Media Library Folder & File Manager Security Vulnerabilities
cart2quote/module-quotation-encoded Remote Code Execution via downloadCustomOptionAction
cart2quote/module-quotation-encoded extension may expose a critical security vulnerability by utilizing the unserialize function when processing data from a GET request. This flaw, present in the app/code/community/Ophirah/Qquoteadv/controllers/DownloadController.php and...
ADOdb SQL injection vulnerability
The ADOdb Library for PHP prior to version 5.20.11 is prone to SQL Injection vulnerability in multiple...
Grav Vulnerable to Arbitrary File Read to Account Takeover
Summary A low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - /grav/user/accounts/*.yaml. This file stores hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise.....
Grav Vulnerable to Arbitrary File Read to Account Takeover
Summary A low privilege user account with page edit privilege can read any server files using Twig Syntax. This includes Grav user account files - /grav/user/accounts/*.yaml. This file stores hashed user password, 2FA secret, and the password reset token. This can allow an adversary to compromise.....
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: traefik, falco, spire-server, vault, cert-manager, cloudflared, sops, dex, slsa-verifier, rekor, terragrunt, kots, flux-source-controller, tekton-chains, kubescape, flux-kustomize-controller, argo-workflows, external-secrets-operator, cosign, gitsign, argo-cd, vexctl,....
7.5AI Score
GHSA-JQ35-85CJ-FJ4P vulnerabilities
Vulnerabilities for packages: falco, bom, cert-manager, slsa-verifier, skaffold, k3d, up, chartmuseum, tekton-chains, kubescape, k3s, loki, scorecard, paranoia, ctop, prometheus, aactl, kpt,...
7.5AI Score
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: tctl, traefik, zarf, vault-k8s, cloud-sql-proxy, fuse-overlayfs-snapshotter, kor, step-ca, cluster-proportional-autoscaler, kubernetes, kubernetes-csi-external-attacher, secrets-store-csi-driver-provider-gcp, sops, spark-operator, volume-modifier-for-k8s,...
7.5AI Score
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: tctl, traefik, fuse-overlayfs-snapshotter, spark-operator, kubernetes-csi-external-attacher, secrets-store-csi-driver-provider-gcp, nvidia-device-plugin, gatekeeper, pulumi-language-dotnet, ollama, gomplate, kubescape, nginx-stable, newrelic-infrastructure-agent,...
7.5CVSS
8.8AI Score
0.72EPSS
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: tctl, vault-k8s, cloud-sql-proxy, flannel-cni-plugin, fuse-overlayfs-snapshotter, kor, cluster-proportional-autoscaler, kubernetes, kubernetes-csi-external-attacher, secrets-store-csi-driver-provider-gcp, spark-operator, volume-modifier-for-k8s, ytt, golangci-lint,...
7.7AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: traefik, vault-k8s, fuse-overlayfs-snapshotter, step-ca, tempo, kubernetes, kubernetes-csi-external-attacher, secrets-store-csi-driver-provider-gcp, sops, spark-operator, volume-modifier-for-k8s, golangci-lint, go-bindata, nvidia-device-plugin, http-echo,...
7.5AI Score
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: tctl, vault-k8s, cloud-sql-proxy, flannel-cni-plugin, fuse-overlayfs-snapshotter, kor, cluster-proportional-autoscaler, kubernetes, kubernetes-csi-external-attacher, secrets-store-csi-driver-provider-gcp, spark-operator, volume-modifier-for-k8s, ytt, golangci-lint,...
7.5AI Score
CVE-2023-45285 vulnerabilities
Vulnerabilities for packages: aws-flb-kinesis, grpcurl, nsc, falco, cass-operator, wait-for-port, amass, flannel-cni-plugin, go-licenses, docker-credential-ecr-login, influx, mage, sops, slsa-verifier, k3d, go-bindata, gke-gcloud-auth-plugin, dgraph, ip-masq-agent, go-md2man, cni-plugins,...
7.5CVSS
7.9AI Score
0.001EPSS
Vulnerabilities for packages: tctl, vault-k8s, cloud-sql-proxy, fuse-overlayfs-snapshotter, spark-operator, kubernetes-csi-external-attacher, secrets-store-csi-driver-provider-gcp, nvidia-device-plugin, gatekeeper, chartmuseum, pulumi-language-dotnet, ollama, gomplate, k3s,...
