GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: grpcurl, cri-tools, timoni, spegel, dive, git-lfs, kubebuilder, tekton-pipelines, nri-prometheus, smarter-device-manager, gitness, kubewatch, q, secrets-store-csi-driver, kubernetes-csi-external-snapshotter, kustomize, gomplate, kube-state-metrics, spqr,...
7.5AI Score
CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: grpcurl, spegel, gitness, kubernetes-csi-external-snapshotter, hcloud, secrets-store-csi-driver-provider-azure, dataplaneapi, kyverno-policy-reporter-kyverno-plugin, neuvector-scanner, kuberay-operator, chartmuseum, node-feature-discovery, kargo, temporal,...
9.8CVSS
9.8AI Score
0.001EPSS
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: grpcurl, nri-mssql, cri-tools, metallb, timoni, aws-load-balancer-controller, dive, vite, kubebuilder, nri-haproxy, calico, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, q, kubernetes-csi-external-snapshotter, nuclei, kustomize,...
7.5AI Score
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: grpcurl, spegel, gitness, kubernetes-csi-external-snapshotter, hcloud, secrets-store-csi-driver-provider-azure, dataplaneapi, kyverno-policy-reporter-kyverno-plugin, neuvector-scanner, kuberay-operator, chartmuseum, node-feature-discovery, kargo, temporal,...
7.5AI Score
CVE-2023-39326 vulnerabilities
Vulnerabilities for packages: grpcurl, aws-flb-cloudwatch, go-md2man, protoc-gen-go-grpc, dgraph, scorecard, docker-cli, aws-flb-kinesis, sonobuoy, smarter-device-manager, aws-flb-firehose, cilium-envoy, mage, prometheus-stackdriver-exporter, gosu, goreleaser, falco, amass, flannel-cni-plugin,...
5.3CVSS
7.2AI Score
0.001EPSS
GHSA-5F94-VHJQ-RPG8 vulnerabilities
Vulnerabilities for packages: grpcurl, aws-flb-cloudwatch, go-md2man, protoc-gen-go-grpc, dgraph, scorecard, docker-cli, aws-flb-kinesis, sonobuoy, smarter-device-manager, aws-flb-firehose, cilium-envoy, mage, prometheus-stackdriver-exporter, gosu, goreleaser, falco, amass, flannel-cni-plugin,...
7.5AI Score
GHSA-9F76-WG39-X86H vulnerabilities
Vulnerabilities for packages: grpcurl, aws-flb-cloudwatch, go-md2man, protoc-gen-go-grpc, dgraph, scorecard, docker-cli, aws-flb-kinesis, sonobuoy, smarter-device-manager, aws-flb-firehose, cilium-envoy, mage, prometheus-stackdriver-exporter, gosu, goreleaser, falco, amass, flannel-cni-plugin,...
7.5AI Score
CVE-2024-28180 vulnerabilities
Vulnerabilities for packages: guac, argo-workflows, keda, minio, cilium, external-secrets-operator, fulcio, dgraph, tekton-pipelines, nerdctl, weaviate, ko, sigstore-scaffolding, step-ca, skopeo, goreleaser, vexctl, rook, falco, gomplate, cloudflared, melange, rekor, grafana, slsa-verifier, step,.....
4.3CVSS
6AI Score
0.0005EPSS
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: grpcurl, timoni, aws-load-balancer-controller, dive, git-lfs, nri-prometheus, gitness, kubewatch, stakater-reloader, secrets-store-csi-driver, kubernetes-csi-external-snapshotter, gomplate, kube-state-metrics, hey, vault, thanos, secrets-store-csi-driver-provider-gcp,....
7.5AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: grpcurl, timoni, aws-load-balancer-controller, dive, git-lfs, nri-prometheus, gitness, kubewatch, stakater-reloader, secrets-store-csi-driver, kubernetes-csi-external-snapshotter, gomplate, kube-state-metrics, amass, hey, go, vault, thanos,...
7.5AI Score
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: kubernetes-csi-external-attacher, keda, minio, grype, dgraph, scorecard, calico, spark-operator, gitlab-pages, pulumi-language-yaml, terraform, weaviate, prometheus, cilium-envoy, ko, prometheus-stackdriver-exporter, coredns, external-dns, secrets-store-csi-driver,...
7.5AI Score
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: nri-mssql, argo-workflows, git-lfs, gitlab-kas, calico, tekton-pipelines, gitness, kubewatch, secrets-store-csi-driver, gomplate, kube-state-metrics, amass, step, secrets-store-csi-driver-provider-azure, vault, terraform-provider-azurerm, thanos,...
