Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by.....
7.2AI Score
Jenkins Report Info Plugin 1.2 and earlier does not perform path validation of the workspace directory while serving report files, allowing attackers with Item/Configure permission to retrieve Surefire failures, PMD violations, Findbugs bugs, and Checkstyle errors on the controller file system by.....
7AI Score
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job...
4CVSS
7AI Score
CVE-2024-5318 Improper Access Control in GitLab
An issue has been discovered in GitLab CE/EE affecting all versions starting from 11.11 prior to 16.10.6, starting from 16.11 prior to 16.11.3, and starting from 17.0 prior to 17.0.1. A Guest user can view dependency lists of private projects through job...
6.8AI Score
The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
7.2CVSS
6.3AI Score
CVE-2024-4455 YITH WooCommerce Ajax Search <= 2.4.0 - Unauthenticated Stored Cross-Site Scripting
The YITH WooCommerce Ajax Search plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘item’ parameter in versions up to, and including, 2.4.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary...
6.2AI Score
A vulnerability classified as problematic has been found in JFinalCMS up to 20221020. This affects an unknown part of the file /admin/content. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the....
2.4CVSS
6.6AI Score
The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running do_shortcode. This...
6.5CVSS
8.1AI Score
CVE-2023-44487 affecting package sriov-network-device-plugin for versions less than 3.5.1-2
CVE-2023-44487 affecting package sriov-network-device-plugin for versions less than 3.5.1-2. A patched version of the package is...
8.2AI Score
0.72EPSS
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: scorecard, falco, kubernetes-csi-external-attacher, ollama, flux-source-controller, prometheus-blackbox-exporter, kots, weaviate, nginx-mainline, terraform-provider-aws, memcached-exporter, kind, spark-operator, gitness, kubewatch, pulumi-language-yaml, argo-cd,...
8.7AI Score
0.72EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: scorecard, falco, kubernetes-csi-external-attacher, external-secrets-operator, ollama, policy-controller, temporal, flux-source-controller, doppler-kubernetes-operator, kubeadm-bootstrap-controller, aws-ebs-csi-driver, kots, k3s, weaviate, terraform-provider-aws,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: dive, kube-rbac-proxy, helm-push, scorecard, falco, hello-world-golang, direnv, kubernetes-csi-external-attacher, yq, temporal, doppler-kubernetes-operator, prometheus-blackbox-exporter, kubeadm-bootstrap-controller, aws-ebs-csi-driver, http-echo, cni-plugins, k3s,...
6.5AI Score
0.0004EPSS
CVE-2024-21626 vulnerabilities
Vulnerabilities for packages: grype, kubescape, nvidia-device-plugin, k3d, cadvisor, kots, k3s, kaniko, skopeo, wolfictl, ctop, syft, trivy, nerdctl, kubernetes, buildkitd, newrelic-infrastructure-agent, zarf, ingress-nginx-controller, docker, runc, datadog-agent, zot, skaffold, k9s,...
7.5AI Score
0.051EPSS
GHSA-VVPX-J8F3-3W6H vulnerabilities
Vulnerabilities for packages: dynamic-localpv-provisioner, falco, restic, gke-gcloud-auth-plugin, k3d, grpcurl, wireguard-go, hey,...
7.5AI Score
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: dive, helm-push, policy-controller, temporal, prometheus-blackbox-exporter, kubeadm-bootstrap-controller, cni-plugins, k3s, cilium-cli, step-issuer, velero-plugin-for-csi, helm-operator, kubewatch, spegel, kubernetes, speedtest-go, ipfs, amass, aws-flb-cloudwatch,...
6.9AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: dive, helm-push, scorecard, kubernetes-csi-external-attacher, hello-world-golang, direnv, external-secrets-operator, policy-controller, flux-source-controller, ghaudit, kubeadm-bootstrap-controller, aws-ebs-csi-driver, http-echo, flyte, cilium-cli, spqr,...
7.5AI Score
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: dive, helm-push, scorecard, kubernetes-csi-external-attacher, hello-world-golang, direnv, external-secrets-operator, policy-controller, flux-source-controller, ghaudit, kubeadm-bootstrap-controller, aws-ebs-csi-driver, http-echo, flyte, cilium-cli, spqr,...
6.5AI Score
0.0004EPSS
CVE-2023-45285 vulnerabilities
Vulnerabilities for packages: go-licenses, sonobuoy, flannel-cni-plugin, helm-push, mage, scorecard, falco, k3d, cilium-envoy, aws-flb-kinesis, cni-plugins, aws-flb-firehose, gobuster, go-md2man, cortex, gosu, go-bindata, nats, ctop, kind, nsc, oras, kubernetes-dashboard-metrics-scraper,...
8.2AI Score
0.001EPSS
Vulnerabilities for packages: dive, kubernetes-csi-external-attacher, external-secrets-operator, yq, ollama, flux-source-controller, prometheus-blackbox-exporter, aws-ebs-csi-driver, kots, k3s, weaviate, flux, memcached-exporter, spark-operator, gitness, kubewatch, pulumi-language-yaml, argo-cd,...