6.1CVSS
7.7AI Score
0.001EPSS
CVE-2024-24557 vulnerabilities
Vulnerabilities for packages: falcoctl, falco, traefik, zarf, buildkitd, bom, cadvisor, cert-manager, slsa-verifier, skaffold, filebeat, zot, docker-credential-gcr, up, guac, timoni, kots, tekton-chains, kargo, kubescape, cri-tools, flux-helm-controller, k3s, loki, newrelic-infrastructure-agent,...
7.8CVSS
8AI Score
0.001EPSS
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: traefik, vault-k8s, fuse-overlayfs-snapshotter, step-ca, tempo, kubernetes, kubernetes-csi-external-attacher, secrets-store-csi-driver-provider-gcp, sops, spark-operator, volume-modifier-for-k8s, golangci-lint, go-bindata, nvidia-device-plugin, http-echo,...
6.8AI Score
0.0004EPSS
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: traefik, vault-k8s, cloud-sql-proxy, step-ca, kubernetes, spark-operator, sops, gatekeeper, ollama, gomplate, kubescape, k3s, helm, coredns, hugo, prometheus-nats-exporter, certificate-transparency, melange, nri-kafka, external-secrets-operator,...
5.9CVSS
7.1AI Score
0.962EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: tctl, vault-k8s, cloud-sql-proxy, flannel-cni-plugin, fuse-overlayfs-snapshotter, kor, cluster-proportional-autoscaler, kubernetes, kubernetes-csi-external-attacher, secrets-store-csi-driver-provider-gcp, spark-operator, volume-modifier-for-k8s, ytt, golangci-lint,...
7.7AI Score
0.0004EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: tctl, traefik, zarf, vault-k8s, cloud-sql-proxy, fuse-overlayfs-snapshotter, kor, step-ca, cluster-proportional-autoscaler, kubernetes, kubernetes-csi-external-attacher, secrets-store-csi-driver-provider-gcp, sops, spark-operator, volume-modifier-for-k8s,...
6.4AI Score
0.0004EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: tctl, vault-k8s, fuse-overlayfs-snapshotter, step-ca, spark-operator, volume-modifier-for-k8s, newrelic-nri-kube-events, golangci-lint, chezmoi, prometheus-beat-exporter, gomplate, helm, coredns, capslock, hugo, certificate-transparency, s5cmd, harbor-registry,...
6.5AI Score
0.0004EPSS
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: tctl, vault-k8s, fuse-overlayfs-snapshotter, step-ca, spark-operator, volume-modifier-for-k8s, newrelic-nri-kube-events, golangci-lint, chezmoi, prometheus-beat-exporter, gomplate, helm, coredns, capslock, hugo, certificate-transparency, s5cmd, harbor-registry,...
7.5AI Score
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: tctl, vault-k8s, cloud-sql-proxy, fuse-overlayfs-snapshotter, spark-operator, kubernetes-csi-external-attacher, secrets-store-csi-driver-provider-gcp, nvidia-device-plugin, gatekeeper, chartmuseum, pulumi-language-dotnet, ollama, gomplate, kubescape, k3s,...
7.5CVSS
8.4AI Score
0.002EPSS
GHSA-C5Q2-7R4C-MV6G vulnerabilities
Vulnerabilities for packages: bank-vaults, falco, falcoctl, rabbitmq-messaging-topology-operator, traefik, zarf, spire-server, step-ca, vault, cert-manager, cloudflared, sops, dex, slsa-verifier, rekor, skaffold, zot, terragrunt, cilium, rook, guac, wolfictl, kots, flux-source-controller, kargo,...
7.5AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: tctl, vault-k8s, cloud-sql-proxy, flannel-cni-plugin, fuse-overlayfs-snapshotter, kor, cluster-proportional-autoscaler, kubernetes, kubernetes-csi-external-attacher, secrets-store-csi-driver-provider-gcp, spark-operator, volume-modifier-for-k8s, ytt, golangci-lint,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: tctl, vault-k8s, cloud-sql-proxy, flannel-cni-plugin, fuse-overlayfs-snapshotter, kor, cluster-proportional-autoscaler, kubernetes, kubernetes-csi-external-attacher, secrets-store-csi-driver-provider-gcp, spark-operator, volume-modifier-for-k8s, ytt, golangci-lint,...
7.5AI Score
GHSA-8PGV-569H-W5RW vulnerabilities
Vulnerabilities for packages: containerd, envoy-ratelimit, aws-ebs-csi-driver, docker-compose, kubevela, temporal, kine, argo-cd, keda, kubescape, cert-manager, cri-tools, kubernetes, kubernetes-csi-external-resizer, k3s, temporal-server,...
7.5AI Score
CVE-2023-47108 vulnerabilities
Vulnerabilities for packages: containerd, envoy-ratelimit, aws-ebs-csi-driver, docker-compose, kubevela, temporal, kine, argo-cd, keda, kubescape, cert-manager, cri-tools, kubernetes, kubernetes-csi-external-resizer, k3s, temporal-server,...
7.5CVSS
7.8AI Score
0.001EPSS
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: traefik, vault-k8s, fuse-overlayfs-snapshotter, step-ca, tempo, kubernetes, kubernetes-csi-external-attacher, secrets-store-csi-driver-provider-gcp, sops, spark-operator, volume-modifier-for-k8s, golangci-lint, go-bindata, nvidia-device-plugin, http-echo,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: tctl, vault-k8s, cloud-sql-proxy, flannel-cni-plugin, fuse-overlayfs-snapshotter, kor, cluster-proportional-autoscaler, kubernetes, kubernetes-csi-external-attacher, secrets-store-csi-driver-provider-gcp, spark-operator, volume-modifier-for-k8s, ytt, golangci-lint,...
7.5AI Score
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: traefik, vault-k8s, cloud-sql-proxy, step-ca, kubernetes, spark-operator, sops, gatekeeper, ollama, gomplate, kubescape, k3s, helm, coredns, hugo, prometheus-nats-exporter, certificate-transparency, melange, nri-kafka, external-secrets-operator,...
7.5AI Score
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: tctl, traefik, fuse-overlayfs-snapshotter, spark-operator, kubernetes-csi-external-attacher, secrets-store-csi-driver-provider-gcp, nvidia-device-plugin, gatekeeper, pulumi-language-dotnet, ollama, gomplate, kubescape, nginx-stable, newrelic-infrastructure-agent,...
7.5AI Score
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: tctl, vault-k8s, cloud-sql-proxy, fuse-overlayfs-snapshotter, spark-operator, kubernetes-csi-external-attacher, secrets-store-csi-driver-provider-gcp, nvidia-device-plugin, gatekeeper, chartmuseum, pulumi-language-dotnet, ollama, gomplate, k3s,...
7.5AI Score
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: tctl, vault-k8s, cloud-sql-proxy, flannel-cni-plugin, fuse-overlayfs-snapshotter, kor, cluster-proportional-autoscaler, kubernetes, kubernetes-csi-external-attacher, secrets-store-csi-driver-provider-gcp, spark-operator, volume-modifier-for-k8s, ytt, golangci-lint,...
7.5AI Score
GHSA-9F76-WG39-X86H vulnerabilities
Vulnerabilities for packages: aws-flb-kinesis, grpcurl, nsc, falco, cass-operator, wait-for-port, amass, flannel-cni-plugin, go-licenses, docker-credential-ecr-login, influx, mage, sops, slsa-verifier, k3d, go-bindata, gke-gcloud-auth-plugin, dgraph, ip-masq-agent, go-md2man, cni-plugins,...
7.5AI Score
GHSA-5F94-VHJQ-RPG8 vulnerabilities
Vulnerabilities for packages: aws-flb-kinesis, grpcurl, nsc, falco, cass-operator, wait-for-port, amass, flannel-cni-plugin, go-licenses, docker-credential-ecr-login, influx, mage, sops, slsa-verifier, k3d, go-bindata, gke-gcloud-auth-plugin, dgraph, ip-masq-agent, go-md2man, cni-plugins,...
7.5AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: tctl, vault-k8s, cloud-sql-proxy, fuse-overlayfs-snapshotter, spark-operator, kubernetes-csi-external-attacher, secrets-store-csi-driver-provider-gcp, nvidia-device-plugin, gatekeeper, chartmuseum, pulumi-language-dotnet, ollama, gomplate, kubescape, k3s,...
7.5AI Score
CVE-2024-28180 vulnerabilities
Vulnerabilities for packages: bank-vaults, falco, falcoctl, rabbitmq-messaging-topology-operator, traefik, zarf, spire-server, step-ca, vault, cert-manager, cloudflared, sops, dex, slsa-verifier, rekor, skaffold, zot, terragrunt, cilium, rook, guac, wolfictl, kots, flux-source-controller, kargo,...
