Summary Node.js is used by IBM Rational® Application Developer for WebSphere® Software as the SDK and runtime for Apache Cordova projects. (CVE-2023-6129,CVE-2024-24806, CVE-2023-5678,CVE-2024-22019,CVE-2023-46809, CVE-2024-0727, CVE-2023-6237,CVE-2024-21892) Vulnerability Details ** CVEID:...
7.5CVSS
0.002EPSS
Enhancing Security with AI: Revolutionizing Protection in the Digital Era
In the ever-evolving landscape of cybersecurity, the integration of Artificial Intelligence (AI) and Machine Learning (ML) has emerged as a transformative force. AI, with its ability to mimic human cognition and problem-solving capabilities, combined with ML's capacity to iteratively learn from...
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: gh, prometheus-mysqld-exporter, nerdctl, grpcurl, nri-prometheus, rabbitmq-cluster-operator, kuberay-operator, terraform-docs, gitlab-runner, spire-server, supercronic, gitlab-pages, cilium-cli, external-secrets-operator, cosign, flannel, k8sgpt, gitlab-shell,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: gh, prometheus-mysqld-exporter, nerdctl, grpcurl, nri-prometheus, rabbitmq-cluster-operator, kuberay-operator, terraform-docs, nri-kafka, cni-plugins, gitlab-runner, supercronic, k8sgpt, kubeflow-katib, gitlab-shell, prometheus-pushgateway, fq,...
7.7AI Score
0.0004EPSS
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: prometheus-mysqld-exporter, nerdctl, terraform-docs, nri-kafka, gitlab-runner, spire-server, gitlab-pages, cilium-cli, external-secrets-operator, cosign, kube-fluentd-operator, kubeflow-katib, gitlab-shell, fq, prometheus-statsd-exporter, telegraf, kubescape,...
5.9CVSS
7AI Score
0.962EPSS
CVE-2024-24557 vulnerabilities
Vulnerabilities for packages: istio-pilot-discovery, newrelic-infrastructure-agent, nerdctl, skaffold, kyverno, slsa-verifier, cadvisor, ctop, datadog-agent, tekton-pipelines, crane, pulumi, skopeo, helm, filebeat, gitlab-runner, helm-operator, k8sgpt, kubeflow-katib, cosign, eksctl, falco, aactl,....
7.8CVSS
8AI Score
0.001EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: gh, prometheus-mysqld-exporter, nerdctl, grpcurl, nri-prometheus, rabbitmq-cluster-operator, kuberay-operator, terraform-docs, gitlab-runner, spire-server, supercronic, gitlab-pages, cilium-cli, external-secrets-operator, cosign, flannel, k8sgpt, gitlab-shell,...
6.3AI Score
0.0004EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: hcloud, cni-plugins, supercronic, external-secrets-operator, cluster-api-controller, ingress-nginx-controller, runc, nri-cassandra, kaniko, opentofu, tempo, nri-redis, envoy-ratelimit, cluster-proportional-autoscaler, php-fpm_exporter, flyte, sbomqs, nri-nginx,...
6.5AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: gh, prometheus-mysqld-exporter, nerdctl, grpcurl, nri-prometheus, rabbitmq-cluster-operator, kuberay-operator, terraform-docs, nri-kafka, cni-plugins, gitlab-runner, supercronic, k8sgpt, kubeflow-katib, gitlab-shell, prometheus-pushgateway, fq,...
7.5AI Score
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: gh, prometheus-mysqld-exporter, nerdctl, grpcurl, nri-prometheus, rabbitmq-cluster-operator, kuberay-operator, terraform-docs, nri-kafka, cni-plugins, gitlab-runner, supercronic, k8sgpt, kubeflow-katib, gitlab-shell, prometheus-pushgateway, fq,...
7.7AI Score
0.0004EPSS
Vulnerabilities for packages: prometheus-mysqld-exporter, grpcurl, nri-prometheus, gitlab-runner, gitlab-pages, k8sgpt, external-secrets-operator, cosign, kube-fluentd-operator, kubeflow-katib, prometheus-pushgateway, kubernetes-csi-external-attacher, prometheus-statsd-exporter, telegraf,...
6.1CVSS
7.7AI Score
0.001EPSS
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: prometheus-mysqld-exporter, grpcurl, nri-prometheus, kubernetes-ingress-defaultbackend, gitlab-runner, kubeflow-katib, gitlab-pages, external-secrets-operator, cosign, k8sgpt, kube-fluentd-operator, gitlab-shell, prometheus-pushgateway,...
