CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: grpcurl, spegel, gitness, kubernetes-csi-external-snapshotter, hcloud, secrets-store-csi-driver-provider-azure, dataplaneapi, kyverno-policy-reporter-kyverno-plugin, neuvector-scanner, kuberay-operator, chartmuseum, node-feature-discovery, kargo, temporal,...
9.8CVSS
9.8AI Score
0.001EPSS
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: grpcurl, spegel, gitness, kubernetes-csi-external-snapshotter, hcloud, secrets-store-csi-driver-provider-azure, dataplaneapi, kyverno-policy-reporter-kyverno-plugin, neuvector-scanner, kuberay-operator, chartmuseum, node-feature-discovery, kargo, temporal,...
7.5AI Score
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: grpcurl, spegel, gitness, kubernetes-csi-external-snapshotter, hcloud, secrets-store-csi-driver-provider-azure, dataplaneapi, kyverno-policy-reporter-kyverno-plugin, neuvector-scanner, kuberay-operator, chartmuseum, node-feature-discovery, kargo, temporal,...
7.5AI Score
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: grpcurl, cri-tools, timoni, spegel, dive, git-lfs, kubebuilder, tekton-pipelines, nri-prometheus, smarter-device-manager, gitness, kubewatch, q, secrets-store-csi-driver, kubernetes-csi-external-snapshotter, kustomize, gomplate, kube-state-metrics, spqr,...
6.5AI Score
0.0004EPSS
VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the...
6.8CVSS
6.7AI Score
EPSS
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management...
6.8CVSS
7.4AI Score
EPSS
The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service...
5.3CVSS
EPSS
The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service...
5.3CVSS
6.9AI Score
EPSS
VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the...
6.8CVSS
EPSS
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management...
6.8CVSS
EPSS
HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain...
3.5CVSS
EPSS
In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGS_SYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGS_SYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as...
EPSS
In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGS_SYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGS_SYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as...
6.4AI Score
EPSS
HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain...
3.5CVSS
7AI Score
EPSS
CVE-2023-37541 HCL Connections is vulnerable to a broken access control vulnerability
HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain...
3.5CVSS
7AI Score
EPSS
CVE-2023-37541 HCL Connections is vulnerable to a broken access control vulnerability
HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain...
3.5CVSS
EPSS
CVE-2021-4440 x86/xen: Drop USERGS_SYSRET64 paravirt call
In the Linux kernel, the following vulnerability has been resolved: x86/xen: Drop USERGS_SYSRET64 paravirt call commit afd30525a659ac0ae0904f0cb4a2ca75522c3123 upstream. USERGS_SYSRET64 is used to return from a syscall via SYSRET, but a Xen PV guest will nevertheless use the IRET hypercall, as...
EPSS
The vCenter Server contains a denial-of-service vulnerability. A malicious actor with network access to vCenter Server may create a denial-of-service...
5.3CVSS
EPSS
VMware ESXi contains an out-of-bounds read vulnerability. A malicious actor with local administrative privileges on a virtual machine with an existing snapshot may trigger an out-of-bounds read leading to a denial-of-service condition of the...
6.8CVSS
EPSS
VMware ESXi contains an authentication bypass vulnerability. A malicious actor with sufficient Active Directory (AD) permissions can gain full access to an ESXi host that was previously configured to use AD for user management...
6.8CVSS
EPSS
The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and output escaping on...
6.4CVSS
5.8AI Score
EPSS
The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and output escaping on...
6.4CVSS
EPSS
9.8CVSS
7.7AI Score
EPSS
The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and output escaping on...
6.4CVSS
6AI Score
EPSS
The The7 — Website and eCommerce Builder for WordPress theme for WordPress is vulnerable to Stored Cross-Site Scripting via the 'url' attribute within the plugin's Icon and Heading widgets in all versions up to, and including, 11.13.0 due to insufficient input sanitization and output escaping on...
6.4CVSS
EPSS
In the Linux kernel, the following vulnerability has been resolved: drm/xe: Only use reserved BCS instances for usm migrate exec queue The GuC context scheduling queue is 2 entires deep, thus it is possible for a migration job to be stuck behind a fault if migration exec queue shares engines with.....
