GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: docker, kubeflow-katib, nvidia-device-plugin, flux, temporal-ui-server, kube-bench, nodetaint, secrets-store-csi-driver-provider-aws, secrets-store-csi-driver, gatekeeper, hugo, crossplane-provider-gcp, k3d, scorecard, envoy-ratelimit, ip-masq-agent, atlantis, keda,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, cni-plugins, kubeflow-katib, nvidia-device-plugin, flux, paranoia, nri-kafka, temporal-ui-server, docker-credential-ecr-login, kube-bench, regclient, nri-rabbitmq, nodetaint, secrets-store-csi-driver-provider-aws, gatekeeper, oras,...
6.5AI Score
0.0004EPSS
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: go-licenses, kubeflow-katib, flux, nri-kafka, temporal-ui-server, secrets-store-csi-driver, gatekeeper, hugo, scorecard, k3d, atlantis, opentofu, sigstore-scaffolding, crossplane-provider-azure, caddy, flux-helm-controller, gitlab-shell, rekor, kube-rbac-proxy,...
7AI Score
0.962EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: vt-cli, node-feature-discovery, cni-plugins, paranoia, gatekeeper, scorecard, crossplane-provider-gcp, k3d, keda, docker-credential-gcr, velero-plugin-for-csi, gitlab-shell, controller-gen, rekor, gobump, sonobuoy, temporal-server, gosu, eksctl, delve,...
7AI Score
0.0004EPSS
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, flyte, node-feature-discovery, croc, overmind, nvidia-device-plugin, paranoia, docker-credential-ecr-login, kube-bench, regclient, secrets-store-csi-driver-provider-aws, secrets-store-csi-driver, oras, spegel, scorecard,...
6.5AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, flyte, node-feature-discovery, croc, overmind, nvidia-device-plugin, paranoia, docker-credential-ecr-login, kube-bench, regclient, secrets-store-csi-driver-provider-aws, secrets-store-csi-driver, oras, spegel, scorecard,...
7.5AI Score
Vulnerabilities for packages: kubeflow-katib, nvidia-device-plugin, flux, nodetaint, secrets-store-csi-driver, gatekeeper, hugo, k3d, opentofu, keda, sigstore-scaffolding, crossplane-provider-azure, chartmuseum, flux-helm-controller, haproxy-ingress, kube-fluentd-operator, memcached-exporter,...
6.5AI Score
0.001EPSS
CVE-2024-24557 vulnerabilities
Vulnerabilities for packages: gitsign, loki, k9s, kubeflow-katib, guac, k8sgpt, cri-tools, datadog-agent, newrelic-infrastructure-agent, cert-manager, dagger, telegraf, falcoctl, buildkitd, helm-operator, crane, scorecard, policy-controller, bom, filebeat, slsa-verifier, nerdctl, zot,...
7.8AI Score
0.001EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, cni-plugins, kubeflow-katib, nvidia-device-plugin, flux, paranoia, nri-kafka, temporal-ui-server, docker-credential-ecr-login, kube-bench, regclient, nri-rabbitmq, nodetaint, secrets-store-csi-driver-provider-aws, gatekeeper, oras,...
6.5AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, cni-plugins, kubeflow-katib, nvidia-device-plugin, flux, paranoia, nri-kafka, temporal-ui-server, docker-credential-ecr-login, kube-bench, regclient, nri-rabbitmq, nodetaint, secrets-store-csi-driver-provider-aws, gatekeeper, oras,...
7.5AI Score
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: docker, kubeflow-katib, nvidia-device-plugin, flux, temporal-ui-server, kube-bench, nodetaint, secrets-store-csi-driver-provider-aws, secrets-store-csi-driver, gatekeeper, hugo, crossplane-provider-gcp, k3d, scorecard, envoy-ratelimit, ip-masq-agent, atlantis, keda,...
6.7AI Score
0.0004EPSS
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: vt-cli, node-feature-discovery, cni-plugins, paranoia, gatekeeper, scorecard, crossplane-provider-gcp, k3d, keda, docker-credential-gcr, velero-plugin-for-csi, gitlab-shell, controller-gen, rekor, gobump, sonobuoy, temporal-server, gosu, eksctl, delve,...
7.5AI Score
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, flyte, node-feature-discovery, croc, overmind, nvidia-device-plugin, paranoia, docker-credential-ecr-login, kube-bench, regclient, secrets-store-csi-driver-provider-aws, secrets-store-csi-driver, oras, spegel, scorecard,...
