Hermit 音乐播放器 (WordPress Plugin) Security Vulnerabilities

CVE-2023-44487 affecting package sriov-network-device-plugin for versions less than 3.5.1-2

CVE-2023-44487 affecting package sriov-network-device-plugin for versions less than 3.5.1-2. A patched version of the package is...

Popular WordPress Plugins Leave Millions Open to Backdoor Attacks

Fastly researchers discover unauthenticated stored XSS attacks plaguing WordPress Plugins including WP Meta SEO, and the popular...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: runc, pulumi-kubernetes-operator, istio-pilot-agent, kubernetes-csi-node-driver-registrar, prometheus-bind-exporter, certificate-transparency, argo-cd, capslock, ferretdb, ingress-nginx-controller, kube-fluentd-operator, ollama, up, kube-bench, grafana-agent-operator,....

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: runc, fq, aws-flb-firehose, pulumi-kubernetes-operator, nats-server, kubernetes-csi-node-driver-registrar, prometheus-bind-exporter, argo-cd, capslock, ferretdb, ingress-nginx-controller, s5cmd, up, task, kube-bench, docker-credential-gcr, haproxy-ingress,...

CVE-2024-21626 vulnerabilities

Vulnerabilities for packages: runc, skopeo, newrelic-infrastructure-agent, k9s, ingress-nginx-controller, ctop, syft, k3d, telegraf, trivy, kots, k3s, zot, buildkitd, kubernetes, docker, kubescape, wolfictl, nvidia-device-plugin, grype, nerdctl, skaffold, zarf, datadog-agent, kaniko,...

GHSA-VVPX-J8F3-3W6H vulnerabilities

Vulnerabilities for packages: go, falco, hey, gke-gcloud-auth-plugin, k3d, dynamic-localpv-provisioner, wireguard-go, restic,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: nginx-mainline, pulumi-kubernetes-operator, kubernetes-csi-node-driver-registrar, prometheus-bind-exporter, argo-cd, ingress-nginx-controller, ollama, up, haproxy-ingress, kind, opentofu, bom, kubevela, cert-manager, spark-operator, fuse-overlayfs-snapshotter, kots,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: nats-server, prometheus-bind-exporter, capslock, s5cmd, ferretdb, up, task, kube-bench, docker-credential-gcr, grafana-agent-operator, external-secrets-operator, lazygit, cluster-proportional-autoscaler, step-issuer, cfssl, hubble, sops, gptscript, nri-rabbitmq,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: runc, pulumi-kubernetes-operator, nats-server, go-fips, certificate-transparency, capslock, jitsucom-bulker, ferretdb, prometheus-bind-exporter, s5cmd, kube-bench, docker-credential-gcr, grafana-agent-operator, kind, opa, external-secrets-operator, caddy, k8sgpt, bom,....

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: runc, pulumi-kubernetes-operator, nats-server, go-fips, certificate-transparency, capslock, jitsucom-bulker, ferretdb, prometheus-bind-exporter, s5cmd, kube-bench, docker-credential-gcr, grafana-agent-operator, kind, opa, external-secrets-operator, caddy, k8sgpt, bom,....

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: falco, smarter-device-manager, ip-masq-agent, wait-for-port, kubernetes-dashboard-metrics-scraper, cass-operator, nri-discovery-kubernetes, gke-gcloud-auth-plugin, aws-flb-firehose, render-template, prometheus-bind-exporter, configmap-reload, ctop, goreleaser,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: runc, pulumi-kubernetes-operator, kubernetes-csi-node-driver-registrar, prometheus-bind-exporter, argo-cd, ollama, kube-fluentd-operator, haproxy-ingress, opentofu, k8sgpt-operator, external-secrets-operator, thanos-operator, k8sgpt, bom, kubevela, spark-operator,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: runc, pulumi-kubernetes-operator, istio-pilot-agent, kubernetes-csi-node-driver-registrar, prometheus-bind-exporter, certificate-transparency, argo-cd, capslock, ferretdb, ingress-nginx-controller, kube-fluentd-operator, ollama, up, kube-bench, grafana-agent-operator,....

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: runc, fq, aws-flb-firehose, pulumi-kubernetes-operator, nats-server, kubernetes-csi-node-driver-registrar, prometheus-bind-exporter, argo-cd, capslock, ferretdb, ingress-nginx-controller, s5cmd, up, task, kube-bench, docker-credential-gcr, haproxy-ingress,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: runc, fq, aws-flb-firehose, pulumi-kubernetes-operator, nats-server, kubernetes-csi-node-driver-registrar, prometheus-bind-exporter, argo-cd, capslock, ferretdb, ingress-nginx-controller, s5cmd, up, task, kube-bench, docker-credential-gcr, haproxy-ingress,...

