caddy-security plugin for Caddy vulnerable to reflected Cross-site Scripting in...
6.4AI Score
0.0004EPSS
Use of Insufficiently Random Values in github.com/greenpau/caddy-security
Use of Insufficiently Random Values in...
6.5CVSS
6.8AI Score
0.0004EPSS
Etcd auth Inaccurate logging of authentication attempts for users with CN-based auth only in...
7.4AI Score
Dex discarding TLSconfig and always serves deprecated TLS 1.0/1.1 and insecure ciphers in...
7.5CVSS
6.7AI Score
0.001EPSS
Improper Restriction of Excessive Authentication Attempts in github.com/greenpau/caddy-security
Improper Restriction of Excessive Authentication Attempts in...
4.8CVSS
6.8AI Score
0.0004EPSS
Grafana XSS via a query alias for the ElasticSearch datasource in github.com/grafana/grafana
Grafana XSS via a query alias for the ElasticSearch datasource in...
6.1CVSS
5.6AI Score
0.001EPSS
CubeFS timing attack can leak user passwords in github.com/cubefs/cubefs
CubeFS timing attack can leak user passwords in...
6.5CVSS
6.7AI Score
0.001EPSS
Buildkite Elastic CI for AWS time-of-check-time-of-use race condition vulnerability in...
7CVSS
6.8AI Score
0.0004EPSS
Minio unsafe default: Access keys inherit admin of root user, allowing privilege escalation in...
8.8CVSS
7AI Score
0.002EPSS
Enumeration of users in HashiCorp Vault in github.com/hashicorp/vault
Enumeration of users in HashiCorp Vault in...
5.3CVSS
6.7AI Score
0.001EPSS
Improper Neutralization of HTTP Headers in github.com/greenpau/caddy-security
Improper Neutralization of HTTP Headers in...
4.3CVSS
6.8AI Score
0.0004EPSS
Server-Side Request Forgery in github.com/greenpau/caddy-security
Server-Side Request Forgery in...
5.3CVSS
6.8AI Score
0.001EPSS
6.1CVSS
6.4AI Score
0.0004EPSS
Insufficient Session Expiration in github.com/greenpau/caddy-security
Insufficient Session Expiration in...
4.8CVSS
6.7AI Score
0.0004EPSS
Insecure random string generator used for sensitive data in github.com/cubefs/cubefs
Insecure random string generator used for sensitive data in...
9.8CVSS
6.7AI Score
0.001EPSS
SFTP is possible on the Proxy server for any user with SFTP access in...
7.2AI Score
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider in...
6.8AI Score
EPSS
SFTPGo has insufficient access control for password reset in github.com/drakkan/sftpgo
SFTPGo has insufficient access control for password reset in...
5.4CVSS
7AI Score
0.0004EPSS
GHSA-232P-VWFF-86MP vulnerabilities
Vulnerabilities for packages: bom, ctop, up, ko, melange, helm,...
7.5AI Score
7.5AI Score
0.0004EPSS
7.5AI Score
7.5CVSS
7.7AI Score
0.001EPSS
7.5AI Score
CVE-2023-46402 vulnerabilities
Vulnerabilities for packages: pulumi-kubernetes-operator, argo-cd, melange, flux-notification-controller,...
7.5CVSS
7.7AI Score
0.0005EPSS
Vulnerabilities for packages: node-feature-discovery, spark-operator, kubernetes-dns-node-cache, local-static-provisioner, aws-ebs-csi-driver, kubernetes, kubernetes-csi-driver-hostpath, cluster-autoscaler, calico, nodetaint,...
2.7CVSS
4.3AI Score
0.0004EPSS
7.5AI Score
GHSA-95PR-FXF5-86GV vulnerabilities
Vulnerabilities for packages: policy-controller, ko, gitsign, skaffold, zot, aactl, vexctl, wolfictl, tkn, spire-server, flux-source-controller, slsa-verifier, melange, neuvector-sigstore-interface, apko, goreleaser, kubescape, tekton-chains, falcoctl, falco,...
