GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: runc, metacontroller, local-static-provisioner, clusterctl, etcd, src-fingerprint, terraform-docs, skaffold, grafana-rollout-operator, nvidia-container-toolkit, containerd, tekton-chains, tempo, cosign, certificate-transparency, skopeo, istio-operator,...
7.5AI Score
GHSA-VFP6-JRW2-99G9 vulnerabilities
Vulnerabilities for packages: cosign, goreleaser, aactl, melange, tkn, apko, slsa-verifier, ko, kubescape, skaffold, falco, policy-controller, tekton-chains,...
7.5AI Score
9.8CVSS
9.9AI Score
0.005EPSS
CVE-2024-29902 vulnerabilities
Vulnerabilities for packages: kubescape, skaffold, wolfictl, tekton-chains, gitsign, tkn, ko, falcoctl, falco, flux-source-controller, spire-server, melange, apko, policy-controller, vexctl, goreleaser, aactl, slsa-verifier, zarf, neuvector-sigstore-interface,...
4.2CVSS
4.5AI Score
0.0004EPSS
CVE-2023-39326 vulnerabilities
Vulnerabilities for packages: amass, flannel-cni-plugin, dgraph, docker-cli, gosu, ctop, ip-masq-agent, gitlab-logger, petname, go-licenses, prometheus-stackdriver-exporter, gke-gcloud-auth-plugin, mage, cilium-envoy, nsc, sonobuoy, kind, protoc-gen-go-grpc, wait-for-port, sbom-scorecard, influx,.....
5.3CVSS
7.2AI Score
0.001EPSS
GHSA-5F94-VHJQ-RPG8 vulnerabilities
Vulnerabilities for packages: amass, flannel-cni-plugin, dgraph, docker-cli, gosu, ctop, ip-masq-agent, gitlab-logger, petname, go-licenses, prometheus-stackdriver-exporter, gke-gcloud-auth-plugin, mage, cilium-envoy, nsc, sonobuoy, kind, protoc-gen-go-grpc, wait-for-port, sbom-scorecard, influx,.....
7.5AI Score
GHSA-9F76-WG39-X86H vulnerabilities
Vulnerabilities for packages: amass, flannel-cni-plugin, dgraph, docker-cli, gosu, ctop, ip-masq-agent, gitlab-logger, petname, go-licenses, prometheus-stackdriver-exporter, gke-gcloud-auth-plugin, mage, cilium-envoy, nsc, sonobuoy, kind, protoc-gen-go-grpc, wait-for-port, sbom-scorecard, influx,.....
7.5AI Score
CVE-2024-28180 vulnerabilities
Vulnerabilities for packages: rook, guac, kyverno, skaffold, tekton-pipelines, wolfictl, tekton-chains, containerd, nerdctl, cosign, gitsign, keda, istio-operator, skopeo, fulcio, terragrunt, tkn, rekor, sigstore-scaffolding, ko, cilium, vault, falcoctl, falco, flux-source-controller,...
4.3CVSS
6AI Score
0.0005EPSS
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: src-fingerprint, flux-helm-controller, terraform-docs, opentofu, tekton-chains, containerd, cosign, certificate-transparency, skopeo, istio-operator, src, prometheus, terragrunt, cluster-autoscaler, kubernetes, buildkitd, kubernetes-event-exporter, scorecard,...
7.5AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: runc, metacontroller, flux-helm-controller, opentofu, skaffold, tekton-chains, containerd, cosign, src, kubevela, istio-operator, fuse-overlayfs-snapshotter, prometheus, kubernetes-csi-external-provisioner, prometheus-operator, aws-ebs-csi-driver, cluster-autoscaler,.....
7.5AI Score
GHSA-V53G-5GJP-272R vulnerabilities
Vulnerabilities for packages: up, cilium-cli, helm-push, istio-operator, k8sgpt, k9s, chartmuseum, trivy, helm-operator, kubescape, zot, flux-helm-controller, cert-manager, zarf, eksctl, flux-source-controller,...
7.5AI Score
9.8CVSS
9.9AI Score
0.005EPSS
9.8CVSS
9.9AI Score
0.005EPSS
7.5AI Score
CVE-2024-29903 vulnerabilities
Vulnerabilities for packages: kubescape, skaffold, wolfictl, tekton-chains, gitsign, tkn, ko, falcoctl, falco, flux-source-controller, spire-server, melange, apko, policy-controller, vexctl, goreleaser, aactl, slsa-verifier, zarf, neuvector-sigstore-interface,...
4.2CVSS
4.6AI Score
0.0004EPSS
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: local-static-provisioner, terraform-docs, skaffold, tekton-chains, kafka-proxy, nri-couchbase, certificate-transparency, kubevela, src, prometheus, terragrunt, kubecolor, kpt, kubernetes, kubernetes-event-exporter, secrets-store-csi-driver-provider-azure,...
