CVE-2024-4419 Fetch JFT <= 1.8.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
The Fetch JFT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
5.9AI Score
Versions of the package mysql2 before 3.9.8 are vulnerable to Prototype Pollution due to improper user input sanitization passed to fields and tables when using...
7.1AI Score
The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the...
7.1AI Score
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with contributor access and...
7.9AI Score
The WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ttbm_new_place_save' function in all versions up to, and including, 1.7.1. This makes it possible for...
6.9AI Score
CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5
CVE-2016-9179 affecting package lynx 2.9.0~dev.9-5. This CVE either no longer is or was never...
7AI Score
0.001EPSS
CVE-2016-2124 affecting package samba 4.12.5-6
CVE-2016-2124 affecting package samba 4.12.5-6. No patch is available...
6.8AI Score
0.002EPSS
CVE-2016-4912 affecting package openslp 2.0.0-26
CVE-2016-4912 affecting package openslp 2.0.0-26. No patch is available...
7.7AI Score
0.002EPSS
CVE-2016-1000104 affecting package mod_fcgid 2.3.9-21
CVE-2016-1000104 affecting package mod_fcgid 2.3.9-21. No patch is available...
8.9AI Score
0.008EPSS
CVE-2016-2568 affecting package polkit 0.119-3
CVE-2016-2568 affecting package polkit 0.119-3. No patch is available...
7.9AI Score
0.0004EPSS
CVE-2016-8681 affecting package libdwarf for versions less than 0.9.0
CVE-2016-8681 affecting package libdwarf for versions less than 0.9.0. A patched version of the package is...
6AI Score
0.001EPSS
CVE-2016-2568 affecting package polkit 0.116-7
CVE-2016-2568 affecting package polkit 0.116-7. No patch is available...
7.5AI Score
0.0004EPSS
CVE-2016-3709 affecting package libxml2 2.9.14-3
CVE-2016-3709 affecting package libxml2 2.9.14-3. This CVE either no longer is or was never...
9.2AI Score
0.001EPSS
GHSA-95PR-FXF5-86GV vulnerabilities
Vulnerabilities for packages: skaffold, goreleaser, tkn, aactl, flux-source-controller, zot, spire-server, melange, policy-controller, tekton-chains, zarf, wolfictl, apko, gitsign, ko, vexctl, falco, falcoctl, slsa-verifier,...
7.5AI Score
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: skaffold, secrets-store-csi-driver-provider-gcp, kpt, kaf, haproxy-ingress, flux-source-controller, metrics-server, influxd, minio, up, prometheus-bind-exporter, wireguard-go, ollama, external-dns, nats, dotnet, coredns, grype, nghttp2, hey, gitlab-pages, gatekeeper,.....
8.7AI Score
0.72EPSS
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: tkn, terragrunt, sops, keda, cloudflared, cosign, aactl, argo-cd, flux-source-controller, spire-server, kots, vault, rekor, tekton-chains, cilium-envoy, kyverno, cert-manager, external-secrets-operator, gitsign, fulcio, argo-workflows, istio-pilot-discovery, vexctl,...
7.5AI Score
GHSA-MQ39-4GV4-MVPX vulnerabilities
Vulnerabilities for packages: goreleaser, tkn, trivy, conftest, dagger, aactl, zot, up, spire-server, melange, crossplane, docker-compose, kaniko, telegraf, kargo, wolfictl, grype, syft, ko, buf, loki, buildkitd, datadog-agent, cadvisor, ctop, prometheus,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: skaffold, eksctl, nri-couchbase, clusterctl, nri-mssql, secrets-store-csi-driver-provider-gcp, kpt, task, q, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, mage, prometheus-mongodb-exporter, sonobuoy, capslock,....
6.5AI Score
0.0004EPSS
CVE-2024-27304 vulnerabilities
Vulnerabilities for packages: amass, trillian, kots, caddy, temporal-server, vault, kine, src, step-ca, spicedb, telegraf, argo-workflows, keda, ferretdb, k3s,...
9.7AI Score
0.0004EPSS
GHSA-MRWW-27VC-GGHV vulnerabilities
Vulnerabilities for packages: amass, trillian, kots, caddy, temporal-server, vault, kine, src, step-ca, spicedb, telegraf, argo-workflows, keda, ferretdb, k3s,...
7.5AI Score
CVE-2024-34069 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server, kubeflow-jupyter-web-app, py3-werkzeug, superset, kubeflow-volumes-web-app,...
7.7AI Score
0.0004EPSS
CVE-2024-21506 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server,...
5.3AI Score
0.0004EPSS
CVE-2024-28219 vulnerabilities
Vulnerabilities for packages: py3-pillow, kubeflow-pipelines-visualization-server,...
6.7AI Score
0.0004EPSS
7.1AI Score
0.0004EPSS
7.5AI Score
7.1AI Score
0.0005EPSS
7.5AI Score
7.1AI Score
0.0004EPSS
GHSA-2G68-C3QC-8985 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines-visualization-server, kubeflow-jupyter-web-app, py3-werkzeug, superset, kubeflow-volumes-web-app,...
