A vulnerability classified as critical was found in LabVantage LIMS 2017. This vulnerability affects unknown code of the file /labvantage/rc?command=page&page=SampleList&_iframename=list of the component POST Request Handler. The manipulation of the argument param1 leads to sql injection. The...
6.3CVSS
A vulnerability classified as critical was found in LabVantage LIMS 2017. This vulnerability affects unknown code of the file /labvantage/rc?command=page&page=SampleList&_iframename=list of the component POST Request Handler. The manipulation of the argument param1 leads to sql injection. The...
6.3CVSS
CVE-2024-5771 LabVantage LIMS POST Request sql injection
A vulnerability classified as critical was found in LabVantage LIMS 2017. This vulnerability affects unknown code of the file /labvantage/rc?command=page&page=SampleList&_iframename=list of the component POST Request Handler. The manipulation of the argument param1 leads to sql injection. The...
6.3CVSS
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: nginx-stable, cilium-envoy, kpt, dotnet, gitlab-pages, pulumi, prometheus-elasticsearch-exporter, influxd, tomcat, cluster-autoscaler, hey, prometheus-adapter, nginx-mainline, cosign, nats, argo-cd, memcached-exporter, src, mc, wireguard-go,...
7.5CVSS
9AI Score
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: boring-registry, nfs-subdir-external-provisioner, istio-pilot-agent, kubernetes-csi-driver-hostpath, kpt, prometheus-mongodb-exporter, gitlab-pages, newrelic-nri-kube-events, rclone, pulumi, docker-compose, prometheus-elasticsearch-exporter, istio-operator, influxd,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...
7.8AI Score
CVE-2024-21626 vulnerabilities
Vulnerabilities for packages: buildkitd, kaniko, telegraf, wolfictl, zot, runc, kubernetes, kots, k9s, docker, datadog-agent, newrelic-infrastructure-agent, skopeo, ingress-nginx-controller, trivy, zarf, nerdctl, k3d, ctop, cadvisor, k3s, nvidia-device-plugin, kubescape, skaffold, syft,...
8.6CVSS
9.2AI Score
GHSA-7WW5-4WQC-M92C vulnerabilities
Vulnerabilities for packages: kaniko, telegraf, up, neuvector-agent, zot, flux-helm-controller, gitness, kubevela, kots, fuse-overlayfs-snapshotter, melange, flux-source-controller, helm, eksctl, newrelic-infrastructure-agent, tekton-pipelines, k3d, cert-manager, helm-push, ctop, cilium-cli,...
7.5AI Score
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-driver-hostpath, kpt, istio-operator, prometheus-statsd-exporter, ghaudit, prometheus-adapter, node-feature-discovery, speedtest-go, kubernetes-csi-external-provisioner, cni-plugins, kor, nri-nginx, helm-operator, gitlab-logger, k8ssandra-operator,...
6.7AI Score
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: wolfictl, kubernetes-csi-driver-hostpath, kpt, istio-operator, prometheus-statsd-exporter, ghaudit, hey, prometheus-adapter, node-feature-discovery, speedtest-go, kubernetes-csi-external-provisioner, nvidia-container-toolkit, teleport, cni-plugins, nri-nginx,...
7.2AI Score
Vulnerabilities for packages: nfs-subdir-external-provisioner, kpt, prometheus-mongodb-exporter, gitlab-pages, pulumi, prometheus-elasticsearch-exporter, influxd, cluster-autoscaler, prometheus-statsd-exporter, vault, hey, prometheus-adapter, prometheus-node-exporter,...
6.1CVSS
7.2AI Score
CVE-2024-24557 vulnerabilities
Vulnerabilities for packages: buildkitd, gitlab-runner, kyverno, slsa-verifier, filebeat, istio-pilot-agent, telegraf, up, zot, flux-helm-controller, tekton-chains, kubevela, kots, k9s, kargo, pulumi, goreleaser, skaffold, docker-credential-gcr, falco, helm, bom, datadog-agent, traefik, eksctl,...
7.8CVSS
7.4AI Score
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: boring-registry, nfs-subdir-external-provisioner, istio-pilot-agent, kubernetes-csi-driver-hostpath, kpt, prometheus-mongodb-exporter, gitlab-pages, newrelic-nri-kube-events, rclone, pulumi, docker-compose, prometheus-elasticsearch-exporter, istio-operator, influxd,...
6.5AI Score
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...
7.8AI Score
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...
7.5AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: kubernetes-csi-driver-hostpath, kpt, istio-operator, prometheus-statsd-exporter, ghaudit, prometheus-adapter, node-feature-discovery, speedtest-go, kubernetes-csi-external-provisioner, cni-plugins, kor, nri-nginx, helm-operator, gitlab-logger, k8ssandra-operator,...
7.5AI Score
CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: wolfictl, kubernetes-csi-driver-hostpath, kpt, istio-operator, prometheus-statsd-exporter, ghaudit, hey, prometheus-adapter, node-feature-discovery, speedtest-go, kubernetes-csi-external-provisioner, nvidia-container-toolkit, teleport, cni-plugins, nri-nginx,...
7.2AI Score
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: nfs-subdir-external-provisioner, istio-pilot-agent, kpt, prometheus-mongodb-exporter, go, gitlab-pages, kubernetes-ingress-defaultbackend, pulumi, prometheus-elasticsearch-exporter, istio-operator, influxd, cluster-autoscaler, prometheus-statsd-exporter, vault, hey,...
