qa.sienasleep.com Open Redirect vulnerability OBB-3939173
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application
A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database. Tracked as CVE-2024-5276, the vulnerability carries a CVSS score of 9.8. It impacts FileCatalyst Workflow versions 5.1.6 Build 135...
9.8CVSS
8.2AI Score
0.0004EPSS
jostenberg.nl Cross Site Scripting vulnerability OBB-3939171
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL parameter of the De Gallery widget in all versions up to and including 2.1.5 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for....
5.4CVSS
EPSS
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL parameter of the De Gallery widget in all versions up to and including 2.1.5 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for....
5.4CVSS
5.1AI Score
EPSS
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL parameter of the De Gallery widget in all versions up to and including 2.1.5 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for....
5.4CVSS
EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.4CVSS
EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.4CVSS
5.8AI Score
EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.4CVSS
5.8AI Score
EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.4CVSS
EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.4CVSS
EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.4CVSS
EPSS
Security Bulletin: IBM MQ Appliance is affected by multiple open source vulnerabilities.
Summary IBM MQ Appliance has addressed multiple open source vulnerabilities (CVE-2020-12762, CVE-2021-33631, CVE-2023-6931, CVE-2024-1086). Vulnerability Details CVEID: CVE-2020-12762 DESCRIPTION: json-c could allow a remote attacker to execute arbitrary code on the system, caused by an integer...
7.8CVSS
8.7AI Score
0.002EPSS
Security Bulletin: IBM MQ Appliance is affected by a denial of service vulnerability (CVE-2024-2511)
Summary IBM MQ Appliance has addressed an OpenSSL denial of service vulnerability. Vulnerability Details CVEID: CVE-2024-2511 DESCRIPTION: OpenSSL is vulnerable to a denial of service, caused by improper server configuration validation. By using a specially crafted server configuration, a remote...
6.7AI Score
0.0004EPSS
Security Bulletin: IBM MQ Appliance vulnerable to open redirect (CVE-2024-29041)
Summary IBM MQ Appliance has addressed an open redirect vulnerability. Vulnerability Details CVEID: CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using....
6.1CVSS
6.7AI Score
0.0004EPSS
Summary IBM MQ Appliance has addressed XML External Entity (XXE) injection and server-side request forgery vulnerabilities. Vulnerability Details CVEID: CVE-2024-22354 DESCRIPTION: IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.5 are.....
7CVSS
7.8AI Score
0.0004EPSS
Security Bulletin: IBM MQ Appliance vulnerable to "Terrapin" attack in OpenSSH (CVE-2023-48795)
Summary By manipulating sequence numbers during SSH connection setup, a MITM attacker can delete negotiation messages without causing a MAC failure. To mitigate this vulnerability, IBM MQ Appliance has removed the chacha20-poly1305 cipher and all etm HMACs from the default set of algorithms...
5.9CVSS
6.9AI Score
0.963EPSS
Security Bulletin: IBM MQ Appliance is vulnerable to a denial of service attack (CVE-2024-35116)
Summary IBM MQ Appliance has addressed a denial of service vulnerability. Vulnerability Details CVEID: CVE-2024-35116 DESCRIPTION: IBM MQ is vulnerable to a denial of service attack caused by an error applying configuration changes. CVSS Base score: 5.9 CVSS Temporal Score: See: ...
6.5AI Score
EPSS
The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above....
8.8CVSS
8.9AI Score
EPSS
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget parameters in all versions up to, and including, 3.2.42 due to insufficient input sanitization and output escaping. This makes it possible....
6.4CVSS
EPSS
The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above....
8.8CVSS
EPSS
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget parameters in all versions up to, and including, 3.2.42 due to insufficient input sanitization and output escaping. This makes it possible....
6.4CVSS
5.7AI Score
EPSS
7.5AI Score
CVE-2024-29018 vulnerabilities
Vulnerabilities for packages: melange, ctop, trivy, kargo, cadvisor, docker-compose, up, goreleaser, conftest, spire-server, loki, kaniko, grype, datadog-agent, aactl, telegraf, crossplane, tkn, prometheus, buf, wolfictl, buildkitd, syft, kubescape, ko, zot,...
5.9CVSS
6.1AI Score
0.0004EPSS
CVE-2024-27304 vulnerabilities
Vulnerabilities for packages: amass, argo-workflows, step-ca, kine, vault, telegraf, kube-bench, trillian, spicedb, kots, k3s, ferretdb, keda, caddy, temporal-server,...
