A vulnerability regarding buffer copy without checking size of input ('Classic Buffer Overflow') is found in the libjansson component and it does not affect the upstream library. This allows remote attackers to execute arbitrary code via unspecified vectors. The following models with Synology...
9.8CVSS
EPSS
CVE-2024-5730 Pagerank Tools <= 1.1.5 - Reflected XSS
The Pagerank tools WordPress plugin through 1.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...
EPSS
CVE-2024-5730 Pagerank Tools <= 1.1.5 - Reflected XSS
The Pagerank tools WordPress plugin through 1.1.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...
6.1AI Score
EPSS
CVE-2024-5728 Animated AL List <= 1.0.6 - Reflected XSS
The Animated AL List WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...
EPSS
CVE-2024-5729 Simple AL Slider <= 1.2.10 - Reflected XSS
The Simple AL Slider WordPress plugin through 1.2.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...
6.1AI Score
EPSS
CVE-2024-5728 Animated AL List <= 1.0.6 - Reflected XSS
The Animated AL List WordPress plugin through 1.0.6 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...
6.1AI Score
EPSS
CVE-2024-5729 Simple AL Slider <= 1.2.10 - Reflected XSS
The Simple AL Slider WordPress plugin through 1.2.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...
EPSS
CVE-2024-5570 Simple Photoswipe <= 0.1 - Subscriber+ Arbitrary Settings Update
The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update...
EPSS
CVE-2024-5727 Widget4Call <= 1.0.7 - Reflected XSS
The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...
6.1AI Score
EPSS
CVE-2024-5727 Widget4Call <= 1.0.7 - Reflected XSS
The Widget4Call WordPress plugin through 1.0.7 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as...
EPSS
CVE-2024-5570 Simple Photoswipe <= 0.1 - Subscriber+ Arbitrary Settings Update
The Simple Photoswipe WordPress plugin through 0.1 does not have authorisation check when updating its settings, which could allow any authenticated users, such as subscriber to update...
6.7AI Score
EPSS
The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-caption’ parameter in all versions up to, and including, 3.13.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
EPSS
The Stackable – Page Builder Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘data-caption’ parameter in all versions up to, and including, 3.13.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
5.8AI Score
EPSS
The Easy Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eafl_reset_settings AJAX action in all versions up to, and including, 3.7.3. This makes it possible for authenticated attackers, with Subscriber-level access...
4.3CVSS
EPSS
The Easy Affiliate Links plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the eafl_reset_settings AJAX action in all versions up to, and including, 3.7.3. This makes it possible for authenticated attackers, with Subscriber-level access...
4.3CVSS
6.6AI Score
EPSS
The Easy Image Collage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_image_collage() function in all versions up to, and including, 1.13.5. This makes it possible for authenticated attackers, with Contributor-level access and above,...
5.4CVSS
6.7AI Score
EPSS
The Easy Image Collage plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the ajax_image_collage() function in all versions up to, and including, 1.13.5. This makes it possible for authenticated attackers, with Contributor-level access and above,...
5.4CVSS
EPSS
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: kubescape, slsa-verifier, dex, gitsign, istio-pilot-discovery, kyverno, flux-source-controller, aactl, tkn, cloudflared, tekton-pipelines, keda, cilium-envoy, spire-server, falco, vault, fulcio, vexctl, argo-workflows, traefik, cert-manager, external-secrets-operator,....
7.5AI Score
GHSA-JQ35-85CJ-FJ4P vulnerabilities
Vulnerabilities for packages: up, kubescape, chartmuseum, slsa-verifier, kpt, k3d, loki, aactl, ctop, k3s, bom, tekton-pipelines, falco, goreleaser, prometheus, skaffold, cert-manager, tekton-chains, paranoia,...
7.5AI Score
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: consul, kubescape, kube-bench, crossplane, prometheus-nats-exporter, caddy, istio-pilot-discovery, aws-ebs-csi-driver, nodetaint, ollama, flux-source-controller, kaniko, docker, hugo-extended, flux-notification-controller, temporal-ui-server, istio-cni, cloudflared,...
7.5AI Score
CVE-2024-25620 vulnerabilities
Vulnerabilities for packages: up, kubescape, chartmuseum, k8sgpt, cilium-cli, trivy, istio-operator, flux-source-controller, zot, helm-operator, cert-manager, zarf, flux-helm-controller, eksctl, k9s, helm-push,...
6.4CVSS
6.7AI Score
0.0004EPSS
GHSA-7WW5-4WQC-M92C vulnerabilities
Vulnerabilities for packages: up, kubescape, melange, flux-source-controller, kaniko, k3d, ctop, kubevela, tekton-pipelines, flux-helm-controller, newrelic-infrastructure-agent, eksctl, grype, neuvector-agent, skaffold, telegraf, zot, gitness, cert-manager, helm-push, cilium-cli, trivy, helm,...