7.5AI Score
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: cert-manager, gitsign, cosign, fulcio, traefik, istio-pilot-discovery, aactl, keda, vault, vexctl, external-secrets-operator, cilium-envoy, tkn, oauth2-proxy, tekton-pipelines, dex, flux-kustomize-controller, rekor, spire-server, argo-cd, sops, terragrunt,...
7.5AI Score
CVE-2024-29018 vulnerabilities
Vulnerabilities for packages: buildkitd, ctop, ko, prometheus, trivy, syft, zot, aactl, up, wolfictl, tkn, spire-server, melange, crossplane, kargo, dagger, loki, datadog-agent, kaniko, grype, conftest, goreleaser, kubescape, buf, telegraf, cadvisor,...
5.9CVSS
6.1AI Score
0.0004EPSS
GHSA-MQ39-4GV4-MVPX vulnerabilities
Vulnerabilities for packages: buildkitd, ctop, ko, prometheus, trivy, syft, zot, aactl, up, wolfictl, tkn, spire-server, melange, crossplane, kargo, dagger, loki, datadog-agent, kaniko, grype, conftest, goreleaser, kubescape, buf, telegraf, cadvisor,...
7.5AI Score
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: thanos, flux-image-reflector-controller, ctop, kube-fluentd-operator, terraform, k8sgpt-operator, pulumi-language-dotnet, kubernetes-csi-external-resizer, trivy, prometheus-mysqld-exporter, traefik, istio-pilot-discovery, aws-load-balancer-controller, up,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: thanos, flux-image-reflector-controller, delve, ctop, docker-cli, terraform, k8sgpt-operator, govulncheck, kubernetes-csi-external-resizer, vexctl, prometheus-mysqld-exporter, aws-load-balancer-controller, gobuster, up, memcached-exporter, regclient, kuberay-operator,....
7.8AI Score
0.0004EPSS
GHSA-MRWW-27VC-GGHV vulnerabilities
Vulnerabilities for packages: temporal-server, amass, kots, kube-bench, telegraf, keda, vault, kine, spicedb, caddy, ferretdb, step-ca, trillian, src, argo-workflows,...
7.5AI Score
Vulnerabilities for packages: argo-cd, aws-efs-csi-driver, cluster-autoscaler,...
8.8CVSS
8.9AI Score
0.001EPSS
6.2CVSS
7.1AI Score
0.0004EPSS
7.5AI Score
7.5AI Score
CVE-2024-26130 vulnerabilities
Vulnerabilities for packages: az, ggshield, kubeflow-pipelines, py3-cryptography,...
7.5CVSS
7.8AI Score
0.0004EPSS
7.5AI Score
7.5CVSS
7.5AI Score
0.001EPSS
7.5CVSS
7.5AI Score
0.001EPSS
7.5AI Score
7.5AI Score
5.3CVSS
7.2AI Score
0.0005EPSS
7.5AI Score
GHSA-X84C-P2G9-RQV9 vulnerabilities
Vulnerabilities for packages: prometheus, harbor-scanner-trivy, buf, policy-controller, cri-tools, wolfictl, k3d, neuvector-scanner, docker, melange, helm-push, docker-compose, dagger, syft, tekton-pipelines, kaniko,...
7.5AI Score
7.5AI Score
CVE-2024-23652 vulnerabilities
Vulnerabilities for packages: skaffold, zot, kubescape, buildkitd, guac, kaniko, scorecard, docker, conftest, trivy,...
10CVSS
9.7AI Score
0.001EPSS
CVE-2024-21626 vulnerabilities
Vulnerabilities for packages: buildkitd, ctop, newrelic-infrastructure-agent, docker, k9s, trivy, syft, skaffold, zot, kubernetes, wolfictl, nvidia-device-plugin, k3s, k3d, skopeo, runc, kaniko, datadog-agent, grype, kubescape, kots, ingress-nginx-controller, telegraf, cadvisor, nerdctl,...
8.6CVSS
9.2AI Score
0.051EPSS
6.4CVSS
7.7AI Score
0.0004EPSS