Lucene search

K

Simple JWT Login – Login And Register To WordPress Using JWT Security Vulnerabilities

cvelist
cvelist

CVE-2024-21520

Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with ...

6.1CVSS

EPSS

2024-06-26 05:00 AM
cve
cve

CVE-2024-21520

Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with ...

6.1CVSS

6.2AI Score

EPSS

2024-06-26 05:00 AM
cve
cve

CVE-2024-37138

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the...

4.1CVSS

6.7AI Score

EPSS

2024-06-26 04:15 AM
1
cve
cve

CVE-2024-37140

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system....

8.8CVSS

7.7AI Score

EPSS

2024-06-26 04:15 AM
1
nvd
nvd

CVE-2024-37139

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to temporary resource...

6.5CVSS

EPSS

2024-06-26 04:15 AM
1
nvd
nvd

CVE-2024-37138

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the...

4.1CVSS

EPSS

2024-06-26 04:15 AM
1
nvd
nvd

CVE-2024-37140

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system....

8.8CVSS

EPSS

2024-06-26 04:15 AM
1
cve
cve

CVE-2024-37139

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to temporary resource...

6.5CVSS

6.7AI Score

EPSS

2024-06-26 04:15 AM
1
nvd
nvd

CVE-2024-37141

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to information...

3.5CVSS

EPSS

2024-06-26 04:15 AM
1
cve
cve

CVE-2024-37141

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to information...

3.5CVSS

6.4AI Score

EPSS

2024-06-26 04:15 AM
1
cve
cve

CVE-2024-27867

An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in...

6.3AI Score

EPSS

2024-06-26 04:15 AM
nvd
nvd

CVE-2024-27867

An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in...

EPSS

2024-06-26 04:15 AM
1
cvelist
cvelist

CVE-2024-37141

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an open redirect vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to information...

3.5CVSS

EPSS

2024-06-26 04:00 AM
1
cvelist
cvelist

CVE-2024-37140

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an OS command injection vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to the execution of arbitrary OS commands on the system....

8.8CVSS

EPSS

2024-06-26 03:54 AM
1
cvelist
cvelist

CVE-2024-37139

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain an Improper Control of a Resource Through its Lifetime vulnerability in an admin operation. A remote low privileged attacker could potentially exploit this vulnerability, leading to temporary resource...

6.5CVSS

EPSS

2024-06-26 03:38 AM
1
cvelist
cvelist

CVE-2024-37138

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 on DDMC contain a relative path traversal vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the application sending over an unauthorized file to the...

4.1CVSS

EPSS

2024-06-26 03:24 AM
2
nvd
nvd

CVE-2024-5181

A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker can exploit this vulnerability by...

9.8CVSS

EPSS

2024-06-26 03:15 AM
1
cve
cve

CVE-2024-5181

A command injection vulnerability exists in the mudler/localai version 2.14.0. The vulnerability arises from the application's handling of the backend parameter in the configuration file, which is used in the name of the initialized process. An attacker can exploit this vulnerability by...

9.8CVSS

9.6AI Score

EPSS

2024-06-26 03:15 AM
cve
cve

CVE-2024-29176

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a buffer overflow vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to an application crash or execution of arbitrary code on the vulnerable...

8.8CVSS

7.9AI Score

EPSS

2024-06-26 03:15 AM
1
nvd
nvd

CVE-2024-29175

Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session...

5.9CVSS

EPSS

2024-06-26 03:15 AM
1
nvd
nvd

CVE-2024-29176

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a buffer overflow vulnerability. A remote low privileged attacker could potentially exploit this vulnerability, leading to an application crash or execution of arbitrary code on the vulnerable...

8.8CVSS

EPSS

2024-06-26 03:15 AM
1
nvd
nvd

CVE-2024-29177

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain...

2.7CVSS

EPSS

2024-06-26 03:15 AM
1
nvd
nvd

CVE-2024-29174

Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing...

