'Skylark' App For IOS Security Vulnerabilities

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: nats, grpcurl, flannel-cni-plugin, slsa-verifier, ctop, cni-plugins, sonobuoy, kind, kubernetes-dashboard-metrics-scraper, render-template, gosu, falco, aactl, metrics-server, local-path-provisioner, sops, configmap-reload, gops, petname, gke-gcloud-auth-plugin,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: nats, grpcurl, flannel-cni-plugin, slsa-verifier, ctop, cni-plugins, sonobuoy, kind, kubernetes-dashboard-metrics-scraper, render-template, gosu, falco, aactl, metrics-server, local-path-provisioner, sops, configmap-reload, gops, petname, gke-gcloud-auth-plugin,...

GHSA-2Q89-485C-9J2X vulnerabilities

Vulnerabilities for packages: pulumi-language-java,...

GHSA-HQXW-F8MX-CPMW vulnerabilities

Vulnerabilities for packages: kpt, bom, kubernetes-dashboard, traefik,...

CVE-2023-33199 vulnerabilities

Vulnerabilities for packages: skaffold,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: prometheus-mysqld-exporter, grpcurl, nri-prometheus, kubernetes-ingress-defaultbackend, gitlab-runner, kubeflow-katib, gitlab-pages, external-secrets-operator, cosign, k8sgpt, kube-fluentd-operator, gitlab-shell, prometheus-pushgateway,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: prometheus-mysqld-exporter, grpcurl, nri-prometheus, gitlab-runner, gitlab-pages, k8sgpt, external-secrets-operator, cosign, kube-fluentd-operator, kubeflow-katib, prometheus-pushgateway, kubernetes-csi-external-attacher, prometheus-statsd-exporter, telegraf,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: grpcurl, nri-prometheus, gitlab-runner, gitlab-pages, kubeflow-katib, cosign, gitlab-shell, kubernetes-csi-external-attacher, telegraf, kubescape, stakater-reloader, dotnet, ingress-nginx-controller, aws-efs-csi-driver, gke-gcloud-auth-plugin, gatekeeper,...

GHSA-45X7-PX36-X8W8 vulnerabilities

Vulnerabilities for packages: prometheus-mysqld-exporter, nerdctl, terraform-docs, nri-kafka, gitlab-runner, spire-server, gitlab-pages, cilium-cli, external-secrets-operator, cosign, kube-fluentd-operator, kubeflow-katib, gitlab-shell, fq, prometheus-statsd-exporter, telegraf, kubescape,...

CVE-2024-28180 vulnerabilities

Vulnerabilities for packages: istio-pilot-discovery, skaffold, nerdctl, kyverno, slsa-verifier, tekton-pipelines, istio-cni, argo-cd, skopeo, spire-server, tkn, wolfictl, terragrunt, external-secrets-operator, cosign, apko, falco, aactl, guac, sops, timestamp-authority, kubescape, step,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: gh, prometheus-mysqld-exporter, nerdctl, grpcurl, nri-prometheus, rabbitmq-cluster-operator, kuberay-operator, terraform-docs, nri-kafka, cni-plugins, gitlab-runner, supercronic, k8sgpt, kubeflow-katib, gitlab-shell, prometheus-pushgateway, fq,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: gh, prometheus-mysqld-exporter, nerdctl, grpcurl, nri-prometheus, rabbitmq-cluster-operator, kuberay-operator, terraform-docs, nri-kafka, cni-plugins, gitlab-runner, supercronic, k8sgpt, kubeflow-katib, gitlab-shell, prometheus-pushgateway, fq,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: gh, prometheus-mysqld-exporter, nerdctl, grpcurl, nri-prometheus, rabbitmq-cluster-operator, kuberay-operator, terraform-docs, nri-kafka, cni-plugins, gitlab-runner, supercronic, k8sgpt, kubeflow-katib, gitlab-shell, prometheus-pushgateway, fq,...

GHSA-MW99-9CHC-XW7R vulnerabilities

Vulnerabilities for packages: gomplate, tekton-pipelines, pulumi-language-java, argo-cd, pulumi-language-dotnet, pulumi, apko, flux-kustomize-controller, pulumi-language-yaml, scorecard, goreleaser, gitsign, pulumi-kubernetes-operator, bom, kots, kubevela, gitness, zot, go-licenses, nuclei,...

GHSA-6WRF-MXFJ-PF5P vulnerabilities

Vulnerabilities for packages: ctop, ko, bom, helm, apko, melange,...

CVE-2024-32476 vulnerabilities

Vulnerabilities for packages:...

GHSA-MG8V-G9MC-P4F8 vulnerabilities

Vulnerabilities for packages:...

GHSA-4G3H-V9FP-PGM4 vulnerabilities

Vulnerabilities for packages:...