6.5AI Score
0.001EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: scorecard, falco, kubernetes-csi-external-attacher, external-secrets-operator, ollama, policy-controller, temporal, flux-source-controller, doppler-kubernetes-operator, kubeadm-bootstrap-controller, aws-ebs-csi-driver, kots, k3s, weaviate, terraform-provider-aws,...
6.7AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: dive, kube-rbac-proxy, helm-push, scorecard, falco, hello-world-golang, direnv, kubernetes-csi-external-attacher, yq, temporal, doppler-kubernetes-operator, prometheus-blackbox-exporter, kubeadm-bootstrap-controller, aws-ebs-csi-driver, http-echo, cni-plugins, k3s,...
7.5AI Score
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: dive, kube-rbac-proxy, helm-push, scorecard, falco, hello-world-golang, direnv, kubernetes-csi-external-attacher, yq, temporal, doppler-kubernetes-operator, prometheus-blackbox-exporter, kubeadm-bootstrap-controller, aws-ebs-csi-driver, http-echo, cni-plugins, k3s,...
6.5AI Score
0.0004EPSS
CVE-2022-41723 vulnerabilities
Vulnerabilities for packages: dynamic-localpv-provisioner, falco, restic, gke-gcloud-auth-plugin, k3d, grpcurl, wireguard-go, hey,...
8.2AI Score
0.02EPSS
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: dive, helm-push, policy-controller, temporal, prometheus-blackbox-exporter, kubeadm-bootstrap-controller, cni-plugins, k3s, cilium-cli, step-issuer, velero-plugin-for-csi, helm-operator, kubewatch, spegel, kubernetes, speedtest-go, ipfs, amass, aws-flb-cloudwatch,...
7.5AI Score
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: dive, helm-push, scorecard, kubernetes-csi-external-attacher, hello-world-golang, direnv, external-secrets-operator, policy-controller, flux-source-controller, ghaudit, kubeadm-bootstrap-controller, aws-ebs-csi-driver, http-echo, flyte, cilium-cli, spqr,...
7.5AI Score
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: dive, falco, kubernetes-csi-external-attacher, external-secrets-operator, yq, ollama, flux-source-controller, prometheus-blackbox-exporter, kots, aws-ebs-csi-driver, k3s, weaviate, kubernetes-csi-external-snapshotter, flux, memcached-exporter, kind, spark-operator,...
8.2AI Score
0.002EPSS
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: dive, kube-rbac-proxy, helm-push, scorecard, falco, hello-world-golang, direnv, kubernetes-csi-external-attacher, yq, temporal, doppler-kubernetes-operator, prometheus-blackbox-exporter, kubeadm-bootstrap-controller, aws-ebs-csi-driver, http-echo, cni-plugins, k3s,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: dive, kube-rbac-proxy, helm-push, scorecard, falco, hello-world-golang, direnv, kubernetes-csi-external-attacher, yq, temporal, doppler-kubernetes-operator, prometheus-blackbox-exporter, kubeadm-bootstrap-controller, aws-ebs-csi-driver, http-echo, cni-plugins, k3s,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: dive, kube-rbac-proxy, helm-push, scorecard, falco, hello-world-golang, direnv, kubernetes-csi-external-attacher, yq, temporal, doppler-kubernetes-operator, prometheus-blackbox-exporter, kubeadm-bootstrap-controller, aws-ebs-csi-driver, http-echo, cni-plugins, k3s,...
7.5AI Score
CVE-2023-39326 vulnerabilities
Vulnerabilities for packages: go-licenses, sonobuoy, flannel-cni-plugin, helm-push, mage, scorecard, falco, k3d, cilium-envoy, aws-flb-kinesis, cni-plugins, aws-flb-firehose, gobuster, go-md2man, cortex, gosu, go-bindata, nats, ctop, kind, nsc, oras, kubernetes-dashboard-metrics-scraper,...
7.5AI Score
0.001EPSS
GHSA-9F76-WG39-X86H vulnerabilities
Vulnerabilities for packages: go-licenses, sonobuoy, flannel-cni-plugin, helm-push, mage, scorecard, falco, k3d, cilium-envoy, aws-flb-kinesis, cni-plugins, aws-flb-firehose, gobuster, go-md2man, cortex, gosu, go-bindata, nats, ctop, kind, nsc, oras, kubernetes-dashboard-metrics-scraper,...
7.5AI Score
GHSA-5F94-VHJQ-RPG8 vulnerabilities
Vulnerabilities for packages: go-licenses, sonobuoy, flannel-cni-plugin, helm-push, mage, scorecard, falco, k3d, cilium-envoy, aws-flb-kinesis, cni-plugins, aws-flb-firehose, gobuster, go-md2man, cortex, gosu, go-bindata, nats, ctop, kind, nsc, oras, kubernetes-dashboard-metrics-scraper,...
7.5AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: dive, falco, kubernetes-csi-external-attacher, external-secrets-operator, yq, ollama, flux-source-controller, prometheus-blackbox-exporter, kots, aws-ebs-csi-driver, k3s, weaviate, kubernetes-csi-external-snapshotter, flux, memcached-exporter, kind, spark-operator,...
