A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file addmeasurement.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely....
6.3CVSS
EPSS
A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file addmeasurement.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely....
6.3CVSS
6.9AI Score
EPSS
CVE-2024-6109 itsourcecode Tailoring Management System addmeasurement.php sql injection
A vulnerability was found in itsourcecode Tailoring Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file addmeasurement.php. The manipulation of the argument id leads to sql injection. The attack can be launched remotely....
6.3CVSS
EPSS
The Annual SaaS Security Report: 2025 CISO Plans and Priorities
Seventy percent of enterprises are prioritizing investment in SaaS security by establishing dedicated teams to secure SaaS applications, as part of a growing trend of maturity in this field of cybersecurity, according to a new survey released this month by the Cloud Security Alliance (CSA)....
7.2AI Score
Summary Vulnerabilities in multiple JAR files affect Transparent Cloud Tiering in IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products. The vulnerabilities are not thought to be exploitable but IBM recommends upgrade for users of Transparent Cloud Tiering...
9.8CVSS
9.4AI Score
0.939EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: vertical-pod-autoscaler, ferretdb, bank-vaults, frp, ingress-nginx-controller, crossplane-provider-gcp, kor, nfs-subdir-external-provisioner, tekton-chains, metrics-server, cri-tools, terragrunt, aws-efs-csi-driver, goreleaser, hubble-ui, hubble, cass-operator,...
7.5AI Score
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: esbuild, ingress-nginx-controller, metrics-server, goreleaser, hubble-ui, certificate-transparency, kubescape, oras, fulcio, sbomqs, envoy-ratelimit, nsc, volume-modifier-for-k8s, cilium, nuclei, calico, kube-bench, bincapz, kind, kaniko, external-dns,...
6.8AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: vertical-pod-autoscaler, ferretdb, bank-vaults, docker-credential-ecr-login, hcloud, frp, delve, go-bindata, wait-for-port, dockerize, crossplane-provider-gcp, mongo-tools, nfs-subdir-external-provisioner, metrics-server, tekton-chains, cri-tools, aws-efs-csi-driver,.....
7.5AI Score
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: vertical-pod-autoscaler, ferretdb, bank-vaults, frp, ingress-nginx-controller, crossplane-provider-gcp, kor, nfs-subdir-external-provisioner, tekton-chains, metrics-server, cri-tools, terragrunt, aws-efs-csi-driver, goreleaser, hubble-ui, hubble, cass-operator,...
6.7AI Score
0.0004EPSS
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: vertical-pod-autoscaler, ferretdb, bank-vaults, docker-credential-ecr-login, hcloud, frp, delve, go-bindata, wait-for-port, dockerize, crossplane-provider-gcp, mongo-tools, nfs-subdir-external-provisioner, metrics-server, tekton-chains, cri-tools, aws-efs-csi-driver,.....
6.5AI Score
0.0004EPSS
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller, metrics-server, hubble-ui, certificate-transparency, kubescape, oras, fulcio, sbomqs, nerdctl, nsc, volume-modifier-for-k8s, wave, cilium, kube-bench, kind, kaniko, octo-sts, external-dns, neuvector-sigstore-interface, dgraph, wolfictl,...
6.5AI Score
0.0004EPSS
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: vertical-pod-autoscaler, ferretdb, bank-vaults, docker-credential-ecr-login, hcloud, frp, delve, go-bindata, wait-for-port, dockerize, crossplane-provider-gcp, mongo-tools, nfs-subdir-external-provisioner, metrics-server, tekton-chains, cri-tools, aws-efs-csi-driver,.....
7.5AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: esbuild, ingress-nginx-controller, metrics-server, goreleaser, hubble-ui, certificate-transparency, kubescape, oras, fulcio, sbomqs, envoy-ratelimit, nsc, volume-modifier-for-k8s, cilium, nuclei, calico, kube-bench, bincapz, kind, kaniko, external-dns,...
7.5AI Score
CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller, metrics-server, hubble-ui, certificate-transparency, kubescape, oras, fulcio, sbomqs, nerdctl, nsc, volume-modifier-for-k8s, wave, cilium, kube-bench, kind, kaniko, octo-sts, external-dns, neuvector-sigstore-interface, dgraph, wolfictl,...
6.5AI Score
0.0004EPSS
7.5AI Score
GHSA-C5Q2-7R4C-MV6G vulnerabilities
Vulnerabilities for packages: external-secrets-operator, rook, flux-kustomize-controller, ko, zarf, argo-cd, tekton-pipelines, cert-manager, frp, weaviate, skaffold, apko, grpc-health-probe, tekton-chains, istio-pilot-agent, terragrunt, goreleaser, timestamp-authority, istio-cni, containerd, dex,.....
7.5AI Score
GHSA-5JPM-X58V-624V vulnerabilities
Vulnerabilities for packages: opensearch, keycloak, spark, cloudwatch-exporter, neo4j, management-api-for-apache-cassandra, selenium,...
7.5AI Score
CVE-2024-29025 vulnerabilities
Vulnerabilities for packages: opensearch, keycloak, spark, cloudwatch-exporter, neo4j, management-api-for-apache-cassandra, selenium,...
5.3CVSS
5.9AI Score
0.0004EPSS
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller, metrics-server, hubble-ui, certificate-transparency, kubescape, oras, fulcio, sbomqs, nerdctl, nsc, volume-modifier-for-k8s, wave, cilium, kube-bench, kind, kaniko, octo-sts, external-dns, neuvector-sigstore-interface, dgraph, wolfictl,...
7.5AI Score
CVE-2024-28180 vulnerabilities
Vulnerabilities for packages: external-secrets-operator, rook, flux-kustomize-controller, ko, zarf, argo-cd, tekton-pipelines, cert-manager, frp, weaviate, skaffold, apko, grpc-health-probe, tekton-chains, istio-pilot-agent, terragrunt, goreleaser, timestamp-authority, istio-cni, containerd, dex,.....
