CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: nri-nginx, crossplane-provider-azure, cloud-sql-proxy, cni-plugins, docker-cli, prometheus-postgres-exporter, kubeflow-katib, pombump, go-licenses, gops, docker-credential-ecr-login, haproxy-ingress, kind, opentofu, cri-tools, prometheus-elasticsearch-exporter,...
7.8AI Score
0.0004EPSS
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: step-issuer, kubeflow-katib, pombump, prometheus-elasticsearch-exporter, nri-mongodb, nerdctl, dynamic-localpv-provisioner, velero-plugin-for-csi, kubernetes-dashboard, gostatsd, cert-exporter, helm-docs, kubernetes-ingress-defaultbackend, shfmt, kube-bench, zarf,...
7.5AI Score
GHSA-9F76-WG39-X86H vulnerabilities
Vulnerabilities for packages: petname, cass-operator, gosu, nats, cni-plugins, go-md2man, docker-cli, slsa-verifier, aactl, k3d, go-licenses, gobuster, gops, ip-masq-agent, docker-credential-ecr-login, influx, nsc, kind, prometheus-bind-exporter, render-template, aws-flb-cloudwatch, dgraph,...
7.5AI Score
GHSA-5F94-VHJQ-RPG8 vulnerabilities
Vulnerabilities for packages: petname, cass-operator, gosu, nats, cni-plugins, go-md2man, docker-cli, slsa-verifier, aactl, k3d, go-licenses, gobuster, gops, ip-masq-agent, docker-credential-ecr-login, influx, nsc, kind, prometheus-bind-exporter, render-template, aws-flb-cloudwatch, dgraph,...
7.5AI Score
CVE-2024-28180 vulnerabilities
Vulnerabilities for packages: external-secrets-operator, flux-kustomize-controller, istio-operator, slsa-verifier, tekton-chains, cert-manager, minio, falcoctl, cloudflared, aactl, guac, cilium, cosign, oauth2-proxy, sigstore-scaffolding, step, timestamp-authority, istio-cni, kargo, weaviate,...
4.3CVSS
6AI Score
0.0005EPSS
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: terraform-provider-aws, crossplane-provider-azure, cloud-sql-proxy, prometheus-postgres-exporter, cloudflared, aactl, kubeflow-katib, go-licenses, secrets-store-csi-driver, haproxy-ingress, opentofu, influxd, nerdctl, dynamic-localpv-provisioner, kubernetes-dashboard,....
7.5AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, cloud-sql-proxy, prometheus-postgres-exporter, kubeflow-katib, aactl, secrets-store-csi-driver, haproxy-ingress, kind, opentofu, influxd, prometheus-elasticsearch-exporter, dynamic-localpv-provisioner, kubernetes-dashboard, prometheus,...
7.5AI Score
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, cloud-sql-proxy, prometheus-postgres-exporter, kubeflow-katib, aactl, secrets-store-csi-driver, haproxy-ingress, opentofu, influxd, prometheus-elasticsearch-exporter, dynamic-localpv-provisioner, kubernetes-dashboard, prometheus,...
7.5AI Score
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: terraform-provider-aws, pulumi-language-yaml, prometheus-blackbox-exporter, flux-kustomize-controller, cluster-autoscaler, external-dns, prometheus-adapter, slsa-verifier, kubevela, cert-manager, minio, kubeflow-katib, aactl, k3d, cosign, flux-notification-controller,....
7.5AI Score
GHSA-V53G-5GJP-272R vulnerabilities
Vulnerabilities for packages: trivy, chartmuseum, zarf, istio-operator, flux-helm-controller, zot, cert-manager, cilium-cli, kots, flux-source-controller, k9s, k8sgpt, eksctl, helm-push, up, helm-operator,...
7.5AI Score
CVE-2023-39326 vulnerabilities
Vulnerabilities for packages: petname, cass-operator, gosu, nats, cni-plugins, go-md2man, docker-cli, slsa-verifier, aactl, k3d, go-licenses, gobuster, gops, ip-masq-agent, docker-credential-ecr-login, influx, nsc, kind, prometheus-bind-exporter, render-template, aws-flb-cloudwatch, dgraph,...
