GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: boring-registry, nfs-subdir-external-provisioner, istio-pilot-agent, kubernetes-csi-driver-hostpath, kpt, prometheus-mongodb-exporter, gitlab-pages, newrelic-nri-kube-events, rclone, pulumi, docker-compose, prometheus-elasticsearch-exporter, istio-operator, influxd,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...
7.8AI Score
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-driver-hostpath, kpt, istio-operator, prometheus-statsd-exporter, ghaudit, prometheus-adapter, node-feature-discovery, speedtest-go, kubernetes-csi-external-provisioner, cni-plugins, kor, nri-nginx, helm-operator, gitlab-logger, k8ssandra-operator,...
6.7AI Score
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: flyte, boring-registry, nfs-subdir-external-provisioner, kubernetes-csi-driver-hostpath, kpt, go, pombump, gitlab-pages, go-licenses, rabbitmq-default-user-credential-updater, rclone, spqr, kubernetes-ingress-defaultbackend, docker-compose, wire-go, gitleaks,...
6.5AI Score
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: flyte, boring-registry, nfs-subdir-external-provisioner, kubernetes-csi-driver-hostpath, kpt, go, pombump, gitlab-pages, go-licenses, rabbitmq-default-user-credential-updater, rclone, spqr, kubernetes-ingress-defaultbackend, docker-compose, wire-go, gitleaks,...
7.5AI Score
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: wolfictl, kubernetes-csi-driver-hostpath, kpt, istio-operator, prometheus-statsd-exporter, ghaudit, hey, prometheus-adapter, node-feature-discovery, speedtest-go, kubernetes-csi-external-provisioner, nvidia-container-toolkit, teleport, cni-plugins, nri-nginx,...
7.2AI Score
Vulnerabilities for packages: nfs-subdir-external-provisioner, kpt, prometheus-mongodb-exporter, gitlab-pages, pulumi, prometheus-elasticsearch-exporter, influxd, cluster-autoscaler, prometheus-statsd-exporter, vault, hey, prometheus-adapter, prometheus-node-exporter,...
6.1CVSS
7.2AI Score
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: boring-registry, nfs-subdir-external-provisioner, istio-pilot-agent, fq, prometheus-mongodb-exporter, gitlab-pages, go-licenses, pulumi, istio-operator, influxd, cluster-autoscaler, prometheus-statsd-exporter, vault, prometheus-adapter, prometheus-node-exporter,...
5.9CVSS
7.1AI Score
CVE-2024-24557 vulnerabilities
Vulnerabilities for packages: buildkitd, gitlab-runner, kyverno, slsa-verifier, filebeat, istio-pilot-agent, telegraf, up, zot, flux-helm-controller, tekton-chains, kubevela, kots, k9s, kargo, pulumi, goreleaser, skaffold, docker-credential-gcr, falco, helm, bom, datadog-agent, traefik, eksctl,...
7.8CVSS
7.4AI Score
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: boring-registry, nfs-subdir-external-provisioner, istio-pilot-agent, kubernetes-csi-driver-hostpath, kpt, prometheus-mongodb-exporter, gitlab-pages, newrelic-nri-kube-events, rclone, pulumi, docker-compose, prometheus-elasticsearch-exporter, istio-operator, influxd,...
6.5AI Score
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...
7.8AI Score
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...
7.5AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: kubernetes-csi-driver-hostpath, kpt, istio-operator, prometheus-statsd-exporter, ghaudit, prometheus-adapter, node-feature-discovery, speedtest-go, kubernetes-csi-external-provisioner, cni-plugins, kor, nri-nginx, helm-operator, gitlab-logger, k8ssandra-operator,...
7.5AI Score
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: flyte, boring-registry, nfs-subdir-external-provisioner, kubernetes-csi-driver-hostpath, kpt, go, pombump, gitlab-pages, go-licenses, rabbitmq-default-user-credential-updater, rclone, spqr, kubernetes-ingress-defaultbackend, docker-compose, wire-go, gitleaks,...
7.5AI Score
CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: wolfictl, kubernetes-csi-driver-hostpath, kpt, istio-operator, prometheus-statsd-exporter, ghaudit, hey, prometheus-adapter, node-feature-discovery, speedtest-go, kubernetes-csi-external-provisioner, nvidia-container-toolkit, teleport, cni-plugins, nri-nginx,...
7.2AI Score
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: nfs-subdir-external-provisioner, istio-pilot-agent, kpt, prometheus-mongodb-exporter, go, gitlab-pages, kubernetes-ingress-defaultbackend, pulumi, prometheus-elasticsearch-exporter, istio-operator, influxd, cluster-autoscaler, prometheus-statsd-exporter, vault, hey,...
7.5CVSS
8.4AI Score
GHSA-9763-4F94-GFCH vulnerabilities
Vulnerabilities for packages: boring-registry, grafana, kaniko, slsa-verifier, wolfictl, flux-image-automation-controller, zot, gitness, tekton-chains, kubevela, keda, rclone, sops, melange, pulumi, flux-kustomize-controller, spire-server, goreleaser, vault, pulumi-language-yaml, falco,...
7.5AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...
