Jenkins Dingding[钉钉] Plugin Security Vulnerabilities

CVE-2024-35781

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YAHMAN Word Balloon allows PHP Local File Inclusion.This issue affects Word Balloon: from n/a through...

CVE-2024-35781

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YAHMAN Word Balloon allows PHP Local File Inclusion.This issue affects Word Balloon: from n/a through...

CVE-2024-35767

Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Code Injection.This issue affects Squeeze: from n/a through...

CVE-2022-44593

Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue affects Solid Security: from n/a through...

CVE-2022-44593

Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue affects Solid Security: from n/a through...

CVE-2024-35778

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE allows PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through...

CVE-2023-38389

Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JupiterX Core: from n/a through...

CVE-2024-35778

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE allows PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through...

CVE-2023-38389

Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JupiterX Core: from n/a through...

CVE-2024-35767

Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Code Injection.This issue affects Squeeze: from n/a through...

CVE-2022-44587

Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through...

CVE-2022-38055

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through...

CVE-2022-38055

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through...

CVE-2022-44587

Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through...

CVE-2024-35781 WordPress Word Balloon plugin <= 4.21.1 - Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in YAHMAN Word Balloon allows PHP Local File Inclusion.This issue affects Word Balloon: from n/a through...

CVE-2024-35778 WordPress Slideshow SE plugin <= 2.5.17 - Auth. Limited Local File Inclusion vulnerability

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in John West Slideshow SE allows PHP Local File Inclusion.This issue affects Slideshow SE: from n/a through...

CVE-2024-35767 WordPress Squeeze plugin <= 1.4 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Bogdan Bendziukov Squeeze allows Code Injection.This issue affects Squeeze: from n/a through...

CVE-2023-38389 WordPress Jupiter X Core plugin <= 3.3.8 - Unauthenticated Account Takeover vulnerability

Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JupiterX Core: from n/a through...

CVE-2022-44593 WordPress Solid Security plugin <= 9.3.1 - IP Spoofing Leading to Denial of Service vulnerability

Use of Less Trusted Source vulnerability in SolidWP Solid Security allows HTTP DoS.This issue affects Solid Security: from n/a through...

CVE-2022-44587 WordPress WP 2FA plugin <= 2.6.3 - Sensitive Data Exposure via Log File vulnerability

Insertion of Sensitive Information into Log File vulnerability in WP 2FA allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WP 2FA: from n/a through...

CVE-2022-38055 WordPress wpForo Forum plugin <= 2.0.9 - Auth. HTML Injection vulnerability

Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in gVectors Team wpForo Forum allows Content Spoofing.This issue affects wpForo Forum: from n/a through...

GHSA-VVPX-J8F3-3W6H vulnerabilities

Vulnerabilities for packages: wireguard-go, gke-gcloud-auth-plugin, go, dynamic-localpv-provisioner, hey, restic, k3d, falco,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: kots, conftest, traefik, configmap-reload, jaeger-agent, kube-bench, kubescape, velero, kyverno-policy-reporter-kyverno-plugin, external-secrets-operator, pulumi-language-yaml, flux-image-automation-controller, stakater-reloader, helm-operator, ip-masq-agent, keda,...

