The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...
5.4CVSS
7.5AI Score
The Responsive Contact Form Builder & Lead Generation Plugin plugin for WordPress is vulnerable to arbitrary shortcode execution in all versions up to, and including, 1.9.1. This is due to the software allowing users to execute an action that does not properly validate a value before running...
7.5AI Score
(RHSA-2024:3253) Moderate: virt:rhel and virt-devel:rhel security update
Kernel-based Virtual Machine (KVM) offers a full virtualization solution for Linux on numerous hardware platforms. The virt:rhel module contains packages which provide user-space components used to run virtual machines using KVM. The packages also provide APIs for managing and interacting with the....
7.3AI Score
0.0005EPSS
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
7.2CVSS
6AI Score
Stealers, stealers and more stealers
Introduction Stealers are a prominent threat in the malware landscape. Over the past year we published our research into several stealers (see here, here and here), and for now, the trend seems to persist. In the past months, we wrote several private reports on stealers as we discovered Acrid (a...
7.7AI Score
The Piotnet Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 2.4.28 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6AI Score
The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.11.29 via the 'mepr-user-file' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary...
8.5CVSS
6.9AI Score
CVE-2023-44487 affecting package sriov-network-device-plugin for versions less than 3.5.1-2
CVE-2023-44487 affecting package sriov-network-device-plugin for versions less than 3.5.1-2. A patched version of the package is...
8.2AI Score
0.72EPSS
The Memberpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘arglist’ parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access.....
6.4CVSS
5.9AI Score
The WPB Elementor Addons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in all versions up to, and including, 1.0.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level...
6.4CVSS
6.1AI Score
The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' parameters in versions up to, and including, 2.7.2 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes...
9.8CVSS
8.1AI Score
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 1.60.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....
6.4CVSS
6.1AI Score
The ApplyOnline – Application Form Builder and Manager plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the aol_modal_box AJAX action in all versions up to, and including, 2.6. This makes it possible for authenticated attackers, with subscriber....
4.3CVSS
6.9AI Score
In the Linux kernel, the following vulnerability has been resolved: isofs: Fix out of bound access for corrupted isofs image When isofs image is suitably corrupted isofs_read_inode() can read data beyond the end of buffer. Sanity-check the directory entry length before using...
7.4AI Score
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: kube-fluentd-operator, external-secrets-operator, istio-cni, local-path-provisioner, clusterctl, opentofu, rook, flux-source-controller, loki, terraform-docs, trivy, nats, osv-scanner, cilium-cli, istio-operator, k8sgpt, helm, certificate-transparency, kpt,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: render-template, pombump, govulncheck, gke-gcloud-auth-plugin, nri-redis, local-path-provisioner, yam, clusterctl, opentofu, sbom-scorecard, cni-plugins, wait-for-port, loki, terraform-docs, wireguard-go, nats, gosu, dive, nats-server, k8sgpt, dockerize, helm, kpt,...
6.5AI Score
0.0004EPSS
CVE-2024-21626 vulnerabilities
Vulnerabilities for packages: skaffold, wolfictl, trivy, docker, buildkitd, nerdctl, runc, zot, kots, cadvisor, kubescape, newrelic-infrastructure-agent, ingress-nginx-controller, ctop, zarf, nvidia-device-plugin, skopeo, k9s, syft, grype, kubernetes, kaniko, telegraf, k3s, k3d,...
7.5AI Score
0.051EPSS
GHSA-VVPX-J8F3-3W6H vulnerabilities
Vulnerabilities for packages: grpcurl, gke-gcloud-auth-plugin, restic, wireguard-go, hey, go, k3d, dynamic-localpv-provisioner,...
7.5AI Score
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: gke-gcloud-auth-plugin, flux-kustomize-controller, opentofu, flux-source-controller, wireguard-go, nats, helm, kpt, memcached-exporter, conftest, istio-envoy, terraform-provider-azurerm, dotnet, cortex, pulumi, external-dns, cluster-autoscaler, calico, up,...
8.7AI Score
0.72EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: external-secrets-operator, sbom-scorecard, loki, nats, velero-plugin-for-aws, osv-scanner, cilium-cli, k8sgpt, dockerize, helm, step, memcached-exporter, nri-memcached, nsc, timestamp-authority, pulumi, newrelic-nri-statsd, opentelemetry-collector-contrib, nodetaint,.....
6.9AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: render-template, pombump, external-secrets-operator, gke-gcloud-auth-plugin, flux-kustomize-controller, govulncheck, clusterctl, go-fips, flux-source-controller, wait-for-port, terraform-docs, wireguard-go, trivy, osv-scanner, gosu, cilium-cli, dive, glab,...
7.5AI Score
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: render-template, pombump, external-secrets-operator, gke-gcloud-auth-plugin, flux-kustomize-controller, govulncheck, clusterctl, go-fips, flux-source-controller, wait-for-port, terraform-docs, wireguard-go, trivy, osv-scanner, gosu, cilium-cli, dive, glab,...
