The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
7.2CVSS
EPSS
The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
7.2CVSS
6.2AI Score
EPSS
CVE-2024-5008 WhatsUp Gold APM Unrestricted File Upload Remote Code Execution Vulnerability
In WhatsUp Gold versions released before 2023.1.3, an authenticated user with certain permissions can upload an arbitrary file and obtain RCE...
8.8CVSS
EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: grpcurl, argo-workflows, cri-tools, metallb, timoni, cilium, aws-load-balancer-controller, calico, tekton-pipelines, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, secrets-store-csi-driver, kubernetes-csi-external-snapshotter, nuclei,...
7.5AI Score
Vulnerabilities for packages: kubernetes-csi-driver-hostpath, kubernetes-dns-node-cache, ip-masq-agent, local-static-provisioner, calico, spark-operator, aws-ebs-csi-driver, kubernetes, cluster-autoscaler, node-feature-discovery,...
2.7CVSS
4.3AI Score
0.0004EPSS
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: grpcurl, nri-mssql, cri-tools, metallb, timoni, aws-load-balancer-controller, dive, vite, kubebuilder, nri-haproxy, calico, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, q, kubernetes-csi-external-snapshotter, nuclei, kustomize,...
7.8AI Score
0.0004EPSS
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: grpcurl, git-lfs, calico, nri-prometheus, gitness, kubewatch, cilium-envoy, stakater-reloader, secrets-store-csi-driver, gomplate, amass, hey, nginx-stable, dotnet, terraform-provider-azurerm, envoy-ratelimit, secrets-store-csi-driver-provider-gcp, kind,...
7.5CVSS
9AI Score
0.732EPSS
CVE-2023-45285 vulnerabilities
Vulnerabilities for packages: grpcurl, aws-flb-cloudwatch, go-md2man, protoc-gen-go-grpc, dgraph, scorecard, docker-cli, aws-flb-kinesis, sonobuoy, smarter-device-manager, aws-flb-firehose, cilium-envoy, mage, prometheus-stackdriver-exporter, gosu, goreleaser, falco, amass, flannel-cni-plugin,...
7.5CVSS
7.9AI Score
0.001EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: grpcurl, argo-workflows, cri-tools, metallb, timoni, cilium, aws-load-balancer-controller, calico, tekton-pipelines, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, secrets-store-csi-driver, kubernetes-csi-external-snapshotter, nuclei,...
6.7AI Score
0.0004EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: grpcurl, nri-mssql, cri-tools, metallb, timoni, aws-load-balancer-controller, dive, vite, kubebuilder, nri-haproxy, calico, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, q, kubernetes-csi-external-snapshotter, nuclei, kustomize,...
7.8AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: grpcurl, nri-mssql, cri-tools, metallb, timoni, aws-load-balancer-controller, dive, vite, kubebuilder, nri-haproxy, calico, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, q, kubernetes-csi-external-snapshotter, nuclei, kustomize,...
7.5AI Score
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: grpcurl, spegel, gitness, kubernetes-csi-external-snapshotter, hcloud, secrets-store-csi-driver-provider-azure, dataplaneapi, kyverno-policy-reporter-kyverno-plugin, neuvector-scanner, kuberay-operator, chartmuseum, node-feature-discovery, kargo, temporal,...
5.5CVSS
6.1AI Score
0.0004EPSS
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: grpcurl, cri-tools, timoni, spegel, dive, git-lfs, kubebuilder, tekton-pipelines, nri-prometheus, smarter-device-manager, gitness, kubewatch, q, secrets-store-csi-driver, kubernetes-csi-external-snapshotter, kustomize, gomplate, kube-state-metrics, spqr,...
6.5AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: grpcurl, cri-tools, timoni, spegel, dive, git-lfs, kubebuilder, tekton-pipelines, nri-prometheus, smarter-device-manager, gitness, kubewatch, q, secrets-store-csi-driver, kubernetes-csi-external-snapshotter, kustomize, gomplate, kube-state-metrics, spqr,...
7.5AI Score
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: grpcurl, spegel, gitness, kubernetes-csi-external-snapshotter, hcloud, secrets-store-csi-driver-provider-azure, dataplaneapi, kyverno-policy-reporter-kyverno-plugin, neuvector-scanner, kuberay-operator, node-feature-discovery, chartmuseum, kargo, temporal,...
