GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: pulumi-kubernetes-operator, cert-manager, kubernetes-csi-external-attacher, thanos, buildkitd, dynamic-localpv-provisioner, node-problem-detector, ko, kubevela, prometheus-blackbox-exporter, terraform, aws-efs-csi-driver, vault-csi-provider, pulumi-language-dotnet,...
7.5AI Score
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: thanos, flux-image-reflector-controller, delve, ctop, docker-cli, terraform, k8sgpt-operator, govulncheck, kubernetes-csi-external-resizer, vexctl, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, up, memcached-exporter, regclient, kuberay-operator,....
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: thanos, flux-image-reflector-controller, delve, ctop, docker-cli, terraform, k8sgpt-operator, govulncheck, kubernetes-csi-external-resizer, vexctl, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, up, memcached-exporter, regclient, kuberay-operator,....
7.8AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: thanos, flux-image-reflector-controller, delve, ctop, docker-cli, terraform, k8sgpt-operator, govulncheck, kubernetes-csi-external-resizer, vexctl, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, up, memcached-exporter, regclient, kuberay-operator,....
7.8AI Score
0.0004EPSS
CVE-2024-29903 vulnerabilities
Vulnerabilities for packages: policy-controller, ko, gitsign, skaffold, zot, aactl, vexctl, wolfictl, tkn, spire-server, flux-source-controller, slsa-verifier, melange, neuvector-sigstore-interface, apko, goreleaser, kubescape, tekton-chains, falcoctl, falco,...
4.2CVSS
4.6AI Score
0.0004EPSS
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: hivemind, trivy, prometheus-mysqld-exporter, up, docker-credential-gcr, glab, go-md2man, osv-scanner, pulumi-language-java, age, wait-for-port, nsc, nri-f5, kafka-proxy, prometheus-nats-exporter, controller-gen, nri-prometheus, extism, kubebuilder, step,...
7.5AI Score
CVE-2023-39326 vulnerabilities
Vulnerabilities for packages: kind, hey, ctop, docker-cli, flannel-cni-plugin, nats, gitlab-logger, aws-flb-firehose, cortex, go-licenses, aactl, gobuster, metrics-server, configmap-reload, influx, aws-flb-kinesis, cilium-envoy, go-md2man, sbom-scorecard, cni-plugins, ip-masq-agent,...
5.3CVSS
7.2AI Score
0.001EPSS
GHSA-5F94-VHJQ-RPG8 vulnerabilities
Vulnerabilities for packages: kind, hey, ctop, docker-cli, flannel-cni-plugin, nats, gitlab-logger, aws-flb-firehose, cortex, go-licenses, aactl, gobuster, metrics-server, configmap-reload, influx, aws-flb-kinesis, cilium-envoy, go-md2man, sbom-scorecard, cni-plugins, ip-masq-agent,...
7.5AI Score
GHSA-9F76-WG39-X86H vulnerabilities
Vulnerabilities for packages: kind, hey, ctop, docker-cli, flannel-cni-plugin, nats, gitlab-logger, aws-flb-firehose, cortex, go-licenses, aactl, gobuster, metrics-server, configmap-reload, influx, aws-flb-kinesis, cilium-envoy, go-md2man, sbom-scorecard, cni-plugins, ip-masq-agent,...
7.5AI Score
CVE-2024-28180 vulnerabilities
Vulnerabilities for packages: cert-manager, policy-controller, ko, gitsign, cosign, fulcio, skaffold, grafana, istio-pilot-discovery, aactl, istio-operator, keda, vault, vexctl, wolfictl, external-secrets-operator, tkn, oauth2-proxy, tekton-pipelines, flux-kustomize-controller, dex, cilium,...
4.3CVSS
6AI Score
0.0005EPSS
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: thanos, flux-image-reflector-controller, kube-fluentd-operator, terraform, k8sgpt-operator, pulumi-language-dotnet, kubernetes-csi-external-resizer, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, memcached-exporter, nvidia-device-plugin, mc,...
7.5AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: thanos, flux-image-reflector-controller, kube-fluentd-operator, terraform, k8sgpt-operator, pulumi-language-dotnet, kubernetes-csi-external-resizer, prometheus-mysqld-exporter, istio-pilot-discovery, aws-load-balancer-controller, gobuster, up, memcached-exporter,...