7.5AI Score
GHSA-V53G-5GJP-272R vulnerabilities
Vulnerabilities for packages: istio-operator, helm-push, k9s, zot, cilium-cli, trivy, zarf, up, cert-manager, helm-operator, kubescape, kots, eksctl, chartmuseum, flux-helm-controller, flux-source-controller,...
7.5AI Score
9.8CVSS
9.9AI Score
0.005EPSS
7.5AI Score
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: grpcurl, git-lfs, calico, nri-prometheus, gitness, kubewatch, cilium-envoy, stakater-reloader, secrets-store-csi-driver, gomplate, amass, hey, nginx-stable, dotnet, terraform-provider-azurerm, envoy-ratelimit, secrets-store-csi-driver-provider-gcp, kind,...
7.5AI Score
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: grpcurl, nri-mssql, cri-tools, metallb, timoni, aws-load-balancer-controller, dive, vite, kubebuilder, nri-haproxy, calico, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, q, kubernetes-csi-external-snapshotter, nuclei, kustomize,...
7.8AI Score
0.0004EPSS
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: grpcurl, nri-mssql, cri-tools, metallb, timoni, aws-load-balancer-controller, dive, vite, kubebuilder, nri-haproxy, calico, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, q, kubernetes-csi-external-snapshotter, nuclei, kustomize,...
7.8AI Score
0.0004EPSS
GHSA-MW99-9CHC-XW7R vulnerabilities
Vulnerabilities for packages: zot, scorecard, tekton-pipelines, pulumi-language-yaml, gitness, goreleaser, nuclei, gomplate, pulumi-kubernetes-operator, kubevela, gitsign, kots, pulumi-language-java, argo-cd, flux-kustomize-controller, go-licenses, apko, pulumi, src-fingerprint,...
7.5AI Score
9.8CVSS
9.9AI Score
0.005EPSS
CVE-2024-29903 vulnerabilities
Vulnerabilities for packages: zot, ko, neuvector-sigstore-interface, goreleaser, vexctl, falco, melange, kubescape, slsa-verifier, aactl, gitsign, skaffold, flux-source-controller, apko, policy-controller, falcoctl, wolfictl, tekton-chains, zarf, tkn,...
4.2CVSS
4.6AI Score
0.0004EPSS
CVE-2024-29902 vulnerabilities
Vulnerabilities for packages: zot, ko, neuvector-sigstore-interface, goreleaser, vexctl, falco, melange, kubescape, slsa-verifier, aactl, gitsign, skaffold, flux-source-controller, apko, policy-controller, falcoctl, wolfictl, tekton-chains, zarf, tkn,...
4.2CVSS
4.5AI Score
0.0004EPSS
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: grpcurl, spegel, gitness, kubernetes-csi-external-snapshotter, hcloud, secrets-store-csi-driver-provider-azure, dataplaneapi, kyverno-policy-reporter-kyverno-plugin, neuvector-scanner, kuberay-operator, chartmuseum, node-feature-discovery, kargo, temporal,...
7.5AI Score
GHSA-XW73-RW38-6VJC vulnerabilities
Vulnerabilities for packages: guac, argo-workflows, k3s, newrelic-infrastructure-agent, cri-tools, k9s, timoni, zot, cadvisor, helm-operator, scorecard, tekton-pipelines, flux-image-reflector-controller, traefik, nerdctl, gitlab-runner, prometheus, crane, skopeo, loki, goreleaser, vexctl, trivy,...
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: grpcurl, nri-mssql, cri-tools, metallb, timoni, aws-load-balancer-controller, dive, vite, kubebuilder, nri-haproxy, calico, nri-prometheus, smarter-device-manager, gitness, kubewatch, stakater-reloader, q, kubernetes-csi-external-snapshotter, nuclei, kustomize,...
6AI Score
0.0004EPSS
CVE-2023-49568 vulnerabilities
Vulnerabilities for packages: zot, scorecard, tekton-pipelines, pulumi-language-yaml, gitness, goreleaser, nuclei, gomplate, pulumi-kubernetes-operator, kubevela, gitsign, kots, pulumi-language-java, argo-cd, flux-kustomize-controller, go-licenses, apko, pulumi, src-fingerprint,...
7.5CVSS
7.8AI Score
0.0005EPSS
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: grpcurl, cri-tools, timoni, spegel, dive, git-lfs, kubebuilder, tekton-pipelines, nri-prometheus, smarter-device-manager, gitness, kubewatch, q, secrets-store-csi-driver, kubernetes-csi-external-snapshotter, kustomize, gomplate, kube-state-metrics, spqr,...
