CVE-2023-44487 affecting package sriov-network-device-plugin for versions less than 3.5.1-2
CVE-2023-44487 affecting package sriov-network-device-plugin for versions less than 3.5.1-2. A patched version of the package is...
8.2AI Score
0.72EPSS
The WP STAGING WordPress Backup Plugin – Migration Backup Restore plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the wpstg_processing AJAX action in all versions up to, and including, 3.4.3. This makes it possible for authenticated attackers,...
7.9AI Score
The Essential Addons for Elementor PRO – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Team Member Carousel widget in all Pro versions up to, and including, 5.8.14 due to insufficient input...
6AI Score
CVE-2024-3937 Playlist for Youtube <= 1.32 - Editor+ Stored XSS
The Playlist for Youtube WordPress plugin through 1.32 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.7AI Score
CVE-2024-3921 Gianism <= 5.1.0 - Admin+ Stored XSS
The Gianism WordPress plugin through 5.1.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite...
5.8AI Score
CVE-2024-3050 Site Reviews < 7.0.0 - IP Spoofing
The Site Reviews WordPress plugin before 7.0.0 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass IP-based...
6.8AI Score
CVE-2024-4419 Fetch JFT <= 1.8.3 - Authenticated (Administrator+) Stored Cross-Site Scripting
The Fetch JFT plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 1.8.3 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with administrator-level permissions and...
5.9AI Score
The AppPresser plugin for WordPress is vulnerable to improper missing encryption exception handling on the 'decrypt_value' and on the 'doCookieAuth' functions in all versions up to, and including, 4.3.2. This makes it possible for unauthenticated attackers to log in as any existing user on the...
7.1AI Score
The Unlimited Elements For Elementor (Free Widgets, Addons, Templates) plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.5.89 via the template import functionality. This makes it possible for authenticated attackers, with contributor access and...
7.9AI Score
The WordPress Tour & Travel Booking Plugin for WooCommerce – WpTravelly plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ttbm_new_place_save' function in all versions up to, and including, 1.7.1. This makes it possible for...
6.9AI Score
CVE-2024-21626 vulnerabilities
Vulnerabilities for packages: skaffold, skopeo, trivy, k3s, zot, kots, docker, kaniko, telegraf, zarf, wolfictl, grype, syft, nvidia-device-plugin, newrelic-infrastructure-agent, k9s, buildkitd, datadog-agent, ingress-nginx-controller, kubernetes, nerdctl, runc, cadvisor, ctop, kubescape,...
7.5AI Score
0.051EPSS
GHSA-VVPX-J8F3-3W6H vulnerabilities
Vulnerabilities for packages: dynamic-localpv-provisioner, wireguard-go, gke-gcloud-auth-plugin, falco, hey, go, grpcurl, restic,...
7.5AI Score
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: skaffold, eksctl, clusterctl, secrets-store-csi-driver-provider-gcp, kpt, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, prometheus-mongodb-exporter, sonobuoy, istio-operator, capslock, haproxy-ingress,...
7.5AI Score
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: skaffold, secrets-store-csi-driver-provider-gcp, kpt, kaf, haproxy-ingress, flux-source-controller, metrics-server, influxd, minio, up, prometheus-bind-exporter, wireguard-go, ollama, external-dns, nats, dotnet, coredns, grype, nghttp2, hey, gitlab-pages, gatekeeper,.....
8.7AI Score
0.72EPSS
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: skaffold, eksctl, nri-couchbase, clusterctl, nri-mssql, secrets-store-csi-driver-provider-gcp, kpt, task, q, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, mage, prometheus-mongodb-exporter, sonobuoy, capslock,....
6.5AI Score
0.0004EPSS
CVE-2022-41723 vulnerabilities
Vulnerabilities for packages: dynamic-localpv-provisioner, wireguard-go, gke-gcloud-auth-plugin, falco, hey, go, grpcurl, restic,...
8.2AI Score
0.02EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: nri-mssql, kpt, nsc, kaf, yam, http-echo, docker-credential-gcr, chezmoi, nfs-subdir-external-provisioner, newrelic-infra-operator, cluster-api-controller, containerd, kyverno-policy-reporter-kyverno-plugin, kaniko, protoc-gen-go, kor, kwok, aws-flb-kinesis, ollama,...
7AI Score
0.0004EPSS
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: skaffold, eksctl, clusterctl, secrets-store-csi-driver-provider-gcp, kpt, q, cri-tools, logstash-exporter, terraform-docs, kaf, ferretdb, kubernetes-dashboard, mage, sonobuoy, vault-k8s, istio-operator, capslock, wait-for-port, flux-source-controller, http-echo,...
6.5AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: skaffold, eksctl, clusterctl, secrets-store-csi-driver-provider-gcp, kpt, q, cri-tools, logstash-exporter, terraform-docs, kaf, ferretdb, kubernetes-dashboard, mage, sonobuoy, vault-k8s, istio-operator, capslock, wait-for-port, flux-source-controller, http-echo,...