7.5AI Score
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: thanos, flux-image-reflector-controller, kube-fluentd-operator, terraform, trivy, prometheus-mysqld-exporter, traefik, istio-pilot-discovery, gobuster, up, memcached-exporter, bank-vaults, gatekeeper, flux, weaviate, k3s, cloud-sql-proxy, cilium-cli, nsc,...
7.5AI Score
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: thanos, terraform, pulumi-language-dotnet, traefik, gobuster, up, memcached-exporter, nvidia-device-plugin, mc, tomcat, neuvector-agent, gatekeeper, pulumi-language-java, weaviate, envoy-ratelimit, terraform-provider-azurerm, nri-prometheus,...
7.5AI Score
GHSA-MW99-9CHC-XW7R vulnerabilities
Vulnerabilities for packages: pulumi-kubernetes-operator, bom, kubevela, gitsign, pulumi-language-dotnet, zot, go-licenses, src-fingerprint, pulumi-language-java, tekton-pipelines, flux-kustomize-controller, pulumi, pulumi-language-yaml, argo-cd, nuclei, scorecard, gomplate, apko, goreleaser,...
7.5AI Score
GHSA-V53G-5GJP-272R vulnerabilities
Vulnerabilities for packages: zot, cert-manager, cilium-cli, kots, kubescape, up, istio-operator, k9s, flux-source-controller, eksctl, chartmuseum, k8sgpt, flux-helm-controller, helm-push, trivy, zarf,...
7.5AI Score
9.8CVSS
9.9AI Score
0.005EPSS
9.8CVSS
9.9AI Score
0.005EPSS
7.5AI Score
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: overmind, flux-image-reflector-controller, delve, thanos, ctop, govulncheck, hcloud, kubernetes-csi-external-resizer, pulumi-language-dotnet, trivy, jitsucom-bulker, prometheus-mysqld-exporter, traefik, kubecolor, vt-cli, regclient, mockery, influx,...
6.5AI Score
0.0004EPSS
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: hivemind, trivy, prometheus-mysqld-exporter, up, docker-credential-gcr, glab, go-md2man, osv-scanner, pulumi-language-java, age, wait-for-port, nsc, nri-f5, kafka-proxy, prometheus-nats-exporter, controller-gen, nri-prometheus, extism, kubebuilder, step,...
7.5AI Score
GHSA-XW73-RW38-6VJC vulnerabilities
Vulnerabilities for packages: cert-manager, flux-image-reflector-controller, bom, buildkitd, ctop, policy-controller, kubevela, cri-tools, newrelic-infrastructure-agent, gitsign, cosign, flux-helm-controller, k9s, prometheus, trivy, traefik, skaffold, crane, filebeat, istio-pilot-discovery, zot,...
7.5AI Score
CVE-2023-49568 vulnerabilities
Vulnerabilities for packages: pulumi-kubernetes-operator, bom, kubevela, gitsign, pulumi-language-dotnet, zot, go-licenses, src-fingerprint, pulumi-language-java, tekton-pipelines, flux-kustomize-controller, pulumi, pulumi-language-yaml, argo-cd, nuclei, scorecard, gomplate, apko, goreleaser,...
7.5CVSS
7.8AI Score
0.0005EPSS
GHSA-PXHW-596R-RWQ5 vulnerabilities
Vulnerabilities for packages: node-feature-discovery, spark-operator, kubernetes-dns-node-cache, local-static-provisioner, aws-ebs-csi-driver, kubernetes, kubernetes-csi-driver-hostpath, cluster-autoscaler, calico, nodetaint,...
7.5AI Score
GHSA-XR7R-F8XQ-VFVV vulnerabilities
Vulnerabilities for packages: buildkitd, ctop, newrelic-infrastructure-agent, docker, k9s, trivy, syft, skaffold, zot, kubernetes, wolfictl, nvidia-device-plugin, k3s, k3d, skopeo, runc, kaniko, datadog-agent, grype, kubescape, kots, ingress-nginx-controller, telegraf, cadvisor, nerdctl,...
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: thanos, flux-image-reflector-controller, delve, ctop, docker-cli, terraform, k8sgpt-operator, govulncheck, kubernetes-csi-external-resizer, vexctl, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, up, memcached-exporter, regclient, kuberay-operator,....
