eromon.net Open Redirect vulnerability OBB-3939266
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.9AI Score
The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....
6.4CVSS
5.7AI Score
EPSS
The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....
6.4CVSS
EPSS
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...
6.6AI Score
EPSS
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...
EPSS
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...
7.3AI Score
EPSS
The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....
6.4CVSS
EPSS
The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....
6.4CVSS
EPSS
lectitopublishing.nl Cross Site Scripting vulnerability OBB-3939260
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
pusob.edu.np Open Redirect vulnerability OBB-3939259
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
CVE-2024-5535 SSL_select_next_proto buffer overread
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...
EPSS
CVE-2024-5535 SSL_select_next_proto buffer overread
Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour...
6.9AI Score
EPSS
software: vim 9.0.2130 WASP: ROSA-CHROME package_evr_string: vim-9.0.2130-1 CVE-ID: CVE-2023-46246 BDU-ID: 2023-07250 CVE-Crit: LOW CVE-DESC.: A vulnerability in the ga_grow_inner function of the vim text editor, protocol for software Unix is caused by an integer overflow. Exploitation of the...
5.5CVSS
6.7AI Score
0.0004EPSS
Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows...
9.8CVSS
EPSS
Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows...
9.8CVSS
9.5AI Score
EPSS
Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks
Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE-2024-5565 (CVSS score: 8.1), relates to a case of prompt...
8.1CVSS
8.6AI Score
0.0004EPSS
CVE-2024-0949 Improper Access Control in Talya Informatics' Elektraweb
Improper Access Control, Missing Authorization, Incorrect Authorization, Incorrect Permission Assignment for Critical Resource, Missing Authentication, Weak Authentication, Improper Restriction of Communication Channel to Intended Endpoints vulnerability in Talya Informatics Elektraweb allows...
9.8CVSS
EPSS
How to Use Python to Build Secure Blockchain Applications
Did you know it's now possible to build blockchain applications, known also as decentralized applications (or "dApps" for short) in native Python? Blockchain development has traditionally required learning specialized languages, creating a barrier for many developers… until now. AlgoKit, an...
6.9AI Score
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘video_color’ parameter in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output...
6.4CVSS
EPSS
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘video_color’ parameter in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output...
6.4CVSS
5.8AI Score
EPSS
CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5
CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5. No patch is available...
7.5CVSS
7.8AI Score
0.003EPSS
CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5
CVE-2020-17527 affecting package tomcat for versions less than 9.0.39-5. No patch is available...
7.5CVSS
7.8AI Score
0.003EPSS
CVE-2020-1472 affecting package samba for versions less than 4.12.5-4
CVE-2020-1472 affecting package samba for versions less than 4.12.5-4. A patched version of the package is...
5.5CVSS
7.2AI Score
0.467EPSS
GHSA-95PR-FXF5-86GV vulnerabilities
Vulnerabilities for packages: neuvector-sigstore-interface, tkn, slsa-verifier, spire-server, flux-source-controller, wolfictl, policy-controller, falco, aactl, melange, gitsign, vexctl, tekton-chains, goreleaser, zot, falcoctl, kubescape, zarf, apko, ko,...
7.5AI Score
CVE-2024-29018 vulnerabilities
Vulnerabilities for packages: grype, loki, buildkitd, crossplane, up, kaniko, tkn, docker-compose, ctop, spire-server, syft, wolfictl, conftest, prometheus, datadog-agent, aactl, melange, trivy, goreleaser, dagger, zot, buf, kubescape, cadvisor, ko, kargo,...
5.9CVSS
6.1AI Score
0.0004EPSS
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: keda, tkn, slsa-verifier, spire-server, flux-source-controller, traefik, cilium-envoy, cloudflared, oauth2-proxy, terragrunt, cert-manager, kyverno, dex, falco, aactl, istio-pilot-discovery, gitsign, sops, vexctl, tekton-chains, kots, rekor, flux-kustomize-controller,....
7.5AI Score
GHSA-JQ35-85CJ-FJ4P vulnerabilities
Vulnerabilities for packages: loki, kpt, up, slsa-verifier, ctop, cert-manager, prometheus, falco, aactl, chartmuseum, paranoia, tekton-chains, k3d, goreleaser, scorecard, kubescape, skaffold, bom, tekton-pipelines,...
7.5AI Score
GHSA-MQ39-4GV4-MVPX vulnerabilities
Vulnerabilities for packages: grype, loki, buildkitd, crossplane, up, kaniko, tkn, docker-compose, ctop, spire-server, syft, wolfictl, conftest, prometheus, datadog-agent, aactl, melange, trivy, goreleaser, dagger, zot, buf, kubescape, cadvisor, ko, kargo,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: helm-push, clusterctl, prometheus-redis-exporter, cass-operator, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, aws-load-balancer-controller, k8sgpt, velero, docker-cli, kpt, kubewatch, secrets-store-csi-driver-provider-azure,...
7.8AI Score
0.0004EPSS
7.5AI Score
7.5AI Score
6.3AI Score
0.0004EPSS
GHSA-7WW5-4WQC-M92C vulnerabilities
Vulnerabilities for packages: helm-push, grype, eksctl, helm, up, kaniko, ctop, flux-source-controller, fuse-overlayfs-snapshotter, cert-manager, newrelic-infrastructure-agent, melange, cilium-cli, kubevela, trivy, k3d, kots, neuvector-agent, zot, flux-helm-controller, gitness, kubescape,...
7.5AI Score
CVE-2024-25620 vulnerabilities
Vulnerabilities for packages: helm-push, k9s, kubescape, cert-manager, zot, trivy, k8sgpt, kots, zarf, eksctl, helm-operator, chartmuseum, flux-source-controller, up, cilium-cli, flux-helm-controller,...
6.4CVSS
6.7AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
8.8CVSS
7.1AI Score
0.001EPSS
7.5AI Score
8.8CVSS
7.2AI Score
0.001EPSS
8.8CVSS
7.2AI Score
0.001EPSS
8.8CVSS
7.2AI Score
0.001EPSS
8.8CVSS
7.2AI Score
0.001EPSS
8.8CVSS
7.2AI Score
0.001EPSS
7.5AI Score
7.5AI Score
7.5AI Score
7.5AI Score
7.5AI Score
8.8CVSS
7.2AI Score
0.0004EPSS
7.5AI Score