7.5CVSS
8.4AI Score
0.002EPSS
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: gh, prometheus-mysqld-exporter, nerdctl, grpcurl, nri-prometheus, rabbitmq-cluster-operator, kuberay-operator, terraform-docs, nri-kafka, cni-plugins, gitlab-runner, supercronic, k8sgpt, kubeflow-katib, gitlab-shell, prometheus-pushgateway, fq,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: gh, prometheus-mysqld-exporter, nerdctl, grpcurl, nri-prometheus, rabbitmq-cluster-operator, kuberay-operator, terraform-docs, nri-kafka, cni-plugins, gitlab-runner, supercronic, k8sgpt, kubeflow-katib, gitlab-shell, prometheus-pushgateway, fq,...
7.5AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: gh, prometheus-mysqld-exporter, nerdctl, grpcurl, nri-prometheus, rabbitmq-cluster-operator, kuberay-operator, terraform-docs, nri-kafka, cni-plugins, gitlab-runner, supercronic, k8sgpt, kubeflow-katib, gitlab-shell, prometheus-pushgateway, fq,...
7.5AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: hcloud, cni-plugins, supercronic, external-secrets-operator, cluster-api-controller, ingress-nginx-controller, runc, nri-cassandra, kaniko, opentofu, tempo, nri-redis, envoy-ratelimit, cluster-proportional-autoscaler, php-fpm_exporter, flyte, sbomqs, nri-nginx,...
7.5AI Score
GHSA-9763-4F94-GFCH vulnerabilities
Vulnerabilities for packages: skaffold, crossplane, slsa-verifier, pulumi-language-java, argo-cd, pulumi-language-dotnet, pulumi, spire-server, tkn, wolfictl, rclone, flux, terragrunt, cosign, apko, falco, aactl, flux-notification-controller, boring-registry, sops, kubescape,...
7.5AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: prometheus-mysqld-exporter, grpcurl, nri-prometheus, kubernetes-ingress-defaultbackend, gitlab-runner, kubeflow-katib, gitlab-pages, external-secrets-operator, cosign, k8sgpt, kube-fluentd-operator, gitlab-shell, prometheus-pushgateway,...
7.5AI Score
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: prometheus-mysqld-exporter, grpcurl, nri-prometheus, gitlab-runner, gitlab-pages, k8sgpt, external-secrets-operator, cosign, kube-fluentd-operator, kubeflow-katib, prometheus-pushgateway, kubernetes-csi-external-attacher, prometheus-statsd-exporter, telegraf,...
7.5AI Score
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: prometheus-mysqld-exporter, nerdctl, terraform-docs, nri-kafka, gitlab-runner, spire-server, gitlab-pages, cilium-cli, external-secrets-operator, cosign, kube-fluentd-operator, kubeflow-katib, gitlab-shell, fq, prometheus-statsd-exporter, telegraf, kubescape,...
7.5AI Score
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: gh, prometheus-mysqld-exporter, nerdctl, grpcurl, nri-prometheus, rabbitmq-cluster-operator, kuberay-operator, terraform-docs, nri-kafka, cni-plugins, gitlab-runner, supercronic, k8sgpt, kubeflow-katib, gitlab-shell, prometheus-pushgateway, fq,...
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: gh, prometheus-mysqld-exporter, nerdctl, grpcurl, nri-prometheus, rabbitmq-cluster-operator, kuberay-operator, terraform-docs, nri-kafka, cni-plugins, gitlab-runner, supercronic, k8sgpt, kubeflow-katib, gitlab-shell, prometheus-pushgateway, fq,...
7.7AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: gh, prometheus-mysqld-exporter, nerdctl, grpcurl, nri-prometheus, rabbitmq-cluster-operator, kuberay-operator, terraform-docs, nri-kafka, cni-plugins, gitlab-runner, supercronic, k8sgpt, kubeflow-katib, gitlab-shell, prometheus-pushgateway, fq,...
7.7AI Score
0.0004EPSS
GHSA-XW73-RW38-6VJC vulnerabilities
Vulnerabilities for packages: istio-pilot-discovery, newrelic-infrastructure-agent, nerdctl, skaffold, kyverno, slsa-verifier, cadvisor, ctop, datadog-agent, tekton-pipelines, crane, pulumi, skopeo, helm, filebeat, gitlab-runner, helm-operator, k8sgpt, kubeflow-katib, cosign, eksctl, falco, aactl,....