7.5AI Score
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: dive, kubernetes-csi-external-attacher, external-secrets-operator, yq, ollama, flux-source-controller, prometheus-blackbox-exporter, aws-ebs-csi-driver, kots, k3s, weaviate, flux, memcached-exporter, spark-operator, gitness, kubewatch, pulumi-language-yaml, argo-cd,...
7.5AI Score
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: scorecard, falco, kubernetes-csi-external-attacher, ollama, flux-source-controller, prometheus-blackbox-exporter, kots, weaviate, nginx-mainline, terraform-provider-aws, memcached-exporter, kind, spark-operator, gitness, kubewatch, pulumi-language-yaml, argo-cd,...
7.5AI Score
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: dex, up, oauth2-proxy, scorecard, falco, grype, kubernetes-csi-external-attacher, kubescape, nvidia-device-plugin, kubernetes-csi-livenessprobe, terraform-provider-azurerm, flux-source-controller, k3d, metrics-server, prometheus-blackbox-exporter, cilium-envoy,...
7.5AI Score
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: dive, kube-rbac-proxy, helm-push, scorecard, falco, hello-world-golang, direnv, kubernetes-csi-external-attacher, yq, temporal, doppler-kubernetes-operator, prometheus-blackbox-exporter, kubeadm-bootstrap-controller, aws-ebs-csi-driver, http-echo, cni-plugins, k3s,...
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: dive, kube-rbac-proxy, helm-push, scorecard, falco, hello-world-golang, direnv, kubernetes-csi-external-attacher, yq, temporal, doppler-kubernetes-operator, prometheus-blackbox-exporter, kubeadm-bootstrap-controller, aws-ebs-csi-driver, http-echo, cni-plugins, k3s,...
6.5AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: dive, kube-rbac-proxy, helm-push, scorecard, falco, hello-world-golang, direnv, kubernetes-csi-external-attacher, yq, temporal, doppler-kubernetes-operator, prometheus-blackbox-exporter, kubeadm-bootstrap-controller, aws-ebs-csi-driver, http-echo, cni-plugins, k3s,...
6.5AI Score
0.0004EPSS
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: dive, helm-push, scorecard, kubernetes-csi-external-attacher, hello-world-golang, direnv, external-secrets-operator, policy-controller, flux-source-controller, ghaudit, kubeadm-bootstrap-controller, aws-ebs-csi-driver, http-echo, flyte, cilium-cli, spqr,...
6.5AI Score
0.0004EPSS
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: dive, kube-rbac-proxy, helm-push, scorecard, falco, hello-world-golang, direnv, kubernetes-csi-external-attacher, yq, temporal, doppler-kubernetes-operator, prometheus-blackbox-exporter, kubeadm-bootstrap-controller, aws-ebs-csi-driver, http-echo, cni-plugins, k3s,...
6.5AI Score
0.0004EPSS
GHSA-XR7R-F8XQ-VFVV vulnerabilities
Vulnerabilities for packages: grype, kubescape, nvidia-device-plugin, k3d, cadvisor, kots, k3s, kaniko, skopeo, wolfictl, ctop, syft, trivy, nerdctl, kubernetes, buildkitd, newrelic-infrastructure-agent, zarf, ingress-nginx-controller, docker, runc, datadog-agent, zot, skaffold, k9s,...
7.5AI Score
CVE-2024-5310 JFinalCMS content cross site scripting
A vulnerability classified as problematic has been found in JFinalCMS up to 20221020. This affects an unknown part of the file /admin/content. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the....
6.4AI Score
CVE-2024-4037 WP Photo Album Plus <= 8.7.02.003 - Unauthenticated Arbitrary Shortcode Execution
The WP Photo Album Plus plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 8.7.02.003. This is due to the plugin allowing unauthenticated users to execute an action that does not properly validate a value before running do_shortcode. This...
7.8AI Score
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘block_id’ parameter in versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
6.4CVSS
6.1AI Score
0.0004EPSS
Missing authorization in PostgreSQL built-in views pg_stats_ext and pg_stats_ext_exprs allows an unprivileged database user to read most common values and other statistics from CREATE STATISTICS commands of other users. The most common values may reveal column values the eavesdropper could not...
6.6AI Score
0.0004EPSS
The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘block_id’ parameter in versions up to, and including, 2.13.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with...
5.9AI Score
0.0004EPSS
On Linux, Node.js ignores certain environment variables if those may have been set by an unprivileged user while the process is running with elevated privileges with the only exception of CAP_NET_BIND_SERVICE.Due to a bug in the implementation of this exception, Node.js incorrectly applies this...
6.7AI Score
0.0004EPSS
An issue has been discovered in GitLab CE/EE affecting all versions before 16.9.7, all versions starting from 16.10 before 16.10.5, all versions starting from 16.11 before 16.11.2. It was possible for an attacker to cause a denial of service using maliciously crafted markdown...
6AI Score
0.0004EPSS
Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a .git/ directory......
6.2AI Score
0.0004EPSS