7.5AI Score
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: kubeflow-katib, nvidia-device-plugin, flux, nodetaint, secrets-store-csi-driver, gatekeeper, hugo, k3d, atlantis, keda, opentofu, go, sigstore-scaffolding, crossplane-provider-azure, caddy, chartmuseum, flux-helm-controller, gitlab-shell, haproxy-ingress,...
8.2AI Score
0.002EPSS
GHSA-9763-4F94-GFCH vulnerabilities
Vulnerabilities for packages: gitsign, flux-notification-controller, gitness, flux, pulumi-language-yaml, pulumi-kubernetes-operator, kaniko, vault, argo-cd, scorecard, policy-controller, flux-kustomize-controller, wolfictl, boring-registry, slsa-verifier, keda, sops, terraform-provider-google,...
7.5AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, cni-plugins, kubeflow-katib, nvidia-device-plugin, flux, paranoia, nri-kafka, temporal-ui-server, docker-credential-ecr-login, kube-bench, regclient, nri-rabbitmq, nodetaint, secrets-store-csi-driver-provider-aws, gatekeeper, oras,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, cni-plugins, kubeflow-katib, nvidia-device-plugin, flux, paranoia, nri-kafka, temporal-ui-server, docker-credential-ecr-login, kube-bench, regclient, nri-rabbitmq, nodetaint, secrets-store-csi-driver-provider-aws, gatekeeper, oras,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, cni-plugins, kubeflow-katib, nvidia-device-plugin, flux, paranoia, nri-kafka, temporal-ui-server, docker-credential-ecr-login, kube-bench, regclient, nri-rabbitmq, nodetaint, secrets-store-csi-driver-provider-aws, gatekeeper, oras,...
7.5AI Score
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: kubeflow-katib, nvidia-device-plugin, flux, nodetaint, secrets-store-csi-driver, gatekeeper, hugo, k3d, opentofu, keda, sigstore-scaffolding, crossplane-provider-azure, chartmuseum, flux-helm-controller, haproxy-ingress, kube-fluentd-operator, memcached-exporter,...
7.5AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: kubeflow-katib, nvidia-device-plugin, flux, nodetaint, secrets-store-csi-driver, gatekeeper, hugo, k3d, atlantis, keda, opentofu, go, sigstore-scaffolding, crossplane-provider-azure, caddy, chartmuseum, flux-helm-controller, gitlab-shell, haproxy-ingress,...
7.5AI Score
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: go-licenses, kubeflow-katib, flux, nri-kafka, temporal-ui-server, secrets-store-csi-driver, gatekeeper, hugo, scorecard, k3d, atlantis, opentofu, sigstore-scaffolding, crossplane-provider-azure, caddy, flux-helm-controller, gitlab-shell, rekor, kube-rbac-proxy,...
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, cni-plugins, kubeflow-katib, nvidia-device-plugin, flux, paranoia, nri-kafka, temporal-ui-server, docker-credential-ecr-login, kube-bench, regclient, nri-rabbitmq, nodetaint, secrets-store-csi-driver-provider-aws, gatekeeper, oras,...
6.5AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, cni-plugins, kubeflow-katib, nvidia-device-plugin, flux, paranoia, nri-kafka, temporal-ui-server, docker-credential-ecr-login, kube-bench, regclient, nri-rabbitmq, nodetaint, secrets-store-csi-driver-provider-aws, gatekeeper, oras,...
6.5AI Score
0.0004EPSS
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, cni-plugins, kubeflow-katib, nvidia-device-plugin, flux, paranoia, nri-kafka, temporal-ui-server, docker-credential-ecr-login, kube-bench, regclient, nri-rabbitmq, nodetaint, secrets-store-csi-driver-provider-aws, gatekeeper, oras,...
7.5AI Score
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, flyte, node-feature-discovery, croc, overmind, nvidia-device-plugin, paranoia, docker-credential-ecr-login, kube-bench, regclient, secrets-store-csi-driver-provider-aws, secrets-store-csi-driver, oras, spegel, scorecard,...
6.5AI Score
0.0004EPSS
GHSA-XW73-RW38-6VJC vulnerabilities
Vulnerabilities for packages: gitsign, loki, k9s, kubeflow-katib, guac, k8sgpt, cri-tools, datadog-agent, newrelic-infrastructure-agent, cert-manager, dagger, telegraf, falcoctl, buildkitd, helm-operator, crane, scorecard, policy-controller, bom, filebeat, slsa-verifier, nerdctl, zot,...
