CVE-2023-39326 vulnerabilities
Vulnerabilities for packages: nats, grpcurl, flannel-cni-plugin, slsa-verifier, ctop, cni-plugins, sonobuoy, kind, kubernetes-dashboard-metrics-scraper, render-template, gosu, falco, aactl, metrics-server, local-path-provisioner, sops, configmap-reload, gops, petname, gke-gcloud-auth-plugin,...
5.3CVSS
7.2AI Score
0.001EPSS
GHSA-5F94-VHJQ-RPG8 vulnerabilities
Vulnerabilities for packages: nats, grpcurl, flannel-cni-plugin, slsa-verifier, ctop, cni-plugins, sonobuoy, kind, kubernetes-dashboard-metrics-scraper, render-template, gosu, falco, aactl, metrics-server, local-path-provisioner, sops, configmap-reload, gops, petname, gke-gcloud-auth-plugin,...
7.5AI Score
7.5AI Score
GHSA-HQXW-F8MX-CPMW vulnerabilities
Vulnerabilities for packages: kpt, bom, kubernetes-dashboard, traefik,...
7.5AI Score
5.3CVSS
5.5AI Score
0.001EPSS
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: prometheus-mysqld-exporter, grpcurl, nri-prometheus, kubernetes-ingress-defaultbackend, gitlab-runner, kubeflow-katib, gitlab-pages, external-secrets-operator, cosign, k8sgpt, kube-fluentd-operator, gitlab-shell, prometheus-pushgateway,...
7.5AI Score
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: prometheus-mysqld-exporter, grpcurl, nri-prometheus, gitlab-runner, gitlab-pages, k8sgpt, external-secrets-operator, cosign, kube-fluentd-operator, kubeflow-katib, prometheus-pushgateway, kubernetes-csi-external-attacher, prometheus-statsd-exporter, telegraf,...
7.5AI Score
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: grpcurl, nri-prometheus, gitlab-runner, gitlab-pages, kubeflow-katib, cosign, gitlab-shell, kubernetes-csi-external-attacher, telegraf, kubescape, stakater-reloader, dotnet, ingress-nginx-controller, aws-efs-csi-driver, gke-gcloud-auth-plugin, gatekeeper,...
7.5AI Score
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: prometheus-mysqld-exporter, nerdctl, terraform-docs, nri-kafka, gitlab-runner, spire-server, gitlab-pages, cilium-cli, external-secrets-operator, cosign, kube-fluentd-operator, kubeflow-katib, gitlab-shell, fq, prometheus-statsd-exporter, telegraf, kubescape,...
7.5AI Score
CVE-2024-28180 vulnerabilities
Vulnerabilities for packages: istio-pilot-discovery, skaffold, nerdctl, kyverno, slsa-verifier, tekton-pipelines, istio-cni, argo-cd, skopeo, spire-server, tkn, wolfictl, terragrunt, external-secrets-operator, cosign, apko, falco, aactl, guac, sops, timestamp-authority, kubescape, step,...
4.3CVSS
5.3AI Score
0.0004EPSS
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: gh, prometheus-mysqld-exporter, nerdctl, grpcurl, nri-prometheus, rabbitmq-cluster-operator, kuberay-operator, terraform-docs, nri-kafka, cni-plugins, gitlab-runner, supercronic, k8sgpt, kubeflow-katib, gitlab-shell, prometheus-pushgateway, fq,...
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: gh, prometheus-mysqld-exporter, nerdctl, grpcurl, nri-prometheus, rabbitmq-cluster-operator, kuberay-operator, terraform-docs, nri-kafka, cni-plugins, gitlab-runner, supercronic, k8sgpt, kubeflow-katib, gitlab-shell, prometheus-pushgateway, fq,...
7.7AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: gh, prometheus-mysqld-exporter, nerdctl, grpcurl, nri-prometheus, rabbitmq-cluster-operator, kuberay-operator, terraform-docs, nri-kafka, cni-plugins, gitlab-runner, supercronic, k8sgpt, kubeflow-katib, gitlab-shell, prometheus-pushgateway, fq,...
7.7AI Score
0.0004EPSS
GHSA-MW99-9CHC-XW7R vulnerabilities
Vulnerabilities for packages: gomplate, tekton-pipelines, pulumi-language-java, argo-cd, pulumi-language-dotnet, pulumi, apko, flux-kustomize-controller, pulumi-language-yaml, scorecard, goreleaser, gitsign, pulumi-kubernetes-operator, bom, kots, kubevela, gitness, zot, go-licenses, nuclei,...
7.5AI Score
GHSA-6WRF-MXFJ-PF5P vulnerabilities
Vulnerabilities for packages: ctop, ko, bom, helm, apko, melange,...