6AI Score
0.0004EPSS
3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords
Update: As of 12:36PM EST, another plugin has been infected. We've updated the list below to include this fourth plugin and the plugins team has been notified. Update: As of 2:20 PM EST, two more plugins appear to have malicious commits, however, the releases have not officially been made meaning.....
7.2AI Score
Glastonbury ticket hijack vulnerability fixed
The Glastonbury ticket website was vulnerable to a relatively simple attack that that allowed ticket theft and data leakage. What’s the issue? An attacker could scrape collaborative ticket buying websites (e.g. Reddit) to gather people’s details, use a flaw in the registration process and session.....
6.8AI Score
New SnailLoad Attack Exploits Network Latency to Spy on Users' Web Activities
A group of security researchers from the Graz University of Technology have demonstrated a new side-channel attack known as SnailLoad that could be used to remotely infer a user's web activity. "SnailLoad exploits a bottleneck present on all Internet connections," the researchers said in a study...
7.4AI Score
Summary IBM Storage Protect for Space Management can be affected by security flaws in IBM WebSphere Application Server Liberty and Apache Xerces C++ XML parser. The flaws can lead to server-side request forgery,, denial of service, and arbitrary code execution, as described in the "Vulnerability...
5.9CVSS
8.4AI Score
0.0004EPSS
Researchers Warn of Flaws in Widely Used Industrial Gas Analysis Equipment
Multiple security flaws have been disclosed in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to obtain sensitive information, induce a denial-of-service (DoS) condition, and even execute arbitrary commands. The flaws impact GC370XA, GC700XA, and GC1500XA and...
9.8CVSS
9AI Score
0.001EPSS
An issue was discovered in GitLab CE/EE affecting all versions starting from 9.2 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, with the processing logic for generating link in dependency files can lead to a regular expression DoS attack on the...
6.5CVSS
6.4AI Score
0.0004EPSS
The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tiktok_user_id’ parameter in all versions up to, and including, 7.0.12 due to insufficient input sanitization and output....
4.7CVSS
0.0004EPSS
The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tiktok_user_id’ parameter in all versions up to, and including, 7.0.12 due to insufficient input sanitization and output....
4.7CVSS
4.7AI Score
0.0004EPSS
The Silesia theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute within the theme's Button shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with....
6.4CVSS
0.0004EPSS
The Silesia theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute within the theme's Button shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with....
6.4CVSS
5.8AI Score
0.0004EPSS
The Conversios – Google Analytics 4 (GA4), Meta Pixel & more Via Google Tag Manager For WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘tiktok_user_id’ parameter in all versions up to, and including, 7.0.12 due to insufficient input sanitization and output....
4.7CVSS
0.0004EPSS
The Silesia theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ attribute within the theme's Button shortcode in all versions up to, and including, 1.0.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with....
6.4CVSS
0.0004EPSS
HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one...
3.7CVSS
0.0004EPSS
HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one...
3.7CVSS
4.1AI Score
0.0004EPSS
A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the IP block functionality. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following...
7.2CVSS
0.0004EPSS
A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the IP block functionality. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following...
7.2CVSS
7.8AI Score
0.0004EPSS
A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the IP block functionality. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following...
7.2CVSS
0.0004EPSS
CVE-2024-30109 Lack of Clickjacking Protection vulnerability affects DRYiCE AEX v10
HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one...
3.7CVSS
0.0004EPSS
CVE-2024-30109 Lack of Clickjacking Protection vulnerability affects DRYiCE AEX v10
HCL DRYiCE AEX is impacted by a lack of clickjacking protection in the AEX web application. An attacker can use multiple transparent or opaque layers to trick a user into clicking on a button or link on another page than the one...
3.7CVSS
4.2AI Score
0.0004EPSS
K000140188: PostgreSQL vulnerability CVE-2024-0985
Security Advisory Description Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of...
8CVSS
8.1AI Score
0.001EPSS
K000140189: Linux kernel vulnerability CVE-2021-47572
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled (!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error path.....
5.5CVSS
6.4AI Score
0.0004EPSS
CVE-2024-34102 POC for CVE-2024-34102. A pre-authentication...
9.8CVSS
6.9AI Score
0.038EPSS
D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle...
0.0004EPSS
D-Link DIR-1950 up to v1.11B03 does not validate SSL certificates when requesting the latest firmware version and downloading URL. This can allow attackers to downgrade the firmware version or change the downloading URL via a man-in-the-middle...
7AI Score
0.0004EPSS