7.5AI Score
CVE-2023-45285 vulnerabilities
Vulnerabilities for packages: gobuster, goreleaser, render-template, go-bindata, vertical-pod-autoscaler, nsc, cass-operator, sops, scorecard, go-licenses, influx, mage, nri-discovery-kubernetes, grpcurl, sonobuoy, docker-cli, aactl, wait-for-port, oras, metrics-server,...
8.2AI Score
0.001EPSS
Vulnerabilities for packages: skaffold, secrets-store-csi-driver-provider-gcp, kpt, thanos-operator, kaf, kubernetes-dashboard, k3s, prometheus-mongodb-exporter, vault-k8s, haproxy-ingress, kube-logging-operator, flux-source-controller, metrics-server, zot, influxd, minio, prometheus-alertmanager,....
6.5AI Score
0.001EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: skaffold, eksctl, clusterctl, secrets-store-csi-driver-provider-gcp, kpt, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, prometheus-mongodb-exporter, sonobuoy, istio-operator, capslock, haproxy-ingress,...
6.7AI Score
0.0004EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: skaffold, eksctl, nri-couchbase, clusterctl, nri-mssql, secrets-store-csi-driver-provider-gcp, kpt, task, q, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, mage, prometheus-mongodb-exporter, sonobuoy, capslock,....
6.5AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: skaffold, eksctl, nri-couchbase, clusterctl, nri-mssql, secrets-store-csi-driver-provider-gcp, kpt, task, q, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, mage, prometheus-mongodb-exporter, sonobuoy, capslock,....
7.5AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: nri-mssql, kpt, nsc, kaf, yam, http-echo, docker-credential-gcr, chezmoi, nfs-subdir-external-provisioner, newrelic-infra-operator, cluster-api-controller, containerd, kyverno-policy-reporter-kyverno-plugin, kaniko, protoc-gen-go, kor, kwok, aws-flb-kinesis, ollama,...
7.5AI Score
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: skaffold, eksctl, clusterctl, secrets-store-csi-driver-provider-gcp, kpt, q, cri-tools, logstash-exporter, terraform-docs, kaf, ferretdb, kubernetes-dashboard, mage, sonobuoy, vault-k8s, istio-operator, capslock, wait-for-port, flux-source-controller, http-echo,...
7.5AI Score
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: skaffold, secrets-store-csi-driver-provider-gcp, kpt, thanos-operator, kaf, kubernetes-dashboard, k3s, prometheus-mongodb-exporter, vault-k8s, istio-operator, haproxy-ingress, kube-logging-operator, flux-source-controller, metrics-server, zot, influxd,...
8.2AI Score
0.002EPSS
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: skaffold, eksctl, nri-couchbase, clusterctl, nri-mssql, secrets-store-csi-driver-provider-gcp, kpt, task, q, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, mage, prometheus-mongodb-exporter, sonobuoy, capslock,....
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: skaffold, eksctl, nri-couchbase, clusterctl, nri-mssql, secrets-store-csi-driver-provider-gcp, kpt, task, q, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, mage, prometheus-mongodb-exporter, sonobuoy, capslock,....
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: skaffold, eksctl, nri-couchbase, clusterctl, nri-mssql, secrets-store-csi-driver-provider-gcp, kpt, task, q, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, mage, prometheus-mongodb-exporter, sonobuoy, capslock,....
7.5AI Score
CVE-2023-39326 vulnerabilities
Vulnerabilities for packages: gobuster, goreleaser, render-template, go-bindata, vertical-pod-autoscaler, nsc, cass-operator, sops, scorecard, go-licenses, influx, mage, nri-discovery-kubernetes, grpcurl, sonobuoy, docker-cli, aactl, wait-for-port, oras, metrics-server,...
7.4AI Score
0.001EPSS
GHSA-5F94-VHJQ-RPG8 vulnerabilities
Vulnerabilities for packages: gobuster, goreleaser, render-template, go-bindata, vertical-pod-autoscaler, nsc, cass-operator, sops, scorecard, go-licenses, influx, mage, nri-discovery-kubernetes, grpcurl, sonobuoy, docker-cli, aactl, wait-for-port, oras, metrics-server,...
7.5AI Score
GHSA-9F76-WG39-X86H vulnerabilities
Vulnerabilities for packages: gobuster, goreleaser, render-template, go-bindata, vertical-pod-autoscaler, nsc, cass-operator, sops, scorecard, go-licenses, influx, mage, nri-discovery-kubernetes, grpcurl, sonobuoy, docker-cli, aactl, wait-for-port, oras, metrics-server,...
7.5AI Score
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: skaffold, secrets-store-csi-driver-provider-gcp, kpt, thanos-operator, kaf, kubernetes-dashboard, k3s, prometheus-mongodb-exporter, vault-k8s, haproxy-ingress, kube-logging-operator, flux-source-controller, metrics-server, zot, influxd, minio, prometheus-alertmanager,....
