GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: trillian, k8ssandra-operator, dockerize-fips, cni-plugins-fips, dagger, node-problem-detector, traefik-fips, kubernetes-csi-node-driver-registrar-fips, cluster-autoscaler-fips, nri-f5, flux-kustomize-controller-0.37, dgraph, wire-go, chartmuseum,...
7.3AI Score
GHSA-XW73-RW38-6VJC vulnerabilities
Vulnerabilities for packages: prometheus, helm, skaffold, falcoctl, kubevela, tekton-pipelines, istio-pilot-discovery, istio-pilot-discovery-fips, kargo, kyverno, guac, kubescape, docker-credential-gcr, filebeat-fips, zarf, goreleaser, falco, argo-workflows-fips, policy-controller-fips, filebeat,.....
7.3AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: karpenter, external-dns, aws-load-balancer-controller-fips, prometheus, mc, prometheus-statsd-exporter-fips, trillian, aws-ebs-csi-driver, pulumi-language-dotnet, terraform, kyverno-policy-reporter-ui, istio-pilot-discovery, wavefront-collector-for-kubernetes,...
7.3AI Score
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: external-dns, karpenter, prometheus, grype, trillian, prometheus-statsd-exporter-fips, terraform, istio-pilot-discovery, cloudflared, spire-server-fips, wavefront-collector-for-kubernetes, spire-server, dockerize-fips, vault-k8s-fips, step, terraform-provider-azurerm,....
7.3AI Score
Vulnerabilities for packages: karpenter, external-dns, aws-load-balancer-controller-fips, prometheus, mc, prometheus-statsd-exporter-fips, trillian, aws-ebs-csi-driver, pulumi-language-dotnet, terraform, wavefront-collector-for-kubernetes, tctl, crossplane-provider-azure, tkn, prometheus-adapter,.....
6.1CVSS
7.3AI Score
0.001EPSS
GHSA-JQ35-85CJ-FJ4P vulnerabilities
Vulnerabilities for packages: prometheus, skaffold, tekton-pipelines, spire-server-fips, kubescape, falco, tekton-chains, aactl, falcoctl-fips, flux-source-controller-2.0, ctop, cert-manager-fips, slsa-verifier, up, k3s, scorecard, telegraf, bom, prometheus-fips, loki, cert-manager, chartmuseum,...
7.3AI Score
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: external-dns, karpenter, prometheus, grype, trillian, prometheus-statsd-exporter-fips, terraform, istio-pilot-discovery, cloudflared, spire-server-fips, wavefront-collector-for-kubernetes, spire-server, dockerize-fips, vault-k8s-fips, step, terraform-provider-azurerm,....
5.9CVSS
6.7AI Score
0.962EPSS
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: karpenter, external-dns, aws-load-balancer-controller-fips, prometheus, mc, prometheus-statsd-exporter-fips, trillian, aws-ebs-csi-driver, pulumi-language-dotnet, terraform, wavefront-collector-for-kubernetes, tctl, crossplane-provider-azure, tkn, prometheus-adapter,.....
7.3AI Score
GHSA-9763-4F94-GFCH vulnerabilities
Vulnerabilities for packages: vault-fips, skaffold, kubevela, pulumi-language-dotnet, spire-server-fips, flux-kustomize-controller, spire-server, kubescape, zarf, goreleaser, falco, pulumi-language-yaml, tkn, flux-source-controller, flux, cosign, flux-source-controller-0.37, tekton-chains,...
7.3AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: trillian, k8ssandra-operator, dockerize-fips, cni-plugins-fips, dagger, node-problem-detector, traefik-fips, kubernetes-csi-node-driver-registrar-fips, cluster-autoscaler-fips, nri-f5, flux-kustomize-controller-0.37, dgraph, wire-go, chartmuseum,...
7.3AI Score
CVE-2024-24557 vulnerabilities
Vulnerabilities for packages: prometheus, helm, skaffold, falcoctl, kubevela, tekton-pipelines, istio-pilot-discovery, istio-pilot-discovery-fips, kargo, kyverno, guac, kubescape, docker-credential-gcr, filebeat-fips, zarf, goreleaser, falco, argo-workflows-fips, policy-controller-fips, filebeat,.....
