dashboard.chamtest.tourone.de Cross Site Scripting vulnerability OBB-3931409
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
dartliga-as.de Cross Site Scripting vulnerability OBB-3931407
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
An issue discovered in 360 V6G, 360 T5G, 360 T6M, and 360 P1 routers allows attackers to hijack TCP sessions which could lead to a denial of...
7AI Score
An issue discovered in routers running Openwrt 18.06, 19.07, 21.02, 22.03 and beyond allows attackers to hijack TCP sessions which could lead to a denial of...
7AI Score
dalui.de Cross Site Scripting vulnerability OBB-3931406
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
CVE-2024-21626 vulnerabilities
Vulnerabilities for packages: syft, k3s, skaffold, grype, newrelic-infrastructure-agent, docker, wolfictl, runc, datadog-agent, zarf, kubernetes, nvidia-device-plugin, ctop, trivy, kots, k3d, kubescape, buildkitd, zot, skopeo, nerdctl, cadvisor, telegraf, ingress-nginx-controller, kaniko,...
7.5AI Score
0.051EPSS
GHSA-7WW5-4WQC-M92C vulnerabilities
Vulnerabilities for packages: skaffold, grype, newrelic-infrastructure-agent, cert-manager, kubevela, flux-helm-controller, flux-source-controller, up, ctop, cilium-cli, melange, trivy, kots, eksctl, k3d, kubescape, zot, tekton-pipelines, helm-push, telegraf, fuse-overlayfs-snapshotter, kaniko,...
7.5AI Score
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-driver-hostpath, newrelic-nri-kube-events, k8sgpt, external-dns, fulcio, istio-operator, grype, litefs, prometheus-elasticsearch-exporter, rabbitmq-messaging-topology-operator, spicedb, thanos-operator, pulumi-language-dotnet,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...
6.5AI Score
0.0004EPSS
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: kind, external-dns, grype, prometheus-elasticsearch-exporter, pulumi-language-dotnet, vault-csi-provider, cilium-envoy, flux-helm-controller, pulumi-kubernetes-operator, sigstore-scaffolding, cortex, argo-cd, aws-efs-csi-driver, dgraph, node-problem-detector, kaf,...
8.7AI Score
0.72EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: k8sgpt, litefs, thanos-operator, prometheus-elasticsearch-exporter, swagger, pulumi-language-dotnet, kubebuilder, runc, flux-helm-controller, pulumi-kubernetes-operator, cortex, step, kine, bincapz, loki, melange, memcached-exporter, nri-redis, helm-push,...
7AI Score
0.0004EPSS
Vulnerabilities for packages: k8sgpt, external-dns, thanos-operator, prometheus-elasticsearch-exporter, pulumi-language-dotnet, prometheus-postgres-exporter, vault-csi-provider, kubernetes-csi-external-provisioner, runc, flux-helm-controller, pulumi-kubernetes-operator, sigstore-scaffolding,...
6.5AI Score
0.001EPSS
CVE-2024-24557 vulnerabilities
Vulnerabilities for packages: k8sgpt, k3s, skaffold, cri-tools, kubeflow-katib, crane, newrelic-infrastructure-agent, prometheus, cert-manager, kubevela, cosign, flux-helm-controller, argo-workflows, istio-pilot-discovery, bom, datadog-agent, falcoctl, timoni, zarf, slsa-verifier,...
7.8AI Score
0.001EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-driver-hostpath, newrelic-nri-kube-events, k8sgpt, external-dns, fulcio, istio-operator, grype, litefs, prometheus-elasticsearch-exporter, rabbitmq-messaging-topology-operator, spicedb, thanos-operator, pulumi-language-dotnet,...
6.7AI Score
0.0004EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...
6.5AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...
7.5AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: k8sgpt, litefs, thanos-operator, prometheus-elasticsearch-exporter, swagger, pulumi-language-dotnet, kubebuilder, runc, flux-helm-controller, pulumi-kubernetes-operator, cortex, step, kine, bincapz, loki, melange, memcached-exporter, nri-redis, helm-push,...
