OMGF | Host Google Fonts Locally Security Vulnerabilities
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: ...
4CVSS
EPSS
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: ...
4CVSS
3.7AI Score
EPSS
CVE-2022-38383 IBM Cloud Pak for Security information disclosure
IBM Cloud Pak for Security (CP4S) 1.10.0.0 through 1.10.11.0 and IBM QRadar Software Suite 1.10.12.0 through 1.10.21.0 allows web pages to be stored locally which can be read by another user on the system. IBM X-Force ID: ...
4CVSS
EPSS
Code Execution on Git update in github.com/hashicorp/go-getter
A crafted request can execute Git update on an existing maliciously modified Git Configuration. This can potentially lead to arbitrary code execution. When performing a Git operation, the library will try to clone the given repository to a specified destination. Cloning initializes a git config in....
8.4CVSS
8.5AI Score
0.0004EPSS
Exploit for Use After Free in Arm Avalon Gpu Kernel Driver
Exploit for CVE-2022-46395 The write up can be found...
8.8CVSS
7.6AI Score
0.003EPSS
Malicious code in @yu-life/yulife-bdd-framework (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (8dfe091de922cc251578223955b74b56ade98fa67b719bcaa584d3403602f992) The OpenSSF Package Analysis project identified '@yu-life/yulife-bdd-framework' @ 0.0.72 (npm) as malicious. It is considered malicious because: ...
7.3AI Score
Malicious code in @yu-life/react-native-yu-watch (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (461986fa4cbfe6bda33bdb99901a4c0f05e00934b4a3c5b529f1236dba9d4b1b) The OpenSSF Package Analysis project identified '@yu-life/react-native-yu-watch' @ 1.0.1 (npm) as malicious. It is considered malicious because: ...
7.3AI Score
Kimsuky Using TRANSLATEXT Chrome Extension to Steal Sensitive Data
The North Korea-linked threat actor known as Kimsuky has been linked to the use of a new malicious Google Chrome extension that's designed to steal sensitive information as part of an ongoing intelligence collection effort. Zscaler ThreatLabz, which observed the activity in early March 2024, has...
7.8CVSS
7.5AI Score
0.974EPSS
Exploit for Improper Input Validation in Google Android
Exploit for CVE-2022-20186 The write up can be found...
7.8CVSS
8AI Score
0.0004EPSS
Exploit for Improper Input Validation in Google Android
Exploit for CVE-2022-20186 The write up can be found...
7.8CVSS
8AI Score
0.0004EPSS
User-provided environment values allow execution on macOS agents in...
7.2AI Score
Privilege Escalation in HashiCorp Consul in github.com/hashicorp/consul
Privilege Escalation in HashiCorp Consul in...
6.5CVSS
6.7AI Score
0.001EPSS
Grafana XSS in header column rename in github.com/grafana/grafana
Grafana XSS in header column rename in...
6.1CVSS
5.8AI Score
0.005EPSS
Authentication Bypass by Spoofing in github.com/greenpau/caddy-security
Authentication Bypass by Spoofing in...
5.4CVSS
6.8AI Score
0.0004EPSS
CRI-O's pods can break out of resource confinement on cgroupv2 in github.com/cri-o/cri-o
CRI-O's pods can break out of resource confinement on cgroupv2 in...
7.5CVSS
6.7AI Score
0.001EPSS
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature in...
9.8CVSS
6.8AI Score
0.002EPSS
Grafana XSS via adding a link in General feature in github.com/grafana/grafana
Grafana XSS via adding a link in General feature in...
6.1CVSS
5.6AI Score
0.001EPSS
Boundary vulnerable to session hijacking through TLS certificate tampering in...
8CVSS
6.7AI Score
0.001EPSS
Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server
Mattermost leaks details of AD/LDAP groups of a teams in...
4.3CVSS
6.7AI Score
0.0004EPSS
Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users in...
