The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.23 due to insufficient escaping on the user supplied...
9.8CVSS
EPSS
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.23 due to insufficient escaping on the user supplied...
9.8CVSS
9.7AI Score
EPSS
genoverband.de Cross Site Scripting vulnerability OBB-3937041
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
The Email Subscribers by Icegram Express – Email Marketing, Newsletters, Automation for WordPress & WooCommerce plugin for WordPress is vulnerable to time-based SQL Injection via the db parameter in all versions up to, and including, 5.7.23 due to insufficient escaping on the user supplied...
9.8CVSS
EPSS
U.S. Bans Kaspersky Software, Citing National Security Risks
The U.S. Department of Commerce's Bureau of Industry and Security (BIS) on Thursday announced a "first of its kind" ban that prohibits Kaspersky Lab's U.S. subsidiary from directly or indirectly offering its security software in the country. The blockade also extends to the cybersecurity company's....
6.9AI Score
The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazine_style' parameter within the Dynamic Smart Showcase widget. This makes it possible for authenticated attackers, with Contributor-level.....
8.8CVSS
8.9AI Score
EPSS
The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazine_style' parameter within the Dynamic Smart Showcase widget. This makes it possible for authenticated attackers, with Contributor-level.....
8.8CVSS
EPSS
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up to, and including, 2.4.9. This makes it possible for...
5.3CVSS
EPSS
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up to, and including, 2.4.9. This makes it possible for...
5.3CVSS
5.1AI Score
EPSS
CVE-2024-3961 ConvertKit <= 2.4.9 - Missing Authorization
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up to, and including, 2.4.9. This makes it possible for...
5.3CVSS
EPSS
The Plus Addons for Elementor Page Builder plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.5.4 via the 'magazine_style' parameter within the Dynamic Smart Showcase widget. This makes it possible for authenticated attackers, with Contributor-level.....
8.8CVSS
EPSS
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: terraform-provider-azurerm, node-problem-detector, istio-envoy, dex, rqlite, helm, pulumi-language-dotnet, up, kubernetes-csi-node-driver-registrar, falco, src, fuse-overlayfs-snapshotter, argo-cd, kubeflow-katib, spark-operator, mc, neuvector-agent,...
7.5CVSS
9AI Score
0.732EPSS
GHSA-JQ35-85CJ-FJ4P vulnerabilities
Vulnerabilities for packages: cert-manager, bom, chartmuseum, up, paranoia, falco, tekton-chains, kpt, tekton-pipelines, prometheus, k3s, kubescape, k3d, skaffold, slsa-verifier, aactl, loki, goreleaser, scorecard,...
7.5AI Score
GHSA-MQ39-4GV4-MVPX vulnerabilities
Vulnerabilities for packages: datadog-agent, melange, spire-server, zot, cadvisor, up, crossplane, buf, tkn, prometheus, syft, kubescape, buildkitd, ctop, dagger, telegraf, trivy, aactl, grype, kaniko, loki, goreleaser, docker-compose, conftest, wolfictl, ko,...
7.5AI Score
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: terraform-provider-azurerm, node-problem-detector, terraform-docs, kustomize, dex, consul, temporal, kubernetes-dashboard-metrics-scraper, golangci-lint, rqlite, helm, prometheus-mysqld-exporter, prometheus-operator, pulumi-language-dotnet, smarter-device-manager,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: node-problem-detector, terraform-docs, kustomize, dex, consul, temporal, kubernetes-dashboard-metrics-scraper, golangci-lint, go-md2man, helm, kubebuilder, newrelic-prometheus-configurator, prometheus-mysqld-exporter, prometheus-operator, rqlite,...
7.8AI Score
0.0004EPSS
CVE-2024-27304 vulnerabilities
Vulnerabilities for packages: amass, src, trillian, caddy, telegraf, kube-bench, step-ca, argo-workflows, ferretdb, kine, k3s, spicedb, vault, kots, keda,...
9.8CVSS
9.7AI Score
0.0004EPSS
GHSA-MRWW-27VC-GGHV vulnerabilities
Vulnerabilities for packages: amass, src, trillian, caddy, telegraf, kube-bench, step-ca, argo-workflows, ferretdb, kine, k3s, spicedb, vault, kots, keda,...
7.5AI Score
Vulnerabilities for packages: argo-cd, aws-efs-csi-driver, calico,...
8.8CVSS
8.9AI Score
0.001EPSS
CVE-2023-46402 vulnerabilities
Vulnerabilities for packages: pulumi-kubernetes-operator, melange, flux-notification-controller, argo-workflows,...
7.5CVSS
7.7AI Score
0.0005EPSS
6.2CVSS
7.1AI Score
0.0004EPSS
7.5AI Score
7.5AI Score
7.5AI Score
Vulnerabilities for packages: kubernetes-csi-driver-hostpath, local-static-provisioner, kubernetes, cluster-autoscaler, calico, aws-ebs-csi-driver, nodetaint, ip-masq-agent, kubernetes-dns-node-cache, node-feature-discovery,...
2.7CVSS
4.3AI Score
0.0004EPSS
CVE-2024-26130 vulnerabilities
Vulnerabilities for packages: kubeflow-pipelines, py3-cryptography, py3-cassandra-medusa, az,...
7.5CVSS
7.8AI Score
0.0004EPSS
7.5CVSS
7.7AI Score
0.001EPSS
7.5AI Score
7.5AI Score
5.3CVSS
7.2AI Score
0.0005EPSS
7.5AI Score
7.2CVSS
7.3AI Score
0.0004EPSS
8.8CVSS
6.8AI Score
0.001EPSS
7.5AI Score
7.2AI Score
0.0004EPSS
7.2AI Score
0.0004EPSS
7.5AI Score
7.5AI Score
7.5AI Score
5.3CVSS
7.5AI Score
0.001EPSS
6.5CVSS
7.5AI Score
0.001EPSS
5.9CVSS
6.1AI Score
0.001EPSS
7.5AI Score
7.5CVSS
7.9AI Score
0.001EPSS
9.8CVSS
10AI Score
0.003EPSS
7.5AI Score
7.5AI Score
7.5AI Score
7.5AI Score
7.5AI Score