6.8AI Score
0.0004EPSS
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: grpcurl, nri-mssql, cri-tools, metallb, timoni, aws-load-balancer-controller, dive, vite, kubebuilder, nri-haproxy, calico, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, q, kubernetes-csi-external-snapshotter, nuclei, kustomize,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: grpcurl, nri-mssql, cri-tools, metallb, timoni, aws-load-balancer-controller, dive, vite, kubebuilder, nri-haproxy, calico, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, q, kubernetes-csi-external-snapshotter, nuclei, kustomize,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: grpcurl, nri-mssql, cri-tools, metallb, timoni, aws-load-balancer-controller, dive, vite, kubebuilder, nri-haproxy, calico, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, q, kubernetes-csi-external-snapshotter, nuclei, kustomize,...
7.5AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: grpcurl, spegel, gitness, kubernetes-csi-external-snapshotter, hcloud, secrets-store-csi-driver-provider-azure, dataplaneapi, kyverno-policy-reporter-kyverno-plugin, neuvector-scanner, kuberay-operator, node-feature-discovery, chartmuseum, kargo, temporal,...
7.5AI Score
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: grpcurl, cri-tools, timoni, spegel, dive, git-lfs, kubebuilder, tekton-pipelines, nri-prometheus, smarter-device-manager, gitness, kubewatch, q, secrets-store-csi-driver, kubernetes-csi-external-snapshotter, kustomize, gomplate, kube-state-metrics, spqr,...
7.5AI Score
CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: grpcurl, spegel, gitness, kubernetes-csi-external-snapshotter, hcloud, secrets-store-csi-driver-provider-azure, dataplaneapi, kyverno-policy-reporter-kyverno-plugin, neuvector-scanner, kuberay-operator, chartmuseum, node-feature-discovery, kargo, temporal,...
9.8CVSS
9.8AI Score
0.001EPSS
Vulnerabilities for packages: prometheus-adapter, ip-masq-agent, spark-operator, calico, aws-ebs-csi-driver, kubernetes-dns-node-cache, cluster-autoscaler, aws-efs-csi-driver,...
8.8CVSS
8.1AI Score
0.001EPSS
GHSA-HQ6Q-C2X6-HMCH vulnerabilities
Vulnerabilities for packages: prometheus-adapter, ip-masq-agent, spark-operator, calico, aws-ebs-csi-driver, kubernetes-dns-node-cache, cluster-autoscaler, aws-efs-csi-driver,...
7.5AI Score
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: grpcurl, nri-mssql, cri-tools, metallb, timoni, aws-load-balancer-controller, dive, vite, kubebuilder, nri-haproxy, calico, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, q, kubernetes-csi-external-snapshotter, nuclei, kustomize,...
7.5AI Score
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: grpcurl, spegel, gitness, kubernetes-csi-external-snapshotter, hcloud, secrets-store-csi-driver-provider-azure, dataplaneapi, kyverno-policy-reporter-kyverno-plugin, neuvector-scanner, kuberay-operator, chartmuseum, node-feature-discovery, kargo, temporal,...
7.5AI Score
CVE-2023-39326 vulnerabilities
Vulnerabilities for packages: grpcurl, aws-flb-cloudwatch, go-md2man, protoc-gen-go-grpc, dgraph, scorecard, docker-cli, aws-flb-kinesis, sonobuoy, smarter-device-manager, aws-flb-firehose, cilium-envoy, mage, prometheus-stackdriver-exporter, gosu, goreleaser, falco, amass, flannel-cni-plugin,...
5.3CVSS
7.2AI Score
0.001EPSS
GHSA-5F94-VHJQ-RPG8 vulnerabilities
Vulnerabilities for packages: grpcurl, aws-flb-cloudwatch, go-md2man, protoc-gen-go-grpc, dgraph, scorecard, docker-cli, aws-flb-kinesis, sonobuoy, smarter-device-manager, aws-flb-firehose, cilium-envoy, mage, prometheus-stackdriver-exporter, gosu, goreleaser, falco, amass, flannel-cni-plugin,...
7.5AI Score
GHSA-9F76-WG39-X86H vulnerabilities
Vulnerabilities for packages: grpcurl, aws-flb-cloudwatch, go-md2man, protoc-gen-go-grpc, dgraph, scorecard, docker-cli, aws-flb-kinesis, sonobuoy, smarter-device-manager, aws-flb-firehose, cilium-envoy, mage, prometheus-stackdriver-exporter, gosu, goreleaser, falco, amass, flannel-cni-plugin,...