7.1AI Score
Etcd Gateway TLS endpoint validation only confirms TCP reachability in go.etcd.io/etcd
Etcd Gateway TLS endpoint validation only confirms TCP reachability in...
7.1AI Score
Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only in...
7.4AI Score
Grafana XSS via the OpenTSDB datasource in github.com/grafana/grafana
Grafana XSS via the OpenTSDB datasource in...
6.1CVSS
5.6AI Score
0.001EPSS
1Panel set-cookie is missing the Secure keyword in github.com/1Panel-dev/1Panel
1Panel set-cookie is missing the Secure keyword in...
7.5CVSS
6.7AI Score
0.001EPSS
6.5CVSS
6.7AI Score
0.0005EPSS
Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised...
6.8CVSS
6.7AI Score
0.001EPSS
6.5CVSS
6.7AI Score
0.001EPSS
runc vulnerable to container breakout through process.cwd trickery and leaked fds in...
8.6CVSS
6.9AI Score
0.051EPSS
caddy-security plugin for Caddy vulnerable to reflected Cross-site Scripting in...
6.4AI Score
0.0004EPSS
APM Server vulnerable to Insertion of Sensitive Information into Log File in...
7.5CVSS
6.7AI Score
0.001EPSS
5.4CVSS
6.8AI Score
0.0004EPSS
Minder trusts client-provided mapping from repo name to upstream ID in github.com/stacklok/minder
Minder trusts client-provided mapping from repo name to upstream ID in...
4.6CVSS
6.7AI Score
0.0004EPSS
Mattermost post fetching without auditing in compliance export in...
4.3CVSS
6.7AI Score
0.0004EPSS
Improper Validation of Array Index in github.com/greenpau/caddy-security
Improper Validation of Array Index in...
5.3CVSS
6.8AI Score
0.0004EPSS
Use of Insufficiently Random Values in github.com/greenpau/caddy-security
Use of Insufficiently Random Values in...
6.5CVSS
6.8AI Score
0.0004EPSS
Ingress-nginx code injection via nginx.ingress.kubernetes.io/permanent-redirect annotation in...
8.8CVSS
7.2AI Score
0.001EPSS
Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
Mattermost allows demoted guests to change group names in...
4.3CVSS
6.6AI Score
0.0004EPSS
Mattermost notified all users in the channel when using WebSockets to respond individually in...
4.3CVSS
6.6AI Score
0.0004EPSS
Apache Answer Race Condition vulnerability in github.com/apache/incubator-answer
Apache Answer Race Condition vulnerability in...
3.1CVSS
6.7AI Score
0.001EPSS
Mattermost viewing archived public channels permissions vulnerability in...
4.3CVSS
6.7AI Score
0.0004EPSS
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers in...
7.5CVSS
6.7AI Score
0.001EPSS
HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault
HashiCorp Vault Improper Privilege Management in...
5.3CVSS
6.7AI Score
0.001EPSS
Moby (Docker Engine) Insufficiently restricted permissions on data directory in...
6.3CVSS
6.7AI Score
0.0005EPSS
HashiCorp Vault Improper Privilege Management in github.com/hashicorp/vault
HashiCorp Vault Improper Privilege Management in...
9.1CVSS
6.7AI Score
0.002EPSS
Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
Mattermost Cross-site Scripting vulnerability in...
6.1CVSS
6.4AI Score
0.0005EPSS
Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana
Grafana XSS via a query alias for the ElasticSearch datasource in...
6.1CVSS
5.6AI Score
0.001EPSS
Etcd embed auto compaction retention negative value causing a compaction loop or a crash in...
7.1AI Score
Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security
Improper Restriction of Excessive Authentication Attempts in...
4.8CVSS
6.8AI Score
0.0004EPSS
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' in...
6.9AI Score
EPSS
Mattermost race condition in github.com/mattermost/mattermost-server
Mattermost race condition in...
2.6CVSS
6.7AI Score
0.0004EPSS