7.8CVSS
7.8AI Score
0.001EPSS
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: karpenter, external-dns, prometheus, grype, mc, terraform, pulumi-language-dotnet, kyverno-policy-reporter-ui, terraform-provider-azurerm, vault-k8s-fips, tctl, prometheus-adapter, node-problem-detector, istio-envoy, cosign, external-dns-fips,...
7.3AI Score
Summary Java on z/OS properties files not read correctly under certain locales / codepages vulnerability exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2 Vulnerability Details ** IBM X-Force ID: PSIRT-ADV0103951 ...
6.2AI Score
Rapid7 Recognized in the 2024 Gartner® Magic Quadrant™ for SIEM
Command Your Attack Surface with a next-gen SIEM built for the Cloud First Era Rapid7 is excited to share that we are named a Challenger for InsightIDR in the 2024 Gartner Magic Quadrant for SIEM. In a crowded and constantly changing space, this is our sixth time to be recognized in the report....
7.1AI Score
Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 272 Vulnerability Details ** CVEID: CVE-2024-29041 DESCRIPTION: **Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An...
8.1CVSS
7.8AI Score
0.0004EPSS
Summary There are multiple vulnerabilities in the IBM® SDK, Java™ Technology Edition that is shipped with IBM WebSphere Application Server and IBM WebSphere Application Server Liberty. The CVE(s) listed in this document might affect some configurations of IBM WebSphere Application Server...
3.7CVSS
7.4AI Score
0.001EPSS
Description llama-cpp-python depends on class Llama in llama.py to load .gguf llama.cpp or Latency Machine Learning Models. The init constructor built in the Llama takes several parameters to configure the loading and running of the model. Other than NUMA, LoRa settings, loading tokenizers,...
7.6AI Score
Description llama-cpp-python depends on class Llama in llama.py to load .gguf llama.cpp or Latency Machine Learning Models. The init constructor built in the Llama takes several parameters to configure the loading and running of the model. Other than NUMA, LoRa settings, loading tokenizers,...
7.3AI Score
Summary Multiple vulnerabilities exists in IBM® SDK Java™ Technology Edition, Version 8, which is used by IBM Tivoli Network Configuration Manager IP Edition v6.4.2. CVE-2024-20952, CVE-2024-20918, CVE-2024-20921, CVE-2024-20919, CVE-2024-20926, CVE-2024-20945, CVE-2023-33850 Vulnerability Details....
7.5CVSS
6.9AI Score
0.001EPSS
Security Bulletin: Multiple vulnerabilities in IBM Java SDK affects App Connect Professional
Summary There are multiple vulnerabilities in the IBM SDK Java Technology used by App Connect Professional. These issue were disclosed as part of the IBM Java SDK updates in January 2024, App Connect Professional has addressed the applicable CVEs. Vulnerability Details ** CVEID: CVE-2024-20952 ...
7.5CVSS
6.9AI Score
0.001EPSS
Summary IBM WebSphere Application Server Liberty is vulnerable to an XML External Entity (XXE) injection vulnerability. Vulnerability Details ** CVEID: CVE-2024-22354 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3...
7CVSS
7.3AI Score
0.0004EPSS
How Did Authorities Identify the Alleged Lockbit Boss?
Last week, the United States joined the U.K. and Australia in sanctioning and charging a Russian man named Dmitry Yuryevich Khoroshev as the leader of the infamous LockBit ransomware group. LockBit's leader "LockBitSupp" claims the feds named the wrong guy, saying the charges don't explain how...
7.1AI Score
LLMs’ Data-Control Path Insecurity
Back in the 1960s, if you played a 2,600Hz tone into an AT&T pay phone, you could make calls without paying. A phone hacker named John Draper noticed that the plastic whistle that came free in a box of Captain Crunch cereal worked to make the right sound. That became his hacker name, and everyone.....
8.8AI Score
GHSA-HQXW-F8MX-CPMW vulnerabilities
Vulnerabilities for packages: bom, traefik, prometheus, flux-helm-controller-0.37, kpt, aactl, kubernetes-fips, kubernetes-dashboard,...