7.5AI Score
GHSA-R53H-JV2G-VPX6 vulnerabilities
Vulnerabilities for packages: up, kubescape, chartmuseum, k8sgpt, cilium-cli, trivy, istio-operator, flux-source-controller, zot, helm-operator, cert-manager, zarf, flux-helm-controller, eksctl, k9s, helm-push,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: consul, nri-mssql, kube-bench, crossplane, mage, caddy, nodetaint, aws-ebs-csi-driver, cue, prometheus-blackbox-exporter, temporal-ui-server, ytt, kor, kuberay-operator, petname, gatekeeper, nfs-subdir-external-provisioner, k8sgpt-operator, direnv,...
7.8AI Score
0.0004EPSS
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: kubescape, ollama, nodetaint, flux-source-controller, nginx-stable, cue, prometheus-blackbox-exporter, flux-notification-controller, ko, gatekeeper, ingress-nginx-controller, dotnet, newrelic-infrastructure-agent, cilium-envoy, envoy-ratelimit, neuvector-agent,...
7.5CVSS
9AI Score
0.732EPSS
Vulnerabilities for packages: consul, external-dns, flux-image-reflector-controller, kubescape, gitsign, ksops, rook, slsa-verifier, kyverno, flux-source-controller, influxd, timestamp-authority, k3d, zarf, loki, flux-notification-controller, aactl, nuclei, tkn, sigstore-scaffolding, skopeo, glab,....
6CVSS
6AI Score
0.0004EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: consul, nri-mssql, kube-bench, crossplane, mage, caddy, nodetaint, aws-ebs-csi-driver, cue, prometheus-blackbox-exporter, temporal-ui-server, ytt, kor, kuberay-operator, petname, gatekeeper, nfs-subdir-external-provisioner, k8sgpt-operator, direnv,...
7.8AI Score
0.0004EPSS
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: mkcert, kubescape, kube-bench, crossplane, mage, crane, prometheus-nats-exporter, caddy, aws-ebs-csi-driver, newrelic-nri-statsd, flux-source-controller, cue, tfsec, flux-notification-controller, ko, cloudflared, mods, petname, nfs-subdir-external-provisioner, direnv,....
6.5AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: mkcert, kubescape, kube-bench, crossplane, mage, crane, prometheus-nats-exporter, caddy, aws-ebs-csi-driver, newrelic-nri-statsd, flux-source-controller, cue, tfsec, flux-notification-controller, ko, cloudflared, mods, petname, nfs-subdir-external-provisioner, direnv,....
7.5AI Score
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: consul, mkcert, nri-mssql, kube-bench, crossplane, velero-plugin-for-csi, flux-source-controller, gpu-feature-discovery, grpc-health-probe, hivemind, flannel-cni-plugin, nvidia-container-toolkit, neuvector-dbgen, kubernetes, kots, nsc, sigstore-scaffolding, kind,...
5.5CVSS
6.1AI Score
0.0004EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: consul, mkcert, nri-mssql, kube-bench, crossplane, velero-plugin-for-csi, flux-source-controller, hugo-extended, kor, grpc-health-probe, flannel-cni-plugin, kubernetes, multus-cni, melange, nsc, sigstore-scaffolding, kind, nri-nagios,...
6.8AI Score
0.0004EPSS
GHSA-V6V8-XJ6M-XWQH vulnerabilities
Vulnerabilities for packages: consul, external-dns, flux-image-reflector-controller, kubescape, gitsign, ksops, rook, slsa-verifier, kyverno, flux-source-controller, influxd, timestamp-authority, k3d, zarf, loki, flux-notification-controller, aactl, nuclei, tkn, sigstore-scaffolding, skopeo, glab,....
7.5AI Score
CVE-2023-45285 vulnerabilities
Vulnerabilities for packages: cortex, slsa-verifier, hey, mage, influx, nsc, sonobuoy, docker-cli, k3d, prometheus-bind-exporter, metrics-server, aactl, ctop, gitlab-logger, oras, configmap-reload, docker-credential-ecr-login, cni-plugins, grpcurl, nri-discovery-kubernetes, kind, ip-masq-agent,...
7.5CVSS
7.9AI Score
0.001EPSS
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: consul, kubescape, nri-mssql, crossplane, prometheus-nats-exporter, caddy, istio-pilot-discovery, ollama, flux-source-controller, prometheus-blackbox-exporter, temporal-ui-server, ko, istio-cni, cloudflared, grpc-health-probe, gatekeeper,...
5.9CVSS
7.1AI Score
0.963EPSS
CVE-2024-24557 vulnerabilities
Vulnerabilities for packages: up, flux-image-reflector-controller, kubescape, slsa-verifier, gitsign, kubeflow-katib, crane, istio-pilot-discovery, kyverno, zarf, k9s, loki, aactl, ctop, skopeo, istio-pilot-agent, kubevela, k3s, bom, datadog-agent, tekton-pipelines, guac, flux-helm-controller,...
7.8CVSS
7.5AI Score
0.001EPSS
Vulnerabilities for packages: consul, ollama, nodetaint, aws-ebs-csi-driver, flux-source-controller, cue, prometheus-blackbox-exporter, flux-notification-controller, gatekeeper, nfs-subdir-external-provisioner, k8sgpt-operator, newrelic-infrastructure-agent, dive, metacontroller, wireguard-go,...