CVE-2024-21626 vulnerabilities

Vulnerabilities for packages: kots, k9s, skopeo, kubescape, ingress-nginx-controller, docker, datadog-agent, cadvisor, buildkitd, zot, grype, zarf, newrelic-infrastructure-agent, syft, runc, ctop, nvidia-device-plugin, kubernetes, skaffold, trivy, wolfictl, k3s, telegraf, k3d, kaniko,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: pombump, configmap-reload, direnv, shfmt, kube-bench, velero, paranoia, kyverno-policy-reporter-kyverno-plugin, pulumi-language-yaml, flux-image-automation-controller, stakater-reloader, helm-operator, ip-masq-agent, keda, pulumi, yam, kube-rbac-proxy, clusterctl,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: kots, conftest, traefik, kubescape, pulumi-language-yaml, stakater-reloader, ip-masq-agent, keda, pulumi, kubernetes-csi-node-driver-registrar, kubernetes-csi-external-attacher, cluster-autoscaler, frp, flux-notification-controller, hugo, cert-manager,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: kots, conftest, traefik, direnv, jaeger-agent, shfmt, ip-masq-agent, keda, controller-gen, cilium-cli, stern, cluster-autoscaler, frp, grafana, kubecolor, node-feature-discovery, php-fpm_exporter, actions-runner-controller, prometheus-stackdriver-exporter, falcoctl,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: pombump, conftest, traefik, configmap-reload, direnv, jaeger-agent, shfmt, kube-bench, kubescape, paranoia, kyverno-policy-reporter-kyverno-plugin, external-secrets-operator, pulumi-language-yaml, helm-operator, ip-masq-agent, clusterctl, cilium-cli,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: pombump, conftest, traefik, configmap-reload, direnv, jaeger-agent, shfmt, kube-bench, kubescape, paranoia, kyverno-policy-reporter-kyverno-plugin, external-secrets-operator, pulumi-language-yaml, helm-operator, ip-masq-agent, clusterctl, cilium-cli,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: pombump, configmap-reload, direnv, shfmt, kube-bench, velero, paranoia, kyverno-policy-reporter-kyverno-plugin, pulumi-language-yaml, flux-image-automation-controller, stakater-reloader, helm-operator, ip-masq-agent, keda, pulumi, yam, kube-rbac-proxy, clusterctl,...

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: step, traefik, prometheus-operator, velero, bank-vaults, flux-source-controller, goreleaser, external-secrets-operator, gitlab-runner, sqlpad, opentelemetry-collector-contrib, keda, step-ca, pulumi, rekor, flux-kustomize-controller, grafana-agent-operator, rook,...

CVE-2022-41723 vulnerabilities

Vulnerabilities for packages: wireguard-go, gke-gcloud-auth-plugin, go, dynamic-localpv-provisioner, hey, restic, k3d, falco,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: kots, conftest, traefik, configmap-reload, jaeger-agent, kube-bench, kubescape, velero, kyverno-policy-reporter-kyverno-plugin, external-secrets-operator, pulumi-language-yaml, flux-image-automation-controller, stakater-reloader, helm-operator, ip-masq-agent, keda,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: slsa-verifier, configmap-reload, oras, go-md2man, kubernetes-dashboard-metrics-scraper, goreleaser, wait-for-port, ip-masq-agent, go-bindata, gops, nri-discovery-kubernetes, hey, gitlab-logger, aws-flb-kinesis, sops, cortex, dgraph, go-licenses,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: conftest, direnv, jaeger-agent, shfmt, ip-masq-agent, keda, controller-gen, cilium-cli, stern, cluster-autoscaler, frp, grafana, kubecolor, node-feature-discovery, php-fpm_exporter, actions-runner-controller, prometheus-stackdriver-exporter, falcoctl, flyte,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: pombump, configmap-reload, direnv, shfmt, kube-bench, velero, paranoia, kyverno-policy-reporter-kyverno-plugin, pulumi-language-yaml, flux-image-automation-controller, stakater-reloader, helm-operator, ip-masq-agent, keda, pulumi, yam, kube-rbac-proxy, clusterctl,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: kots, external-secrets-operator, pulumi-language-yaml, flux-image-automation-controller, stakater-reloader, keda, pulumi, prometheus-statsd-exporter, kubernetes-csi-node-driver-registrar, kubernetes-csi-external-attacher, cluster-autoscaler, frp, k8sgpt, zot,...