7.3AI Score
GHSA-33PG-M6JH-5237 vulnerabilities
Vulnerabilities for packages: bom, up, ko, melange, ctop, flux-helm-controller-0.37, helm, flux-image-reflector-controller,...
7.3AI Score
CVE-2023-28840 vulnerabilities
Vulnerabilities for packages: bom, up, ko, melange, ctop, flux-helm-controller-0.37, helm, flux-image-reflector-controller,...
8.7CVSS
7.5AI Score
0.002EPSS
GHSA-6WRF-MXFJ-PF5P vulnerabilities
Vulnerabilities for packages: bom, up, ko, melange, ctop, flux-helm-controller-0.37, helm, flux-image-reflector-controller,...
7.3AI Score
CVE-2023-28842 vulnerabilities
Vulnerabilities for packages: bom, up, ko, melange, ctop, flux-helm-controller-0.37, helm, flux-image-reflector-controller,...
6.8CVSS
7.5AI Score
0.003EPSS
CVE-2023-28841 vulnerabilities
Vulnerabilities for packages: bom, up, ko, melange, ctop, flux-helm-controller-0.37, helm, flux-image-reflector-controller,...
6.8CVSS
7.5AI Score
0.002EPSS
Vulnerabilities for packages: bom, traefik, prometheus, flux-helm-controller-0.37, kpt, aactl, kubernetes-fips, kubernetes-dashboard,...
6.5CVSS
6.7AI Score
0.0004EPSS
GHSA-232P-VWFF-86MP vulnerabilities
Vulnerabilities for packages: bom, up, ko, melange, ctop, flux-helm-controller-0.37, helm, flux-image-reflector-controller,...
7.3AI Score
Summary IBM WebSphere Application Server Liberty could provide weaker than expected security for outbound TLS connections. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this risk, it has been addressed in this bulletin: Jazz Foundation, Global Configuration Management....
6.5AI Score
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to an XML External Entity (XXE) injection vulnerability. Following IBM® Engineering Lifecycle Engineering products, exposed to this vulnerability, are been addressed in this bulletin: Jazz...
6.7AI Score
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to a denial of service, caused by sending a specially crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources. The following IBM®...
6.3AI Score
Summary IBM WebSphere Application Server and IBM WebSphere Application Server Liberty are vulnerable to server-side request forgery. Following IBM® Engineering Lifecycle Engineering products are vulnerable to this attack, it has been addressed in this bulletin: Jazz Foundation, IBM Engineering...
6.4AI Score
Summary There is a vulnerability in the jose4j library used by IBM WebSphere Application Server traditional and used by the IBM WebSphere Application Server Liberty. The following IBM® Engineering Lifecycle Engineering products are exposed to this attack and are been addressed in this bulletin:...
6.4AI Score
Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager is vulnerable to a denial of service. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to...
6AI Score
POS Codekop v2.0 - Broken Authentication
A broken authentication mechanism in the endpoint excel.php of POS Codekop v2.0 allows unauthenticated attackers to download selling...
7.5CVSS
7.1AI Score
0.001EPSS
Exploit for Vulnerability in Reportlab
CODE INJECTION VULNERABILITY IN REPORTLAB PYTHON LIBRARY...
7.8CVSS
7.7AI Score
0.001EPSS
7.4AI Score
7.4AI Score
About the security content of macOS Ventura 13.6.7
About the security content of macOS Ventura 13.6.7 This document describes the security content of macOS Ventura 13.6.7. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
7.8CVSS
8AI Score
0.001EPSS
7.2AI Score
7.4AI Score
7.4AI Score
About the security content of macOS Monterey 12.7.5
About the security content of macOS Monterey 12.7.5 This document describes the security content of macOS Monterey 12.7.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or...
7.4AI Score
7.4AI Score
About the security content of tvOS 17.5
About the security content of tvOS 17.5 This document describes the security content of tvOS 17.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available....
6.3AI Score
About the security content of watchOS 10.5
About the security content of watchOS 10.5 This document describes the security content of watchOS 10.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are...
6.3AI Score
About the security content of macOS Sonoma 14.5
About the security content of macOS Sonoma 14.5 This document describes the security content of macOS Sonoma 14.5. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are....
5.5CVSS
8AI Score
0.001EPSS