7.5AI Score
6.9AI Score
7.5AI Score
7.5AI Score
5.5CVSS
7.1AI Score
0.0004EPSS
6.2CVSS
6.7AI Score
0.0005EPSS
7.5AI Score
7.5CVSS
7.8AI Score
0.001EPSS
GHSA-XW73-RW38-6VJC vulnerabilities
Vulnerabilities for packages: istio-pilot-discovery, newrelic-infrastructure-agent, nerdctl, skaffold, kyverno, slsa-verifier, cadvisor, ctop, datadog-agent, tekton-pipelines, crane, pulumi, skopeo, helm, filebeat, gitlab-runner, helm-operator, k8sgpt, kubeflow-katib, cosign, eksctl, falco, aactl,....
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: gh, prometheus-mysqld-exporter, nerdctl, grpcurl, nri-prometheus, rabbitmq-cluster-operator, kuberay-operator, terraform-docs, nri-kafka, cni-plugins, gitlab-runner, supercronic, k8sgpt, kubeflow-katib, gitlab-shell, prometheus-pushgateway, fq,...
7.7AI Score
0.0004EPSS
CVE-2023-49568 vulnerabilities
Vulnerabilities for packages: gomplate, tekton-pipelines, pulumi-language-java, argo-cd, pulumi-language-dotnet, pulumi, apko, flux-kustomize-controller, pulumi-language-yaml, scorecard, goreleaser, gitsign, pulumi-kubernetes-operator, bom, kots, kubevela, gitness, zot, go-licenses, nuclei,...
7.5CVSS
8.9AI Score
0.0005EPSS
GHSA-33PG-M6JH-5237 vulnerabilities
Vulnerabilities for packages: ctop, ko, bom, helm, apko, melange,...
7.5AI Score
CVE-2023-28842 vulnerabilities
Vulnerabilities for packages: ctop, ko, bom, helm, apko, melange,...
6.8CVSS
7.8AI Score
0.003EPSS
9.8CVSS
9.7AI Score
0.0004EPSS
4.8CVSS
5.3AI Score
0.0004EPSS
7.5AI Score
8.3CVSS
8.5AI Score
0.001EPSS
7.5AI Score
5.5CVSS
7.1AI Score
0.0004EPSS
5.5CVSS
7.1AI Score
0.0004EPSS
5.5CVSS
7.1AI Score
0.0004EPSS
7.8CVSS
8AI Score
0.0004EPSS
GHSA-PXHW-596R-RWQ5 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines, kubernetes, nodetaint, ip-masq-agent, spark-operator, local-static-provisioner, node-feature-discovery, calico, cluster-autoscaler, kubernetes-dns-node-cache, kubernetes-csi-driver-hostpath,...
7.5AI Score
gensokyoradio.net Cross Site Scripting vulnerability OBB-3927692
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
Exploit for Vulnerability in Microsoft
Gerenciamento da implantação de alterações de associação de...
bhadradritemple.telangana.gov.in Cross Site Scripting vulnerability OBB-3927690
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
Directus Lacks Session Tokens Invalidation
Summary Currently session tokens function like the other JWT tokens where they are not actually invalidated when logging out. The directus_session gets destroyed and the cookie gets deleted but if you captured the cookie value it will still work for the entire expiry time which is set to 1 day by.....
Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages
Impact A Nautobot user with admin privileges can modify the BANNER_TOP, BANNER_BOTTOM, and BANNER_LOGIN configuration settings via the /admin/constance/config/ endpoint. Normally these settings are used to provide custom banner text at the top and bottom of all Nautobot web pages (or specifically.....
Directus allows redacted data extraction on the API through "alias"
Summary A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the alias functionality on the API. Normally, these redacted fields will return ********** however if we change the request to ?alias[workaround]=redacted we can instead...
Ongoing Malvertising Campaign leads to Ransomware
Executive Summary Rapid7 has observed an ongoing campaign to distribute trojanized installers for WinSCP and PuTTY via malicious ads on commonly used search engines, where clicking on the ad leads to typo squatted domains. In at least one observed case, the infection has led to the attempted...
revenueknowmads.com Cross Site Scripting vulnerability OBB-3927686
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
ssl1.secureserv.jp Cross Site Scripting vulnerability OBB-3927685
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
conscamweb.com.br Cross Site Scripting vulnerability OBB-3927683
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
crayonrocks.com Cross Site Scripting vulnerability OBB-3927684
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
mnseniorsonline.com Cross Site Scripting vulnerability OBB-3927678
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
innovetica.com Cross Site Scripting vulnerability OBB-3927681
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score