4.4CVSS

EPSS

2024-06-26 03:15 AM
1
cve
cve

CVE-2024-29175

Dell PowerProtect Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.40, LTS 7.10.1.30 contain an weak cryptographic algorithm vulnerability. A remote unauthenticated attacker could potentially exploit this vulnerability, leading to man-in-the-middle attack that exposes sensitive session...

5.9CVSS

6.9AI Score

EPSS

2024-06-26 03:15 AM
1
cve
cve

CVE-2024-29174

Dell Data Domain, versions prior to 7.13.0.0, LTS 7.7.5.30, LTS 7.10.1.20 contain an SQL Injection vulnerability. A local low privileged attacker could potentially exploit this vulnerability, leading to the execution of certain SQL commands on the application's backend database causing...

4.4CVSS

8AI Score

EPSS

2024-06-26 03:15 AM
1
cve
cve

CVE-2024-29177

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a disclosure of temporary sensitive information vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the reuse of disclosed information to gain...

2.7CVSS

6.5AI Score

EPSS

2024-06-26 03:15 AM
nvd
nvd

CVE-2024-29173

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote...

6.8CVSS

EPSS

2024-06-26 03:15 AM
cve
cve

CVE-2024-29173

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Server-Side Request Forgery (SSRF) vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to disclosure of information on the application or remote...

6.8CVSS

6.5AI Score

EPSS

2024-06-26 03:15 AM
cve
cve

CVE-2024-28973

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted...

5.9CVSS

6AI Score

EPSS

2024-06-26 03:15 AM
1
nvd
nvd

CVE-2024-28973

Dell PowerProtect DD, versions prior to 8.0, LTS 7.13.1.0, LTS 7.10.1.30, LTS 7.7.5.40 contain a Stored Cross-Site Scripting Vulnerability. A remote high privileged attacker could potentially exploit this vulnerability, leading to the storage of malicious HTML or JavaScript codes in a trusted...

5.9CVSS

EPSS

2024-06-26 03:15 AM
1
cvelist
cvelist

CVE-2024-27867

An authentication issue was addressed with improved state management. This issue is fixed in AirPods Firmware Update 6A326, AirPods Firmware Update 6F8, and Beats Firmware Update 6F8. When your headphones are seeking a connection request to one of your previously paired devices, an attacker in...

EPSS

2024-06-26 03:12 AM
1
wolfi
wolfi

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

7.8AI Score

0.0004EPSS

2024-06-26 03:08 AM
191
wolfi
wolfi

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: wireguard-go, aactl, flux-notification-controller, confluent-common-docker, go-md2man, flux-image-reflector-controller, overmind, delve, falcosidekick, mods, aws-ebs-csi-driver, k9s, zot, pulumi-language-yaml, lazygit, docker-credential-acr-env, ko, helm-push,...

6.5AI Score

0.0004EPSS

2024-06-26 03:08 AM
20
wolfi
wolfi

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: wireguard-go, aactl, flux-notification-controller, confluent-common-docker, go-md2man, flux-image-reflector-controller, overmind, delve, falcosidekick, mods, aws-ebs-csi-driver, k9s, zot, pulumi-language-yaml, lazygit, docker-credential-acr-env, ko, helm-push,...

7.5AI Score

2024-06-26 03:08 AM
16
wolfi
wolfi

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: flux-image-reflector-controller, vcluster, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, hey, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...

5.5CVSS

6.1AI Score

0.0004EPSS

2024-06-26 03:08 AM
23
wolfi
wolfi

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: aactl, prometheus-bind-exporter, go-md2man, render-template, grpcurl, influx, ctop, cass-operator, gops, goreleaser, helm-push, local-path-provisioner, slsa-verifier, prometheus-stackdriver-exporter, configmap-reload, nri-discovery-kubernetes, cni-plugins, gosu,...

