7.5AI Score
7.5AI Score
GHSA-PVCR-V8J8-J5Q3 vulnerabilities
Vulnerabilities for packages: kyverno, spire-server, boring-registry, external-secrets-operator, tekton-chains, mc, gitsign, falco, istio-pilot-discovery, falcoctl, istio-cni, istio-pilot-agent, istio-operator, kubescape, vexctl,...
7.5AI Score
CVE-2024-21664 vulnerabilities
Vulnerabilities for packages: kyverno, spire-server, boring-registry, external-secrets-operator, tekton-chains, mc, gitsign, falco, istio-pilot-discovery, falcoctl, istio-cni, istio-pilot-agent, istio-operator, kubescape, vexctl,...
7.7AI Score
0.001EPSS
7.5AI Score
GHSA-MR45-RX8Q-WCM9 vulnerabilities
Vulnerabilities for packages: nats-server, telegraf, k3s, nats,...
7.5AI Score
CVE-2024-27454 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server,...
7.7AI Score
0.0004EPSS
GHSA-3RQ5-2G8H-59HC vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server,...
7.5AI Score
GHSA-44WM-F244-XHP3 vulnerabilities
Vulnerabilities for packages: py3-pillow, kubeflow-pipelines-visualization-server,...
7.5AI Score
GHSA-PWR2-4V36-6QPR vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server,...
7.5AI Score
7.5AI Score
7.5AI Score
7.1AI Score
0.0004EPSS
7.1AI Score
0.0004EPSS
7.5AI Score
7.1AI Score
0.0004EPSS
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: skaffold, eksctl, clusterctl, secrets-store-csi-driver-provider-gcp, kpt, q, cri-tools, logstash-exporter, terraform-docs, kaf, ferretdb, kubernetes-dashboard, mage, sonobuoy, vault-k8s, istio-operator, capslock, wait-for-port, flux-source-controller, http-echo,...
6.5AI Score
0.0004EPSS
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: skaffold, eksctl, nri-couchbase, clusterctl, nri-mssql, secrets-store-csi-driver-provider-gcp, kpt, task, q, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, mage, prometheus-mongodb-exporter, sonobuoy, capslock,....
6.5AI Score
0.0004EPSS
The Login with phone number plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.26. This is due to the 'activation_code' default value is empty, and the not empty check is missing in the 'lwp_ajax_register' function. This makes it possible for...
7.2AI Score
CVE-2024-5204 Swiss Toolkit For WP <= 1.0.7 - Authenticated (Contributor+) Authentication Bypass
The Swiss Toolkit For WP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.7. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for authenticated attackers with contributor-level and...
7.1AI Score
engelke-elektro.de Cross Site Scripting vulnerability OBB-3931425
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
K000139810: Oracle Java vulnerability CVE-2024-20919
Security Advisory Description Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE (component: Hotspot). Supported versions that are affected are Oracle Java SE: 8u391, 8u391-perf, 11.0.21, 17.0.9, 21.0.1; Oracle GraalVM for JDK:.....
5.9AI Score
0.0005EPSS
JVN#22182715: Redmine DMSF Plugin vulnerable to path traversal
Redmine DMSF Plugin provided by Kontron contains a path traversal vulnerability (CWE-22). ## Impact When the affected version of the plugin is enabled on the Redmine instance, the logged-in user may obtain or delete arbitrary files on the server (within the privilege of the Redmine process). ##...
7AI Score
dailylivenews.in Cross Site Scripting vulnerability OBB-3931420
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
parakme.de Cross Site Scripting vulnerability OBB-3931419
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CVE-2024-5437 SourceCodester Simple Online Bidding System save_category cross site scripting
A vulnerability was found in SourceCodester Simple Online Bidding System 1.0. It has been classified as problematic. Affected is the function save_category of the file /admin/index.php?page=categories. The manipulation of the argument name leads to cross site scripting. It is possible to launch...
6.4AI Score
eirene.de Cross Site Scripting vulnerability OBB-3931416
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
In GNOME Shell through 45.7, a portal helper can be launched automatically (without user confirmation) based on network responses provided by an adversary (e.g., an adversary who controls the local Wi-Fi network), and subsequently loads untrusted JavaScript code, which may lead to resource...