7.5AI Score
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: aws-efs-csi-driver, conftest, spark-operator, dgraph, terraform-provider-azurerm, neuvector-agent, kubescape, coredns, flux-helm-controller, tctl, pulumi-language-java, kubernetes-csi-node-driver-registrar, nvidia-device-plugin, cosign, src, keda, kubevela,...
7.5AI Score
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: metacontroller, flux-helm-controller, opentofu, skaffold, cosign, src, kubevela, fuse-overlayfs-snapshotter, prometheus, ingress-nginx-controller, cluster-autoscaler, kpt, mc, pulumi-kubernetes-operator, buildkitd, scorecard, metrics-server, hey, pulumi-language-yaml,....
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: nri-f5, runc, clusterctl, docker-cli, etcd, src-fingerprint, flux-helm-controller, terraform-docs, opentofu, nri-cassandra, skaffold, gitlab-logger, nri-couchbase, src, kubevela, fuse-overlayfs-snapshotter, prometheus, ingress-nginx-controller,...
7.8AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: nri-f5, runc, clusterctl, docker-cli, etcd, src-fingerprint, flux-helm-controller, terraform-docs, opentofu, nri-cassandra, skaffold, gitlab-logger, nri-couchbase, src, kubevela, fuse-overlayfs-snapshotter, prometheus, ingress-nginx-controller,...
7.8AI Score
0.0004EPSS
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: nri-f5, runc, clusterctl, docker-cli, etcd, src-fingerprint, flux-helm-controller, terraform-docs, opentofu, nri-cassandra, skaffold, gitlab-logger, nri-couchbase, src, kubevela, fuse-overlayfs-snapshotter, prometheus, ingress-nginx-controller,...
7.5AI Score
GHSA-MW99-9CHC-XW7R vulnerabilities
Vulnerabilities for packages: src-fingerprint, bom, gitness, pulumi-language-java, tekton-pipelines, nuclei, gitsign, kubevela, go-licenses, pulumi-kubernetes-operator, scorecard, apko, flux-kustomize-controller, pulumi-language-yaml, pulumi-language-dotnet, gomplate, goreleaser, pulumi, zot,...
7.5AI Score
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: runc, metacontroller, flux-helm-controller, opentofu, skaffold, containerd, cosign, src, kubevela, fuse-overlayfs-snapshotter, prometheus, kubernetes-csi-external-provisioner, prometheus-operator, aws-ebs-csi-driver, cluster-autoscaler, kpt, mc,...
7.5AI Score
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: local-static-provisioner, terraform-docs, skaffold, tekton-chains, kafka-proxy, nri-couchbase, certificate-transparency, kubevela, src, prometheus, terragrunt, kubecolor, kpt, kubernetes, kubernetes-event-exporter, secrets-store-csi-driver-provider-azure,...
7.5AI Score
GHSA-XW73-RW38-6VJC vulnerabilities
Vulnerabilities for packages: k9s, gitlab-runner, helm-operator, guac, kubescape, ctop, dagger, flux-helm-controller, kyverno, bom, skaffold, tekton-pipelines, tekton-chains, nerdctl, cosign, gitsign, kubevela, skopeo, cadvisor, cri-tools, prometheus, datadog-agent, timoni, telegraf, buildkitd,...
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: nri-f5, runc, clusterctl, docker-cli, etcd, src-fingerprint, flux-helm-controller, terraform-docs, opentofu, nri-cassandra, skaffold, gitlab-logger, nri-couchbase, src, kubevela, fuse-overlayfs-snapshotter, prometheus, ingress-nginx-controller,...
5.9AI Score
0.0004EPSS
CVE-2023-49568 vulnerabilities
Vulnerabilities for packages: src-fingerprint, bom, gitness, pulumi-language-java, tekton-pipelines, nuclei, gitsign, kubevela, go-licenses, pulumi-kubernetes-operator, scorecard, apko, flux-kustomize-controller, pulumi-language-yaml, pulumi-language-dotnet, gomplate, goreleaser, pulumi, zot,...
7.5CVSS
7.8AI Score
0.0005EPSS
GHSA-PXHW-596R-RWQ5 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-driver-hostpath, local-static-provisioner, spark-operator, calico, aws-ebs-csi-driver, cluster-autoscaler, kubernetes-dns-node-cache, kubernetes, nodetaint, ip-masq-agent,...
7.5AI Score
GHSA-XR7R-F8XQ-VFVV vulnerabilities
Vulnerabilities for packages: runc, k9s, kubescape, ctop, skaffold, wolfictl, nvidia-device-plugin, nerdctl, skopeo, cadvisor, syft, ingress-nginx-controller, datadog-agent, kubernetes, telegraf, buildkitd, newrelic-infrastructure-agent, k3s, k3d, trivy, zot, docker, kaniko, zarf, grype,...
