silverstripe/userforms file upload exposure on UserForms module
The userforms module allows CMS administrators to create public facing forms with file upload abilities. These files are uploaded into a predictable public path on the website, unless configured otherwise by the CMS administrator setting up the form. While the name of the uploaded file itself is...
7AI Score
Certain Anpviz products allow unauthenticated users to download the running configuration of the device via a HTTP GET request to /ConfigFile.ini or /config.xml URIs. This configuration file contains usernames and encrypted passwords (encrypted with a hardcoded key common to all devices). This...
7.4AI Score
7.1AI Score
F-logic DataCube3 v1.0 is affected by command injection due to improper string filtering at the command execution point in the ./admin/transceiver_schedule.php file. An unauthenticated remote attacker can exploit this vulnerability by sending a file name containing command injection. Successful...
8.4AI Score
If a SCSI READ(10) command is initiated via USB using the largest LBA (0xFFFFFFFF) with it's default block size of 512 and a count of 1, the first 512 byte of the 0x80000000 memory area is returned to the user. If the block count is increased, the full RAM can be exposed. The same method works...
7.3AI Score
Summary The next ruby code is vulnerable to denial of service due to the fact that the user controlled data profiler_runs was not contrained to any limitation. Which would lead to allocating resources on the server side with no limitation (CWE-770). ruby runs =...
7AI Score
OpenAPI Generator Online - Arbitrary File Read/Delete
Impact Attackers can exploit the vulnerability to read and delete files and folders from an arbitrary, writable directory as anyone can set the output folder when submitting the request via the outputFolder option. Patches The issue was fixed via...
6.7AI Score
Kaminari Insecure File Permissions Vulnerability
A moderate severity security vulnerability has been identified in the Kaminari pagination library for Ruby on Rails, concerning insecure file permissions. This advisory outlines the vulnerability, affected versions, and provides guidance for mitigation. Impact This vulnerability is of moderate...
6.5AI Score
GHSA-7WW5-4WQC-M92C vulnerabilities
Vulnerabilities for packages: flux-source-controller, telegraf, trivy, cilium-cli, ctop, skaffold, newrelic-infrastructure-agent, kots, kubevela, zot, helm-push, kubescape, cert-manager, tekton-pipelines, gitness, up, k3d, eksctl, fuse-overlayfs-snapshotter, helm, flux-helm-controller, kaniko,...
7.5AI Score
GHSA-R53H-JV2G-VPX6 vulnerabilities
Vulnerabilities for packages: flux-source-controller, kots, up, zarf, k9s, eksctl, cilium-cli, k8sgpt, zot, flux-helm-controller, helm-push, kubescape, helm-operator, cert-manager, trivy, chartmuseum,...
7.5AI Score
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: flux-source-controller, kind, ip-masq-agent, spark-operator, nghttp2, dex, oauth2-proxy, kaf, atlantis, hey, flux-notification-controller, dotnet, istio-envoy, newrelic-infrastructure-agent, slsa-verifier, secrets-store-csi-driver-provider-gcp, bom, kubevela,...
8.7AI Score
0.72EPSS
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: flux-source-controller, sops, kyverno, tekton-chains, dex, vexctl, flux-kustomize-controller, oauth2-proxy, argo-cd, spire-server, falco, fulcio, argo-workflows, slsa-verifier, aactl, cosign, gitsign, tkn, kots, istio-pilot-discovery, vault, external-secrets-operator,....
7.5AI Score
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: flux-source-controller, ip-masq-agent, kubernetes-csi-external-provisioner, nri-kubernetes, certificate-transparency, prometheus-beat-exporter, spark-operator, kyverno-policy-reporter, dex, docker, aws-flb-kinesis, vexctl, grafana-operator, oauth2-proxy, kaf,...
7.5AI Score
CVE-2024-25620 vulnerabilities
Vulnerabilities for packages: flux-source-controller, kots, up, zarf, k9s, eksctl, cilium-cli, k8sgpt, zot, flux-helm-controller, helm-push, kubescape, helm-operator, cert-manager, trivy, chartmuseum,...