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: dask-gateway, vt-cli, go-licenses, cni-plugins, kubeflow-katib, nvidia-device-plugin, flux, paranoia, nri-kafka, temporal-ui-server, docker-credential-ecr-login, kube-bench, regclient, nri-rabbitmq, nodetaint, secrets-store-csi-driver-provider-aws, gatekeeper, oras,...
6.5AI Score
0.0004EPSS
CVE-2024-4148 Redos (Regular Expression Denial of Service) in lunary-ai/lunary
A Regular Expression Denial of Service (ReDoS) vulnerability exists in the lunary-ai/lunary application, version 1.2.10. An attacker can exploit this vulnerability by maliciously manipulating regular expressions, which can significantly impact the response time of the application and potentially...
7.1AI Score
6.2AI Score
0.019EPSS
The Royal Elementor Addons and Templates plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's image hotspot, image accordion, off canvas, woogrid, and product mini cart widgets in all versions up to, and including, 1.3.975 due to insufficient input sanitization and...
6AI Score
7AI Score
0.004EPSS
An issue in wanEditor v4.7.11 and fixed in v.4.7.12 and v.5 was discovered to contain a cross-site scripting (XSS) vulnerability via the image upload...
6.4AI Score
Summary There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 8 that are used by Maximo Asset Management, Maximo Industry Solutions (including Maximo for Nuclear Power, Maximo for Transportation, Maximo for Life Sciences, Maximo for Oil and Gas and Maximo for Utilities).....
6.1AI Score
The Auto Featured Image (Auto Post Thumbnail) plugin for WordPress is vulnerable to Server-Side Request Forgery in all versions up to, and including, 4.0.0 via the upload_to_library AJAX action. This makes it possible for authenticated attackers, with author-level access and above, to make web...
6.8AI Score
6.6AI Score
0.019EPSS
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...
8AI Score
I don't think it's an exaggeration to predict that artificial intelligence will affect every aspect of our society. Not by doing new things. But mostly by doing things that are already being done by humans, perfectly competently. Replacing humans with AIs isn't necessarily interesting. But when an....
7.4AI Score
Summary Security vulnerabilities are addressed with IBM Business Automation Insights 23.0.2-IF005. Vulnerability Details ** CVEID: CVE-2024-29025 DESCRIPTION: **Netty is vulnerable to a denial of service, caused by a flaw when using the HttpPostRequestDecoder to decode a form. By sending a...
7AI Score
0.0004EPSS
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ha-ia-content-button’ parameter in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
6.4CVSS
6AI Score
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ha-ia-content-button’ parameter in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
5.9AI Score
CVE-2024-24919 Checker A simple bash script to check for the...
7.2AI Score
0.019EPSS
The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and...
6.4CVSS
6.1AI Score
0.001EPSS
The WPCafe – Online Food Ordering, Restaurant Menu, Delivery, and Reservations for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Reservation Form shortcode in all versions up to, and including, 2.2.24 due to insufficient input sanitization and...
5.9AI Score
0.001EPSS
Summary Multiple vulnerabilities were addressed in IBM Observability with Instana for Synthetic PoP build 274 Vulnerability Details ** CVEID: CVE-2022-40897 DESCRIPTION: **Pypa Setuptools is vulnerable to a denial of service, caused by improper input validation. By sending request with a...
7.2AI Score
0.005EPSS
8.2AI Score
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slitems' attribute within the plugin's De Product Tab & Slide widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied...
6.4CVSS
6AI Score
0.001EPSS
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'slitems' attribute within the plugin's De Product Tab & Slide widget in all versions up to, and including, 2.1.4 due to insufficient input sanitization and output escaping on user supplied...
5.9AI Score
0.001EPSS
Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier and SkyBridge BASIC MB-A130 firmware Ver. 1.5.5 and earlier. If the remote monitoring and control function is enabled on the product, an attacker.....
7.6AI Score
0.0004EPSS
Improper neutralization of special elements used in a command ('Command Injection') exists in SkyBridge MB-A100/MB-A110 firmware Ver. 4.2.2 and earlier and SkyBridge BASIC MB-A130 firmware Ver. 1.5.5 and earlier. If the remote monitoring and control function is enabled on the product, an attacker.....
7.5AI Score
0.0004EPSS
Amazon Linux 2 : unbound (ALASUNBOUND-2024-001)
The version of unbound installed on the remote host is prior to 1.13.1-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2UNBOUND-2024-001 advisory. An issue was discovered in some DNS recursive resolvers that allows remote attackers to cause a denial of service using a...
6.5AI Score