4.3CVSS
6AI Score
0.0005EPSS
7.5CVSS
7.7AI Score
0.005EPSS
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: vertical-pod-autoscaler, ferretdb, bank-vaults, docker-credential-ecr-login, hcloud, frp, delve, go-bindata, wait-for-port, dockerize, crossplane-provider-gcp, mongo-tools, nfs-subdir-external-provisioner, metrics-server, tekton-chains, cri-tools, aws-efs-csi-driver,.....
6.5AI Score
0.0004EPSS
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: ingress-nginx-controller, metrics-server, hubble-ui, certificate-transparency, kubescape, oras, fulcio, sbomqs, nerdctl, nsc, volume-modifier-for-k8s, wave, cilium, kube-bench, kind, kaniko, octo-sts, external-dns, neuvector-sigstore-interface, dgraph, wolfictl,...
7.5AI Score
7.1AI Score
0.0005EPSS
K000140029: libcurl vulnerability CVE-2024-2398
Security Advisory Description When an application tells libcurl it wants to allow HTTP/2 server push, and the amount of received headers for the push surpasses the maximum allowed limit (1000), libcurl aborts the server push. When aborting, libcurl inadvertently does not free all the previously...
6.6AI Score
0.0004EPSS
6.7AI Score
EPSS
6.5CVSS
5.7AI Score
0.006EPSS
Impact A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave...
6.8AI Score
EPSS
Impact A vulnerability has been identified in which Rancher does not automatically clean up a user which has been deleted from the configured authentication provider (AP). This characteristic also applies to disabled or revoked users, Rancher will not reflect these modifications which may leave...
6.5AI Score
EPSS
ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and...
7.5CVSS
7.4AI Score
0.0004EPSS
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file payment_report.php. The manipulation of the argument month_of leads to sql injection. It is possible to launch the attack remotely. The...
6.3CVSS
0.0004EPSS
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file payment_report.php. The manipulation of the argument month_of leads to sql injection. It is possible to launch the attack remotely. The...
6.3CVSS
6.9AI Score
0.0004EPSS
Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input...
0.0004EPSS
Cross-site scripting (XSS) vulnerability in search-appointment.php in the Admin Panel in Phpgurukul Beauty Parlour Management System 1.0 allows remote attackers to inject arbitrary web script or HTML via the search input...
5.8AI Score
0.0004EPSS
Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability....
7.9AI Score
0.0004EPSS
Sourcecodester Payroll Management System v1.0 is vulnerable to File Upload. Users can upload images via the "save_settings" page. An unauthenticated attacker can leverage this functionality to upload a malicious PHP file instead. Successful exploitation of this vulnerability results in the ability....
0.0004EPSS
CVE-2024-6066 SourceCodester Best House Rental Management System payment_report.php sql injection
A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is an unknown function of the file payment_report.php. The manipulation of the argument month_of leads to sql injection. It is possible to launch the attack remotely. The...
6.3CVSS
0.0004EPSS
Whenever a company is notified about or discovers a critical flaw in their system/application that has the potential to be exploited by malicious elements, it’s termed a vulnerability. However, every time a flaw being actively exploited is discovered, code red is punched as the organization’s IT...
7.9AI Score
Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failin...
8.8CVSS
0.0004EPSS
Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failin...
8.8CVSS
9.1AI Score
0.0004EPSS
ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and...
7.5CVSS
7.4AI Score
0.0004EPSS
ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and...
7.5CVSS
0.0004EPSS
ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and...
7.5CVSS
7.5AI Score
0.0004EPSS
Security Bulletin: QRadar Suite Software includes components with multiple known vulnerabilities
Summary QRadar Suite Software includes components with known vulnerabilities. These have been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability Details **...
8.2CVSS
9.7AI Score
EPSS
Security Bulletin: IBM QRadar Suite software is vulnerable to injection attacks (CVE-2023-47726)
Summary IBM QRadar Suite software is vulnerable to injection attacks through dashboard input. This has been updated in the latest release and vulnerabilities have been addressed. Please follow the instructions in the Remediation/Fixes section below to update to the latest version. Vulnerability...
7.9AI Score
EPSS
CVE-2024-37896 SQL injection vulnerability in Gin-vue-admin
Gin-vue-admin is a backstage management system based on vue and gin. Gin-vue-admin <= v2.6.5 has SQL injection vulnerability. The SQL injection vulnerabilities occur when a web application allows users to input data into SQL queries without sufficiently validating or sanitizing the input. Failin...
8.8CVSS
0.0004EPSS
SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID...
0.0004EPSS
SQL injection vulnerability in processscore.php in Itsourcecode Learning Management System Project In PHP With Source Code v1.0 allows remote attackers to execute arbitrary SQL commands via the LessonID...
8.6AI Score
0.0004EPSS
ws affected by a DoS when handling a request with many HTTP headers
Impact A request with a number of headers exceeding the[server.maxHeadersCount][] threshold could be used to crash a ws server. Proof of concept ```js const http = require('http'); const WebSocket = require('ws'); const wss = new WebSocket.Server({ port: 0 }, function () { const chars =...
7.5CVSS
6.7AI Score
0.0004EPSS
CVE-2024-37890 Denial of service when handling a request with many HTTP headers in ws
ws is an open source WebSocket client and server for Node.js. A request with a number of headers exceeding theserver.maxHeadersCount threshold could be used to crash a ws server. The vulnerability was fixed in [email protected] (e55e510) and backported to [email protected] (22c2876), [email protected] (eeb76d3), and...
7.5CVSS
0.0004EPSS