5.3CVSS
7.2AI Score
0.001EPSS
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, cloudflared, aactl, pombump, go-licenses, gops, docker-credential-ecr-login, secrets-store-csi-driver, kind, cri-tools, clusterctl, dynamic-localpv-provisioner, kubernetes-dashboard, nats-server, gostatsd, flannel, trust-manager,...
6.5AI Score
0.0004EPSS
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: step-issuer, kubeflow-katib, pombump, prometheus-elasticsearch-exporter, nri-mongodb, nerdctl, dynamic-localpv-provisioner, velero-plugin-for-csi, kubernetes-dashboard, gostatsd, cert-exporter, helm-docs, kubernetes-ingress-defaultbackend, shfmt, kube-bench, zarf,...
7.5AI Score
GHSA-XW73-RW38-6VJC vulnerabilities
Vulnerabilities for packages: slsa-verifier, kubevela, cert-manager, tekton-chains, falcoctl, guac, aactl, datadog-agent, cosign, filebeat, kubeflow-katib, buildkitd, kargo, cri-tools, telegraf, policy-controller, nerdctl, cadvisor, newrelic-infrastructure-agent, prometheus, loki, falco, zot,...
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: nri-nginx, crossplane-provider-azure, cloud-sql-proxy, cni-plugins, docker-cli, prometheus-postgres-exporter, kubeflow-katib, pombump, go-licenses, gops, docker-credential-ecr-login, haproxy-ingress, kind, opentofu, cri-tools, prometheus-elasticsearch-exporter,...
6AI Score
0.0004EPSS
GHSA-PXHW-596R-RWQ5 vulnerabilities
Vulnerabilities for packages: aws-ebs-csi-driver, kubernetes, node-feature-discovery, calico, cluster-autoscaler, local-static-provisioner, nodetaint, kubernetes-csi-driver-hostpath, kubernetes-dns-node-cache, ip-masq-agent,...
7.5AI Score
Summary IBM Edge Application Manager 4.5.6 addresses the security vulnerabilities listed in the CVEs below. Vulnerability Details ** CVEID: CVE-2024-29018 DESCRIPTION: **moby could allow a remote attacker to obtain sensitive information, caused by incorrect resource transfer between spheres. By...
7.8CVSS
7.5AI Score
0.001EPSS
Federal Reserve “breached” data may actually belong to Evolve Bank
A shockwave went through the financial world when ransomware group LockBit claimed to have breached the US Federal Reserve, the central banking system of the United States. On LockBit's dark web leak site, the group threatened to release over 30 TB of banking information containing Americans'...
7.4AI Score
Keep Your Tech Flame Alive: Trailblazer Mie Elmkvist Schneider
In this Akamai FLAME Trailblazer blog post, Mie Elmkvist Schneider from Queue-it describes the differences between being a manager and being a...
7.3AI Score
Practical Guidance For Securing Your Software Supply Chain
The heightened regulatory and legal pressure on software-producing organizations to secure their supply chains and ensure the integrity of their software should come as no surprise. In the last several years, the software supply chain has become an increasingly attractive target for attackers who.....
6.7AI Score
Summary WebSphere Application Server is shipped with IBM Tivoli System Automation Application Manager. Information about a security vulnerability affecting WebSphere Application Server has been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s) listed in the.....
8.8CVSS
6.3AI Score
0.0004EPSS
New Credit Card Skimmer Targets WordPress, Magento, and OpenCart Sites
Multiple content management system (CMS) platforms like WordPress, Magento, and OpenCart have been targeted by a new credit card web skimmer called Caesar Cipher Skimmer. A web skimmer refers to malware that is injected into e-commerce sites with the goal of stealing financial and payment...
7.4AI Score
Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities
Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.8.0. Vulnerability Details ** CVEID: CVE-2023-38371 DESCRIPTION: **IBM Security Access Manager uses weaker than expected cryptographic algorithms that...
7.2AI Score
EPSS
Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities
Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.0.8. Vulnerability Details ** CVEID: CVE-2024-31883 DESCRIPTION: **IBM Security Verify Access, under certain configurations, could allow an...
