Tuesday, July 2, 2024 Security Releases
Summary The Node.js project will release new versions of the 22.x, 20.x, 18.x releases lines on or shortly after, Tuesday, July 2, 2024 in order to address: 1 high severity issues. 2 medium severity issues. 3 low severity issues. Node.js fetch will be upgraded to undici v6.19.2 on Node.js 18.x...
7AI Score
Vulnerabilities for packages: gitlab-runner, gomplate, external-dns, terragrunt, consul, vexctl, sigstore-scaffolding, buildkitd, scorecard, sops, k3d, nuclei, spire-server, tekton-chains, flux-helm-controller, timestamp-authority, falcoctl, flux-kustomize-controller, rook, terraform, gitsign,...
6CVSS
6AI Score
0.0004EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: kpt, karpenter, crossplane, atlantis, caddy, kubernetes-csi-external-resizer, timoni, tkn, k9s, vault-k8s, prometheus-node-exporter, cluster-proportional-autoscaler, osv-scanner, scorecard, sops, kots, temporal, cass-operator, tekton-chains, prometheus-beat-exporter,.....
7.5AI Score
CVE-2024-27304 vulnerabilities
Vulnerabilities for packages: spicedb, trillian, ferretdb, src, temporal-server, caddy, keda, amass, vault, argo-workflows, kube-bench, kots, kine, telegraf, k3s,...
9.8CVSS
9.7AI Score
0.0004EPSS
GHSA-MRWW-27VC-GGHV vulnerabilities
Vulnerabilities for packages: spicedb, trillian, ferretdb, src, temporal-server, caddy, keda, amass, vault, argo-workflows, kube-bench, kots, kine, telegraf, k3s,...
7.5AI Score
7.5AI Score
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: timoni, k9s, cue, prometheus-beat-exporter, cni-plugins, nri-haproxy, docker-credential-acr-env, slsa-verifier, kube-state-metrics, crossplane-provider-gcp, flux-image-automation-controller, nri-mssql, wait-for-port, nsc, kor, ghaudit, vertical-pod-autoscaler,...
6.8AI Score
0.0004EPSS
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: hello-world-golang, karpenter, crossplane, atlantis, caddy, kpt, kubernetes-csi-external-resizer, timoni, k9s, vault-k8s, osv-scanner, scorecard, sops, lazygit, tekton-chains, petname, cue, prometheus-beat-exporter, spegel, ksops, harbor-scanner-trivy, influx,...
6.5AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: hello-world-golang, karpenter, crossplane, atlantis, caddy, kpt, kubernetes-csi-external-resizer, timoni, k9s, vault-k8s, osv-scanner, scorecard, sops, lazygit, tekton-chains, petname, cue, prometheus-beat-exporter, spegel, ksops, harbor-scanner-trivy, influx,...
7.5AI Score
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: timoni, k9s, wolfictl, kots, prometheus-beat-exporter, cni-plugins, nri-haproxy, libnvidia-container, docker-credential-acr-env, grype, slsa-verifier, kube-state-metrics, crossplane-provider-gcp, flux-image-automation-controller, nri-mssql, wait-for-port, nsc,...
5.5CVSS
6.1AI Score
0.0004EPSS
GHSA-V6V8-XJ6M-XWQH vulnerabilities
Vulnerabilities for packages: gitlab-runner, gomplate, external-dns, terragrunt, consul, vexctl, sigstore-scaffolding, buildkitd, scorecard, sops, k3d, nuclei, spire-server, tekton-chains, flux-helm-controller, timestamp-authority, falcoctl, flux-kustomize-controller, rook, terraform, gitsign,...
7.5AI Score
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: crossplane, atlantis, caddy, vault-k8s, prometheus-node-exporter, scorecard, sops, kots, temporal, tekton-chains, prometheus-mongodb-exporter, gitsign, istio-pilot-agent, prometheus-alertmanager, actions-runner-controller, frp, docker-credential-acr-env, grype,...
5.9CVSS
7.1AI Score
0.963EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: kpt, karpenter, crossplane, atlantis, caddy, kubernetes-csi-external-resizer, timoni, tkn, k9s, vault-k8s, prometheus-node-exporter, cluster-proportional-autoscaler, osv-scanner, scorecard, sops, kots, temporal, cass-operator, tekton-chains, prometheus-beat-exporter,.....
6.6AI Score
0.0004EPSS
CVE-2024-35255 vulnerabilities
Vulnerabilities for packages: gitlab-runner, hugo, cortex, py3-azure-identity, traefik, external-dns, terragrunt, teleport, grafana-agent-operator, sigstore-scaffolding, buildkitd, restic, sops, nuclei, spire-server, fluent-bit-plugin-loki, tekton-chains, timestamp-authority, falcoctl,...
5.5CVSS
6AI Score
0.0004EPSS
GHSA-M5VV-6R4H-3VJ9 vulnerabilities
Vulnerabilities for packages: gitlab-runner, hugo, cortex, py3-azure-identity, traefik, external-dns, terragrunt, teleport, grafana-agent-operator, sigstore-scaffolding, buildkitd, restic, sops, nuclei, spire-server, fluent-bit-plugin-loki, tekton-chains, timestamp-authority, falcoctl,...
7.5AI Score
CVE-2024-27289 vulnerabilities
Vulnerabilities for packages: trillian, caddy, vault, argo-workflows, kots, telegraf,...
8.1CVSS
8.2AI Score
0.0004EPSS
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: timoni, k9s, cue, prometheus-beat-exporter, cni-plugins, nri-haproxy, docker-credential-acr-env, slsa-verifier, kube-state-metrics, crossplane-provider-gcp, flux-image-automation-controller, nri-mssql, wait-for-port, nsc, kor, ghaudit, vertical-pod-autoscaler,...