7.5AI Score
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: kubernetes-ingress-defaultbackend, k8sgpt, external-dns, istio-operator, kind, thanos-operator, prometheus-elasticsearch-exporter, pulumi-language-dotnet, prometheus-postgres-exporter, caddy, vault-csi-provider, kubernetes-csi-external-provisioner, runc,...
8.2AI Score
0.002EPSS
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...
7.5AI Score
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: k8sgpt, external-dns, thanos-operator, prometheus-elasticsearch-exporter, pulumi-language-dotnet, prometheus-postgres-exporter, vault-csi-provider, kubernetes-csi-external-provisioner, runc, flux-helm-controller, pulumi-kubernetes-operator, sigstore-scaffolding,...
7.5AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: kubernetes-ingress-defaultbackend, k8sgpt, external-dns, istio-operator, kind, thanos-operator, prometheus-elasticsearch-exporter, pulumi-language-dotnet, prometheus-postgres-exporter, caddy, vault-csi-provider, kubernetes-csi-external-provisioner, runc,...
7.5AI Score
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: kind, external-dns, grype, prometheus-elasticsearch-exporter, pulumi-language-dotnet, vault-csi-provider, cilium-envoy, flux-helm-controller, pulumi-kubernetes-operator, sigstore-scaffolding, cortex, argo-cd, aws-efs-csi-driver, dgraph, node-problem-detector, kaf,...
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...
6.5AI Score
0.0004EPSS
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...
7.5AI Score
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...
6.5AI Score
0.0004EPSS
GHSA-XW73-RW38-6VJC vulnerabilities
Vulnerabilities for packages: k8sgpt, k3s, skaffold, cri-tools, kubeflow-katib, crane, newrelic-infrastructure-agent, prometheus, cert-manager, kubevela, cosign, flux-helm-controller, argo-workflows, istio-pilot-discovery, bom, datadog-agent, falcoctl, timoni, zarf, slsa-verifier,...
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: regclient, k8sgpt, external-dns, kind, litefs, grype, nats-server, prometheus-elasticsearch-exporter, s5cmd, thanos-operator, sbomqs, prometheus-postgres-exporter, caddy, kubebuilder, vault-csi-provider, kubernetes-csi-external-provisioner, runc, vt-cli,...
6.5AI Score
0.0004EPSS
GHSA-XR7R-F8XQ-VFVV vulnerabilities
Vulnerabilities for packages: syft, k3s, skaffold, grype, newrelic-infrastructure-agent, docker, wolfictl, runc, datadog-agent, zarf, kubernetes, nvidia-device-plugin, ctop, trivy, kots, k3d, kubescape, buildkitd, zot, skopeo, nerdctl, cadvisor, telegraf, ingress-nginx-controller, kaniko,...
7.5AI Score
garotasdavan.uol.com.br Cross Site Scripting vulnerability OBB-3931403
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
SimpleSAMLphp Reflected Cross-site Scripting vulnerability
Background SimpleSAMLphp uses metadata to determine how to interact with other SAML entities. This metadata includes what’s called endpoints, which are URLs belonging to that entity where SAML messages can be sent. These URLs are used directly by SimpleSAMLphp when a message is sent, either via an....
6AI Score
Treasury Sanctions Creators of 911 S5 Proxy Botnet
The U.S. Department of the Treasury today unveiled sanctions against three Chinese nationals for allegedly operating 911 S5, an online anonymity service that for many years was the easiest and cheapest way to route one's Web traffic through malware-infected computers around the globe....
7.3AI Score
pcTattleTale spyware leaks database containing victim screenshots, gets website defaced
The idea behind the software is simple. When the spying party installs the stalkerware, they grant permission to record what happens on the targeted Android or Windows device. The observer can then log in on an online portal and activate recording, at which point a screen capture is taken on the...
