Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...
9.8CVSS
EPSS
The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...
EPSS
The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...
EPSS
CVE-2024-3236 Easy Notify Lite < 1.1.33 - Contributor+ Stored XSS
The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...
EPSS
CVE-2024-3236 Easy Notify Lite < 1.1.33 - Contributor+ Stored XSS
The Popup Builder WordPress plugin before 1.1.33 does not sanitise and escape some of its Notification fields, which could allow users such as contributor and above to perform Stored Cross-Site Scripting...
5.9AI Score
EPSS
CVE-2024-4305 PostX < 4.1.0 - Contributor+ Stored XSS
The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...
EPSS
CVE-2024-4305 PostX < 4.1.0 - Contributor+ Stored XSS
The Post Grid Gutenberg Blocks and WordPress Blog Plugin WordPress plugin before 4.1.0 does not validate and escape some of its block options before outputting them back in a page/post where the block is embed, which could allow users with the contributor role and above to perform Stored...
5.8AI Score
EPSS
CVE-2024-6047 GeoVision EOL device - OS Command Injection
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...
9.8CVSS
7.9AI Score
EPSS
CVE-2024-6047 GeoVision EOL device - OS Command Injection
Certain EOL GeoVision devices fail to properly filter user input for the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...
9.8CVSS
EPSS
mashcall.com Cross Site Scripting vulnerability OBB-3935805
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
NiceRAT Malware Targets South Korean Users via Cracked Software
Threat actors have been observed deploying a malware called NiceRAT to co-opt infected devices into a botnet. The attacks, which target South Korean users, are designed to propagate the malware under the guise of cracked software, such as Microsoft Windows, or tools that purport to offer license...
6.9AI Score
Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....
8.8CVSS
EPSS
SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...
9.8CVSS
EPSS
Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....
8.8CVSS
8.4AI Score
EPSS
SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...
9.8CVSS
9.8AI Score
EPSS
CVE-2024-6046 SECOM WRTR-304GN-304TW-UPSC - OS Command Injection
SECOM WRTR-304GN-304TW-UPSC V02(unsupported-when-assigned) does not properly filter user input in the specific functionality. Unauthenticated remote attackers can exploit this vulnerability to inject and execute arbitrary system commands on the...
9.8CVSS
EPSS
Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the...
6.5CVSS
EPSS
Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security...
7.4AI Score
EPSS
Improper permission settings for mobile applications (com.transsion.carlcare) may lead to user password and account security...
EPSS
Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the...
6.5CVSS
6.5AI Score
EPSS
CVE-2024-6045 D-Link router - Hidden Backdoor
Certain models of D-Link wireless routers contain an undisclosed factory testing backdoor. Unauthenticated attackers on the local area network can force the device to enable Telnet service by accessing a specific URL and can log in by using the administrator credentials obtained from analyzing the....
8.8CVSS
EPSS
8.8CVSS
9.5AI Score
0.001EPSS
GHSA-95PR-FXF5-86GV vulnerabilities
Vulnerabilities for packages: kubescape, skaffold, wolfictl, tekton-chains, gitsign, tkn, ko, falcoctl, falco, flux-source-controller, spire-server, melange, apko, policy-controller, vexctl, goreleaser, aactl, slsa-verifier, zarf, neuvector-sigstore-interface,...
7.5AI Score
GHSA-MQ39-4GV4-MVPX vulnerabilities
Vulnerabilities for packages: conftest, kubescape, ctop, dagger, wolfictl, cadvisor, prometheus, syft, tkn, datadog-agent, ko, telegraf, buildkitd, spire-server, up, buf, melange, loki, goreleaser, aactl, crossplane, trivy, zot, kaniko, kargo, grype,...
7.5AI Score
CVE-2024-23652 vulnerabilities
Vulnerabilities for packages: conftest, datadog-agent, trivy, kubescape, guac, docker, kaniko, buildkitd, skaffold, scorecard,...
10CVSS
9.7AI Score
0.001EPSS
6.4CVSS
7.7AI Score
0.0004EPSS
6.5CVSS
7.7AI Score
0.001EPSS
7.2AI Score
0.0004EPSS
GHSA-R53H-JV2G-VPX6 vulnerabilities
Vulnerabilities for packages: up, cilium-cli, helm-push, istio-operator, k8sgpt, k9s, chartmuseum, trivy, helm-operator, kubescape, zot, flux-helm-controller, cert-manager, zarf, eksctl, flux-source-controller,...
7.5AI Score
7.5AI Score
0.0004EPSS
8.8CVSS
6.8AI Score
0.001EPSS
7.5AI Score
7.2AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
7.5AI Score
7.5AI Score
7.5AI Score
7.5AI Score
7.5AI Score
Vulnerabilities for packages: kubernetes-dns-node-cache, consul,...
5.3CVSS
5.5AI Score
0.0004EPSS
7.5AI Score
8.8CVSS
7.2AI Score
0.0004EPSS
7.5AI Score
5.3CVSS
7.5AI Score
0.001EPSS
7.8CVSS
7.5AI Score
0.001EPSS
4.7CVSS
7.5AI Score
0.0004EPSS
6.5CVSS
7.5AI Score
0.001EPSS
5.9CVSS
6.1AI Score
0.001EPSS
CVE-2022-29526 vulnerabilities
Vulnerabilities for packages: dynamic-localpv-provisioner, grpcurl, ctop, kind,...
5.3CVSS
9.3AI Score
0.002EPSS