7.5AI Score
CVE-2024-29018 vulnerabilities
Vulnerabilities for packages: goreleaser, tkn, trivy, conftest, dagger, aactl, zot, up, spire-server, melange, crossplane, docker-compose, kaniko, telegraf, kargo, wolfictl, grype, syft, ko, buf, loki, buildkitd, datadog-agent, cadvisor, ctop, prometheus,...
5.9AI Score
0.0004EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: skaffold, eksctl, clusterctl, secrets-store-csi-driver-provider-gcp, kpt, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, prometheus-mongodb-exporter, sonobuoy, istio-operator, capslock, haproxy-ingress,...
7.5AI Score
GHSA-HJ3V-M684-V259 vulnerabilities
Vulnerabilities for packages: kyverno, spire-server, boring-registry, external-secrets-operator, mc, falco, istio-pilot-discovery, falcoctl, istio-cni, istio-pilot-agent, istio-operator,...
7.5AI Score
GHSA-H75V-3VVJ-5MFJ vulnerabilities
Vulnerabilities for packages: reflex, kubeflow-jupyter-web-app, kubeflow-pipelines-visualization-server, pytorch, superset, dask-gateway, kubeflow-volumes-web-app,...
7.5AI Score
7.1AI Score
0.0005EPSS
7.1AI Score
0.0004EPSS
7.5AI Score
7.7AI Score
0.001EPSS
7.5AI Score
7.5AI Score
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: nri-mssql, kpt, nsc, kaf, yam, http-echo, docker-credential-gcr, chezmoi, nfs-subdir-external-provisioner, newrelic-infra-operator, cluster-api-controller, containerd, kyverno-policy-reporter-kyverno-plugin, kaniko, protoc-gen-go, kor, kwok, aws-flb-kinesis, ollama,...
7AI Score
0.0004EPSS
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: skaffold, eksctl, clusterctl, secrets-store-csi-driver-provider-gcp, kpt, q, cri-tools, logstash-exporter, terraform-docs, kaf, ferretdb, kubernetes-dashboard, mage, sonobuoy, vault-k8s, istio-operator, capslock, wait-for-port, flux-source-controller, http-echo,...
6.5AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: skaffold, eksctl, clusterctl, secrets-store-csi-driver-provider-gcp, kpt, q, cri-tools, logstash-exporter, terraform-docs, kaf, ferretdb, kubernetes-dashboard, mage, sonobuoy, vault-k8s, istio-operator, capslock, wait-for-port, flux-source-controller, http-echo,...
7.5AI Score
CVE-2023-45285 vulnerabilities
Vulnerabilities for packages: gobuster, goreleaser, render-template, go-bindata, vertical-pod-autoscaler, nsc, cass-operator, sops, scorecard, go-licenses, influx, mage, nri-discovery-kubernetes, grpcurl, sonobuoy, docker-cli, aactl, wait-for-port, oras, metrics-server,...
8.2AI Score
0.001EPSS
Vulnerabilities for packages: skaffold, secrets-store-csi-driver-provider-gcp, kpt, thanos-operator, kaf, kubernetes-dashboard, k3s, prometheus-mongodb-exporter, vault-k8s, haproxy-ingress, kube-logging-operator, flux-source-controller, metrics-server, zot, influxd, minio, prometheus-alertmanager,....
6.5AI Score
0.001EPSS
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: eksctl, nri-mssql, terraform-docs, nsc, kaf, ferretdb, k3s, kubernetes-dashboard, prometheus-mongodb-exporter, vault-k8s, istio-operator, haproxy-ingress, libssh, flux-source-controller, metrics-server, zot, influxd, up, caddy, prometheus-alertmanager,...
7AI Score
0.962EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: skaffold, eksctl, clusterctl, secrets-store-csi-driver-provider-gcp, kpt, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, prometheus-mongodb-exporter, sonobuoy, istio-operator, capslock, haproxy-ingress,...
6.7AI Score
0.0004EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: skaffold, eksctl, nri-couchbase, clusterctl, nri-mssql, secrets-store-csi-driver-provider-gcp, kpt, task, q, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, mage, prometheus-mongodb-exporter, sonobuoy, capslock,....
6.5AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: skaffold, eksctl, nri-couchbase, clusterctl, nri-mssql, secrets-store-csi-driver-provider-gcp, kpt, task, q, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, mage, prometheus-mongodb-exporter, sonobuoy, capslock,....
7.5AI Score
9.6AI Score
0.024EPSS
GHSA-JJG7-2V4V-X38H vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, kubeflow-pipelines-visualization-server, py3-cassandra-medusa, dask-gateway, kubeflow-katib, kubeflow-pipelines, az, k8s-sidecar, kubeflow-volumes-web-app, ggshield, py3-idna, confluent-docker-utils,...
7.5AI Score