9.8CVSS
9.7AI Score
0.0004EPSS
GHSA-232P-VWFF-86MP vulnerabilities
Vulnerabilities for packages: up, melange, helm, ctop, apko, ko,...
7.5AI Score
7.5AI Score
CVE-2023-46402 vulnerabilities
Vulnerabilities for packages: argo-workflows, argo-cd, melange, pulumi-kubernetes-operator,...
7.5CVSS
7.7AI Score
0.0005EPSS
6.2CVSS
7.1AI Score
0.0004EPSS
Vulnerabilities for packages: cluster-autoscaler, kubernetes, node-feature-discovery, ip-masq-agent, local-static-provisioner, aws-ebs-csi-driver, kubernetes-csi-driver-hostpath, kubernetes-dns-node-cache, spark-operator, calico,...
2.7CVSS
4.3AI Score
0.0004EPSS
3.1CVSS
7.5AI Score
0.0004EPSS
GHSA-95PR-FXF5-86GV vulnerabilities
Vulnerabilities for packages: melange, zarf, goreleaser, vexctl, spire-server, zot, falco, aactl, gitsign, tkn, policy-controller, tekton-chains, flux-source-controller, wolfictl, neuvector-sigstore-interface, skaffold, kubescape, falcoctl, ko, apko,...
7.5AI Score
Vulnerabilities for packages: rook, flux-image-automation-controller, sops, kyverno, sigstore-scaffolding, grafana-mimir, consul, nuclei, kargo, gitlab-kas, tekton-pipelines, zarf, flux-kustomize-controller, goreleaser, guac, rabbitmq-messaging-topology-operator, pulumi, vexctl,...
6CVSS
6AI Score
0.0004EPSS
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: sops, kyverno, vault, istio-pilot-discovery, traefik, tekton-pipelines, flux-kustomize-controller, vexctl, spire-server, fulcio, keda, external-secrets-operator, cilium-envoy, falco, argo-cd, dex, aactl, gitsign, kots, terragrunt, tkn, tekton-chains,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: gatekeeper, nats-server, helm, prometheus-elasticsearch-exporter, lazygit, ctop, hubble-ui, chartmuseum, cni-plugins, nri-rabbitmq, secrets-store-csi-driver-provider-aws, cue, rqlite, bazelisk, tctl, k8ssandra-operator, nvidia-device-plugin, pulumi,...
7.8AI Score
0.0004EPSS
GHSA-MRWW-27VC-GGHV vulnerabilities
Vulnerabilities for packages: amass, argo-workflows, step-ca, kine, vault, telegraf, kube-bench, trillian, spicedb, kots, k3s, ferretdb, keda, caddy, temporal-server,...
7.5AI Score
Vulnerabilities for packages: calico, argo-cd, aws-efs-csi-driver,...
8.8CVSS
8.9AI Score
0.001EPSS
7.5AI Score
7.5AI Score
7.5AI Score
CVE-2024-26130 vulnerabilities
Vulnerabilities for packages: ggshield, py3-cryptography, py3-cassandra-medusa, az,...
7.5CVSS
7.8AI Score
0.0004EPSS
7.5AI Score
7.5CVSS
7.5AI Score
0.001EPSS
5.3CVSS
7.2AI Score
0.0005EPSS
7.5AI Score
GHSA-X84C-P2G9-RQV9 vulnerabilities
Vulnerabilities for packages: tekton-pipelines, syft, harbor-scanner-trivy, melange, helm-push, k3d, wolfictl, kaniko, prometheus, docker, policy-controller, buf, cri-tools, neuvector-scanner, grype, dagger,...
7.5AI Score
7.2CVSS
7.3AI Score
0.0004EPSS
7.5AI Score
CVE-2024-23652 vulnerabilities
Vulnerabilities for packages: datadog-agent, buildkitd, skaffold, guac, zot, conftest, scorecard, kubescape, docker, trivy,...
10CVSS
9.7AI Score
0.001EPSS
CVE-2024-21626 vulnerabilities
Vulnerabilities for packages: ctop, docker, trivy, ingress-nginx-controller, cadvisor, zarf, nvidia-device-plugin, kubernetes, kaniko, grype, datadog-agent, k9s, telegraf, k3d, kots, k3s, wolfictl, newrelic-infrastructure-agent, buildkitd, skaffold, syft, skopeo, runc, kubescape, nerdctl,...
8.6CVSS
9.2AI Score
0.051EPSS