CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-external-resizer, kubernetes-dashboard, temporal, thanos-operator, cluster-api-controller, docker-cli, nri-mssql, telegraf, task, filebeat, kaf, newrelic-prometheus-configurator, nri-discovery-kubernetes, nri-mysql, nri-nginx,...
6.5AI Score
0.0004EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-external-resizer, kubernetes-dashboard, kyverno-policy-reporter-ui, spicedb, docker-cli, swagger, telegraf, kaf, influx, rekor, direnv, velero, yq, gitness, ip-masq-agent, external-dns, kafka_exporter, falcoctl, wazero, kubescape, nsc, coredns,...
7AI Score
0.0004EPSS
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-external-resizer, kubernetes-dashboard, kyverno-policy-reporter-ui, aactl, spicedb, telegraf, opa, crane, git-lfs, istio-operator, kaf, newrelic-prometheus-configurator, cortex, eksctl, crossplane, rootlesskit, mockery, go-fips, influx, k8sgpt,...
6.5AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: kubernetes-csi-external-resizer, kubernetes-dashboard, kyverno-policy-reporter-ui, aactl, spicedb, telegraf, opa, crane, git-lfs, istio-operator, kaf, newrelic-prometheus-configurator, cortex, eksctl, crossplane, rootlesskit, mockery, go-fips, influx, k8sgpt,...
7.5AI Score
CVE-2023-45285 vulnerabilities
Vulnerabilities for packages: slsa-verifier, flannel-cni-plugin, aactl, cni-plugins, mage, docker-cli, protoc-gen-go-grpc, aws-flb-cloudwatch, goreleaser, kubernetes-dashboard-metrics-scraper, sbom-scorecard, cass-operator, gke-gcloud-auth-plugin, prometheus-stackdriver-exporter,...
8.2AI Score
0.001EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-external-resizer, kubernetes-dashboard, temporal, thanos-operator, cluster-api-controller, docker-cli, nri-mssql, telegraf, task, filebeat, kaf, newrelic-prometheus-configurator, nri-discovery-kubernetes, nri-mysql, nri-nginx,...
6.5AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: kubernetes-csi-external-resizer, kubernetes-dashboard, temporal, thanos-operator, cluster-api-controller, docker-cli, nri-mssql, telegraf, task, filebeat, kaf, newrelic-prometheus-configurator, nri-discovery-kubernetes, nri-mysql, nri-nginx,...
7.5AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: kubernetes-csi-external-resizer, kubernetes-dashboard, temporal, thanos-operator, cluster-api-controller, docker-cli, nri-mssql, telegraf, task, filebeat, kaf, newrelic-prometheus-configurator, nri-discovery-kubernetes, nri-mysql, nri-nginx,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: kubernetes-csi-external-resizer, kubernetes-dashboard, temporal, thanos-operator, cluster-api-controller, docker-cli, nri-mssql, telegraf, task, filebeat, kaf, newrelic-prometheus-configurator, nri-discovery-kubernetes, nri-mysql, nri-nginx,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-external-resizer, kubernetes-dashboard, temporal, thanos-operator, cluster-api-controller, docker-cli, nri-mssql, telegraf, task, filebeat, kaf, newrelic-prometheus-configurator, nri-discovery-kubernetes, nri-mysql, nri-nginx,...
7.5AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: kubernetes-csi-external-resizer, kubernetes-dashboard, kyverno-policy-reporter-ui, spicedb, docker-cli, swagger, telegraf, kaf, influx, rekor, direnv, velero, yq, gitness, ip-masq-agent, external-dns, kafka_exporter, falcoctl, wazero, kubescape, nsc, coredns,...
7.5AI Score
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: kubernetes-csi-external-resizer, kubernetes-dashboard, kyverno-policy-reporter-ui, aactl, spicedb, telegraf, opa, crane, git-lfs, istio-operator, kaf, newrelic-prometheus-configurator, cortex, eksctl, crossplane, rootlesskit, mockery, influx, k8sgpt,...
7.5AI Score
CVE-2023-39326 vulnerabilities
Vulnerabilities for packages: slsa-verifier, flannel-cni-plugin, aactl, cni-plugins, mage, docker-cli, protoc-gen-go-grpc, aws-flb-cloudwatch, goreleaser, kubernetes-dashboard-metrics-scraper, sbom-scorecard, cass-operator, gke-gcloud-auth-plugin, prometheus-stackdriver-exporter,...