CVE-2022-41723 vulnerabilities

Vulnerabilities for packages: go, falco, hey, gke-gcloud-auth-plugin, k3d, dynamic-localpv-provisioner, wireguard-go, restic,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: nats-server, prometheus-bind-exporter, capslock, s5cmd, ferretdb, up, task, kube-bench, docker-credential-gcr, grafana-agent-operator, external-secrets-operator, lazygit, cluster-proportional-autoscaler, step-issuer, cfssl, hubble, sops, gptscript, nri-rabbitmq,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: runc, pulumi-kubernetes-operator, nats-server, jitsucom-bulker, certificate-transparency, capslock, prometheus-bind-exporter, ferretdb, s5cmd, kube-bench, docker-credential-gcr, grafana-agent-operator, kind, opa, external-secrets-operator, caddy, k8sgpt, bom,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: runc, pulumi-kubernetes-operator, istio-pilot-agent, kubernetes-csi-node-driver-registrar, prometheus-bind-exporter, argo-cd, ollama, kube-fluentd-operator, up, haproxy-ingress, kind, istio-pilot-discovery, external-secrets-operator, caddy, k8sgpt-operator, bom,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: runc, fq, aws-flb-firehose, pulumi-kubernetes-operator, nats-server, kubernetes-csi-node-driver-registrar, prometheus-bind-exporter, argo-cd, capslock, ferretdb, ingress-nginx-controller, s5cmd, up, task, kube-bench, docker-credential-gcr, haproxy-ingress,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: runc, fq, aws-flb-firehose, pulumi-kubernetes-operator, nats-server, kubernetes-csi-node-driver-registrar, prometheus-bind-exporter, argo-cd, capslock, ferretdb, ingress-nginx-controller, s5cmd, up, task, kube-bench, docker-credential-gcr, haproxy-ingress,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: runc, fq, aws-flb-firehose, pulumi-kubernetes-operator, nats-server, kubernetes-csi-node-driver-registrar, prometheus-bind-exporter, argo-cd, capslock, ferretdb, ingress-nginx-controller, s5cmd, up, task, kube-bench, docker-credential-gcr, haproxy-ingress,...

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: falco, smarter-device-manager, ip-masq-agent, wait-for-port, kubernetes-dashboard-metrics-scraper, cass-operator, nri-discovery-kubernetes, gke-gcloud-auth-plugin, aws-flb-firehose, render-template, prometheus-bind-exporter, configmap-reload, ctop, goreleaser,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: falco, smarter-device-manager, ip-masq-agent, wait-for-port, kubernetes-dashboard-metrics-scraper, cass-operator, nri-discovery-kubernetes, gke-gcloud-auth-plugin, aws-flb-firehose, render-template, prometheus-bind-exporter, configmap-reload, ctop, goreleaser,...

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: falco, smarter-device-manager, ip-masq-agent, wait-for-port, kubernetes-dashboard-metrics-scraper, cass-operator, nri-discovery-kubernetes, gke-gcloud-auth-plugin, aws-flb-firehose, render-template, prometheus-bind-exporter, configmap-reload, ctop, goreleaser,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: runc, pulumi-kubernetes-operator, kubernetes-csi-node-driver-registrar, prometheus-bind-exporter, argo-cd, ollama, kube-fluentd-operator, haproxy-ingress, opentofu, k8sgpt-operator, external-secrets-operator, thanos-operator, k8sgpt, bom, kubevela, spark-operator,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: runc, pulumi-kubernetes-operator, istio-pilot-agent, kubernetes-csi-node-driver-registrar, prometheus-bind-exporter, argo-cd, ollama, kube-fluentd-operator, up, haproxy-ingress, kind, istio-pilot-discovery, external-secrets-operator, caddy, k8sgpt-operator, bom,...

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: falco, prometheus, node-problem-detector, vault-csi-provider, dynamic-localpv-provisioner, gatekeeper, flux-notification-controller, pulumi-kubernetes-operator, kubernetes-csi-node-driver-registrar, argo-cd, minio, up, weaviate, goreleaser,...

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: nginx-mainline, pulumi-kubernetes-operator, kubernetes-csi-node-driver-registrar, prometheus-bind-exporter, argo-cd, ingress-nginx-controller, ollama, up, haproxy-ingress, kind, opentofu, bom, kubevela, cert-manager, spark-operator, fuse-overlayfs-snapshotter, kots,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: runc, fq, aws-flb-firehose, pulumi-kubernetes-operator, nats-server, kubernetes-csi-node-driver-registrar, prometheus-bind-exporter, argo-cd, capslock, ferretdb, ingress-nginx-controller, s5cmd, up, task, kube-bench, docker-credential-gcr, haproxy-ingress,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: runc, fq, aws-flb-firehose, pulumi-kubernetes-operator, nats-server, kubernetes-csi-node-driver-registrar, prometheus-bind-exporter, argo-cd, capslock, ferretdb, ingress-nginx-controller, s5cmd, up, task, kube-bench, docker-credential-gcr, haproxy-ingress,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: runc, fq, aws-flb-firehose, pulumi-kubernetes-operator, nats-server, kubernetes-csi-node-driver-registrar, prometheus-bind-exporter, argo-cd, capslock, ferretdb, ingress-nginx-controller, s5cmd, up, task, kube-bench, docker-credential-gcr, haproxy-ingress,...

