Classified Listing Store & Membership Addon Security Vulnerabilities
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: skaffold, gomplate, memcached-exporter, flux-kustomize-controller, cue, aactl, opentofu, secrets-store-csi-driver-provider-gcp, ko, kaf, metrics-server, terraform-provider-aws, metacontroller, coredns, prometheus-elasticsearch-exporter, terraform-provider-azurerm,...
8.7AI Score
0.72EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: prometheus-nats-exporter, capslock, doppler-kubernetes-operator, jaeger-agent, prometheus-beat-exporter, crossplane-provider-azure, nerdctl, skaffold, spire-server, vexctl, gomplate, k8sgpt, kine, tekton-chains, memcached-exporter, melange, cadvisor, aactl,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...
6.5AI Score
0.0004EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: prometheus-nats-exporter, bincapz, opentofu, ko, regclient, k3d, coredns, gptscript, src-fingerprint, kubeadm-bootstrap-controller, go-md2man, ollama, grafana, shfmt, nri-mssql, gitlab-kas, certificate-transparency, nri-mysql, harbor-scanner-trivy, argo-cd, helm,...
7AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: prometheus-nats-exporter, capslock, prometheus-beat-exporter, jaeger-agent, skaffold, crossplane-provider-azure, docker-credential-gcr, gomplate, k8sgpt, tekton-chains, croc, melange, flux-kustomize-controller, cue, cadvisor, aactl, helm-operator, loki,...
7.5AI Score
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: prometheus-nats-exporter, capslock, prometheus-beat-exporter, jaeger-agent, skaffold, crossplane-provider-azure, docker-credential-gcr, gomplate, k8sgpt, tekton-chains, croc, melange, flux-kustomize-controller, cue, cadvisor, aactl, helm-operator, loki,...
6.5AI Score
0.0004EPSS
Vulnerabilities for packages: skaffold, crossplane-provider-azure, gomplate, k8sgpt, memcached-exporter, flux-kustomize-controller, cue, aactl, opentofu, secrets-store-csi-driver-provider-gcp, kaf, k3d, metrics-server, prometheus-alertmanager, metacontroller, coredns,...
6.5AI Score
0.001EPSS
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: prometheus-nats-exporter, crossplane-provider-azure, nerdctl, spire-server, vexctl, gomplate, tekton-chains, memcached-exporter, melange, flux-kustomize-controller, cadvisor, aactl, opentofu, loki, ko, kaf, actions-runner-controller, nfs-subdir-external-provisioner,...
7AI Score
0.962EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: prometheus-nats-exporter, capslock, doppler-kubernetes-operator, jaeger-agent, prometheus-beat-exporter, crossplane-provider-azure, nerdctl, skaffold, spire-server, vexctl, gomplate, k8sgpt, kine, tekton-chains, memcached-exporter, melange, cadvisor, aactl,...
6.7AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...
7.5AI Score
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...
6.5AI Score
0.0004EPSS
5.7AI Score
0.0004EPSS
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: prometheus-nats-exporter, bincapz, opentofu, ko, regclient, k3d, coredns, gptscript, src-fingerprint, kubeadm-bootstrap-controller, go-md2man, ollama, grafana, shfmt, nri-mssql, gitlab-kas, certificate-transparency, nri-mysql, harbor-scanner-trivy, argo-cd, helm,...
7.5AI Score
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: prometheus-nats-exporter, capslock, prometheus-beat-exporter, jaeger-agent, skaffold, crossplane-provider-azure, docker-credential-gcr, gomplate, k8sgpt, tekton-chains, croc, melange, flux-kustomize-controller, cue, cadvisor, aactl, helm-operator, loki,...
7.5AI Score
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: skaffold, crossplane-provider-azure, gomplate, k8sgpt, tekton-chains, memcached-exporter, flux-kustomize-controller, cue, aactl, opentofu, secrets-store-csi-driver-provider-gcp, kaf, k3d, metrics-server, prometheus-alertmanager, metacontroller, coredns,...
8.2AI Score
0.002EPSS
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...
7.5AI Score
7.5AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: skaffold, crossplane-provider-azure, gomplate, k8sgpt, tekton-chains, memcached-exporter, flux-kustomize-controller, cue, aactl, opentofu, secrets-store-csi-driver-provider-gcp, kaf, k3d, metrics-server, prometheus-alertmanager, metacontroller, coredns,...
7.5AI Score
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: skaffold, crossplane-provider-azure, gomplate, k8sgpt, memcached-exporter, flux-kustomize-controller, cue, aactl, opentofu, secrets-store-csi-driver-provider-gcp, kaf, k3d, metrics-server, prometheus-alertmanager, metacontroller, coredns,...
7.5AI Score
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: skaffold, gomplate, memcached-exporter, flux-kustomize-controller, cue, aactl, opentofu, secrets-store-csi-driver-provider-gcp, ko, kaf, metrics-server, terraform-provider-aws, metacontroller, coredns, prometheus-elasticsearch-exporter, terraform-provider-azurerm,...
7.5AI Score
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: prometheus-nats-exporter, crossplane-provider-azure, nerdctl, spire-server, vexctl, gomplate, tekton-chains, memcached-exporter, melange, flux-kustomize-controller, cadvisor, aactl, opentofu, loki, ko, kaf, actions-runner-controller, nfs-subdir-external-provisioner,...
7.5AI Score
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: nvidia-device-plugin, external-dns, kubevela, tctl, terraform, minio, goreleaser, falco, spark-operator, scorecard, prometheus-stackdriver-exporter, dynamic-localpv-provisioner, flux-kustomize-controller, gitlab-pages, kubernetes-csi-node-driver-registrar, dgraph,...