7.2AI Score
Mocodo vulnerable to SQL injection in `/web/generate.php`
Mocodo Mocodo Online 4.2.6 and below does not properly sanitize the sql_case input field in /web/generate.php, allowing remote attackers to execute arbitrary SQL commands and potentially command injection, leading to remote code execution (RCE) under certain...
9AI Score
TCPDF version 6.6.5 and before is vulnerable to ReDoS (Regular Expression Denial of Service) if parsing an untrusted SVG...
7.1AI Score
CVE-2024-35240 Stored Cross-site Scripting on Print Functionality in Umbraco Commerce
Umbraco Commerce is an open source dotnet ecommerce solution. In affected versions there exists a stored Cross-site scripting (XSS) issue which would enable attackers to inject malicious code into Print Functionality. This issue has been addressed in versions 12.1.4, and 10.0.5. Users are advised.....
6.2AI Score
bpag.uol.com.br Cross Site Scripting vulnerability OBB-3931401
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
An issue discovered in Ruijie EG210G-P, Ruijie EG105G-V2, Ruijie NBR, and Ruijie EG105G routers allows attackers to hijack TCP sessions which could lead to a denial of...
7AI Score
SimpleSAMLphp signature validation bypass
Background SAML messages are usually signed to prove the identity of the issuer of the message. In the case of SAML authentication responses, correctly verifying the signature is critical to trust that the assertion contained inside the response was issued by a trusted third-party and the identity....
7.2AI Score
An issue discovered in TP-LINK TL-R473GP-AC, TP-LINK XDR6020, TP-LINK TL-R479GP-AC, TP-LINK TL-R4239G, TP-LINK TL-WAR1200L, and TP-LINK TL-R476G routers allows attackers to hijack TCP sessions which could lead to a denial of...
7AI Score
An issue discovered in H3C Magic R365 and H3C Magic R100 routers allows attackers to hijack TCP sessions which could lead to a denial of...
7AI Score
CVE-2024-36107 Information disclosure in minio
MinIO is a High Performance Object Storage released under GNU Affero General Public License v3.0. If-Modified-Since and If-Unmodified-Since headers when used with anonymous requests by sending a random object name requests can be used to determine if an object exists or not on the server on a...
7.1AI Score
The Campbell Scientific CSI Web Server stores web authentication credentials in a file with a specific file name. Passwords within that file are stored in a weakly encoded format. There is no known way to remotely access the file unless it has been manually renamed. However, if an attacker were to....
7.4AI Score
CVE-2024-36109 Cross-site Scripting with Markdown rendering in CoCalc
CoCalc is web-based software that enables collaboration in research, teaching, and scientific publishing. In affected versions the markdown parser allows <script> tags to be included which execute when published. This issue has been addressed in commit 419862a9c9879c. Users are advised to upg...
7.2AI Score
CVE-2024-5433 Path Traversal in Campbell Scientific CSI Web Server and RTMC
The Campbell Scientific CSI Web Server supports a command that will return the most recent file that matches a given expression. A specially crafted expression can lead to a path traversal vulnerability. This command combined with a specially crafted expression allows anonymous, unauthenticated...
7.3AI Score
CVE-2024-36110 Cross-site scripting in ansibleguy-webui
ansibleguy-webui is an open source WebUI for using Ansible. Multiple forms in versions < 0.0.21 allowed injection of HTML elements. These are returned to the user after executing job actions and thus evaluated by the browser. These issues have been addressed in version 0.0.21 (0.0.21.post2 on...
7.2AI Score
accessibyte.com Cross Site Scripting vulnerability OBB-3931400
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
SimpleSAMLphp exposes credentials in session storage
Background In order to implement support for the SAML Enhanced Client or Proxy profile, the credentials obtained for authentication were stored in the state in order to pass them to the relevant routines. This, however, led to the credentials being recorded in the user’s session, which can be...
7.3AI Score
SimpleSAMLphp Link Injection vulnerability
Background Several scripts part of SimpleSAMLphp display a web page with links obtained from the request parameters. This allows us to enhance usability, as the users are presented with links they can follow after completing a certain action, like logging out. Description The following scripts...
7AI Score