GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: prometheus-adapter, terraform-provider-aws, scorecard, kubeflow-katib, prometheus-stackdriver-exporter, prometheus, cluster-autoscaler, ko, secrets-store-csi-driver, pulumi-language-java, oauth2-proxy, minio, kubevela, coredns, pulumi-kubernetes-operator, falco, k3d,.....
7.5AI Score
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: terraform-provider-aws, ollama, kubeflow-katib, ko, kubevela, coredns, nri-prometheus, falco, prometheus-elasticsearch-exporter, newrelic-infrastructure-agent, ingress-nginx-controller, dynamic-localpv-provisioner, grype, kyverno, nats, fuse-overlayfs-snapshotter,...
7.5AI Score
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: prometheus-mongodb-exporter, terraform-provider-aws, cloudflared, ollama, kubeflow-katib, ko, prometheus-postgres-exporter, step, coredns, falco, dynamic-localpv-provisioner, grype, kyverno, nats, boring-registry, loki, vexctl, istio-pilot-agent, apko, dex, kubescape,....
7.5AI Score
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: prometheus-mongodb-exporter, prometheus-operator, kubeflow-katib, prometheus-postgres-exporter, yam, s5cmd, protoc-gen-go-grpc, kubevela, nri-prometheus, nri-nagios, falco, prometheus-elasticsearch-exporter, newrelic-infrastructure-agent, aws-ebs-csi-driver,...
7.8AI Score
0.0004EPSS
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: prometheus-mongodb-exporter, prometheus-operator, kubeflow-katib, prometheus-postgres-exporter, yam, s5cmd, protoc-gen-go-grpc, kubevela, nri-prometheus, nri-nagios, falco, prometheus-elasticsearch-exporter, newrelic-infrastructure-agent, aws-ebs-csi-driver,...
7.8AI Score
0.0004EPSS
CVE-2023-49568 vulnerabilities
Vulnerabilities for packages: scorecard, zot, pulumi-language-java, tekton-pipelines, kubevela, pulumi-kubernetes-operator, gitness, gitsign, goreleaser, pulumi-language-yaml, pulumi, apko, pulumi-language-dotnet, flux-kustomize-controller, bom, kots, gomplate, go-licenses, nuclei,...
7.5CVSS
7.8AI Score
0.0005EPSS
GHSA-XR7R-F8XQ-VFVV vulnerabilities
Vulnerabilities for packages: zarf, zot, k3s, cadvisor, k3d, kubernetes, ingress-nginx-controller, newrelic-infrastructure-agent, grype, wolfictl, nerdctl, skopeo, nvidia-device-plugin, skaffold, buildkitd, runc, kaniko, kubescape, ctop, kots, datadog-agent, k9s, docker, syft, trivy,...
7.5AI Score
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: cloudflared, ko, step, s5cmd, docker-compose, coredns, nri-prometheus, jaeger-agent, aws-ebs-csi-driver, dynamic-localpv-provisioner, confluent-common-docker, karpenter, kyverno, fuse-overlayfs-snapshotter, harbor, boring-registry, loki, runc, litestream, stern,...
6.5AI Score
0.0004EPSS
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: terraform-provider-aws, yam, s5cmd, addon-resizer, buildah, confluent-common-docker, nats, fuse-overlayfs-snapshotter, boring-registry, litestream, wait-for-port, mods, tailscale, gops, frp, local-path-provisioner, traefik, velero-plugin-for-aws, libnvidia-container,.....
7.5AI Score
GHSA-XW73-RW38-6VJC vulnerabilities
Vulnerabilities for packages: scorecard, kubeflow-katib, zarf, prometheus, zot, flux-image-reflector-controller, tekton-pipelines, guac, cri-tools, k3s, kubevela, cadvisor, falco, argo-workflows, gitsign, newrelic-infrastructure-agent, tekton-chains, goreleaser, kyverno, nerdctl, skopeo, skaffold,....
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: prometheus-mongodb-exporter, prometheus-operator, kubeflow-katib, prometheus-postgres-exporter, yam, s5cmd, protoc-gen-go-grpc, kubevela, nri-prometheus, nri-nagios, falco, prometheus-elasticsearch-exporter, newrelic-infrastructure-agent, aws-ebs-csi-driver,...