7.5AI Score
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: grpcurl, git-lfs, calico, nri-prometheus, gitness, kubewatch, cilium-envoy, stakater-reloader, secrets-store-csi-driver, gomplate, amass, hey, nginx-stable, dotnet, terraform-provider-azurerm, envoy-ratelimit, secrets-store-csi-driver-provider-gcp, kind,...
7.5AI Score
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: grpcurl, nri-mssql, cri-tools, metallb, timoni, aws-load-balancer-controller, dive, vite, kubebuilder, nri-haproxy, calico, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, q, kubernetes-csi-external-snapshotter, nuclei, kustomize,...
7.8AI Score
0.0004EPSS
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: grpcurl, nri-mssql, cri-tools, metallb, timoni, aws-load-balancer-controller, dive, vite, kubebuilder, nri-haproxy, calico, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, q, kubernetes-csi-external-snapshotter, nuclei, kustomize,...
7.8AI Score
0.0004EPSS
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: grpcurl, spegel, gitness, kubernetes-csi-external-snapshotter, hcloud, secrets-store-csi-driver-provider-azure, dataplaneapi, kyverno-policy-reporter-kyverno-plugin, neuvector-scanner, kuberay-operator, chartmuseum, node-feature-discovery, kargo, temporal,...
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: grpcurl, nri-mssql, cri-tools, metallb, timoni, aws-load-balancer-controller, dive, vite, kubebuilder, nri-haproxy, calico, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, q, kubernetes-csi-external-snapshotter, nuclei, kustomize,...
6AI Score
0.0004EPSS
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: grpcurl, cri-tools, timoni, spegel, dive, git-lfs, kubebuilder, tekton-pipelines, nri-prometheus, smarter-device-manager, gitness, kubewatch, q, secrets-store-csi-driver, kubernetes-csi-external-snapshotter, kustomize, gomplate, kube-state-metrics, spqr,...
6.5AI Score
0.0004EPSS
GHSA-PXHW-596R-RWQ5 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-driver-hostpath, kubernetes-dns-node-cache, ip-masq-agent, local-static-provisioner, calico, spark-operator, aws-ebs-csi-driver, kubernetes, cluster-autoscaler, node-feature-discovery,...
7.5AI Score
Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details ** CVEID:...
9.8CVSS
9.9AI Score
EPSS
An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to...
9.9CVSS
0.0004EPSS
An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to...
9.9CVSS
9.7AI Score
0.0004EPSS
An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to...
10CVSS
9.6AI Score
0.0004EPSS
An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to...
10CVSS
0.0004EPSS
CVE-2024-4197 Avaya IP Office One-X Portal File Upload Vulnerability
An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to...
9.9CVSS
0.0004EPSS
CVE-2024-4197 Avaya IP Office One-X Portal File Upload Vulnerability
An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to...
9.9CVSS
7.6AI Score
0.0004EPSS
CVE-2024-4196 Avaya IP Office Web Control RCE Vulnerability
An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to...
10CVSS
0.0004EPSS
Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts
Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injected malware attempts to create a new administrative user account and then sends those details back to the...
7.2AI Score
SUSE SLES15 Security Update : kernel (SUSE-SU-2024:2185-1)
The remote SUSE Linux SLES15 / SLES_SAP15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2185-1 advisory. The SUSE Linux Enterprise 15 SP3 kernel was updated to receive various security bugfixes. The following security bugs were fixed: .....
7.8CVSS
8.2AI Score
0.0005EPSS
WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of...
0.0004EPSS
WAVLINK WN551K1 found a command injection vulnerability through the IP parameter of...
7.7AI Score
0.0004EPSS
FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the...
9.6CVSS
0.0004EPSS
FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the...
9.6CVSS
7.1AI Score
0.0004EPSS
FreeRTOS-Plus-TCP is a lightweight TCP/IP stack for FreeRTOS. FreeRTOS-Plus-TCP versions 4.0.0 through 4.1.0 contain a buffer over-read issue in the DNS Response Parser when parsing domain names in a DNS response. A carefully crafted DNS response with domain name length value greater than the...
9.6CVSS
9.2AI Score
0.0004EPSS