6.5AI Score
0.0004EPSS
CVE-2023-45285 vulnerabilities
Vulnerabilities for packages: influx, render-template, gke-gcloud-auth-plugin, grpcurl, local-path-provisioner, sbom-scorecard, sonobuoy, prometheus-stackdriver-exporter, cni-plugins, wait-for-port, nats, goreleaser, ip-masq-agent, gosu, cass-operator, gitlab-logger, oras, mage,...
8.2AI Score
0.001EPSS
Vulnerabilities for packages: kube-fluentd-operator, external-secrets-operator, gke-gcloud-auth-plugin, flux-kustomize-controller, opentofu, flux-source-controller, wireguard-go, dive, k8sgpt, helm, kpt, memcached-exporter, pulumi, kubernetes-csi-external-provisioner, runc,...
6.5AI Score
0.001EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: render-template, pombump, govulncheck, gke-gcloud-auth-plugin, nri-redis, local-path-provisioner, yam, clusterctl, opentofu, sbom-scorecard, cni-plugins, wait-for-port, loki, terraform-docs, wireguard-go, nats, gosu, dive, nats-server, k8sgpt, dockerize, helm, kpt,...
7.5AI Score
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: render-template, pombump, govulncheck, gke-gcloud-auth-plugin, nri-redis, local-path-provisioner, yam, clusterctl, opentofu, sbom-scorecard, cni-plugins, wait-for-port, loki, terraform-docs, wireguard-go, nats, gosu, dive, nats-server, k8sgpt, dockerize, helm, kpt,...
6.5AI Score
0.0004EPSS
CVE-2022-41723 vulnerabilities
Vulnerabilities for packages: grpcurl, gke-gcloud-auth-plugin, restic, wireguard-go, hey, go, k3d, dynamic-localpv-provisioner,...
8.2AI Score
0.02EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: kube-fluentd-operator, external-secrets-operator, istio-cni, local-path-provisioner, clusterctl, opentofu, rook, flux-source-controller, loki, terraform-docs, trivy, nats, osv-scanner, cilium-cli, istio-operator, k8sgpt, helm, certificate-transparency, kpt,...
6.6AI Score
0.0004EPSS
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: external-secrets-operator, sbom-scorecard, loki, nats, velero-plugin-for-aws, osv-scanner, cilium-cli, k8sgpt, dockerize, helm, step, memcached-exporter, nri-memcached, nsc, timestamp-authority, pulumi, newrelic-nri-statsd, opentelemetry-collector-contrib, nodetaint,.....
7.5AI Score
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: render-template, pombump, external-secrets-operator, gke-gcloud-auth-plugin, flux-kustomize-controller, govulncheck, clusterctl, flux-source-controller, wait-for-port, terraform-docs, wireguard-go, trivy, osv-scanner, gosu, cilium-cli, dive, glab, istio-operator,...
7.5AI Score
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: kube-fluentd-operator, external-secrets-operator, gke-gcloud-auth-plugin, flux-kustomize-controller, istio-cni, opentofu, flux-source-controller, wireguard-go, nats, dive, istio-operator, k8sgpt, helm, kpt, memcached-exporter, istio-pilot-agent, pulumi,...
8.2AI Score
0.002EPSS
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: render-template, pombump, govulncheck, gke-gcloud-auth-plugin, nri-redis, local-path-provisioner, yam, clusterctl, opentofu, sbom-scorecard, cni-plugins, wait-for-port, loki, terraform-docs, wireguard-go, nats, gosu, dive, nats-server, k8sgpt, dockerize, helm, kpt,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: render-template, pombump, govulncheck, gke-gcloud-auth-plugin, nri-redis, local-path-provisioner, yam, clusterctl, opentofu, sbom-scorecard, cni-plugins, wait-for-port, loki, terraform-docs, wireguard-go, nats, gosu, dive, nats-server, k8sgpt, dockerize, helm, kpt,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: render-template, pombump, govulncheck, gke-gcloud-auth-plugin, nri-redis, local-path-provisioner, yam, clusterctl, opentofu, sbom-scorecard, cni-plugins, wait-for-port, loki, terraform-docs, wireguard-go, nats, gosu, dive, nats-server, k8sgpt, dockerize, helm, kpt,...
7.5AI Score
GHSA-9F76-WG39-X86H vulnerabilities
Vulnerabilities for packages: influx, render-template, gke-gcloud-auth-plugin, grpcurl, local-path-provisioner, sbom-scorecard, sonobuoy, prometheus-stackdriver-exporter, cni-plugins, wait-for-port, nats, goreleaser, ip-masq-agent, gosu, cass-operator, gitlab-logger, oras, mage,...