7.5CVSS
8AI Score
EPSS
The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
7.2CVSS
0.001EPSS
The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
7.2CVSS
6.2AI Score
0.001EPSS
6.7AI Score
EPSS
RHEL 9 : kernel-rt (RHSA-2024:4106)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2024:4106 advisory. The kernel-rt packages provide the Real Time Linux Kernel, which enables fine-tuning for systems with extremely high determinism...
7.5AI Score
0.0004EPSS
A vulnerability in the Net::CIDR::Lite module of the Perl programming language interpreter is related to bugs in the handling foreign null characters at the beginning of an IP address string. Exploitation of the vulnerability could allow an attacker acting remotely to bypass access...
6.9AI Score
0.0004EPSS
6.7AI Score
EPSS
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : kernel (SUSE-SU-2024:2190-1)
The remote SUSE Linux SLED15 / SLED_SAP15 / SLES15 / SLES_SAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2024:2190-1 advisory. The SUSE Linux Enterprise 15 SP5 kernel was updated to receive various security bugfixes. The...
9.8CVSS
9.3AI Score
EPSS
A vulnerability in the getUnpushedChanges() function of the dependency manager for PHP Composer is related to the use of the status and reinstall commands. status, reinstall and remove commands. Exploitation of the vulnerability could allow an attacker, acting remotely, to execute arbitrary...
8.8CVSS
7.7AI Score
0.005EPSS
The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
7.2CVSS
6.1AI Score
0.001EPSS
The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
7.2CVSS
0.001EPSS
Neiman Marcus confirms breach. Is the customer data already for sale?
Luxury retail chain Neiman Marcus has begun to inform customers about a cyberattack it discovered in May. The attacker compromised a database platform storing customers' personal information. The letter tells customers: “Promptly after learning of the issue, we took steps to contain it, including.....
7.5AI Score
A security vulnerability has been identified in HPE Athonet Mobile Core software. The core application contains a code injection vulnerability where a threat actor could execute arbitrary commands with the privilege of the underlying container leading to complete takeover of the target...
7.5CVSS
7.9AI Score
0.0004EPSS
Authentication Bypasses in MOVEit Transfer and MOVEit Gateway
On June 25, 2024, Progress Software published information on two new vulnerabilities in MOVEit Transfer and MOVEit Gateway: CVE-2024-5806, a critical authentication bypass affecting the MOVEit Transfer SFTP service in a default configuration; and CVE-2024-5805, a critical SFTP-associated...
9.1CVSS
9.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: fpga: manager: add owner module and take its refcount The current implementation of the fpga manager assumes that the low-level module registers a driver for the parent device and uses its owner pointer to take the module's...
7.3AI Score
0.0004EPSS
Cybersecurity in the SMB space — a growing threat
Small and medium-sized businesses (SMBs) are increasingly targeted by cybercriminals. Despite adopting digital technology for remote work, production, and sales, SMBs often lack robust cybersecurity measures. SMBs face significant cybersecurity challenges due to limited resources and expertise....
7.3AI Score
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...
5.4CVSS
5.1AI Score
0.0004EPSS
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...
5.4CVSS
0.0004EPSS
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...
5.4CVSS
5.1AI Score
0.0004EPSS
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...
5.4CVSS
0.0004EPSS
CVE-2024-34142 AMS XSS - /libs/dam/cfm/components/download/clientlib/js/download.js
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...
5.4CVSS
0.0004EPSS
CVE-2024-34142 AMS XSS - /libs/dam/cfm/components/download/clientlib/js/download.js
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...
5.4CVSS
5.3AI Score
0.0004EPSS
CVE-2024-34141 AMS XSS - /libs/granite/backup/clientlibs/js/backup.js
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...
5.4CVSS
0.0004EPSS
CVE-2024-34141 AMS XSS - /libs/granite/backup/clientlibs/js/backup.js
Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting (XSS) vulnerability that could be abused by a low-privileged attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they...
5.4CVSS
5.3AI Score
0.0004EPSS
The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...
0.0004EPSS
The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...
5.6AI Score
0.0004EPSS
CVE-2024-4757 Logo Manager For Enamad <= 0.7.0 - Stored XSS via CSRF
The Logo Manager For Enamad WordPress plugin through 0.7.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF...
5.8AI Score
0.0004EPSS