6.5AI Score
0.0004EPSS
GHSA-JQ35-85CJ-FJ4P vulnerabilities
Vulnerabilities for packages: tekton-chains, paranoia, scorecard, chartmuseum, falco, ctop, kpt, skaffold, slsa-verifier, aactl, bom, kubescape, cert-manager, tekton-pipelines, loki, up, k3d, prometheus, k3s,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: kind, kube-rbac-proxy, ip-masq-agent, kubernetes-csi-external-provisioner, prometheus-beat-exporter, paranoia, nri-f5, oras, kyverno-policy-reporter, dex, spark-operator, aws-flb-kinesis, nri-mssql, grafana-operator, regclient, vexctl, kaf, kube-state-metrics,...
6.5AI Score
0.0004EPSS
CVE-2024-24557 vulnerabilities
Vulnerabilities for packages: telegraf, kyverno, tekton-chains, falcoctl, scorecard, vexctl, cri-tools, dagger, trivy, skopeo, datadog-agent, guac, falco, zarf, k9s, argo-workflows, ctop, newrelic-infrastructure-agent, skaffold, aactl, cosign, gitsign, slsa-verifier, buildkitd, helm-operator,...
7.8AI Score
0.001EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: flux-source-controller, ip-masq-agent, kubernetes-csi-external-provisioner, nri-kubernetes, certificate-transparency, prometheus-beat-exporter, spark-operator, kyverno-policy-reporter, dex, docker, aws-flb-kinesis, vexctl, grafana-operator, oauth2-proxy, kaf,...
6.7AI Score
0.0004EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: kind, kube-rbac-proxy, ip-masq-agent, kubernetes-csi-external-provisioner, prometheus-beat-exporter, paranoia, nri-f5, oras, kyverno-policy-reporter, dex, spark-operator, aws-flb-kinesis, nri-mssql, grafana-operator, regclient, vexctl, kaf, kube-state-metrics,...
6.5AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: kind, kube-rbac-proxy, ip-masq-agent, kubernetes-csi-external-provisioner, prometheus-beat-exporter, paranoia, nri-f5, oras, kyverno-policy-reporter, dex, spark-operator, aws-flb-kinesis, nri-mssql, grafana-operator, regclient, vexctl, kaf, kube-state-metrics,...
7.5AI Score
GHSA-RCJV-MGP8-QVMR vulnerabilities
Vulnerabilities for packages: up, prometheus-adapter, caddy, prometheus, k3s, keda, ipfs, kubevela, gitlab-kas, thanos, cert-manager, calico, gatekeeper,...
7.5AI Score
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: ip-masq-agent, dex, vexctl, aws-flb-kinesis, regclient, atlantis, kube-state-metrics, kubecolor, k9s, k8ssandra-operator, prometheus-mongodb-exporter, hcloud, slsa-verifier, istio-cni, trillian, gitlab-pages, ingress-nginx-controller, nri-nginx, conftest, gobump,...
7AI Score
0.0004EPSS
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: flux-source-controller, kind, ip-masq-agent, kubernetes-csi-external-provisioner, prometheus-beat-exporter, certificate-transparency, paranoia, oras, spark-operator, dex, grafana-operator, oauth2-proxy, regclient, kaf, atlantis, kafka_exporter, karpenter,...
6.5AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: flux-source-controller, kind, ip-masq-agent, kubernetes-csi-external-provisioner, prometheus-beat-exporter, certificate-transparency, paranoia, oras, spark-operator, dex, grafana-operator, oauth2-proxy, regclient, kaf, atlantis, kafka_exporter, karpenter,...
7.5AI Score
CVE-2023-45285 vulnerabilities
Vulnerabilities for packages: gitlab-logger, kind, sops, gosu, ip-masq-agent, nsc, render-template, oras, scorecard, dgraph, aws-flb-kinesis, aws-flb-cloudwatch, petname, go-md2man, gke-gcloud-auth-plugin, cortex, hey, falco, ctop, prometheus-stackdriver-exporter, aws-flb-firehose, cni-plugins,...
8.2AI Score
0.001EPSS
Vulnerabilities for packages: flux-source-controller, spark-operator, kubernetes-csi-external-provisioner, dex, oauth2-proxy, kaf, karpenter, kube-state-metrics, hey, flux-notification-controller, prometheus-mongodb-exporter, newrelic-infrastructure-agent, trillian, prometheus-postgres-exporter,...
6.5AI Score
0.001EPSS
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: flux-source-controller, kube-rbac-proxy, nsc, spark-operator, certificate-transparency, kyverno-policy-reporter, dex, vexctl, nri-mssql, oauth2-proxy, kaf, atlantis, spire-server, kube-state-metrics, temporal-server, temporal-ui-server, prometheus-mongodb-exporter,...