7.4AI Score
0.001EPSS
GHSA-9F76-WG39-X86H vulnerabilities
Vulnerabilities for packages: slsa-verifier, flannel-cni-plugin, aactl, cni-plugins, mage, docker-cli, protoc-gen-go-grpc, aws-flb-cloudwatch, goreleaser, kubernetes-dashboard-metrics-scraper, sbom-scorecard, cass-operator, gke-gcloud-auth-plugin, prometheus-stackdriver-exporter,...
7.5AI Score
GHSA-5F94-VHJQ-RPG8 vulnerabilities
Vulnerabilities for packages: slsa-verifier, flannel-cni-plugin, aactl, cni-plugins, mage, docker-cli, protoc-gen-go-grpc, aws-flb-cloudwatch, goreleaser, kubernetes-dashboard-metrics-scraper, sbom-scorecard, cass-operator, gke-gcloud-auth-plugin, prometheus-stackdriver-exporter,...
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-external-resizer, kubernetes-dashboard, temporal, thanos-operator, cluster-api-controller, docker-cli, nri-mssql, telegraf, task, filebeat, kaf, newrelic-prometheus-configurator, nri-discovery-kubernetes, nri-mysql, nri-nginx,...
6.5AI Score
0.0004EPSS
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-external-resizer, kubernetes-dashboard, temporal, thanos-operator, cluster-api-controller, docker-cli, nri-mssql, telegraf, task, filebeat, kaf, newrelic-prometheus-configurator, nri-discovery-kubernetes, nri-mysql, nri-nginx,...
7.5AI Score
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-external-resizer, kubernetes-dashboard, temporal, thanos-operator, cluster-api-controller, docker-cli, nri-mssql, telegraf, task, filebeat, kaf, newrelic-prometheus-configurator, nri-discovery-kubernetes, nri-mysql, nri-nginx,...
6.5AI Score
0.0004EPSS
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-external-resizer, kubernetes-dashboard, kyverno-policy-reporter-ui, aactl, spicedb, telegraf, opa, crane, git-lfs, istio-operator, kaf, newrelic-prometheus-configurator, cortex, eksctl, crossplane, rootlesskit, mockery, influx, k8sgpt,...
6.5AI Score
0.0004EPSS
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: kubernetes-csi-external-resizer, kubernetes-dashboard, temporal, thanos-operator, cluster-api-controller, docker-cli, nri-mssql, telegraf, task, filebeat, kaf, newrelic-prometheus-configurator, nri-discovery-kubernetes, nri-mysql, nri-nginx,...
6.5AI Score
0.0004EPSS
The snapctl component within snapd allows a confined snap to interact with the snapd daemon to take certain privileged actions on behalf of the snap. It was found that snapctl did not properly parse command-line arguments, allowing an unprivileged user to trigger an authorised action on behalf of.....
7.2AI Score
CVE-2024-34009 moodle: ReCAPTCHA can be bypassed on the login page
Insufficient checks whether ReCAPTCHA was enabled made it possible to bypass the checks on the login page. This did not affect other pages where ReCAPTCHA is...
6.9AI Score
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore database activity modules and direct access to the web server outside of the Moodle webroot could execute a local file...
7AI Score
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore wiki modules and direct access to the web server outside of the Moodle webroot could execute a local file...
7AI Score
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore workshop modules and direct access to the web server outside of the Moodle webroot could execute a local file...
7AI Score
In a shared hosting environment that has been misconfigured to allow access to other users' content, a Moodle user with both access to restore feedback modules and direct access to the web server outside of the Moodle webroot could execute a local file...
7AI Score
CVE-2024-34000 moodle: stored XSS in lesson overview report via user ID number
ID numbers displayed in the lesson overview report required additional sanitizing to prevent a stored XSS...
5.9AI Score
Metasploit Weekly Wrap-Up 05/31/2024
Quis dīrumpet ipsos dīrumpēs In this release, we feature a double-double: two exploits each targeting two pieces of software. The first pair is from h00die targeting the Jasmine Ransomeware Web Server. The first uses CVE-2024-30851 to retrieve the login for the ransomware server, and the second...