7.5CVSS

7.9AI Score

0.001EPSS

2024-06-26 03:08 AM
59
wolfi
wolfi

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

7.5AI Score

2024-06-26 03:08 AM
28
wolfi
wolfi

GHSA-JJG7-2V4V-X38H vulnerabilities

Vulnerabilities for packages: ggshield, py3-cassandra-medusa, confluent-docker-utils, dask-gateway, kubeflow-jupyter-web-app, kubeflow-pipelines, py3.10-tensorflow-core, az, jwt-tool, k8s-sidecar, kubeflow-katib, kubeflow-volumes-web-app, py3-idna, kubeflow-pipelines-visualization-server,...

7.5AI Score

2024-06-26 03:08 AM
32
wolfi
wolfi

CVE-2024-3651 vulnerabilities

Vulnerabilities for packages: ggshield, py3-cassandra-medusa, confluent-docker-utils, dask-gateway, kubeflow-jupyter-web-app, kubeflow-pipelines, py3.10-tensorflow-core, az, jwt-tool, k8s-sidecar, kubeflow-katib, kubeflow-volumes-web-app, py3-idna, kubeflow-pipelines-visualization-server,...

6.7AI Score

EPSS

2024-06-26 03:08 AM
26
wolfi
wolfi

GHSA-G4MX-Q9VG-27P4 vulnerabilities

Vulnerabilities for packages: py3-urllib3, kubeflow-jupyter-web-app, py3-tensorflow-serving-api, kubeflow-volumes-web-app,...

7.5AI Score

2024-06-26 03:08 AM
26
wolfi
wolfi

GHSA-MQ26-G339-26XF vulnerabilities

Vulnerabilities for packages:...

7.5AI Score

2024-06-26 03:08 AM
3
wolfi
wolfi

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

7.8AI Score

0.0004EPSS

2024-06-26 03:08 AM
42
wolfi
wolfi

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: calico, flux-image-reflector-controller, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...

6.8AI Score

0.0004EPSS

2024-06-26 03:08 AM
58
wolfi
wolfi

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: calico, flux-image-reflector-controller, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...

7.5AI Score

2024-06-26 03:08 AM
20
wolfi
wolfi

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: flux-image-reflector-controller, vcluster, bazelisk, nodetaint, k9s, neuvector-sigstore-interface, velero-plugin-for-aws, docker-credential-acr-env, ko, helm-push, slsa-verifier, kubecolor, tempo, hey, nri-consul, dockerize, cert-manager, kubernetes-event-exporter,...

9.8CVSS

9.8AI Score

0.001EPSS

2024-06-26 03:08 AM
49
wolfi
wolfi

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

7.5AI Score

2024-06-26 03:08 AM
22
wolfi
wolfi

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

7.5AI Score

2024-06-26 03:08 AM
24
wolfi
wolfi

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: wireguard-go, aactl, flux-notification-controller, confluent-common-docker, go-md2man, flux-image-reflector-controller, overmind, delve, falcosidekick, mods, aws-ebs-csi-driver, k9s, zot, pulumi-language-yaml, lazygit, docker-credential-acr-env, ko, helm-push,...

7.5AI Score

2024-06-26 03:08 AM
21
wolfi
wolfi

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: calico, grype, wireguard-go, kubevela, prometheus, go-md2man, flux-image-reflector-controller, delve, aws-ebs-csi-driver, consul, bazelisk, nodetaint, pulumi-language-yaml, lazygit, docker-credential-acr-env, regclient, helm-push, slsa-verifier, vt-cli,...

7.5AI Score

2024-06-26 03:08 AM
21
wolfi
wolfi

CVE-2023-45803 vulnerabilities

Vulnerabilities for packages: py3-urllib3, kubeflow-jupyter-web-app, py3-tensorflow-serving-api, kubeflow-volumes-web-app,...

4.2CVSS

7.1AI Score

0.0004EPSS

2024-06-26 03:08 AM
34
Total number of security vulnerabilities3398617