7AI Score
0.962EPSS
CVE-2023-45142 vulnerabilities
Vulnerabilities for packages: up, prometheus-adapter, caddy, prometheus, k3s, keda, ipfs, kubevela, gitlab-kas, thanos, cert-manager, calico, gatekeeper,...
7.7AI Score
0.001EPSS
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: ip-masq-agent, dex, vexctl, aws-flb-kinesis, regclient, atlantis, kube-state-metrics, kubecolor, k9s, k8ssandra-operator, prometheus-mongodb-exporter, hcloud, slsa-verifier, istio-cni, trillian, gitlab-pages, ingress-nginx-controller, nri-nginx, conftest, gobump,...
7.5AI Score
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: flux-source-controller, kind, ip-masq-agent, kubernetes-csi-external-provisioner, prometheus-beat-exporter, certificate-transparency, paranoia, oras, spark-operator, dex, grafana-operator, oauth2-proxy, regclient, kaf, atlantis, kafka_exporter, karpenter,...
7.5AI Score
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: flux-source-controller, kind, spark-operator, kubernetes-csi-external-provisioner, dex, oauth2-proxy, kaf, atlantis, karpenter, kube-state-metrics, hey, flux-notification-controller, prometheus-mongodb-exporter, newrelic-infrastructure-agent, slsa-verifier, istio-cni,....
8.2AI Score
0.002EPSS
GHSA-8PGV-569H-W5RW vulnerabilities
Vulnerabilities for packages: docker-compose, envoy-ratelimit, containerd, kyverno, temporal, kine, k3s, cri-tools, keda, kubernetes, kubernetes-csi-external-resizer, argo-cd, kubescape, cert-manager, kubevela, temporal-server,...
7.5AI Score
CVE-2023-47108 vulnerabilities
Vulnerabilities for packages: docker-compose, envoy-ratelimit, containerd, kyverno, temporal, kine, k3s, cri-tools, keda, kubernetes, kubernetes-csi-external-resizer, argo-cd, kubescape, cert-manager, kubevela, temporal-server,...
7.7AI Score
0.001EPSS
CVE-2024-26147 vulnerabilities
Vulnerabilities for packages: flux-source-controller, kots, up, zarf, k9s, eksctl, cilium-cli, k8sgpt, zot, flux-helm-controller, helm-push, kubescape, helm-operator, cert-manager, trivy, chartmuseum,...
7.7AI Score
0.0004EPSS
GHSA-C5Q2-7R4C-MV6G vulnerabilities
Vulnerabilities for packages: flux-source-controller, cilium, sops, kyverno, tekton-chains, wolfictl, falcoctl, dex, vexctl, flux-kustomize-controller, oauth2-proxy, argo-cd, spire-server, step-ca, skopeo, istio-operator, grpc-health-probe, guac, rabbitmq-messaging-topology-operator, falco, zarf,.....
7.5AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: kind, kube-rbac-proxy, ip-masq-agent, kubernetes-csi-external-provisioner, prometheus-beat-exporter, paranoia, nri-f5, oras, kyverno-policy-reporter, dex, spark-operator, aws-flb-kinesis, nri-mssql, grafana-operator, regclient, vexctl, kaf, kube-state-metrics,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: kind, kube-rbac-proxy, ip-masq-agent, kubernetes-csi-external-provisioner, prometheus-beat-exporter, paranoia, nri-f5, oras, kyverno-policy-reporter, dex, spark-operator, aws-flb-kinesis, nri-mssql, grafana-operator, regclient, vexctl, kaf, kube-state-metrics,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: kind, kube-rbac-proxy, ip-masq-agent, kubernetes-csi-external-provisioner, prometheus-beat-exporter, paranoia, nri-f5, oras, kyverno-policy-reporter, dex, spark-operator, aws-flb-kinesis, nri-mssql, grafana-operator, regclient, vexctl, kaf, kube-state-metrics,...
7.5AI Score
CVE-2023-39326 vulnerabilities
Vulnerabilities for packages: gitlab-logger, kind, sops, gosu, ip-masq-agent, nsc, render-template, oras, scorecard, dgraph, aws-flb-kinesis, aws-flb-cloudwatch, petname, go-md2man, gke-gcloud-auth-plugin, cortex, hey, falco, ctop, prometheus-stackdriver-exporter, aws-flb-firehose, cni-plugins,...