7.5CVSS
8.4AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...
7.5AI Score
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: wolfictl, kubernetes-csi-driver-hostpath, kpt, istio-operator, prometheus-statsd-exporter, ghaudit, hey, prometheus-adapter, node-feature-discovery, speedtest-go, kubernetes-csi-external-provisioner, nvidia-container-toolkit, teleport, cni-plugins, nri-nginx,...
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...
7.8AI Score
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: nfs-subdir-external-provisioner, kpt, prometheus-mongodb-exporter, gitlab-pages, pulumi, prometheus-elasticsearch-exporter, influxd, cluster-autoscaler, prometheus-statsd-exporter, vault, hey, prometheus-adapter, prometheus-node-exporter,...
7.5AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: nfs-subdir-external-provisioner, istio-pilot-agent, kpt, prometheus-mongodb-exporter, go, gitlab-pages, kubernetes-ingress-defaultbackend, pulumi, prometheus-elasticsearch-exporter, istio-operator, influxd, cluster-autoscaler, prometheus-statsd-exporter, vault, hey,...
7.5AI Score
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: nginx-stable, cilium-envoy, kpt, dotnet, gitlab-pages, pulumi, prometheus-elasticsearch-exporter, influxd, tomcat, cluster-autoscaler, hey, prometheus-adapter, nginx-mainline, cosign, nats, argo-cd, memcached-exporter, src, mc, wireguard-go,...
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...
7.8AI Score
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...
7.5AI Score
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: wolfictl, kubernetes-csi-driver-hostpath, kpt, istio-operator, prometheus-statsd-exporter, ghaudit, hey, prometheus-adapter, node-feature-discovery, speedtest-go, kubernetes-csi-external-provisioner, nvidia-container-toolkit, teleport, cni-plugins, nri-nginx,...
GHSA-XW73-RW38-6VJC vulnerabilities
Vulnerabilities for packages: buildkitd, gitlab-runner, kyverno, slsa-verifier, filebeat, istio-pilot-agent, telegraf, up, zot, flux-helm-controller, tekton-chains, kubevela, kots, k9s, kargo, pulumi, goreleaser, skaffold, docker-credential-gcr, falco, helm, bom, datadog-agent, traefik, eksctl,...
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: aws-flb-cloudwatch, nfs-subdir-external-provisioner, nri-cassandra, fq, kpt, prometheus-mongodb-exporter, pombump, go-licenses, pulumi, dataplaneapi, wire-go, prometheus-elasticsearch-exporter, cluster-api-controller, cluster-autoscaler, prometheus-statsd-exporter,...
7.8AI Score
GHSA-XR7R-F8XQ-VFVV vulnerabilities
Vulnerabilities for packages: buildkitd, kaniko, telegraf, wolfictl, zot, runc, kubernetes, kots, k9s, docker, datadog-agent, newrelic-infrastructure-agent, skopeo, ingress-nginx-controller, trivy, zarf, nerdctl, k3d, ctop, cadvisor, k3s, nvidia-device-plugin, kubescape, skaffold, syft,...
7.5AI Score
A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the.....
3.9CVSS
A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the.....
3.9CVSS
In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the checkProjectAccess method within the...
9.8CVSS
In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the checkProjectAccess method within the...
9.8CVSS
CVE-2024-4146 Improper Authorization in lunary-ai/lunary
In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. Specifically, the vulnerability is located in the checkProjectAccess method within the...
9.8CVSS
CVE-2024-4680 Insufficient Session Expiration in zenml-io/zenml
A vulnerability in zenml-io/zenml version 0.56.3 allows attackers to reuse old session credentials or session IDs due to insufficient session expiration. Specifically, the session does not expire after a password change, enabling an attacker to maintain access to a compromised account without the.....
3.9CVSS
Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through...
5.3CVSS
5.4AI Score
Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through...
5.3CVSS
Missing Authorization vulnerability in Codection Import and export users and customers.This issue affects Import and export users and customers: from n/a through...
5.3CVSS
HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. This may lead to credentials disclosure and possibly launch additional...
4.4CVSS
HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. This may lead to credentials disclosure and possibly launch additional...
4.4CVSS
CVE-2023-45707 HCL Connections Docs is vulnerable to Cross-Site Scripting (XSS)
HCL Connections Docs is vulnerable to a cross-site scripting attack where an attacker may leverage this issue to execute arbitrary code. This may lead to credentials disclosure and possibly launch additional...
4.4CVSS
fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pam_fprintd.so" for...
fprintd through 1.94.3 lacks a security attention mechanism, and thus unexpected actions might be authorized by "auth sufficient pam_fprintd.so" for...
ommouldings.com Cross Site Scripting vulnerability OBB-3933911
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix division by zero in setup_dsc_config When slice_height is 0, the division by slice_height in the calculation of the number of slices will cause a division by zero driver crash. This leaves the kernel in a...
In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: Use request_module_nowait This appears to work around a deadlock regression that came in with the LED merge in 6.9. The deadlock happens on my system with 24 iwlwifi radios, so maybe it something like all worker...
Libarchive before 3.7.4 allows name out-of-bounds access when a ZIP archive has an empty-name file and mac-ext is enabled. This occurs in slurp_central_directory in...