7.5AI Score
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: wolfictl, kubernetes-csi-driver-hostpath, kpt, istio-operator, prometheus-statsd-exporter, ghaudit, hey, prometheus-adapter, node-feature-discovery, speedtest-go, kubernetes-csi-external-provisioner, nvidia-container-toolkit, teleport, cni-plugins, nri-nginx,...
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: nfs-subdir-external-provisioner, kpt, prometheus-mongodb-exporter, gitlab-pages, pulumi, prometheus-elasticsearch-exporter, influxd, cluster-autoscaler, prometheus-statsd-exporter, vault, hey, prometheus-adapter, prometheus-node-exporter,...
7.5AI Score
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: boring-registry, nfs-subdir-external-provisioner, istio-pilot-agent, fq, prometheus-mongodb-exporter, gitlab-pages, go-licenses, pulumi, istio-operator, influxd, cluster-autoscaler, prometheus-statsd-exporter, vault, prometheus-adapter, prometheus-node-exporter,...
7.5AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: nfs-subdir-external-provisioner, istio-pilot-agent, kpt, prometheus-mongodb-exporter, go, gitlab-pages, kubernetes-ingress-defaultbackend, pulumi, prometheus-elasticsearch-exporter, istio-operator, influxd, cluster-autoscaler, prometheus-statsd-exporter, vault, hey,...
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...
7.8AI Score
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...
7.5AI Score
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...
7.8AI Score
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: flyte, boring-registry, nfs-subdir-external-provisioner, kubernetes-csi-driver-hostpath, kpt, go, pombump, gitlab-pages, go-licenses, rabbitmq-default-user-credential-updater, rclone, spqr, kubernetes-ingress-defaultbackend, docker-compose, wire-go, gitleaks,...
6.5AI Score
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: wolfictl, kubernetes-csi-driver-hostpath, kpt, istio-operator, prometheus-statsd-exporter, ghaudit, hey, prometheus-adapter, node-feature-discovery, speedtest-go, kubernetes-csi-external-provisioner, nvidia-container-toolkit, teleport, cni-plugins, nri-nginx,...
GHSA-XW73-RW38-6VJC vulnerabilities
Vulnerabilities for packages: buildkitd, gitlab-runner, kyverno, slsa-verifier, filebeat, istio-pilot-agent, telegraf, up, zot, flux-helm-controller, tekton-chains, kubevela, kots, k9s, kargo, pulumi, goreleaser, skaffold, docker-credential-gcr, falco, helm, bom, datadog-agent, traefik, eksctl,...
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...
7.8AI Score
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through...
8.5CVSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through...
8.5CVSS
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in wpdevart Responsive Image Gallery, Gallery Album.This issue affects Responsive Image Gallery, Gallery Album: from n/a through...
8.5CVSS
Exploit for Code Injection in Exiftool Project Exiftool
CVE-2021-22204 Summary of the CVE Improper sanitization...
7.8CVSS
aimeos-core arbitrary file uopload vulnerability
An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP...
aimeos-core arbitrary file uopload vulnerability
An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP...
Cross-site scripting (XSS) vulnerability in Description metadata
Summary Regardless of the role or privileges, no user should be able to inject malicious JavaScript (JS) scripts into the body HTML. an XSS (Cross-Site Scripting) vulnerability, specifically a Stored XSS, which affects all pages of the website. Once the JS script is embedded in the body HTML, the.....
4.8CVSS
Cross-site scripting (XSS) vulnerability in Description metadata
Summary Regardless of the role or privileges, no user should be able to inject malicious JavaScript (JS) scripts into the body HTML. an XSS (Cross-Site Scripting) vulnerability, specifically a Stored XSS, which affects all pages of the website. Once the JS script is embedded in the body HTML, the.....
4.8CVSS
An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP...
An arbitrary file upload vulnerability in the image upload function of aimeos-core v2024.04 allows attackers to execute arbitrary code via uploading a crafted PHP...
A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/product/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. It is possible to...
7.3CVSS
A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/product/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. It is possible to...
7.3CVSS
CVE-2024-5745 itsourcecode Bakery Online Ordering System unrestricted upload
A vulnerability was found in itsourcecode Bakery Online Ordering System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/modules/product/controller.php?action=add. The manipulation of the argument image leads to unrestricted upload. It is possible to...
7.3CVSS
A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. Affected is an unknown function of the file /members/poster.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has...
6.3CVSS
A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. Affected is an unknown function of the file /members/poster.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has...
6.3CVSS
CVE-2024-5734 itsourcecode Online Discussion Forum poster.php unrestricted upload
A vulnerability classified as critical has been found in itsourcecode Online Discussion Forum 1.0. Affected is an unknown function of the file /members/poster.php. The manipulation of the argument image leads to unrestricted upload. It is possible to launch the attack remotely. The exploit has...
6.3CVSS
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘svg’ parameter in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘svg’ parameter in all versions up to, and including, 1.8.23 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
The Photo Gallery by 10Web – Mobile-Friendly Image Gallery plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.8.23 via the esc_dir function. This makes it possible for authenticated attackers to cut and paste (copy) the contents of arbitrary files on the...
6.8CVSS