A company that helps to authenticate users for big brands had a set of administration credentials exposed online for over a year, potentially allowing access to user identity documents such as driving licenses. As more and more legislation emerges requiring websites and platforms—like gambling...
7.4AI Score
Buffer overflow in the extract_openvpn_cr function in openvpn-cr.c in openvpn-auth-ldap (aka the Three Rings Auth-LDAP plugin for OpenVPN) 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this....
7.6AI Score
EPSS
Buffer overflow in the extract_openvpn_cr function in openvpn-cr.c in openvpn-auth-ldap (aka the Three Rings Auth-LDAP plugin for OpenVPN) 2.0.4 allows attackers with a valid LDAP username and who can control the challenge/response password field to pass a string with more than 14 colons into this....
EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 17, 2024 to June 23, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
10CVSS
9.9AI Score
EPSS
‘Poseidon’ Mac stealer distributed via Google ads
On June 24, we observed a new campaign distributing a stealer targeting Mac users via malicious Google ads for the Arc browser. This is the second time in the past couple of months where we see Arc being used as a lure, certainly a sign of its popularity. It was previously used to drop a Windows...
6.5AI Score
The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....
6.4CVSS
5.7AI Score
EPSS
The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....
6.4CVSS
EPSS
The Portfolio Gallery – Image Gallery Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'PFG' shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible....
6.4CVSS
EPSS
Directory creation by malicious user in saltstack
Syndic cache directory creation is vulnerable to a directory traversal attack in salt project which can lead a malicious attacker to create an arbitrary directory on a Salt...
5CVSS
0.0004EPSS
How to Use Python to Build Secure Blockchain Applications
Did you know it's now possible to build blockchain applications, known also as decentralized applications (or "dApps" for short) in native Python? Blockchain development has traditionally required learning specialized languages, creating a barrier for many developers… until now. AlgoKit, an...
6.9AI Score
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘video_color’ parameter in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output...
6.4CVSS
EPSS
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘video_color’ parameter in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output...
6.4CVSS
5.8AI Score
EPSS
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: keda, tkn, slsa-verifier, spire-server, flux-source-controller, traefik, cilium-envoy, cloudflared, oauth2-proxy, terragrunt, cert-manager, kyverno, dex, falco, aactl, istio-pilot-discovery, gitsign, sops, vexctl, tekton-chains, kots, rekor, flux-kustomize-controller,....
7.5AI Score
GHSA-JQ35-85CJ-FJ4P vulnerabilities
Vulnerabilities for packages: loki, kpt, up, slsa-verifier, ctop, cert-manager, prometheus, falco, aactl, chartmuseum, paranoia, tekton-chains, k3d, goreleaser, scorecard, kubescape, skaffold, bom, tekton-pipelines,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: helm-push, clusterctl, prometheus-redis-exporter, cass-operator, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, aws-load-balancer-controller, k8sgpt, velero, docker-cli, kpt, kubewatch, secrets-store-csi-driver-provider-azure,...
7.8AI Score
0.0004EPSS
GHSA-7WW5-4WQC-M92C vulnerabilities
Vulnerabilities for packages: helm-push, grype, eksctl, helm, up, kaniko, ctop, flux-source-controller, fuse-overlayfs-snapshotter, cert-manager, newrelic-infrastructure-agent, melange, cilium-cli, kubevela, trivy, k3d, kots, neuvector-agent, zot, flux-helm-controller, gitness, kubescape,...
7.5AI Score
CVE-2024-25620 vulnerabilities
Vulnerabilities for packages: helm-push, k9s, kubescape, cert-manager, zot, trivy, k8sgpt, kots, zarf, eksctl, helm-operator, chartmuseum, flux-source-controller, up, cilium-cli, flux-helm-controller,...
6.4CVSS
6.7AI Score
0.0004EPSS
CVE-2024-21626 vulnerabilities
Vulnerabilities for packages: skopeo, nerdctl, grype, buildkitd, kaniko, ctop, syft, ingress-nginx-controller, docker, k9s, wolfictl, newrelic-infrastructure-agent, datadog-agent, nvidia-device-plugin, kubernetes, k3d, trivy, kots, zot, kubescape, cadvisor, runc, zarf, skaffold, telegraf,...
8.6CVSS
9.2AI Score
0.051EPSS
GHSA-R53H-JV2G-VPX6 vulnerabilities
Vulnerabilities for packages: helm-push, k9s, kubescape, cert-manager, zot, trivy, k8sgpt, kots, zarf, eksctl, helm-operator, chartmuseum, flux-source-controller, up, cilium-cli, flux-helm-controller,...
7.5AI Score
GHSA-VVPX-J8F3-3W6H vulnerabilities
Vulnerabilities for packages: restic, go, grpcurl, gke-gcloud-auth-plugin, k3d, hey, falco, wireguard-go,...
7.5AI Score
Vulnerabilities for packages: neuvector-sigstore-interface, pulumi-kubernetes-operator, flux-image-reflector-controller, keda, skopeo, flux-notification-controller, loki, buildkitd, flux-image-automation-controller, tkn, slsa-verifier, spire-server, flux-source-controller, terraform, cert-manager,....