GHSA-M5VV-6R4H-3VJ9 vulnerabilities

Vulnerabilities for packages: step, traefik, prometheus-operator, velero, bank-vaults, flux-source-controller, goreleaser, external-secrets-operator, gitlab-runner, sqlpad, opentelemetry-collector-contrib, keda, step-ca, pulumi, rekor, flux-kustomize-controller, grafana-agent-operator, rook,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: pombump, configmap-reload, direnv, shfmt, kube-bench, velero, paranoia, kyverno-policy-reporter-kyverno-plugin, pulumi-language-yaml, flux-image-automation-controller, stakater-reloader, helm-operator, ip-masq-agent, keda, pulumi, yam, kube-rbac-proxy, clusterctl,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: pombump, configmap-reload, direnv, shfmt, kube-bench, velero, paranoia, kyverno-policy-reporter-kyverno-plugin, pulumi-language-yaml, flux-image-automation-controller, stakater-reloader, helm-operator, ip-masq-agent, keda, pulumi, yam, kube-rbac-proxy, clusterctl,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: pombump, configmap-reload, direnv, shfmt, kube-bench, velero, paranoia, kyverno-policy-reporter-kyverno-plugin, pulumi-language-yaml, flux-image-automation-controller, stakater-reloader, helm-operator, ip-masq-agent, keda, pulumi, yam, kube-rbac-proxy, clusterctl,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: conftest, direnv, jaeger-agent, shfmt, ip-masq-agent, keda, controller-gen, cilium-cli, stern, cluster-autoscaler, frp, grafana, kubecolor, node-feature-discovery, php-fpm_exporter, actions-runner-controller, prometheus-stackdriver-exporter, falcoctl, flyte,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: pombump, conftest, traefik, configmap-reload, direnv, jaeger-agent, shfmt, kube-bench, kubescape, paranoia, kyverno-policy-reporter-kyverno-plugin, external-secrets-operator, pulumi-language-yaml, helm-operator, ip-masq-agent, clusterctl, cilium-cli,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: kots, conftest, traefik, direnv, jaeger-agent, shfmt, ip-masq-agent, keda, controller-gen, cilium-cli, stern, cluster-autoscaler, frp, grafana, kubecolor, node-feature-discovery, php-fpm_exporter, actions-runner-controller, prometheus-stackdriver-exporter, falcoctl,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: kots, kubescape, external-secrets-operator, pulumi-language-yaml, flux-image-automation-controller, stakater-reloader, keda, pulumi, prometheus-statsd-exporter, kubernetes-csi-node-driver-registrar, kubernetes-csi-external-attacher, cluster-autoscaler, frp, k8sgpt,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: pombump, configmap-reload, direnv, shfmt, kube-bench, velero, paranoia, kyverno-policy-reporter-kyverno-plugin, pulumi-language-yaml, flux-image-automation-controller, stakater-reloader, helm-operator, ip-masq-agent, keda, pulumi, yam, kube-rbac-proxy, clusterctl,...

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: slsa-verifier, configmap-reload, oras, go-md2man, kubernetes-dashboard-metrics-scraper, goreleaser, wait-for-port, ip-masq-agent, go-bindata, gops, nri-discovery-kubernetes, hey, gitlab-logger, aws-flb-kinesis, sops, cortex, dgraph, go-licenses,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: kots, conftest, traefik, direnv, jaeger-agent, shfmt, ip-masq-agent, keda, controller-gen, cilium-cli, stern, cluster-autoscaler, frp, grafana, kubecolor, node-feature-discovery, php-fpm_exporter, actions-runner-controller, prometheus-stackdriver-exporter, falcoctl,...

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: slsa-verifier, configmap-reload, oras, go-md2man, kubernetes-dashboard-metrics-scraper, goreleaser, wait-for-port, ip-masq-agent, go-bindata, gops, nri-discovery-kubernetes, hey, gitlab-logger, aws-flb-kinesis, sops, cortex, dgraph, go-licenses,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: slsa-verifier, configmap-reload, oras, go-md2man, kubernetes-dashboard-metrics-scraper, goreleaser, wait-for-port, ip-masq-agent, go-bindata, gops, nri-discovery-kubernetes, hey, gitlab-logger, aws-flb-kinesis, sops, cortex, dgraph, go-licenses,...