CVE-2023-38473 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-0450 vulnerabilities

Vulnerabilities for packages: python,...

GHSA-2H5H-59F5-C5X9 vulnerabilities

Vulnerabilities for packages: ko, apko,...

CVE-2023-30551 vulnerabilities

Vulnerabilities for packages: ko, apko,...

GHSA-XW73-RW38-6VJC vulnerabilities

Vulnerabilities for packages: istio-pilot-discovery, newrelic-infrastructure-agent, nerdctl, skaffold, kyverno, slsa-verifier, cadvisor, ctop, datadog-agent, tekton-pipelines, crane, pulumi, skopeo, helm, filebeat, gitlab-runner, helm-operator, k8sgpt, kubeflow-katib, cosign, eksctl, falco, aactl,....

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: gh, prometheus-mysqld-exporter, nerdctl, grpcurl, nri-prometheus, rabbitmq-cluster-operator, kuberay-operator, terraform-docs, nri-kafka, cni-plugins, gitlab-runner, supercronic, k8sgpt, kubeflow-katib, gitlab-shell, prometheus-pushgateway, fq,...

CVE-2023-49568 vulnerabilities

Vulnerabilities for packages: gomplate, tekton-pipelines, pulumi-language-java, argo-cd, pulumi-language-dotnet, pulumi, apko, flux-kustomize-controller, pulumi-language-yaml, scorecard, goreleaser, gitsign, pulumi-kubernetes-operator, bom, kots, kubevela, gitness, zot, go-licenses, nuclei,...

GHSA-33PG-M6JH-5237 vulnerabilities

Vulnerabilities for packages: ctop, ko, bom, helm, apko, melange,...

CVE-2023-28842 vulnerabilities

Vulnerabilities for packages: ctop, ko, bom, helm, apko, melange,...

CVE-2024-21652 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-31990 vulnerabilities

Vulnerabilities for packages:...

GHSA-9M6P-X4H2-6FRQ vulnerabilities

Vulnerabilities for packages:...

CVE-2024-22424 vulnerabilities

Vulnerabilities for packages:...

GHSA-43RM-FV4G-CMJ8 vulnerabilities

Vulnerabilities for packages:...

CVE-2023-38469 vulnerabilities

Vulnerabilities for packages:...

CVE-2023-38471 vulnerabilities

Vulnerabilities for packages:...

CVE-2023-38472 vulnerabilities

Vulnerabilities for packages:...

CVE-2023-6597 vulnerabilities

Vulnerabilities for packages: python,...

GHSA-PXHW-596R-RWQ5 vulnerabilities

Vulnerabilities for packages: kubeflow-pipelines, kubernetes, nodetaint, ip-masq-agent, spark-operator, local-static-provisioner, node-feature-discovery, calico, cluster-autoscaler, kubernetes-dns-node-cache, kubernetes-csi-driver-hostpath,...

gensokyoradio.net Cross Site Scripting vulnerability OBB-3927692

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Exploit for Vulnerability in Microsoft

Gerenciamento da implantação de alterações de associação de...

bhadradritemple.telangana.gov.in Cross Site Scripting vulnerability OBB-3927690

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

Directus Lacks Session Tokens Invalidation

Summary Currently session tokens function like the other JWT tokens where they are not actually invalidated when logging out. The directus_session gets destroyed and the cookie gets deleted but if you captured the cookie value it will still work for the entire expiry time which is set to 1 day by.....

Nautobot's BANNER_* configuration can be used to inject arbitrary HTML content into Nautobot pages

Impact A Nautobot user with admin privileges can modify the BANNER_TOP, BANNER_BOTTOM, and BANNER_LOGIN configuration settings via the /admin/constance/config/ endpoint. Normally these settings are used to provide custom banner text at the top and bottom of all Nautobot web pages (or specifically.....

Directus allows redacted data extraction on the API through "alias"

Summary A user with permission to view any collection using redacted hashed fields can get access the raw stored version using the alias functionality on the API. Normally, these redacted fields will return ********** however if we change the request to ?alias[workaround]=redacted we can instead...

Ongoing Malvertising Campaign leads to Ransomware

Executive Summary Rapid7 has observed an ongoing campaign to distribute trojanized installers for WinSCP and PuTTY via malicious ads on commonly used search engines, where clicking on the ad leads to typo squatted domains. In at least one observed case, the infection has led to the attempted...

revenueknowmads.com Cross Site Scripting vulnerability OBB-3927686

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

ssl1.secureserv.jp Cross Site Scripting vulnerability OBB-3927685

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

conscamweb.com.br Cross Site Scripting vulnerability OBB-3927683

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

crayonrocks.com Cross Site Scripting vulnerability OBB-3927684

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

mnseniorsonline.com Cross Site Scripting vulnerability OBB-3927678

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...

innovetica.com Cross Site Scripting vulnerability OBB-3927681

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...