GHSA-XR7R-F8XQ-VFVV vulnerabilities

Vulnerabilities for packages: runc, skopeo, newrelic-infrastructure-agent, k9s, ingress-nginx-controller, ctop, syft, k3d, telegraf, trivy, kots, k3s, zot, buildkitd, kubernetes, docker, kubescape, wolfictl, nvidia-device-plugin, grype, nerdctl, skaffold, zarf, datadog-agent, kaniko,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: runc, pulumi-kubernetes-operator, nats-server, jitsucom-bulker, certificate-transparency, capslock, prometheus-bind-exporter, ferretdb, s5cmd, kube-bench, docker-credential-gcr, grafana-agent-operator, kind, opa, external-secrets-operator, caddy, k8sgpt, bom,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: runc, fq, aws-flb-firehose, pulumi-kubernetes-operator, nats-server, kubernetes-csi-node-driver-registrar, prometheus-bind-exporter, argo-cd, capslock, ferretdb, ingress-nginx-controller, s5cmd, up, task, kube-bench, docker-credential-gcr, haproxy-ingress,...

CVE-2024-35632 WordPress Integration for Constant Contact and Contact Form 7, WPForms, Elementor, Ninja Forms plugin <= 1.1.5 - Cross Site Request Forgery (CSRF) vulnerability

Cross-Site Request Forgery (CSRF) vulnerability in CRM Perks. Integration for Contact Form 7 and Constant Contact.This issue affects Integration for Contact Form 7 and Constant Contact: from n/a through...

CVE-2024-34385 WordPress YITH WooCommerce Wishlist plugin <= 3.32.0 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in YITH YITH WooCommerce Wishlist allows Stored XSS.This issue affects YITH WooCommerce Wishlist: from n/a through...

CVE-2024-34764 WordPress Essential Addons for Elementor plugin <= 5.9.15 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WPDeveloper Essential Addons for Elementor allows Stored XSS.This issue affects Essential Addons for Elementor: from n/a through...

CVE-2024-34766 WordPress ChaosTheory theme <= 1.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Automattic ChaosTheory allows Stored XSS.This issue affects ChaosTheory: from n/a through...

CVE-2024-34767 WordPress ShopLentor plugin <= 2.8.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in HasThemes ShopLentor allows Stored XSS.This issue affects ShopLentor: from n/a through...

CVE-2024-34769 WordPress Elegant Blocks – Amazing Gutenberg Blocks plugin <= 1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in cyclonetheme Elegant Blocks allows Stored XSS.This issue affects Elegant Blocks: from n/a through...

CVE-2024-34770 WordPress Popup Maker WP plugin <= 1.2.8 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Popup Maker Popup Maker WP allows Stored XSS.This issue affects Popup Maker WP: from n/a through...

CVE-2024-34789 WordPress Post Grid Elementor Addon plugin <= 2.0.16 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in WP Hait Post Grid Elementor Addon allows Stored XSS.This issue affects Post Grid Elementor Addon: from n/a through...

CVE-2024-34790 WordPress Download ImageMagick Sharpen Resized Images plugin <= 1.1.7 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Hans van Eijsden,niwreg ImageMagick Sharpen Resized Images allows Stored XSS.This issue affects ImageMagick Sharpen Resized Images: from n/a through...

CVE-2024-34791 WordPress WPB Elementor Addons plugin <= 1.0.9 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in wpbean WPB Elementor Addons allows Stored XSS.This issue affects WPB Elementor Addons: from n/a through...

CVE-2024-34793 WordPress WP Next Post Navi plugin <= 1.8.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Kharim Tomlinson WP Next Post Navi allows Stored XSS.This issue affects WP Next Post Navi: from n/a through...

CVE-2024-34794 WordPress Tainacan plugin <= 0.21.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tainacan.Org Tainacan allows Reflected XSS.This issue affects Tainacan: from n/a through...

CVE-2024-34795 WordPress Tainacan plugin <= 0.21.3 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Tainacan.Org Tainacan allows Stored XSS.This issue affects Tainacan: from n/a through...

CVE-2024-34796 WordPress PopupAlly plugin <= 2.1.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in AccessAlly PopupAlly allows Stored XSS.This issue affects PopupAlly: from n/a through...

CVE-2024-34797 WordPress Simple Popup Manager plugin <= 1.3.5 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Benoit Mercusot Simple Popup Manager allows Stored XSS.This issue affects Simple Popup Manager: from n/a through...