6.1CVSS
7.3AI Score
0.001EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: consul, nri-mssql, kube-bench, crossplane, mage, caddy, nodetaint, aws-ebs-csi-driver, cue, prometheus-blackbox-exporter, temporal-ui-server, ytt, kor, kuberay-operator, petname, gatekeeper, nfs-subdir-external-provisioner, k8sgpt-operator, direnv,...
7.5AI Score
GHSA-M5VV-6R4H-3VJ9 vulnerabilities
Vulnerabilities for packages: up, flux-image-reflector-controller, cortex, external-dns, kubescape, rook, ksops, prometheus-operator, kyverno, sqlpad, flux-source-controller, tempo, timestamp-authority, teleport, zarf, loki, airflow, nuclei, tkn, sigstore-scaffolding, flux, step, tekton-pipelines,....
7.5AI Score
CVE-2023-45142 vulnerabilities
Vulnerabilities for packages: up, prometheus, calico, thanos, gitlab-kas, kubernetes, caddy, k3s, ipfs, kubevela, gatekeeper, cert-manager, keda,...
7.5CVSS
7.9AI Score
0.001EPSS
GHSA-RCJV-MGP8-QVMR vulnerabilities
Vulnerabilities for packages: up, prometheus, calico, thanos, gitlab-kas, kubernetes, caddy, k3s, ipfs, kubevela, gatekeeper, cert-manager, keda,...
7.5AI Score
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: consul, kubescape, kube-bench, crossplane, prometheus-nats-exporter, caddy, istio-pilot-discovery, aws-ebs-csi-driver, nodetaint, ollama, flux-source-controller, kaniko, docker, hugo-extended, flux-notification-controller, temporal-ui-server, istio-cni, cloudflared,...
6.6AI Score
0.0004EPSS
CVE-2024-35255 vulnerabilities
Vulnerabilities for packages: up, flux-image-reflector-controller, cortex, external-dns, kubescape, rook, ksops, prometheus-operator, kyverno, sqlpad, flux-source-controller, tempo, timestamp-authority, teleport, zarf, loki, airflow, nuclei, tkn, sigstore-scaffolding, flux, step, tekton-pipelines,....
5.5CVSS
6AI Score
0.0004EPSS
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: consul, nri-mssql, kube-bench, crossplane, mage, caddy, nodetaint, aws-ebs-csi-driver, cue, prometheus-blackbox-exporter, temporal-ui-server, ytt, kor, kuberay-operator, petname, gatekeeper, nfs-subdir-external-provisioner, k8sgpt-operator, direnv,...
7.5AI Score
CVE-2024-26147 vulnerabilities
Vulnerabilities for packages: up, kubescape, chartmuseum, k8sgpt, cilium-cli, trivy, istio-operator, flux-source-controller, zot, helm-operator, cert-manager, zarf, flux-helm-controller, eksctl, k9s, helm-push,...
7.5CVSS
7.7AI Score
0.0004EPSS
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: mkcert, kubescape, kube-bench, crossplane, mage, crane, prometheus-nats-exporter, caddy, aws-ebs-csi-driver, newrelic-nri-statsd, flux-source-controller, cue, tfsec, flux-notification-controller, ko, cloudflared, mods, petname, nfs-subdir-external-provisioner, direnv,....
7.5AI Score
CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: consul, mkcert, nri-mssql, kube-bench, crossplane, velero-plugin-for-csi, flux-source-controller, gpu-feature-discovery, grpc-health-probe, hivemind, flannel-cni-plugin, nvidia-container-toolkit, neuvector-dbgen, kubernetes, kots, nsc, sigstore-scaffolding, kind,...
9.8CVSS
9.8AI Score
0.001EPSS
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: consul, kubescape, caddy, istio-pilot-discovery, aws-ebs-csi-driver, nodetaint, ollama, flux-source-controller, cue, prometheus-blackbox-exporter, flux-notification-controller, istio-cni, gatekeeper, nfs-subdir-external-provisioner, k8sgpt-operator,...
7.5CVSS
8.4AI Score
0.002EPSS
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: consul, nri-mssql, kube-bench, crossplane, mage, caddy, nodetaint, aws-ebs-csi-driver, cue, prometheus-blackbox-exporter, temporal-ui-server, ytt, kor, kuberay-operator, petname, gatekeeper, nfs-subdir-external-provisioner, k8sgpt-operator, direnv,...
7.5AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: consul, mkcert, nri-mssql, kube-bench, crossplane, velero-plugin-for-csi, flux-source-controller, hugo-extended, kor, grpc-health-probe, flannel-cni-plugin, kubernetes, multus-cni, melange, nsc, sigstore-scaffolding, kind, nri-nagios,...
7.5AI Score
GHSA-C5Q2-7R4C-MV6G vulnerabilities
Vulnerabilities for packages: rook, dex, gitsign, slsa-verifier, melange, istio-pilot-discovery, flux-source-controller, timestamp-authority, zarf, aactl, ko, apko, istio-cni, cloudflared, sigstore-scaffolding, skopeo, tkn, istio-pilot-agent, step, grpc-health-probe, tekton-pipelines, guac, keda,.....
7.5AI Score