6.4AI Score
A flaw was found in 389-ds-base. A specially-crafted LDAP query can potentially cause a failure on the directory server, leading to a denial of...
6.5AI Score
dev.biozidauswaschung.de Cross Site Scripting vulnerability OBB-3931415
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
silvesterreisen.de Cross Site Scripting vulnerability OBB-3931413
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Nautobot is a Network Source of Truth and Network Automation Platform. A user with permissions to view Dynamic Group records (extras.view_dynamicgroup permission) can use the Dynamic Group detail UI view (/extras/dynamic-groups/<uuid>/) and/or the members REST API view...
7AI Score
webservices.mx Cross Site Scripting vulnerability OBB-3931410
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
dashboard.chamtest.tourone.de Cross Site Scripting vulnerability OBB-3931409
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Wiz launches new data center in UAE, supercharging global operations in the region
Organizations in the region can now benefit from Wiz's cloud security platform while maintaining their data sovereignty and privacy...
7.3AI Score
dasbrombeerhaus.de Cross Site Scripting vulnerability OBB-3931408
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
dartliga-as.de Cross Site Scripting vulnerability OBB-3931407
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
An issue discovered in 360 V6G, 360 T5G, 360 T6M, and 360 P1 routers allows attackers to hijack TCP sessions which could lead to a denial of...
7AI Score
An issue discovered in routers running Openwrt 18.06, 19.07, 21.02, 22.03 and beyond allows attackers to hijack TCP sessions which could lead to a denial of...
7AI Score
dalui.de Cross Site Scripting vulnerability OBB-3931406
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
SimpleSAMLphp Information Disclosure vulnerability
Background SimpleSAMLphp 1.17 includes a preview of the new user interface to be included in the future version 2.0. This new user interface can be enabled by setting the usenewui configuration option to true, and it includes a new admin interface in a module called admin, which can be disabled....
6.8AI Score
SimpleSAMLphp Information Disclosure vulnerability
Background SimpleSAMLphp 1.17 includes a preview of the new user interface to be included in the future version 2.0. This new user interface can be enabled by setting the usenewui configuration option to true, and it includes a new admin interface in a module called admin, which can be disabled....
6.8AI Score
ansibleguy-webui Cross-site Scripting vulnerability
Impact Multiple forms in version <0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser. Patches We recommend to upgrade to version >= 0.0.21 References Report GitHub Issue...
6.6AI Score
ansibleguy-webui Cross-site Scripting vulnerability
Impact Multiple forms in version <0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser. Patches We recommend to upgrade to version >= 0.0.21 References Report GitHub Issue...
6.9AI Score
dbt allows Binding to an Unrestricted IP Address via socketsocket
Summary Binding to INADDR_ANY (0.0.0.0) or IN6ADDR_ANY (::) exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDR_ANY by passing "" as the address....
6.9AI Score
dbt allows Binding to an Unrestricted IP Address via socketsocket
Summary Binding to INADDR_ANY (0.0.0.0) or IN6ADDR_ANY (::) exposes an application on all network interfaces, increasing the risk of unauthorized access. While doing some static analysis and code inspection, I found the following code binding a socket to INADDR_ANY by passing "" as the address....
6.5AI Score
garotasdavan.uol.com.br Cross Site Scripting vulnerability OBB-3931403
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
SimpleSAMLphp Reflected Cross-site Scripting vulnerability
Background SimpleSAMLphp uses metadata to determine how to interact with other SAML entities. This metadata includes what’s called endpoints, which are URLs belonging to that entity where SAML messages can be sent. These URLs are used directly by SimpleSAMLphp when a message is sent, either via an....
6AI Score
SimpleSAMLphp Reflected Cross-site Scripting vulnerability
Background SimpleSAMLphp uses metadata to determine how to interact with other SAML entities. This metadata includes what’s called endpoints, which are URLs belonging to that entity where SAML messages can be sent. These URLs are used directly by SimpleSAMLphp when a message is sent, either via an....
6AI Score
Treasury Sanctions Creators of 911 S5 Proxy Botnet
The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe....
7.3AI Score