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: gh, prometheus-mysqld-exporter, nerdctl, grpcurl, nri-prometheus, rabbitmq-cluster-operator, kuberay-operator, terraform-docs, nri-kafka, cni-plugins, gitlab-runner, supercronic, k8sgpt, kubeflow-katib, gitlab-shell, prometheus-pushgateway, fq,...
7.7AI Score
0.0004EPSS
Exploit for Injection in Atlassian Confluence Data Center
CVE-2023-22527 NAPLISTENER is a backdoor scanner for the...
10CVSS
0.974EPSS
Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages
Impact A Nautobot user with admin privileges can modify the BANNER_TOP, BANNER_BOTTOM, and BANNER_LOGIN configuration settings via the /admin/constance/config/ endpoint. Normally these settings are used to provide custom banner text at the top and bottom of all Nautobot web pages (or specifically.....
NocoDB Vulnerable to Stored Cross-Site Scripting in Formula.vue
Summary A stored cross-site scripting vulnerability exists within the Formula virtual cell comments functionality. Details The nc-gui/components/virtual-cell/Formula.vue displays a v-html tag with the value of "urls" whose contents are processed by the function replaceUrlsWithLink(). This function....
Ongoing Malvertising Campaign leads to Ransomware
Executive Summary Rapid7 has observed an ongoing campaign to distribute trojanized installers for WinSCP and PuTTY via malicious ads on commonly used search engines, where clicking on the ad leads to typo squatted domains. In at least one observed case, the infection has led to the attempted...
Summary Golang Go and Golang packages are used by IBM Storage Fusion and thus IBM Storage Fusion may be vulnerable to the vulnerabilities listed below. CVE-2022-29526, CVE-2022-21698, CVE-2021-41190, CVE-2018-20699, CVE-2024-24786, CVE-2023-39325, CVE-2023-48795. Vulnerability Details ** CVEID:...
7.5CVSS
0.962EPSS
Summary IBM HTTP Server (powered by Apache) used by IBM i is vulnerable to a denial of service attack due to mishandling of multiplexed streams in HTTP/2 protocol as described in the vulnerability details section. This bulletin identifies the steps to take to address the vulnerability as described....
7.5CVSS
7AI Score
0.72EPSS
Internal Emails Reveal How a Controversial Gun-Detection AI System Found Its Way to NYC
NYC mayor Eric Adams wants to test Evolv’s gun-detection tech in subway stations—despite the company saying it’s not designed for that environment. Emails obtained by WIRED show how the company still found an...
7.3AI Score
NocoDB Allows Preview of Files with Dangerous Content
Summary Attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading Stored XSS(Cross-Site Script) attack. PoC NocoDB was configured using the Release Binary Noco-macos-arm64, and nocodb version 0.202.9 (currently...
7.1AI Score
NocoDB Allows Preview of Files with Dangerous Content
Summary Attacker can upload a html file with malicious content. If user tries to open that file in browser malicious scripts can be executed leading Stored XSS(Cross-Site Script) attack. PoC NocoDB was configured using the Release Binary Noco-macos-arm64, and nocodb version 0.202.9 (currently...
7.1AI Score
@valtimo/components exposes access token to form.io
Impact When opening a form in Valtimo, the access token (JWT) of the user is exposed to api.form.io via the the x-jwt-token header. An attacker can retrieve personal information from this token, or use it to execute requests to the Valtimo REST API on behalf of the logged-in user. This issue is...
7.1AI Score
@valtimo/components exposes access token to form.io
Impact When opening a form in Valtimo, the access token (JWT) of the user is exposed to api.form.io via the the x-jwt-token header. An attacker can retrieve personal information from this token, or use it to execute requests to the Valtimo REST API on behalf of the logged-in user. This issue is...
7.1AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: trillian, k8ssandra-operator, dockerize-fips, cni-plugins-fips, dagger, node-problem-detector, traefik-fips, kubernetes-csi-node-driver-registrar-fips, cluster-autoscaler-fips, nri-f5, flux-kustomize-controller-0.37, dgraph, wire-go, chartmuseum,...
7.3AI Score
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: go-ipfs-fips, trillian, istio-pilot-discovery, k8ssandra-operator, dagger, node-problem-detector, traefik-fips, kubernetes-csi-node-driver-registrar-fips, cluster-autoscaler-fips, influxd, flux-kustomize-controller-0.37, gpu-operator, dgraph, chartmuseum,...