7.5AI Score
CVE-2023-39326 vulnerabilities
Vulnerabilities for packages: influx, render-template, gke-gcloud-auth-plugin, grpcurl, local-path-provisioner, sbom-scorecard, sonobuoy, prometheus-stackdriver-exporter, cni-plugins, wait-for-port, nats, goreleaser, ip-masq-agent, gosu, cass-operator, gitlab-logger, oras, mage,...
7.4AI Score
0.001EPSS
GHSA-5F94-VHJQ-RPG8 vulnerabilities
Vulnerabilities for packages: influx, render-template, gke-gcloud-auth-plugin, grpcurl, local-path-provisioner, sbom-scorecard, sonobuoy, prometheus-stackdriver-exporter, cni-plugins, wait-for-port, nats, goreleaser, ip-masq-agent, gosu, cass-operator, gitlab-logger, oras, mage,...
7.5AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: kube-fluentd-operator, external-secrets-operator, gke-gcloud-auth-plugin, flux-kustomize-controller, istio-cni, opentofu, flux-source-controller, wireguard-go, nats, dive, istio-operator, k8sgpt, helm, kpt, memcached-exporter, istio-pilot-agent, pulumi,...
7.5AI Score
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: kube-fluentd-operator, external-secrets-operator, gke-gcloud-auth-plugin, flux-kustomize-controller, opentofu, flux-source-controller, wireguard-go, dive, k8sgpt, helm, kpt, memcached-exporter, pulumi, kubernetes-csi-external-provisioner, runc,...
7.5AI Score
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: gke-gcloud-auth-plugin, flux-kustomize-controller, opentofu, flux-source-controller, wireguard-go, nats, helm, kpt, memcached-exporter, conftest, istio-envoy, terraform-provider-azurerm, dotnet, cortex, pulumi, external-dns, cluster-autoscaler, calico, up,...
7.5AI Score
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: keda, flux-kustomize-controller, cert-manager, minio, prometheus-blackbox-exporter, oauth2-proxy, spark-operator, prometheus-stackdriver-exporter, flux-source-controller, prometheus, coredns, dynamic-localpv-provisioner, pulumi-language-dotnet, weaviate, goreleaser,...
7.5AI Score
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: render-template, pombump, govulncheck, gke-gcloud-auth-plugin, nri-redis, local-path-provisioner, yam, clusterctl, opentofu, sbom-scorecard, cni-plugins, wait-for-port, loki, terraform-docs, wireguard-go, nats, gosu, dive, nats-server, k8sgpt, dockerize, helm, kpt,...
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: render-template, pombump, govulncheck, gke-gcloud-auth-plugin, nri-redis, local-path-provisioner, yam, clusterctl, opentofu, sbom-scorecard, cni-plugins, wait-for-port, loki, terraform-docs, wireguard-go, nats, gosu, dive, nats-server, k8sgpt, dockerize, helm, kpt,...
6.5AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: render-template, pombump, govulncheck, gke-gcloud-auth-plugin, nri-redis, local-path-provisioner, yam, clusterctl, opentofu, sbom-scorecard, cni-plugins, wait-for-port, loki, terraform-docs, wireguard-go, nats, gosu, dive, nats-server, k8sgpt, dockerize, helm, kpt,...
6.5AI Score
0.0004EPSS
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: render-template, pombump, external-secrets-operator, gke-gcloud-auth-plugin, flux-kustomize-controller, govulncheck, clusterctl, flux-source-controller, wait-for-port, terraform-docs, wireguard-go, trivy, osv-scanner, gosu, cilium-cli, dive, glab, istio-operator,...
6.5AI Score
0.0004EPSS
GHSA-XR7R-F8XQ-VFVV vulnerabilities
Vulnerabilities for packages: skaffold, wolfictl, trivy, docker, buildkitd, nerdctl, runc, zot, kots, cadvisor, kubescape, newrelic-infrastructure-agent, ingress-nginx-controller, ctop, zarf, nvidia-device-plugin, skopeo, k9s, syft, grype, kubernetes, kaniko, telegraf, k3s, k3d,...
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: render-template, pombump, govulncheck, gke-gcloud-auth-plugin, nri-redis, local-path-provisioner, yam, clusterctl, opentofu, sbom-scorecard, cni-plugins, wait-for-port, loki, terraform-docs, wireguard-go, nats, gosu, dive, nats-server, k8sgpt, dockerize, helm, kpt,...
6.5AI Score
0.0004EPSS
The Memberpress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘arglist’ parameter in all versions up to, and including, 1.11.29 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access.....
5.9AI Score
The SiteOrigin Widgets Bundle plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siteorigin_widget' shortcode in all versions up to, and including, 1.60.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....
5.9AI Score
The Memberpress plugin for WordPress is vulnerable to Blind Server-Side Request Forgery in all versions up to, and including, 1.11.29 via the 'mepr-user-file' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to make web requests to arbitrary...
6.8AI Score