7.5AI Score
CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: timoni, k9s, wolfictl, kots, prometheus-beat-exporter, cni-plugins, nri-haproxy, libnvidia-container, docker-credential-acr-env, grype, slsa-verifier, kube-state-metrics, crossplane-provider-gcp, flux-image-automation-controller, nri-mssql, wait-for-port, nsc,...
9.8CVSS
9.8AI Score
0.001EPSS
GHSA-C5Q2-7R4C-MV6G vulnerabilities
Vulnerabilities for packages: dex, gomplate, terragrunt, grpc-health-probe, vexctl, sigstore-scaffolding, containerd, dgraph, wolfictl, spire-server, tekton-chains, apko, timestamp-authority, falcoctl, flux-kustomize-controller, rook, gitsign, istio-pilot-agent, keda, policy-controller, aactl,...
7.5AI Score
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: hello-world-golang, karpenter, crossplane, atlantis, caddy, kpt, kubernetes-csi-external-resizer, timoni, k9s, vault-k8s, osv-scanner, scorecard, sops, lazygit, tekton-chains, petname, cue, prometheus-beat-exporter, spegel, ksops, harbor-scanner-trivy, influx,...
7.5AI Score
GHSA-7JWH-3VRQ-Q3M8 vulnerabilities
Vulnerabilities for packages: spicedb, trillian, ferretdb, src, temporal-server, caddy, keda, amass, argo-workflows, kube-bench, kots, kine, telegraf, k3s,...
7.5AI Score
GHSA-M7WR-2XF7-CM9P vulnerabilities
Vulnerabilities for packages: trillian, caddy, vault, argo-workflows, kots, telegraf,...
7.5AI Score
7.2AI Score
0.0004EPSS
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: timoni, k9s, wolfictl, kots, prometheus-beat-exporter, cni-plugins, nri-haproxy, libnvidia-container, docker-credential-acr-env, grype, slsa-verifier, kube-state-metrics, crossplane-provider-gcp, flux-image-automation-controller, nri-mssql, wait-for-port, nsc,...
7.5AI Score
CVE-2024-28180 vulnerabilities
Vulnerabilities for packages: dex, gomplate, terragrunt, grpc-health-probe, vexctl, sigstore-scaffolding, containerd, dgraph, wolfictl, spire-server, tekton-chains, apko, timestamp-authority, falcoctl, flux-kustomize-controller, rook, gitsign, istio-pilot-agent, keda, policy-controller, aactl,...
4.3CVSS
6AI Score
0.0005EPSS
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: crossplane, atlantis, caddy, vault-k8s, prometheus-node-exporter, scorecard, sops, kots, temporal, tekton-chains, prometheus-mongodb-exporter, gitsign, istio-pilot-agent, prometheus-alertmanager, actions-runner-controller, frp, docker-credential-acr-env, grype,...
7.5AI Score
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: hello-world-golang, karpenter, crossplane, atlantis, caddy, kpt, kubernetes-csi-external-resizer, timoni, k9s, vault-k8s, osv-scanner, scorecard, sops, lazygit, tekton-chains, petname, cue, prometheus-beat-exporter, spegel, ksops, harbor-scanner-trivy, influx,...
6.5AI Score
0.0004EPSS
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: timoni, k9s, wolfictl, kots, prometheus-beat-exporter, cni-plugins, nri-haproxy, libnvidia-container, docker-credential-acr-env, grype, slsa-verifier, kube-state-metrics, crossplane-provider-gcp, flux-image-automation-controller, nri-mssql, wait-for-port, nsc,...
7.5AI Score
Mirai-like Botnet Targets Zyxel NAS Devices in Europe for DDoS Attacks
Beware, Zyxel customers, and keep your devices up to...
7.4AI Score
byggeri.dk Open Redirect vulnerability OBB-3939674
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
7AI Score
hrms.bbmp.gov.in Cross Site Scripting vulnerability OBB-3939668
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
zorpidis.gr Cross Site Scripting vulnerability OBB-3939666
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
zarpanews.gr Cross Site Scripting vulnerability OBB-3939665
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
wadhefa.com Cross Site Scripting vulnerability OBB-3939663
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
uta-net.com Cross Site Scripting vulnerability OBB-3939662
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
ulvr.edu.ec Cross Site Scripting vulnerability OBB-3939654
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
tw.amazingtalker.com Cross Site Scripting vulnerability OBB-3939653
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
taxydromos.gr Cross Site Scripting vulnerability OBB-3939649
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
stalker.cd Cross Site Scripting vulnerability OBB-3939647
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
cashback.sparnord.dk Cross Site Scripting vulnerability OBB-3939642
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
snitcr.go.cr Cross Site Scripting vulnerability OBB-3939640
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
sloto.ge Cross Site Scripting vulnerability OBB-3939638
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
sld.cu Cross Site Scripting vulnerability OBB-3939637
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
sciencespo.fr Cross Site Scripting vulnerability OBB-3939635
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
rushumc-directory.doctor.com Cross Site Scripting vulnerability OBB-3939633
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
ref.ge Cross Site Scripting vulnerability OBB-3939630
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
ratsut.fi Cross Site Scripting vulnerability OBB-3939628
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
qianmu.org Cross Site Scripting vulnerability OBB-3939626
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
promoteur.angem.dz Cross Site Scripting vulnerability OBB-3939625
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
privatsikring.dk Cross Site Scripting vulnerability OBB-3939624
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score