Frontend File Manager & Sharing – User Private Files Security Vulnerabilities

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: calico, flux-image-reflector-controller, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: flux-image-reflector-controller, vcluster, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, hey, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...

GHSA-C5Q2-7R4C-MV6G vulnerabilities

Vulnerabilities for packages: skopeo, cosign, aactl, tkn, step, melange, tekton-pipelines, weaviate, grafana, istio-pilot-discovery, falcoctl, grpc-health-probe, vault, cilium, goreleaser, zarf, frp, gitsign, ko, slsa-verifier, policy-controller, terragrunt, keda, external-secrets-operator,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: wireguard-go, aactl, flux-notification-controller, confluent-common-docker, go-md2man, flux-image-reflector-controller, overmind, delve, falcosidekick, mods, aws-ebs-csi-driver, k9s, zot, pulumi-language-yaml, lazygit, docker-credential-acr-env, ko, helm-push,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

CVE-2023-47108 vulnerabilities

Vulnerabilities for packages: argo-cd, cert-manager, k3s, kubevela, kine, kyverno, docker-compose, envoy-ratelimit, kubernetes-csi-external-resizer, containerd, cri-tools, kubescape, kubernetes, temporal-server, aws-ebs-csi-driver, temporal,...

GHSA-8PGV-569H-W5RW vulnerabilities

Vulnerabilities for packages: argo-cd, cert-manager, k3s, kubevela, kine, kyverno, docker-compose, envoy-ratelimit, kubernetes-csi-external-resizer, containerd, cri-tools, kubescape, kubernetes, temporal-server, aws-ebs-csi-driver, temporal,...

CVE-2024-26147 vulnerabilities

Vulnerabilities for packages: helm-operator, k9s, eksctl, cert-manager, zarf, zot, helm-push, flux-source-controller, istio-operator, up, k8sgpt, kots, cilium-cli, flux-helm-controller, kubescape, trivy,...

GHSA-V53G-5GJP-272R vulnerabilities

Vulnerabilities for packages: helm-operator, k9s, eksctl, cert-manager, zarf, zot, helm-push, flux-source-controller, istio-operator, up, k8sgpt, kots, cilium-cli, flux-helm-controller, kubescape, trivy,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: flux-image-reflector-controller, vcluster, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, hey, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: aactl, prometheus-bind-exporter, go-md2man, render-template, grpcurl, influx, ctop, cass-operator, gops, goreleaser, helm-push, local-path-provisioner, slsa-verifier, prometheus-stackdriver-exporter, configmap-reload, nri-discovery-kubernetes, cni-plugins, gosu,...

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: aactl, prometheus-bind-exporter, go-md2man, render-template, grpcurl, influx, ctop, cass-operator, gops, goreleaser, helm-push, local-path-provisioner, slsa-verifier, prometheus-stackdriver-exporter, configmap-reload, nri-discovery-kubernetes, cni-plugins, gosu,...

CVE-2024-28180 vulnerabilities

Vulnerabilities for packages: skopeo, cosign, aactl, tkn, step, melange, tekton-pipelines, weaviate, grafana, istio-pilot-discovery, falcoctl, grpc-health-probe, vault, cilium, goreleaser, zarf, frp, gitsign, ko, slsa-verifier, policy-controller, terragrunt, keda, external-secrets-operator,...

GHSA-45X7-PX36-X8W8 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, aactl, prometheus, flux-image-reflector-controller, consul, zot, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubescape, temporal-server, pulumi, dockerize, secrets-store-csi-driver-provider-azure, sigstore-scaffolding,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: wireguard-go, aactl, flux-notification-controller, kubevela, prometheus, flux-image-reflector-controller, consul, aws-ebs-csi-driver, nodetaint, zot, pulumi-language-yaml, kubernetes-csi-livenessprobe, trust-manager, tctl, hey, pulumi, minio, prometheus-operator,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: wireguard-go, aactl, flux-notification-controller, kubevela, prometheus, flux-image-reflector-controller, consul, aws-ebs-csi-driver, nodetaint, zot, pulumi-language-yaml, slsa-verifier, kubernetes-csi-livenessprobe, kubescape, trust-manager, tctl, hey, pulumi, minio,....

