerability Scanner This Java tool scans a...
6.3AI Score
0.019EPSS
Updated unbound packages fix security vulnerability
Along with various minor bug fixing, this update addresses the security vulnerability CVE-2024-33655 which would have allowed unbound to be used as a...
6.7AI Score
Malicious code in stablecoin-evm (npm)
This package is considered malicious because it communicates with a domain associated with malicious activity and the package executes one or more commands associated with malicious...
7.3AI Score
Malicious code in xloportailcfn (npm)
This package is considered malicious because it communicates with a domain associated with malicious activity and the package executes one or more commands associated with malicious...
7.3AI Score
Ticketmaster confirms customer data breach
Live Nation Entertainment has confirmed what everyone has been speculating on for the last week: Ticketmaster has suffered a data breach. In a filing with the SEC, Live Nation said on May 20th it identified "unauthorized activity within a third-party cloud database environment containing Company...
7.4AI Score
The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of.....
7.3AI Score
6.2AI Score
0.019EPSS
CVE-2024-3200 wpForo Forum <= 2.3.3 - Authenticated (Contributor+) SQL Injection
The wpForo Forum plugin for WordPress is vulnerable to SQL Injection via the 'slug' attribute of the 'wpforo' shortcode in all versions up to, and including, 2.3.3 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...
7.5AI Score
The Elements For Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 2.1 via the 'beforeafter_layout' attribute of the beforeafter widget, the 'eventsgrid_layout' attribute of the eventsgrid and list widgets, the 'marquee_layout' attribute of.....
7.9AI Score
The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_form_action' function in versions up to, and including, 3.2.0.1. This makes it...
6.7AI Score
The Contact Form Manager plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's [xyz-cfm-form] shortcode in all versions up to, and including, 1.6.1 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
5.9AI Score
The Popup Builder – Create highly converting, mobile friendly marketing popups. plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the custom JS functionality in all versions up to, and including, 4.2.7 due to insufficient input sanitization and output escaping on user supplied.....
5.8AI Score
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Back to Top widget in all versions up to, and including, 1.3.975 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
5.9AI Score
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input sanitization and...
6AI Score
The Supreme Modules Lite – Divi Theme, Extra Theme and Divi Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘button_one_id’ parameter in all versions up to, and including, 2.5.51 due to insufficient input sanitization and output escaping. This makes it possible...
5.9AI Score
The Master Slider – Responsive Touch Slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ms_slide' shortcode in all versions up to, and including, 3.9.9 due to insufficient input sanitization and output escaping on user supplied 'css_class' attribute. This...
5.9AI Score
6.6AI Score
The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 3.3.0 via the plugin's 'content_block' shortcode. This makes it possible for authenticated attackers, with contributor-level access and above, to include and...
7.9AI Score
The Content Blocks (Custom Post Widget) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'content_block' shortcode in all versions up to, and including, 3.3.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...
5.9AI Score
The WordPress Infinite Scroll – Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ajax_load_more shortcode in versions up to, and including, 7.1.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,.....
5.9AI Score
The Page Builder Gutenberg Blocks – CoBlocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Social Profiles widget in all versions up to, and including, 3.1.9 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible...
5.9AI Score
6.5AI Score
0.019EPSS
[SECURITY] Fedora 39 Update: python3.6-3.6.15-28.fc39
Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software.....
7.4AI Score
0.0005EPSS