7.5AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: skaffold, secrets-store-csi-driver-provider-gcp, kpt, thanos-operator, kaf, kubernetes-dashboard, k3s, prometheus-mongodb-exporter, vault-k8s, istio-operator, haproxy-ingress, kube-logging-operator, flux-source-controller, metrics-server, zot, influxd,...
7.5AI Score
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: goreleaser, dynamic-localpv-provisioner, kubeflow-katib, keda, scorecard, conftest, cosign, tctl, aactl, weaviate, argo-cd, flux-source-controller, kubevela, metrics-server, influxd, minio, up, kots, cluster-autoscaler, prometheus-blackbox-exporter, calico,...
7.5AI Score
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: skaffold, secrets-store-csi-driver-provider-gcp, kpt, kaf, haproxy-ingress, flux-source-controller, metrics-server, influxd, minio, up, prometheus-bind-exporter, wireguard-go, ollama, external-dns, nats, dotnet, coredns, grype, nghttp2, hey, gitlab-pages, gatekeeper,.....
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: skaffold, eksctl, nri-couchbase, clusterctl, nri-mssql, secrets-store-csi-driver-provider-gcp, kpt, task, q, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, mage, prometheus-mongodb-exporter, sonobuoy, capslock,....
6.5AI Score
0.0004EPSS
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: skaffold, eksctl, nri-couchbase, clusterctl, nri-mssql, secrets-store-csi-driver-provider-gcp, kpt, task, q, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, mage, prometheus-mongodb-exporter, sonobuoy, capslock,....
7.5AI Score
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: skaffold, eksctl, nri-couchbase, clusterctl, nri-mssql, secrets-store-csi-driver-provider-gcp, kpt, task, q, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, mage, prometheus-mongodb-exporter, sonobuoy, capslock,....
6.5AI Score
0.0004EPSS
GHSA-XR7R-F8XQ-VFVV vulnerabilities
Vulnerabilities for packages: skaffold, skopeo, trivy, k3s, zot, kots, docker, kaniko, telegraf, zarf, wolfictl, grype, syft, nvidia-device-plugin, newrelic-infrastructure-agent, k9s, buildkitd, datadog-agent, ingress-nginx-controller, kubernetes, nerdctl, runc, cadvisor, ctop, kubescape,...
7.5AI Score
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: skaffold, eksctl, clusterctl, secrets-store-csi-driver-provider-gcp, kpt, q, cri-tools, logstash-exporter, terraform-docs, kaf, ferretdb, kubernetes-dashboard, mage, sonobuoy, vault-k8s, istio-operator, capslock, wait-for-port, flux-source-controller, http-echo,...
6.5AI Score
0.0004EPSS
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: skaffold, eksctl, nri-couchbase, clusterctl, nri-mssql, secrets-store-csi-driver-provider-gcp, kpt, task, q, cri-tools, logstash-exporter, terraform-docs, thanos-operator, kaf, ferretdb, k3s, kubernetes-dashboard, mage, prometheus-mongodb-exporter, sonobuoy, capslock,....
6.5AI Score
0.0004EPSS
The Login with phone number plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.7.26. This is due to the 'activation_code' default value is empty, and the not empty check is missing in the 'lwp_ajax_register' function. This makes it possible for...
7.2AI Score
CVE-2024-5204 Swiss Toolkit For WP <= 1.0.7 - Authenticated (Contributor+) Authentication Bypass
The Swiss Toolkit For WP plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 1.0.7. This is due to the plugin storing custom data in post metadata without an underscore prefix. This makes it possible for authenticated attackers with contributor-level and...
7.1AI Score
JVN#22182715: Redmine DMSF Plugin vulnerable to path traversal
Redmine DMSF Plugin provided by Kontron contains a path traversal vulnerability (CWE-22). ## Impact When the affected version of the plugin is enabled on the Redmine instance, the logged-in user may obtain or delete arbitrary files on the server (within the privilege of the Redmine process). ##...
7AI Score
Mattermost is vulnerable to Improper Access Control. The vulnerability is due to insufficient enforcement of access controls, allowing members to link playbook runs to private channels they are not members...
6.8AI Score
Mattermost is vulnerable to Improper Access Control. The vulnerability is due to failing to enforce proper access control, allowing a user to run a slash command in a channel they are not a member of by linking a playbook run to that channel and executing a slash command as a playbook task...
6.8AI Score
mattermost is vulnerable to Improper Authorization. The vulnerability is due to a failure to perform proper authorization checks, allowing a member running a playbook in an existing channel to be promoted to a channel...
6.7AI Score
MStore API < 3.9.8 - SQL Injection
The MStore API WordPress plugin before 3.9.8 is vulnerable to Blind SQL injection via the product_id...
7.7AI Score
0.001EPSS