6.5AI Score
0.0004EPSS
GHSA-PXHW-596R-RWQ5 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-driver-hostpath, kubernetes-dns-node-cache, ip-masq-agent, local-static-provisioner, calico, spark-operator, aws-ebs-csi-driver, kubernetes, cluster-autoscaler, node-feature-discovery,...
7.5AI Score
GHSA-XR7R-F8XQ-VFVV vulnerabilities
Vulnerabilities for packages: newrelic-infrastructure-agent, k3s, grype, k9s, zot, cadvisor, nerdctl, runc, skopeo, trivy, nvidia-device-plugin, kubescape, telegraf, kaniko, ctop, syft, kots, datadog-agent, kubernetes, skaffold, buildkitd, docker, ingress-nginx-controller, wolfictl, zarf,...
7.5AI Score
A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger....
7.2CVSS
EPSS
A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger....
7.2CVSS
7.3AI Score
EPSS
A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger....
7.2CVSS
7.5AI Score
EPSS
A leftover debug code vulnerability exists in the cli_server debug functionality of Tp-Link ER7206 Omada Gigabit VPN Router 1.4.1 Build 20240117 Rel.57421. A specially crafted series of network requests can lead to arbitrary command execution. An attacker can send a sequence of requests to trigger....
7.2CVSS
EPSS
Summary IBM HTTP Server (IHS) is shipped as a component of IBM DevOps Code ClearCase. Information about a security vulnerability affecting IHS has been published in a security bulletin. [CVE-2024-24795, CVE-2023-38709] Vulnerability Details Refer to the security bulletin(s) listed in the...
6.7AI Score
0.0004EPSS
This affects versions of the package opencart/opencart from 4.0.0-0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An...
7.2CVSS
7AI Score
0.001EPSS
This affects versions of the package opencart/opencart from 4.0.0-0. An Arbitrary File Creation issue was identified via the database restoration functionality. By injecting PHP code into the database, an attacker with admin privileges can create a backup file with an arbitrary filename (including....
7.2CVSS
7.2AI Score
0.0005EPSS
Summary IBM Application Performance Management is vulnerable to denial of service, remote code execution, information disclosures and other vulnerabilities due to bundled product IBM ® Db2. This bulletin identifies the steps to address the vulnerabilities. Vulnerability Details ** CVEID:...
9.8CVSS
9.9AI Score
EPSS
An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to...
9.9CVSS
0.0004EPSS
Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator...
10CVSS
9.7AI Score
0.001EPSS
Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator...
10CVSS
0.001EPSS
An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to...
9.9CVSS
9.7AI Score
0.0004EPSS
An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to...
10CVSS
9.6AI Score
0.0004EPSS
An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to...
10CVSS
0.0004EPSS
CVE-2024-4197 Avaya IP Office One-X Portal File Upload Vulnerability
An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to...
9.9CVSS
0.0004EPSS
CVE-2024-4197 Avaya IP Office One-X Portal File Upload Vulnerability
An unrestricted file upload vulnerability in Avaya IP Office was discovered that could allow remote command or code execution via the One-X component. Affected versions include all versions prior to...
9.9CVSS
7.6AI Score
0.0004EPSS
CVE-2024-4196 Avaya IP Office Web Control RCE Vulnerability
An improper input validation vulnerability was discovered in Avaya IP Office that could allow remote command or code execution via a specially crafted web request to the Web Control component. Affected versions include all versions prior to...
10CVSS
0.0004EPSS
Multiple WordPress Plugins Compromised: Hackers Create Rogue Admin Accounts
Multiple WordPress plugins have been backdoored to inject malicious code that makes it possible to create rogue administrator accounts with the aim of performing arbitrary actions. "The injected malware attempts to create a new administrative user account and then sends those details back to the...
7.2AI Score
CVE-2024-6297 Several WordPress.org Plugins <= Various Versions - Injected Backdoor
Several plugins for WordPress hosted on WordPress.org have been compromised and injected with malicious PHP scripts. A malicious threat actor compromised the source code of various plugins and injected code that exfiltrates database credentials and is used to create new, malicious, administrator...
10CVSS
0.001EPSS
EulerOS 2.0 SP11 : kernel (EulerOS-SA-2024-1837)
According to the versions of the kernel packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In the Linux kernel, the following vulnerability has been resolved: IB/ipoib: Fix mcast list locking Releasing the priv-lock while iterating...
7.8CVSS
7.9AI Score
0.0004EPSS
EulerOS 2.0 SP11 : gnutls (EulerOS-SA-2024-1813)
According to the versions of the gnutls packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS,...
5.3CVSS
7.2AI Score
0.0005EPSS