7.3AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: trillian, k8ssandra-operator, dockerize-fips, cni-plugins-fips, dagger, node-problem-detector, traefik-fips, kubernetes-csi-node-driver-registrar-fips, cluster-autoscaler-fips, nri-f5, flux-kustomize-controller-0.37, dgraph, wire-go, chartmuseum,...
7.5AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: trillian, k8ssandra-operator, dockerize-fips, cni-plugins-fips, dagger, node-problem-detector, traefik-fips, kubernetes-csi-node-driver-registrar-fips, cluster-autoscaler-fips, nri-f5, flux-kustomize-controller-0.37, dgraph, wire-go, chartmuseum,...
7.5AI Score
0.0004EPSS
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: karpenter, external-dns, aws-load-balancer-controller-fips, prometheus, mc, prometheus-statsd-exporter-fips, trillian, aws-ebs-csi-driver, pulumi-language-dotnet, terraform, kyverno-policy-reporter-ui, istio-pilot-discovery, wavefront-collector-for-kubernetes,...
7.5CVSS
8.2AI Score
0.002EPSS
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: karpenter, external-dns, prometheus, grype, mc, terraform, pulumi-language-dotnet, kyverno-policy-reporter-ui, terraform-provider-azurerm, vault-k8s-fips, tctl, prometheus-adapter, node-problem-detector, istio-envoy, cosign, external-dns-fips,...
7.5CVSS
7.9AI Score
0.72EPSS
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: trillian, k8ssandra-operator, dockerize-fips, cni-plugins-fips, dagger, node-problem-detector, traefik-fips, kubernetes-csi-node-driver-registrar-fips, cluster-autoscaler-fips, nri-f5, flux-kustomize-controller-0.37, dgraph, wire-go, chartmuseum,...
7.5AI Score
0.0004EPSS
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: trillian, k8ssandra-operator, dockerize-fips, cni-plugins-fips, dagger, node-problem-detector, traefik-fips, kubernetes-csi-node-driver-registrar-fips, cluster-autoscaler-fips, nri-f5, flux-kustomize-controller-0.37, dgraph, wire-go, chartmuseum,...
7.5AI Score
0.0004EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: go-ipfs-fips, trillian, istio-pilot-discovery, k8ssandra-operator, dagger, node-problem-detector, traefik-fips, kubernetes-csi-node-driver-registrar-fips, cluster-autoscaler-fips, influxd, flux-kustomize-controller-0.37, gpu-operator, dgraph, chartmuseum,...
5.9AI Score
0.0004EPSS
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: trillian, k8ssandra-operator, dockerize-fips, cni-plugins-fips, dagger, node-problem-detector, traefik-fips, kubernetes-csi-node-driver-registrar-fips, cluster-autoscaler-fips, nri-f5, flux-kustomize-controller-0.37, dgraph, wire-go, chartmuseum,...
7.3AI Score
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: go-ipfs-fips, actions-runner-controller-fips, trillian, istio-pilot-discovery, node-feature-discovery, k8ssandra-operator, dockerize-fips, node-problem-detector, kubernetes-csi-node-driver-registrar-fips, velero-plugin-for-csi, cluster-autoscaler-fips, nri-f5,...
6.1AI Score
0.0004EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: trillian, k8ssandra-operator, dockerize-fips, cni-plugins-fips, dagger, node-problem-detector, traefik-fips, kubernetes-csi-node-driver-registrar-fips, cluster-autoscaler-fips, nri-f5, flux-kustomize-controller-0.37, dgraph, wire-go, chartmuseum,...
7.5AI Score
0.0004EPSS
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: trillian, k8ssandra-operator, dockerize-fips, cni-plugins-fips, dagger, node-problem-detector, traefik-fips, kubernetes-csi-node-driver-registrar-fips, cluster-autoscaler-fips, nri-f5, flux-kustomize-controller-0.37, dgraph, wire-go, chartmuseum,...
7.3AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: go-ipfs-fips, actions-runner-controller-fips, trillian, istio-pilot-discovery, node-feature-discovery, k8ssandra-operator, dockerize-fips, node-problem-detector, kubernetes-csi-node-driver-registrar-fips, velero-plugin-for-csi, cluster-autoscaler-fips, nri-f5,...
7.3AI Score