8.3AI Score
0.005EPSS
CVE-2024-5564 Libndp: buffer overflow in route information length field
A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length...
7AI Score
Insufficient user input filtering leads to arbitrary file read by non-authenticated attacker, which results in sensitive information...
6.6AI Score
An unrestricted file upload vulnerability in web component of Ivanti Neurons for ITSM allows a remote, authenticated, high privileged user to write arbitrary files into sensitive directories of ITSM...
7AI Score
A local privilege escalation vulnerability in Ivanti Secure Access Client for Windows allows a low privileged user to execute code as...
7.6AI Score
A local privilege escalation vulnerability in Ivanti Secure Access Client for Linux before 22.7R1, allows a low privileged user to execute code as...
7.5AI Score
An unrestricted file upload vulnerability in web component of Ivanti Avalanche before 6.4.x allows an authenticated, privileged user to execute arbitrary commands as...
7.8AI Score
A SQL injection vulnerability in web component of Ivanti Neurons for ITSM allows a remote authenticated user to read/modify/delete information in the underlying database. This may also lead to...
7.6AI Score
A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute arbitrary code with elevated permissions in Ivanti EPM 2021.1 and...
8.3AI Score
A CRLF Injection vulnerability in Ivanti Connect Secure (9.x, 22.x) allows an authenticated high-privileged user to inject malicious code on a victim’s browser, thereby leading to cross-site scripting...
6.5AI Score
CVE-2024-35142 IBM Security Verify Access privilege escalation
IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to execution of unnecessary privileges. IBM X-Force ID: ...
6.7AI Score
CVE-2024-35140 IBM Security Verify Access privilege escalation
IBM Security Verify Access Docker 10.0.0 through 10.0.6 could allow a local user to escalate their privileges due to improper certificate validation. IBM X-Force ID: ...
6.6AI Score
How to tell if a VPN app added your Windows device to a botnet
On May 29, 2024, the US Department of Justice (DOJ) announced it had dismantled what was likely the world’s largest botnet ever. This botnet, called “911 S5,” infected systems at over 19 million IP addresses across more than 190 countries. The main sources of income for the operators, who stole a.....
7.2AI Score
CVE-2024-5565 Prompt Injection in "ask" API with visualization leads to RCE
The Vanna library uses a prompt function to present the user with visualized results, it is possible to alter the prompt using prompt injection and run arbitrary Python code instead of the intended visualization code. Specifically - allowing external input to the library’s “ask” method with...
8.3AI Score
A vulnerability was found in libndp. This flaw allows a local malicious user to cause a buffer overflow in NetworkManager, triggered by sending a malformed IPv6 router advertisement packet. This issue occurred as libndp was not correctly validating the route length information. Mitigation...
6.7AI Score
Ars0N-Framework - A Modern Framework For Bug Bounty Hunting
Howdy! My name is Harrison Richardson, or rs0n (arson) when I want to feel cooler than I really am. The code in this repository started as a small collection of scripts to help automate many of the common Bug Bounty hunting processes I found myself repeating. Over time, I built a simple web...
7AI Score
6.7AI Score
0.019EPSS
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures (TTPs) are common among other banking trojans coming out of Brazil. This family has also been...
8AI Score
IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: ...
4CVSS
6AI Score
I don't think it's an exaggeration to predict that artificial intelligence will affect every aspect of our society. Not by doing new things. But mostly by doing things that are already being done by humans, perfectly competently. Replacing humans with AIs isn't necessarily interesting. But when an....
7.4AI Score
CVE-2024-22338 IBM Security Verify Access OIDC Provider information disclosure
IBM Security Verify Access OIDC Provider 22.09 through 23.03 could disclose sensitive information to a local user due to hazardous input validation. IBM X-Force ID: ...
5.8AI Score
CVE-2024-24919 An Vulnerability detection and Exploitation...
7.1AI Score
0.019EPSS
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'arrow' attribute within the plugin's Post Navigation widget in all versions up to, and including, 3.10.9 due to insufficient input sanitization and output escaping on user supplied attributes.....
6.4CVSS
6AI Score