6CVSS
6AI Score
0.0004EPSS
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: dotnet, kpt, kubewatch, ollama, slsa-verifier, fuse-overlayfs-snapshotter, dgraph, kyverno, nginx-stable, falco, nvidia-device-plugin, envoy-ratelimit, weaviate, terraform-provider-azurerm, kind, kots, kubernetes-csi-livenessprobe, pulumi-language-dotnet, gobuster,...
7.5CVSS
9AI Score
0.732EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: clusterctl, prometheus-redis-exporter, skopeo, cass-operator, kubernetes-csi-external-provisioner, configmap-reload, aws-load-balancer-controller, k8sgpt, rclone, velero, kpt, kubewatch, kaniko, ollama, secrets-store-csi-driver-provider-azure, docker-compose,...
7.5AI Score
CVE-2023-45142 vulnerabilities
Vulnerabilities for packages: caddy, keda, cert-manager, prometheus-adapter, gatekeeper, kubernetes, calico, prometheus, thanos, ipfs, gitlab-kas, up, kubevela,...
7.5CVSS
7.9AI Score
0.001EPSS
GHSA-RCJV-MGP8-QVMR vulnerabilities
Vulnerabilities for packages: caddy, keda, cert-manager, prometheus-adapter, gatekeeper, kubernetes, calico, prometheus, thanos, ipfs, gitlab-kas, up, kubevela,...
7.5AI Score
CVE-2022-41723 vulnerabilities
Vulnerabilities for packages: restic, go, grpcurl, gke-gcloud-auth-plugin, k3d, hey, falco, wireguard-go,...
7.5CVSS
8.4AI Score
0.024EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: clusterctl, go, cass-operator, shfmt, crane, kaniko, fuse-overlayfs-snapshotter, k9s, kubernetes-dashboard, sbomqs, envoy-ratelimit, yq, kubernetes, falcoctl, flux-helm-controller, runc, node-problem-detector, prometheus-elasticsearch-exporter, trillian,...
6.8AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: helm-push, libnvidia-container, clusterctl, prometheus-redis-exporter, go, skopeo, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, k8sgpt, rclone, crane, kpt, kubewatch, secrets-store-csi-driver-provider-azure, docker-compose, spicedb,...
7.5AI Score
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: clusterctl, go, cass-operator, shfmt, crane, kaniko, fuse-overlayfs-snapshotter, k9s, kubernetes-dashboard, sbomqs, yq, kubernetes, kots, falcoctl, flux-helm-controller, nvidia-container-toolkit, runc, node-problem-detector, prometheus-elasticsearch-exporter,...
5.5CVSS
6.1AI Score
0.0004EPSS
GHSA-V6V8-XJ6M-XWQH vulnerabilities
Vulnerabilities for packages: neuvector-sigstore-interface, pulumi-kubernetes-operator, flux-image-reflector-controller, keda, skopeo, flux-notification-controller, loki, buildkitd, flux-image-automation-controller, tkn, slsa-verifier, spire-server, flux-source-controller, terraform, cert-manager,....
7.5AI Score
CVE-2023-45285 vulnerabilities
Vulnerabilities for packages: gitlab-logger, go-licenses, helm-push, petname, cass-operator, nsc, configmap-reload, prometheus-stackdriver-exporter, gke-gcloud-auth-plugin, docker-credential-ecr-login, vertical-pod-autoscaler, influx, docker-cli, cni-plugins, mage, slsa-verifier, ctop,...
7.5CVSS
7.9AI Score
0.001EPSS
Vulnerabilities for packages: kubernetes-csi-external-provisioner, aws-load-balancer-controller, k8sgpt, kpt, kubewatch, ollama, thanos-operator, fuse-overlayfs-snapshotter, kube-state-metrics, dgraph, kyverno, kubernetes-dashboard, nvidia-device-plugin, weaviate, aws-ebs-csi-driver, yq, timoni,...
6.1CVSS
7.3AI Score
0.001EPSS
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: helm-push, skopeo, src-fingerprint, nsc, kubewatch, ollama, secrets-store-csi-driver-provider-azure, slsa-verifier, kube-state-metrics, dgraph, kyverno, kubernetes-dashboard, ferretdb, falco, weaviate, istio-pilot-discovery, terraform-provider-azurerm, gitsign,...
5.9CVSS
7.1AI Score
0.963EPSS
CVE-2024-24557 vulnerabilities
Vulnerabilities for packages: filebeat, k3s, flux-image-reflector-controller, skopeo, nerdctl, cri-tools, loki, k8sgpt, buildkitd, eksctl, crane, helm-operator, helm, up, slsa-verifier, ctop, traefik, k9s, cert-manager, kyverno, newrelic-infrastructure-agent, prometheus, datadog-agent, falco,...
7.8CVSS
7.5AI Score
0.001EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: clusterctl, prometheus-redis-exporter, skopeo, cass-operator, kubernetes-csi-external-provisioner, configmap-reload, aws-load-balancer-controller, k8sgpt, rclone, velero, kpt, kubewatch, kaniko, ollama, secrets-store-csi-driver-provider-azure, docker-compose,...
