DSpace Cross Site Scripting (XSS) via a deposited HTML/XML document
Impact In DSpace 7.0 through 7.6.1, when an HTML, XML or JavaScript Bitstream is downloaded, the user's browser may execute any embedded JavaScript. If that embedded JavaScript is malicious, there is a risk of an XSS attack. This attack may only be initialized by a user who already has Submitter...
5.5AI Score
EPSS
CVE-2024-6308 itsourcecode Simple Online Hotel Reservation System index.php sql injection
A vulnerability was found in itsourcecode Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit....
7.3CVSS
7.8AI Score
EPSS
CVE-2024-6308 itsourcecode Simple Online Hotel Reservation System index.php sql injection
A vulnerability was found in itsourcecode Simple Online Hotel Reservation System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file index.php. The manipulation of the argument username leads to sql injection. The attack can be initiated remotely. The exploit....
7.3CVSS
EPSS
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.2AI Score
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.2AI Score
Summary There is a vulnerability in IBM WebSphere Application Server Liberty used by IBM Cloud Transformation Advisor (CVE-2024-27270). Vulnerability Details ** CVEID: CVE-2024-27270 DESCRIPTION: **IBM WebSphere Application Server Liberty 23.0.0.3 through 24.0.0.3 is vulnerable to cross-site...
4.7CVSS
6.4AI Score
0.0004EPSS
Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized...
5.3CVSS
EPSS
Dell PowerEdge Server BIOS contains an TOCTOU race condition vulnerability. A local low privileged attacker could potentially exploit this vulnerability to gain access to otherwise unauthorized...
5.3CVSS
7AI Score
EPSS
Summary IBM Sterling B2B Integrator Standard Edition does not restrict or incorrectly restricts frame objects or UI layers that belong to another application or domain, which can lead to user confusion about which interface the user is interacting with. Vulnerability Details ** CVEID:...
6.6AI Score
EPSS
WordPress 6.5.5 Security Release – What You Need to Know
Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
5.4AI Score
Summary In Sterling B2B Integrator Standard Edition Console, the Content-Security-Policy header in the console for B2Bi is not set to the stictest available value. The Content-Security-Policy that is set by the server allows inline Javascript and "eval" functions in the browser. Allowing inline...
6.2AI Score
EPSS
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: grpcurl, git-lfs, calico, nri-prometheus, gitness, kubewatch, cilium-envoy, stakater-reloader, secrets-store-csi-driver, gomplate, amass, hey, nginx-stable, dotnet, terraform-provider-azurerm, envoy-ratelimit, secrets-store-csi-driver-provider-gcp, kind,...
7.5CVSS
9AI Score
0.732EPSS
7.5AI Score
0.0004EPSS
Vulnerabilities for packages: kubernetes-csi-driver-hostpath, kubernetes-dns-node-cache, ip-masq-agent, local-static-provisioner, calico, spark-operator, aws-ebs-csi-driver, kubernetes, cluster-autoscaler, node-feature-discovery,...
2.7CVSS
4.3AI Score
0.0004EPSS
7.5AI Score
CVE-2024-23652 vulnerabilities
Vulnerabilities for packages: docker, skaffold, guac, zot, trivy, scorecard, conftest, kubescape, datadog-agent, buildkitd,...
10CVSS
9.7AI Score
0.001EPSS
7.5AI Score
CVE-2024-26130 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines, az, py3-cryptography, ggshield,...
7.5CVSS
7.8AI Score
0.0004EPSS
7.5AI Score
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: grpcurl, argo-workflows, cri-tools, metallb, timoni, cilium, aws-load-balancer-controller, calico, tekton-pipelines, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, secrets-store-csi-driver, kubernetes-csi-external-snapshotter, nuclei,...
7.5AI Score
CVE-2024-29018 vulnerabilities
Vulnerabilities for packages: grype, zot, docker-compose, cadvisor, prometheus, ko, crossplane, loki, goreleaser, trivy, melange, kubescape, spire-server, telegraf, kaniko, ctop, aactl, syft, up, datadog-agent, buildkitd, kargo, dagger, wolfictl, tkn, buf,...
5.9CVSS
5.9AI Score
0.0004EPSS
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: argo-workflows, keda, external-secrets-operator, fulcio, tekton-pipelines, traefik, cilium-envoy, vexctl, falco, cloudflared, rekor, kubescape, spire-server, slsa-verifier, vault, istio-pilot-discovery, aactl, cosign, dex, gitsign, kots, cert-manager, argo-cd,...
7.5AI Score
GHSA-JQ35-85CJ-FJ4P vulnerabilities
Vulnerabilities for packages: k3s, scorecard, tekton-pipelines, prometheus, loki, goreleaser, falco, kubescape, slsa-verifier, ctop, aactl, paranoia, up, kpt, cert-manager, chartmuseum, skaffold, tekton-chains, k3d,...
7.5AI Score
GHSA-MQ39-4GV4-MVPX vulnerabilities
Vulnerabilities for packages: grype, zot, docker-compose, cadvisor, prometheus, ko, crossplane, loki, goreleaser, trivy, melange, kubescape, spire-server, telegraf, kaniko, ctop, aactl, syft, up, datadog-agent, buildkitd, kargo, dagger, wolfictl, tkn, buf,...
7.5AI Score
7.5AI Score
7.5AI Score
7.5AI Score
7.5CVSS
7.7AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
7.5AI Score
7.5AI Score
7.2CVSS
7.3AI Score
0.0004EPSS
GHSA-X84C-P2G9-RQV9 vulnerabilities
Vulnerabilities for packages: docker, dagger, helm-push, harbor-scanner-trivy, policy-controller, cri-tools, grype, docker-compose, neuvector-scanner, wolfictl, syft, melange, tekton-pipelines, k3d, buf, prometheus,...
7.5AI Score
6.4CVSS
7.7AI Score
0.0004EPSS
6.5CVSS
7.7AI Score
0.001EPSS
7.5AI Score
7.5AI Score
GHSA-R53H-JV2G-VPX6 vulnerabilities
Vulnerabilities for packages: istio-operator, helm-push, k9s, zot, cilium-cli, trivy, zarf, up, cert-manager, helm-operator, kubescape, kots, eksctl, chartmuseum, flux-helm-controller, flux-source-controller,...
7.5AI Score
CVE-2024-25620 vulnerabilities
Vulnerabilities for packages: istio-operator, helm-push, k9s, zot, cilium-cli, trivy, zarf, up, cert-manager, helm-operator, kubescape, kots, eksctl, chartmuseum, flux-helm-controller, flux-source-controller,...
6.4CVSS
6.7AI Score
0.0004EPSS
7.5AI Score
8.9AI Score
0.0005EPSS
7.5AI Score
7.5AI Score
8.8CVSS
6.8AI Score
0.001EPSS
7.5AI Score
7.1AI Score
0.0004EPSS
8.8CVSS
7.1AI Score
0.003EPSS
7.2AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS