Due to unrestricted access to the Meta Model Repository services in SAP NetWeaver AS Java, attackers can perform DoS attacks on the application, which may prevent legitimate users from accessing it. This can result in no impact on confidentiality and integrity but a high impact on the availability....
7.5CVSS
EPSS
SAP Student Life Cycle Management (SLcM) fails to conduct proper authorization checks for authenticated users, leading to the potential escalation of privileges. On successful exploitation it could allow an attacker to access and edit non-sensitive report variants that are typically restricted,...
5.4CVSS
EPSS
Due to insufficient input validation, SAP CRM WebClient UI allows an unauthenticated attacker to craft a URL link which embeds a malicious script. When a victim clicks on this link, the script will be executed in the victim's browser giving the attacker the ability to access and/or modify...
6.1CVSS
6.2AI Score
EPSS
The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may...
5.3CVSS
5.3AI Score
EPSS
The WPS Hide Login plugin for WordPress is vulnerable to Login Page Disclosure in all versions up to, and including, 1.9.15.2. This is due to a bypass that is created when the 'action=postpass' parameter is supplied. This makes it possible for attackers to easily discover any login page that may...
5.3CVSS
EPSS
SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate....
6.5CVSS
EPSS
SAP NetWeaver and ABAP platform allows an attacker to impede performance for legitimate users by crashing or flooding the service. An impact of this Denial of Service vulnerability might be long response delays and service interruptions, thus degrading the service quality experienced by legitimate....
6.5CVSS
6.5AI Score
EPSS
On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read.....
3.7CVSS
EPSS
On Unix, SAP BusinessObjects Business Intelligence Platform (Scheduling) allows an authenticated attacker with administrator access on the local server to access the password of a local account. As a result, an attacker can obtain non-administrative user credentials, which will allow them to read.....
3.7CVSS
4.2AI Score
EPSS
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied post meta. This makes it possible for authenticated...
6.4CVSS
5.7AI Score
EPSS
The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including arbitrary...
4.3CVSS
4.5AI Score
EPSS
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom field name column in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for...
6.4CVSS
EPSS
SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on confidentiality of the...
5.3CVSS
5.3AI Score
EPSS
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's custom field name column in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied custom fields. This makes it possible for...
6.4CVSS
5.7AI Score
EPSS
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
4.4CVSS
4.4AI Score
EPSS
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level...
4.4CVSS
EPSS
The Custom Field Template plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.6.1 via the 'cft' shortcode. This makes it possible for authenticated attackers with contributor access and above, to extract sensitive data including arbitrary...
4.3CVSS
EPSS
The Custom Field Template plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'cpt' shortcode in all versions up to, and including, 2.6.1 due to insufficient input sanitization and output escaping on user supplied post meta. This makes it possible for authenticated...
6.4CVSS
EPSS
SAP NetWeaver AS Java (CAF - Guided Procedures) allows an unauthenticated user to access non-sensitive information about the server which would otherwise be restricted causing low impact on confidentiality of the...
5.3CVSS
EPSS
CVE-2024-29018 vulnerabilities
Vulnerabilities for packages: kargo, buf, melange, conftest, docker-compose, kubescape, zot, cadvisor, ko, syft, grype, prometheus, loki, up, trivy, ctop, kaniko, aactl, tkn, buildkitd, dagger, spire-server, datadog-agent, telegraf, goreleaser, crossplane,...
5.9CVSS
5.9AI Score
0.0004EPSS
7.8CVSS
7.1AI Score
0.0004EPSS
4.9CVSS
6AI Score
0.0004EPSS
5.3CVSS
6.1AI Score
0.0004EPSS
4.9CVSS
6AI Score
0.0004EPSS
7.5AI Score
7.5AI Score
7.5AI Score
CVE-2024-21506 vulnerabilities
Vulnerabilities for packages: datadog-agent, kubeflow-pipelines-visualization-server,...
5.5AI Score
0.0004EPSS
7.5AI Score
CVE-2024-28219 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server, pytorch,...
6.7CVSS
7AI Score
0.0004EPSS
7.5AI Score
7.5AI Score
7.8CVSS
7.1AI Score
0.0004EPSS
7.3CVSS
7.1AI Score
0.0005EPSS
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: tctl, wireguard-go, gitlab-runner, grype, gke-gcloud-auth-plugin, nginx-mainline, prometheus, skaffold, argo-cd, slsa-verifier, gatekeeper, amass, aactl, nghttp2, terraform-provider-azurerm, flux-source-controller, stakater-reloader, nats, pulumi-language-java,...
7.5CVSS
9AI Score
0.732EPSS
GHSA-95PR-FXF5-86GV vulnerabilities
Vulnerabilities for packages: melange, kubescape, zot, ko, skaffold, falco, falcoctl, gitsign, slsa-verifier, aactl, tekton-chains, tkn, apko, vexctl, policy-controller, spire-server, flux-source-controller, goreleaser, neuvector-sigstore-interface, zarf,...
7.5AI Score
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: kubescape, tekton-pipelines, traefik, cilium-envoy, falco, external-secrets-operator, cert-manager, gitsign, sops, argo-workflows, argo-cd, cloudflared, cosign, flux-kustomize-controller, slsa-verifier, keda, fulcio, istio-pilot-discovery, aactl, tekton-chains, tkn,...
7.5AI Score
GHSA-MQ39-4GV4-MVPX vulnerabilities
Vulnerabilities for packages: kargo, buf, melange, conftest, docker-compose, kubescape, zot, cadvisor, ko, syft, grype, prometheus, loki, up, trivy, ctop, kaniko, aactl, tkn, buildkitd, dagger, spire-server, datadog-agent, telegraf, goreleaser, crossplane,...
7.5AI Score
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: grafana, capslock, jaeger-agent, step-ca, rook, kubernetes-dashboard-metrics-scraper, logstash-exporter, k8ssandra-operator, tctl, gitlab-runner, grype, prometheus, prometheus-beat-exporter, skaffold, kubeflow-pipelines, prometheus-alertmanager,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: lazygit, capslock, dive, mage, aws-flb-firehose, kubernetes-dashboard-metrics-scraper, logstash-exporter, k8ssandra-operator, tctl, wireguard-go, gitlab-runner, grype, gke-gcloud-auth-plugin, prometheus, prometheus-beat-exporter, skaffold, kubeflow-pipelines,...
7.8AI Score
0.0004EPSS
CVE-2024-27304 vulnerabilities
Vulnerabilities for packages: spicedb, src, amass, temporal-server, telegraf, step-ca, trillian, vault, argo-workflows, caddy, kine, ferretdb, kots, kube-bench, keda,...
9.8CVSS
9.7AI Score
0.0004EPSS
GHSA-MRWW-27VC-GGHV vulnerabilities
Vulnerabilities for packages: spicedb, src, amass, temporal-server, telegraf, step-ca, trillian, vault, argo-workflows, caddy, kine, ferretdb, kots, kube-bench, keda,...
7.5AI Score
CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5
CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5. This CVE either no longer is or was never...
7.5CVSS
7AI Score
0.001EPSS
4.9CVSS
5.7AI Score
0.0004EPSS
CVE-2016-2124 affecting package samba 4.12.5-6
CVE-2016-2124 affecting package samba 4.12.5-6. No patch is available...
5.9CVSS
6.8AI Score
0.002EPSS
CVE-2016-4912 affecting package openslp 2.0.0-26
CVE-2016-4912 affecting package openslp 2.0.0-26. No patch is available...
7.5CVSS
7.7AI Score
0.002EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: spegel, wireguard-go, prometheus-beat-exporter, prometheus-alertmanager, vertical-pod-autoscaler, slsa-verifier, gatekeeper, aactl, tekton-chains, secrets-store-csi-driver-provider-aws, trillian, terraform-provider-azurerm, cert-manager-webhook-pdns,...
6.8AI Score
0.0004EPSS
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: lazygit, capslock, dive, jaeger-agent, step-ca, mage, kubernetes-dashboard-metrics-scraper, spegel, logstash-exporter, wireguard-go, gitlab-runner, prometheus-beat-exporter, gke-gcloud-auth-plugin, skaffold, ksops, prometheus-alertmanager, http-echo, gobump,...
6.5AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: lazygit, capslock, dive, jaeger-agent, step-ca, mage, kubernetes-dashboard-metrics-scraper, spegel, logstash-exporter, wireguard-go, gitlab-runner, prometheus-beat-exporter, gke-gcloud-auth-plugin, skaffold, ksops, prometheus-alertmanager, http-echo, gobump,...
7.5AI Score
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: spegel, pluto, wireguard-go, prometheus-beat-exporter, ksops, prometheus-alertmanager, slsa-verifier, gatekeeper, ctop, aactl, tekton-chains, secrets-store-csi-driver-provider-aws, trillian, terraform-provider-azurerm, cert-manager-webhook-pdns,...
6.7AI Score
0.0004EPSS