6.8AI Score
0.0004EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: helm-push, clusterctl, prometheus-redis-exporter, cass-operator, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, aws-load-balancer-controller, k8sgpt, velero, docker-cli, kpt, kubewatch, secrets-store-csi-driver-provider-azure,...
7.8AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: helm-push, clusterctl, prometheus-redis-exporter, cass-operator, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, aws-load-balancer-controller, k8sgpt, velero, docker-cli, kpt, kubewatch, secrets-store-csi-driver-provider-azure,...
7.5AI Score
CVE-2024-35255 vulnerabilities
Vulnerabilities for packages: filebeat, sqlpad, chezmoi, flux-image-reflector-controller, keda, loki, k8sgpt, buildkitd, rclone, velero, up, secrets-store-csi-driver-provider-azure, tkn, flyte, spire-server, flux-source-controller, py3-azure-identity, step, py3-cassandra-medusa, traefik,...
5.5CVSS
6AI Score
0.0004EPSS
GHSA-M5VV-6R4H-3VJ9 vulnerabilities
Vulnerabilities for packages: filebeat, sqlpad, chezmoi, flux-image-reflector-controller, keda, loki, k8sgpt, buildkitd, rclone, velero, up, secrets-store-csi-driver-provider-azure, tkn, flyte, spire-server, flux-source-controller, py3-azure-identity, step, py3-cassandra-medusa, traefik,...
7.5AI Score
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: helm-push, libnvidia-container, clusterctl, prometheus-redis-exporter, go, skopeo, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, k8sgpt, rclone, crane, kpt, kubewatch, secrets-store-csi-driver-provider-azure, docker-compose, spicedb,...
6.5AI Score
0.0004EPSS
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: clusterctl, go, cass-operator, shfmt, crane, kaniko, fuse-overlayfs-snapshotter, k9s, kubernetes-dashboard, sbomqs, envoy-ratelimit, yq, kubernetes, falcoctl, flux-helm-controller, runc, node-problem-detector, prometheus-elasticsearch-exporter, trillian,...
7.5AI Score
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: helm-push, libnvidia-container, clusterctl, prometheus-redis-exporter, go, skopeo, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, k8sgpt, rclone, crane, kpt, kubewatch, secrets-store-csi-driver-provider-azure, docker-compose, spicedb,...
7.5AI Score
CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: clusterctl, go, cass-operator, shfmt, crane, kaniko, fuse-overlayfs-snapshotter, k9s, kubernetes-dashboard, sbomqs, yq, kubernetes, kots, falcoctl, flux-helm-controller, nvidia-container-toolkit, runc, node-problem-detector, prometheus-elasticsearch-exporter,...
9.8CVSS
9.8AI Score
0.001EPSS
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: go, kubernetes-csi-external-provisioner, aws-load-balancer-controller, k8sgpt, kpt, kubewatch, ollama, slsa-verifier, thanos-operator, fuse-overlayfs-snapshotter, kube-state-metrics, dgraph, kyverno, kubernetes-dashboard, falco, nvidia-device-plugin, weaviate,...
7.5CVSS
8.4AI Score
0.002EPSS
GHSA-C5Q2-7R4C-MV6G vulnerabilities
Vulnerabilities for packages: skopeo, keda, nerdctl, grpc-health-probe, tkn, slsa-verifier, spire-server, flux-source-controller, step, cloudflared, wolfictl, oauth2-proxy, terragrunt, cert-manager, dgraph, timestamp-authority, dex, policy-controller, falco, aactl, sigstore-scaffolding, melange,...
7.5AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: helm-push, clusterctl, prometheus-redis-exporter, cass-operator, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, aws-load-balancer-controller, k8sgpt, velero, docker-cli, kpt, kubewatch, secrets-store-csi-driver-provider-azure,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: helm-push, clusterctl, prometheus-redis-exporter, cass-operator, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, aws-load-balancer-controller, k8sgpt, velero, docker-cli, kpt, kubewatch, secrets-store-csi-driver-provider-azure,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: helm-push, clusterctl, prometheus-redis-exporter, cass-operator, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, aws-load-balancer-controller, k8sgpt, velero, docker-cli, kpt, kubewatch, secrets-store-csi-driver-provider-azure,...
7.5AI Score
GHSA-8PGV-569H-W5RW vulnerabilities
Vulnerabilities for packages: aws-ebs-csi-driver, keda, argo-cd, cert-manager, kine, kubescape, kubernetes, cri-tools, kyverno, temporal-server, temporal, kubernetes-csi-external-resizer, envoy-ratelimit, docker-compose, containerd, kubevela,...
7.5AI Score
CVE-2023-47108 vulnerabilities
Vulnerabilities for packages: aws-ebs-csi-driver, keda, argo-cd, cert-manager, kine, kubescape, kubernetes, cri-tools, kyverno, temporal-server, temporal, kubernetes-csi-external-resizer, envoy-ratelimit, docker-compose, containerd, kubevela,...
7.5CVSS
7.7AI Score
0.001EPSS