6AI Score
0.0004EPSS
subiaco.de Cross Site Scripting vulnerability OBB-3938506
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
umsdental.com Cross Site Scripting vulnerability OBB-3938504
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
rtbf.be Cross Site Scripting vulnerability OBB-3938503
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
central-kino-rottweil.de Cross Site Scripting vulnerability OBB-3938502
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
A maliciously crafted CATPART, X_B and STEP, when parsed in ASMKERN228A.dll and ASMKERN229A.dll through Autodesk applications, can lead to a memory corruption vulnerability by write access violation. This vulnerability, in conjunction with other vulnerabilities, can lead to code execution in the...
EPSS
A maliciously crafted X_B and X_T file, when parsed in pskernel.DLL through Autodesk applications, can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current...
EPSS
fewo-cottbus.com Cross Site Scripting vulnerability OBB-3938501
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk applications, can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current...
7AI Score
EPSS
A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary...
EPSS
A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk applications, can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current...
EPSS
udn News Android APP stores the user session in logcat file when user log into the APP. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by...
3.9CVSS
4AI Score
EPSS
A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current...
7.2AI Score
EPSS
udn News Android APP stores the user session in logcat file when user log into the APP. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by...
3.9CVSS
EPSS
A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary...
6.9AI Score
EPSS
A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current...
EPSS
Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before...
4.4CVSS
4.7AI Score
EPSS
Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before...
4.4CVSS
EPSS
A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current...
EPSS
A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current...
7.6AI Score
EPSS
CVE-2023-5038 Unauthenticated DoS
badmonkey, a Security Researcher has found a flaw that allows for a unauthenticated DoS attack on the camera. An attacker runs a crafted URL, nobody can access the web management page of the camera. and must manually restart the device or re-power it. The manufacturer has released patch firmware...
EPSS
CVE-2024-6295 udn News App - Insecure Data Storage
udn News Android APP stores the unencrypted user session in the local database when user log into the application. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by...
3.9CVSS
EPSS
A maliciously crafted CATPART file, when parsed in CC5Dll.dll and ASMBASE228A.dll through Autodesk applications, can force an Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current...
EPSS
finster-essen.de Cross Site Scripting vulnerability OBB-3938500
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
A maliciously crafted 3DM, MODEL and X_B file, when parsed in ASMkern229A.dll and ASMBASE229A.dll through Autodesk applications, can force an Out-of-Bound Read and/or Out-of-Bound Write. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary...
EPSS
CVE-2024-6294 udn News App - Sensitive Information Exposure
udn News Android APP stores the user session in logcat file when user log into the APP. A malicious APP or an attacker with physical access to the Android device can retrieve this session and use it to log into the news APP and other services provided by...
3.9CVSS
EPSS
schreibenmitstil.de Cross Site Scripting vulnerability OBB-3938499
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
whtours.com Cross Site Scripting vulnerability OBB-3938498
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Incorrect Default Permissions vulnerability in Hitachi Storage Provider for VMware vCenter allows local users to read and write specific files.This issue affects Hitachi Storage Provider for VMware vCenter: from 3.1.0 before...
4.4CVSS
EPSS
abovecrm.cslsj.qc.ca Cross Site Scripting vulnerability OBB-3938497
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
A maliciously crafted CATPART, STP, and MODEL file, when parsed in atf_dwg_consumer.dll, rose_x64_vc15.dll and libodxdll through Autodesk applications, can cause a use-after-free vulnerability. This vulnerability, along with other vulnerabilities, can lead to code execution in the current...
EPSS
paec.org Cross Site Scripting vulnerability OBB-3938495
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
A maliciously crafted 3DM and MODEL file, when parsed in opennurbs.dll and atf_api.dll through Autodesk applications, can force an Out-of-Bound Read. A malicious actor can leverage this vulnerability to cause a crash, read sensitive data, or execute arbitrary code in the context of the current...
EPSS
tumbltrak.co.uk Cross Site Scripting vulnerability OBB-3938493
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
247clipart.com Cross Site Scripting vulnerability OBB-3938492
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
drklein.de Cross Site Scripting vulnerability OBB-3938491
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
studis-online.de Cross Site Scripting vulnerability OBB-3938490
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
bistro-invitro.com Cross Site Scripting vulnerability OBB-3938488
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
biggles-online.com Cross Site Scripting vulnerability OBB-3938487
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
A Cross-Site Scripting (XSS) vulnerability on the My Cloud, My Cloud Home, SanDisk ibi, and WD Cloud web apps was found which could allow an attacker to redirect the user to a crafted domain and reset their credentials, or to execute arbitrary client-side code in the user’s browser session to...
EPSS