7.2AI Score
0.0004EPSS
Embracing a consolidated security ecosystem Authored by Ralph Wascow Cybersecurity is as unpredictable as it is rewarding. Each day often presents a new set of challenges and responsibilities, particularly as organizations accelerate digital transformation efforts. This means you and your cyber...
7.2AI Score
Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction...
8.1CVSS
EPSS
Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most...
5.3CVSS
5.3AI Score
EPSS
Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most...
5.3CVSS
EPSS
Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction...
8.1CVSS
8AI Score
EPSS
Authentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an authenticated attacker to authenticate to another user without being asked for the 2FA via another browser...
6.8AI Score
EPSS
Authentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an authenticated attacker to authenticate to another user without being asked for the 2FA via another browser...
EPSS
CVE-2024-6301 Origin Validation Error in Conduit
Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most...
5.3CVSS
EPSS
CVE-2024-6301 Origin Validation Error in Conduit
Lack of validation of origin in federation API in Conduit, allowing any remote server to impersonate any user from any server in most...
5.3CVSS
7AI Score
EPSS
CVE-2024-6302 Improper Handling of Insufficient Permissions or Privileges in Conduit
Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction...
8.1CVSS
EPSS
CVE-2024-6302 Improper Handling of Insufficient Permissions or Privileges in Conduit
Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send redaction...
8.1CVSS
7AI Score
EPSS
CloudBrute - Awesome Cloud Enumerator
A tool to find a company (target) infrastructure, files, and apps on the top cloud providers (Amazon, Google, Microsoft, DigitalOcean, Alibaba, Vultr, Linode). The outcome is useful for bug bounty hunters, red teamers, and penetration testers alike. The complete writeup is available. here...
7.2AI Score
Authentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an authenticated attacker to authenticate to another user without being asked for the 2FA via another browser...
EPSS
Authentication bypass in the 2FA feature in Devolutions Server 2024.1.14.0 and earlier allows an authenticated attacker to authenticate to another user without being asked for the 2FA via another browser...
6.8AI Score
EPSS
Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation...
5.4CVSS
EPSS
Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation...
5.4CVSS
6.3AI Score
EPSS
This affects versions of the package opencart/opencart from 4.0.0-0. A reflected XSS issue was identified in the filename parameter of the admin tool/log route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted to login...
4.7CVSS
5AI Score
0.0005EPSS
This affects versions of the package opencart/opencart from 4.0.0-0. A reflected XSS issue was identified in the directory parameter of admin common/filemanager.list route. An attacker could obtain a user's token by tricking the user to click on a maliciously crafted URL. The user is then prompted....
4.7CVSS
5AI Score
0.0005EPSS
CVE-2024-28831 XSS in confirmation pop-up
Stored XSS in some confirmation pop-ups in Checkmk before versions 2.3.0p7 and 2.2.0p28 allows Checkmk users to execute arbitrary scripts by injecting HTML elements into some user input fields that are shown in a confirmation...
5.4CVSS
EPSS
A vulnerability in mintplex-labs/anything-llm allows for a Denial of Service (DoS) condition due to uncontrolled resource consumption. Specifically, the issue arises from the application's failure to limit the size of usernames, enabling attackers to create users with excessively bulky texts in...
7.5CVSS
7.5AI Score
EPSS
WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions up to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...
6.4CVSS
5.8AI Score
EPSS
A vulnerability in mintplex-labs/anything-llm allows for a Denial of Service (DoS) condition due to uncontrolled resource consumption. Specifically, the issue arises from the application's failure to limit the size of usernames, enabling attackers to create users with excessively bulky texts in...
7.5CVSS
EPSS
WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions up to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...
6.4CVSS
EPSS
WordPress Core is vulnerable to Stored Cross-Site Scripting via the HTML API in various versions up to 6.5.5 due to insufficient input sanitization and output escaping on URLs. This makes it possible for authenticated attackers, with contributor-level access and above, to inject arbitrary web...
6.4CVSS
EPSS