4.3CVSS
5.3AI Score
0.0004EPSS
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: tctl, vault-k8s, cloud-sql-proxy, flannel-cni-plugin, fuse-overlayfs-snapshotter, kor, cluster-proportional-autoscaler, kubernetes, kubernetes-csi-external-attacher, secrets-store-csi-driver-provider-gcp, spark-operator, volume-modifier-for-k8s, ytt, golangci-lint,...
7.7AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: tctl, vault-k8s, cloud-sql-proxy, flannel-cni-plugin, fuse-overlayfs-snapshotter, kor, cluster-proportional-autoscaler, kubernetes, kubernetes-csi-external-attacher, secrets-store-csi-driver-provider-gcp, spark-operator, volume-modifier-for-k8s, ytt, golangci-lint,...
7.7AI Score
0.0004EPSS
CVE-2023-39326 vulnerabilities
Vulnerabilities for packages: aws-flb-kinesis, grpcurl, nsc, falco, cass-operator, wait-for-port, amass, flannel-cni-plugin, go-licenses, docker-credential-ecr-login, influx, mage, sops, slsa-verifier, k3d, go-bindata, gke-gcloud-auth-plugin, dgraph, ip-masq-agent, go-md2man, cni-plugins,...
5.3CVSS
7.2AI Score
0.001EPSS
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: tctl, falco, pulumi-language-java, buildkitd, terraform-provider-azurerm, external-dns, terraform, mc, cert-manager, kubernetes-csi-external-attacher, pulumi-kubernetes-operator, dex, gitlab-pages, slsa-verifier, prometheus-adapter, spark-operator, thanos,...
7.5AI Score
GHSA-XW73-RW38-6VJC vulnerabilities
Vulnerabilities for packages: falcoctl, falco, traefik, zarf, buildkitd, bom, cadvisor, cert-manager, slsa-verifier, skaffold, filebeat, zot, docker-credential-gcr, up, guac, timoni, kots, tekton-chains, kargo, kubescape, cri-tools, flux-helm-controller, k3s, loki, newrelic-infrastructure-agent,...
7.5AI Score
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: traefik, vault-k8s, fuse-overlayfs-snapshotter, step-ca, tempo, kubernetes, kubernetes-csi-external-attacher, secrets-store-csi-driver-provider-gcp, sops, spark-operator, volume-modifier-for-k8s, golangci-lint, go-bindata, nvidia-device-plugin, http-echo,...
6.8AI Score
0.0004EPSS
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: tctl, vault-k8s, cloud-sql-proxy, flannel-cni-plugin, fuse-overlayfs-snapshotter, kor, cluster-proportional-autoscaler, kubernetes, kubernetes-csi-external-attacher, secrets-store-csi-driver-provider-gcp, spark-operator, volume-modifier-for-k8s, ytt, golangci-lint,...
7.7AI Score
0.0004EPSS
ConfD CLI Privilege Escalation and Arbitrary File Read and Write Vulnerabilities
Multiple vulnerabilities in the ConfD CLI could allow an authenticated, low-privileged, local attacker to read and write arbitrary files as root or elevate privileges to root on the underlying operating system. For more information about these vulnerabilities, see the Details ["#details"] section.....
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Secure Email Gateway, formerly Email Security Appliance (ESA); and Secure Web Appliance could allow a remote attacker to conduct a cross-site scripting (XSS) attack...
Cisco Crosswork Network Services Orchestrator Privilege Escalation Vulnerability
A vulnerability in the Tail-f High Availability Cluster Communications (HCC) function pack of Cisco Crosswork Network Services Orchestrator (NSO) could allow an authenticated, local attacker to elevate privileges to root on an affected device. This vulnerability exists because a user-controlled...
A vulnerability in the Network Access Manager (NAM) module of Cisco Secure Client could allow an unauthenticated attacker with physical access to an affected device to elevate privileges to SYSTEM. This vulnerability is due to a lack of authentication on a specific function. A successful exploit...
CVE-2023-39323 vulnerabilities
Vulnerabilities for packages: kind, metrics-server, falco, smarter-device-manager-fips,...
8.1CVSS
8.1AI Score
0.002EPSS
GHSA-679V-HH23-H5JH vulnerabilities
Vulnerabilities for packages: kind, metrics-server, falco, smarter-device-manager-fips,...
7.3AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: petname, protoc-gen-go-grpc, rabbitmq-cluster-operator, aws-flb-cloudwatch, ferretdb, k8sgpt-operator, datadog-agent-fips, k3s, flux-kustomize-controller, tflint, stakater-reloader, cert-exporter-fips, bom, controller-gen, kubeadm-bootstrap-controller,...
7.3AI Score