7.5AI Score
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...
6.5AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...
6.5AI Score
0.0004EPSS
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: prometheus-nats-exporter, capslock, prometheus-beat-exporter, jaeger-agent, skaffold, crossplane-provider-azure, docker-credential-gcr, gomplate, k8sgpt, tekton-chains, croc, melange, flux-kustomize-controller, cue, cadvisor, aactl, helm-operator, loki,...
6.5AI Score
0.0004EPSS
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: capslock, doppler-kubernetes-operator, prometheus-beat-exporter, skaffold, crossplane-provider-azure, nerdctl, vexctl, docker-credential-gcr, gomplate, k8sgpt, kine, yam, memcached-exporter, cue, cadvisor, helm-operator, opentofu, loki,...
6.5AI Score
0.0004EPSS
The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
6AI Score
0.001EPSS
The Primary Addon for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Pricing Table widget in all versions up to, and including, 1.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
5.9AI Score
0.001EPSS
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. For Cilium users who are using CRDs to store Cilium state (the default configuration) and Wireguard transparent encryption, traffic to/from the Ingress and health endpoints is not encrypted. This issue...
6.7AI Score
0.0004EPSS
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page...
7.1CVSS
6.5AI Score
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious....
7.1CVSS
6.5AI Score
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript...
7.1CVSS
6.4AI Score
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered.....
7.1CVSS
6.5AI Score
CVE-2023-49575 XSS vulnerability in VX Search Enterprise
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_smtp in smtp_server, smtp_user, smtp_password and smtp_email_address parameters. This vulnerability could allow an attacker to store malicious....
6.4AI Score
CVE-2023-49574 XSS vulnerability in VX Search Enterprise
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_job in job_name. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered when the page...
6.3AI Score
CVE-2023-49573 XSS vulnerability in VX Search Enterprise
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /add_command_action in action_value. This vulnerability could allow an attacker to store malicious JavaScript payloads on the system to be triggered.....
6.3AI Score
CVE-2023-49572 XSS vulnerability in VX Search Enterprise
A vulnerability has been discovered in VX Search Enterprise affecting version 10.2.14 that could allow an attacker to execute persistent XSS through /setup_odbc in odbc_data_source, odbc_user and odbc_password parameters. This vulnerability could allow an attacker to store malicious JavaScript...
6.4AI Score
7.4AI Score
Stark Industries Solutions: An Iron Hammer in the Cloud
The homepage of Stark Industries Solutions. Two weeks before Russia invaded Ukraine in February 2022, a large, mysterious new Internet hosting firm called Stark Industries Solutions materialized and quickly became the epicenter of massive distributed denial-of-service (DDoS) attacks on government.....
6.8AI Score
Since the advent of products like the Tile and Apple AirTag, both used to keep track of easily lost items like wallets, keys and purses, bad actors and criminals have found ways to abuse them. These adversaries can range from criminals just looking to do something illegal for a range of reasons,...
6.7AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (May 13, 2024 to May 19, 2024)
Did you know we're running a Bug Bounty Extravaganza again? Earn over 6x our usual bounty rates, up to $10,000, for all vulnerabilities submitted through May 27th, 2024 when you opt to have Wordfence handle responsible disclosure! Last week, there were 107 vulnerabilities disclosed in 82...
8.9AI Score
0.001EPSS
(RHSA-2024:3352) Important: Red Hat OpenStack Platform 16.2 (etcd) security update
A highly-available key value store for shared configuration Security Fix(es): Incomplete fix for CVE-2023-39325/CVE-2023-44487 in OpenStack Platform (CVE-2024-4438) Incomplete fix for CVE-2021-44716 in OpenStack Platform (CVE-2024-4437) Incomplete fix for CVE-2022-41723 in OpenStack Platform...
7.3AI Score
0.72EPSS
OpenProject is the leading open source project management software. OpenProject utilizes tablesorter inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via {icon} substitution in table header values. This attack requires the permissions "Edit work...
7.6CVSS
5.8AI Score
0.0004EPSS
CVE-2024-35224 Stored Cross-Site Scripting (XSS) in OpenProject
OpenProject is the leading open source project management software. OpenProject utilizes tablesorter inside of the Cost Report feature. This dependency, when misconfigured, can lead to Stored XSS via {icon} substitution in table header values. This attack requires the permissions "Edit work...
6.1AI Score
0.0004EPSS
Go-Secdump - Tool To Remotely Dump Secrets From The Windows Registry
Package go-secdump is a tool built to remotely extract hashes from the SAM registry hive as well as LSA secrets and cached hashes from the SECURITY hive without any remote agent and without touching disk. The tool is built on top of the library go-smb and use it to communicate with the Windows...
7.3AI Score
ShrinkLocker: Turning BitLocker into ransomware
Introduction Attackers always find creative ways to bypass defensive features and accomplish their goals. This can be done with packers, crypters, and code obfuscation. However, one of the best ways of evading detection, as well as maximizing compatibility, is to use the operating system's own...
6.8AI Score
In the Linux kernel, the following vulnerability has been resolved: KVM: PPC: Book3S HV: Fix stack handling in idle_kvm_start_guest() In commit 10d91611f426 ("powerpc/64s: Reimplement book3s idle code in C") kvm_start_guest() became idle_kvm_start_guest(). The old code allocated a stack frame on...
7AI Score
0.0004EPSS