7.5AI Score
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: runc, metacontroller, local-static-provisioner, clusterctl, etcd, src-fingerprint, terraform-docs, skaffold, grafana-rollout-operator, nvidia-container-toolkit, containerd, tekton-chains, tempo, cosign, certificate-transparency, skopeo, istio-operator,...
6.5AI Score
0.0004EPSS
CVE-2024-6044 D-Link router - Arbitrary File Reading
Certain models of D-Link wireless routers have a path traversal vulnerability. Unauthenticated attackers on the same local area network can read arbitrary system files by manipulating the...
6.5CVSS
EPSS
Alleged Boss of ‘Scattered Spider’ Hacking Group Arrested
A 22-year-old man from the United Kingdom arrested this week in Spain is allegedly the ringleader of Scattered Spider, a cybercrime group suspected of hacking into Twilio, LastPass, DoorDash, Mailchimp, and nearly 130 other organizations over the past two years. The Spanish daily Murcia Today...
7.8AI Score
CVE-2024-30078 Detection and Command Execution Script This...
8.8CVSS
10AI Score
0.001EPSS
7.8AI Score
EPSS
Exploit for Deserialization of Untrusted Data in Clear Clearml
ClearML Exploit Script This repository contains a Python...
8.8CVSS
7.5AI Score
0.001EPSS
Exploit for Path Traversal in Solarwinds Serv-U
CVE-2024-28995 PoC and Bulk Scanner Overview This...
8.6CVSS
6.7AI Score
0.001EPSS
A vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. It has been classified as critical. Affected is an unknown function of the file /api/v2/maps. The manipulation of the argument orderColumn leads to sql injection. It is possible to launch the...
7.3CVSS
0.0004EPSS
A vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. It has been classified as critical. Affected is an unknown function of the file /api/v2/maps. The manipulation of the argument orderColumn leads to sql injection. It is possible to launch the...
7.3CVSS
7.5AI Score
0.0004EPSS
A vulnerability was found in Guangdong Baolun Electronics IP Network Broadcasting Service Platform 2.0. It has been classified as critical. Affected is an unknown function of the file /api/v2/maps. The manipulation of the argument orderColumn leads to sql injection. It is possible to launch the...
7.3CVSS
0.0004EPSS
Metasploit Weekly Wrap-Up 06/14/2024
New module content (5) Telerik Report Server Auth Bypass Authors: SinSinology and Spencer McIntyre Type: Auxiliary Pull request: #19242 contributed by zeroSteiner Path: scanner/http/telerik_report_server_auth_bypass AttackerKB reference: CVE-2024-4358 Description: This adds an exploit for...
9.9CVSS
8.2AI Score
0.938EPSS
The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version <...
6.1CVSS
6.3AI Score
0.0004EPSS
The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version <...
6.1CVSS
0.0004EPSS
The Open Link is a CKEditor plugin, extending context menu with a possibility to open link in a new tab. The vulnerability allowed to execute JavaScript code by abusing link href attribute. It affects all users using the Open Link plugin at version <...
6.1CVSS
0.0004EPSS
An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force...
7.1AI Score
0.0004EPSS
An issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords for authentication. This vulnerability can allow attackers to access the router via a brute-force...
0.0004EPSS
linux-nvidia-6.5 vulnerabilities
Alon Zahavi discovered that the NVMe-oF/TCP subsystem in the Linux kernel did not properly validate H2C PDU data, leading to a null pointer dereference vulnerability. A remote attacker could use this to cause a denial of service (system crash). (CVE-2023-6356, CVE-2023-6535, CVE-2023-6536) It was.....
7.8CVSS
7.4AI Score
0.001EPSS
CVE-2024-37316 Nextcloud Calendar's event create can create attachments that link to other websites
Nextcloud Calendar is a calendar app for Nextcloud. Authenticated users could create an event with manipulated attachment data leading to a bad redirect for participants when clicked. It is recommended that the Nextcloud Calendar App is upgraded to 4.6.8 or...
4.6CVSS
0.0004EPSS
LB-LINK BL-W1210M v2.0 was discovered to contain a clickjacking vulnerability via the Administrator login page. Attackers can cause victim users to perform arbitrary operations via interaction with crafted elements on the web...
0.0004EPSS
LB-LINK BL-W1210M v2.0 was discovered to store user credentials in plaintext within the router's...
0.0004EPSS
Incorrect access control in the UART/Serial interface on the LB-LINK BL-W1210M v2.0 router allows attackers to access the root terminal without...
0.0004EPSS