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: calico, grype, cosign, aactl, flux-notification-controller, kubevela, buildkitd, helm, prometheus, weaviate, gitlab-pages, secrets-store-csi-driver, goreleaser, pulumi-language-yaml, ko, slsa-verifier, pulumi-kubernetes-operator, conftest, keda,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, aactl, flux-notification-controller, kubevela, prometheus, dotnet, nodetaint, pulumi-language-yaml, ko, slsa-verifier, kubernetes-csi-livenessprobe, kubescape, tctl, hey, pulumi, minio, sigstore-scaffolding, cert-manager, metacontroller,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: aactl, prometheus-bind-exporter, go-md2man, render-template, grpcurl, influx, ctop, cass-operator, gops, goreleaser, helm-push, local-path-provisioner, slsa-verifier, prometheus-stackdriver-exporter, configmap-reload, nri-discovery-kubernetes, cni-plugins, gosu,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5

CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: wireguard-go, aactl, flux-notification-controller, confluent-common-docker, go-md2man, flux-image-reflector-controller, overmind, delve, falcosidekick, mods, aws-ebs-csi-driver, k9s, zot, pulumi-language-yaml, lazygit, docker-credential-acr-env, ko, helm-push,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: flux-image-reflector-controller, vcluster, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, hey, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...

GHSA-XW73-RW38-6VJC vulnerabilities

Vulnerabilities for packages: skopeo, cosign, aactl, filebeat, kubevela, buildkitd, helm, prometheus, flux-image-reflector-controller, tekton-pipelines, gitlab-runner, ctop, docker-credential-gcr, k8sgpt, istio-pilot-discovery, falcoctl, cadvisor, goreleaser, k9s, eksctl, timoni, gitsign, zarf,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5

CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...

CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5

CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...

CVE-2024-5181 Command Injection in mudler/localai

A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker can exploit this vulnerability by...

CVE-2024-28973

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted...

CVE-2024-5173

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video player widget settings in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-5173

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video player widget settings in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

CVE-2024-5173 HT Mega – Absolute Addons For Elementor <= 2.5.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via Video Player Widget Settings

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Video player widget settings in all versions up to, and including, 2.5.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it...

Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities

Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.8.0. Vulnerability Details ** CVEID: CVE-2023-38371 DESCRIPTION: **IBM Security Access Manager uses weaker than expected cryptographic algorithms that...

Security Bulletin: IBM Security Verify Access is vulnerable to multiple Security Vulnerabilities

Summary The IBM Security Verify Access Appliance and IBM Security Verify Access Container has addressed multiple vulnerabilities in release 10.0.0.8. Vulnerability Details ** CVEID: CVE-2024-31883 DESCRIPTION: **IBM Security Verify Access, under certain configurations, could allow an...

CVE-2024-5460

A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to hard-coded, default...

CVE-2024-5460

A vulnerability in the default configuration of the Simple Network Management Protocol (SNMP) feature of Brocade Fabric OS versions before v9.0.0 could allow an authenticated, remote attacker to read data from an affected device via SNMP. The vulnerability is due to hard-coded, default...

CVE-2024-4869

The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2024-29954

A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the...

CVE-2024-29954

A vulnerability in a password management API in Brocade Fabric OS versions before v9.2.1, v9.2.0b, v9.1.1d, and v8.2.3e prints sensitive information in log files. This could allow an authenticated user to view the server passwords for protocols such as scp and sftp. Detail. When the...

CVE-2024-38526

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc...

CVE-2024-29953

A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. This could allow an authenticated user to view other users' session encoded...

CVE-2024-38526

pdoc provides API Documentation for Python Projects. Documentation generated with pdoc --math linked to JavaScript files from polyfill.io. The polyfill.io CDN has been sold and now serves malicious code. This issue has been fixed in pdoc...

CVE-2024-4869

The WP Cookie Consent ( for GDPR, CCPA & ePrivacy ) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘Client-IP’ header in all versions up to, and including, 3.2.0 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2024-29953

A vulnerability in the web interface in Brocade Fabric OS before v9.2.1, v9.2.0b, and v9.1.1d prints encoded session passwords on session storage for Virtual Fabric platforms. This could allow an authenticated user to view other users' session encoded...

OpenVPN vulnerability

Releases Ubuntu 16.04 ESM Ubuntu 14.04 ESM Packages openvpn - virtual private network software Details It was discovered that OpenVPN incorrectly handled certain configurations with multiple authentication plugins. A remote attacker could possibly use this issue to bypass authentication using...

JVN#34977158: WordPress plugins "WP Tweet Walls" and "Sola Testimonials" vulnerable to cross-site request forgery

WordPress plugins "WP Tweet Walls" and "Sola Testimonials" provided by Sola Plugins contain a cross-site request forgery vulnerability (CWE-352). ## Impact While a user logs in to the WordPress site where the affected plugin is enabled, accessing a malicious page may make the user perform...