7.4AI Score
0.001EPSS
GHSA-5F94-VHJQ-RPG8 vulnerabilities
Vulnerabilities for packages: gitlab-logger, kind, sops, gosu, ip-masq-agent, nsc, render-template, oras, scorecard, dgraph, aws-flb-kinesis, aws-flb-cloudwatch, petname, go-md2man, gke-gcloud-auth-plugin, cortex, hey, falco, ctop, prometheus-stackdriver-exporter, aws-flb-firehose, cni-plugins,...
7.5AI Score
GHSA-9F76-WG39-X86H vulnerabilities
Vulnerabilities for packages: gitlab-logger, kind, sops, gosu, ip-masq-agent, nsc, render-template, oras, scorecard, dgraph, aws-flb-kinesis, aws-flb-cloudwatch, petname, go-md2man, gke-gcloud-auth-plugin, cortex, hey, falco, ctop, prometheus-stackdriver-exporter, aws-flb-firehose, cni-plugins,...
7.5AI Score
CVE-2024-28180 vulnerabilities
Vulnerabilities for packages: flux-source-controller, cilium, sops, kyverno, tekton-chains, wolfictl, falcoctl, dex, vexctl, flux-kustomize-controller, oauth2-proxy, argo-cd, spire-server, step-ca, skopeo, istio-operator, grpc-health-probe, guac, rabbitmq-messaging-topology-operator, falco, zarf,.....
4.9AI Score
0.0004EPSS
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: flux-source-controller, spark-operator, kubernetes-csi-external-provisioner, dex, oauth2-proxy, kaf, karpenter, kube-state-metrics, hey, flux-notification-controller, prometheus-mongodb-exporter, newrelic-infrastructure-agent, trillian, prometheus-postgres-exporter,...
7.5AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: flux-source-controller, kind, spark-operator, kubernetes-csi-external-provisioner, dex, oauth2-proxy, kaf, atlantis, karpenter, kube-state-metrics, hey, flux-notification-controller, prometheus-mongodb-exporter, newrelic-infrastructure-agent, slsa-verifier, istio-cni,....
7.5AI Score
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: flux-source-controller, kube-rbac-proxy, nsc, spark-operator, certificate-transparency, kyverno-policy-reporter, dex, vexctl, nri-mssql, oauth2-proxy, kaf, atlantis, spire-server, kube-state-metrics, temporal-server, temporal-ui-server, prometheus-mongodb-exporter,...
7.5AI Score
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: node-problem-detector, flux-source-controller, kubernetes-csi-external-attacher, telegraf, spark-operator, coredns, scorecard, dex, dgraph, flux-kustomize-controller, oauth2-proxy, tctl, argo-cd, nvidia-device-plugin, aws-efs-csi-driver, kubernetes-csi-livenessprobe,.....
7.5AI Score
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: flux-source-controller, kind, ip-masq-agent, spark-operator, nghttp2, dex, oauth2-proxy, kaf, atlantis, hey, flux-notification-controller, dotnet, istio-envoy, newrelic-infrastructure-agent, slsa-verifier, secrets-store-csi-driver-provider-gcp, bom, kubevela,...
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: kind, kube-rbac-proxy, ip-masq-agent, kubernetes-csi-external-provisioner, prometheus-beat-exporter, paranoia, nri-f5, oras, kyverno-policy-reporter, dex, spark-operator, aws-flb-kinesis, nri-mssql, grafana-operator, regclient, vexctl, kaf, kube-state-metrics,...
6.5AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: kind, kube-rbac-proxy, ip-masq-agent, kubernetes-csi-external-provisioner, prometheus-beat-exporter, paranoia, nri-f5, oras, kyverno-policy-reporter, dex, spark-operator, aws-flb-kinesis, nri-mssql, grafana-operator, regclient, vexctl, kaf, kube-state-metrics,...
6.5AI Score
0.0004EPSS
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: kind, kube-rbac-proxy, ip-masq-agent, kubernetes-csi-external-provisioner, prometheus-beat-exporter, paranoia, nri-f5, oras, kyverno-policy-reporter, dex, spark-operator, aws-flb-kinesis, nri-mssql, grafana-operator, regclient, vexctl, kaf, kube-state-metrics,...
7.5AI Score