CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: goreleaser, dask-gateway, consul, nri-f5, grype, eksctl, terraform-docs, php-fpm_exporter, minio, gke-gcloud-auth-plugin, hey, runc, skaffold, telegraf, cue, vault-k8s, direnv, temporal-ui-server, supercronic, lazygit, nri-mssql, dex, crossplane, yq, wire-go, task,...
7.8AI Score
0.0004EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: goreleaser, dask-gateway, consul, nri-f5, grype, eksctl, terraform-docs, php-fpm_exporter, minio, gke-gcloud-auth-plugin, hey, runc, skaffold, telegraf, cue, vault-k8s, direnv, temporal-ui-server, supercronic, lazygit, nri-mssql, dex, crossplane, yq, wire-go, task,...
7.8AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: goreleaser, dask-gateway, consul, nri-f5, grype, eksctl, terraform-docs, php-fpm_exporter, minio, gke-gcloud-auth-plugin, hey, runc, skaffold, telegraf, cue, vault-k8s, direnv, temporal-ui-server, supercronic, lazygit, nri-mssql, dex, crossplane, yq, wire-go, task,...
7.5AI Score
GHSA-G4MX-Q9VG-27P4 vulnerabilities
Vulnerabilities for packages: py3-tensorflow-serving-api, jwt-tool, kubeflow-volumes-web-app, py3-urllib3,...
7.5AI Score
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: dask-gateway, cilium, guac, flux-notification-controller, prometheus-blackbox-exporter, gitlab-pages, bom, go-licenses, doppler-kubernetes-operator, kube-fluentd-operator, influxd, spire-server, dataplaneapi, dive, nodetaint, cert-exporter, step, kubebuilder,...
6.8AI Score
0.0004EPSS
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: dask-gateway, cilium, ksops, hey, flux-notification-controller, prometheus-blackbox-exporter, gitlab-pages, bom, fluent-bit-plugin-loki, nerdctl, go-licenses, doppler-kubernetes-operator, kube-fluentd-operator, influxd, spire-server, dataplaneapi, dive, nodetaint,...
5.5CVSS
6.1AI Score
0.0004EPSS
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: dask-gateway, cilium, guac, flux-notification-controller, prometheus-blackbox-exporter, gitlab-pages, bom, go-licenses, doppler-kubernetes-operator, kube-fluentd-operator, influxd, spire-server, dataplaneapi, dive, nodetaint, cert-exporter, step, kubebuilder,...
7.5AI Score
CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: dask-gateway, cilium, ksops, hey, flux-notification-controller, prometheus-blackbox-exporter, gitlab-pages, bom, fluent-bit-plugin-loki, nerdctl, go-licenses, doppler-kubernetes-operator, kube-fluentd-operator, influxd, spire-server, dataplaneapi, dive, nodetaint,...
9.8CVSS
9.7AI Score
0.001EPSS
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: goreleaser, dask-gateway, consul, nri-f5, grype, eksctl, terraform-docs, php-fpm_exporter, minio, gke-gcloud-auth-plugin, hey, runc, skaffold, telegraf, cue, vault-k8s, direnv, temporal-ui-server, supercronic, lazygit, nri-mssql, dex, crossplane, yq, wire-go, task,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: goreleaser, dask-gateway, consul, nri-f5, grype, eksctl, terraform-docs, php-fpm_exporter, minio, gke-gcloud-auth-plugin, hey, runc, skaffold, telegraf, cue, vault-k8s, direnv, temporal-ui-server, supercronic, lazygit, nri-mssql, dex, crossplane, yq, wire-go, task,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: goreleaser, dask-gateway, consul, nri-f5, grype, eksctl, terraform-docs, php-fpm_exporter, minio, gke-gcloud-auth-plugin, hey, runc, skaffold, telegraf, cue, vault-k8s, direnv, temporal-ui-server, supercronic, lazygit, nri-mssql, dex, crossplane, yq, wire-go, task,...
7.5AI Score
CVE-2023-45803 vulnerabilities
Vulnerabilities for packages: py3-tensorflow-serving-api, jwt-tool, kubeflow-volumes-web-app, py3-urllib3,...
4.2CVSS
7.1AI Score
0.0004EPSS
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: dask-gateway, cilium, ksops, hey, flux-notification-controller, prometheus-blackbox-exporter, gitlab-pages, bom, fluent-bit-plugin-loki, nerdctl, go-licenses, doppler-kubernetes-operator, kube-fluentd-operator, influxd, spire-server, dataplaneapi, dive, nodetaint,...
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: goreleaser, dask-gateway, consul, nri-f5, grype, eksctl, terraform-docs, php-fpm_exporter, minio, gke-gcloud-auth-plugin, hey, runc, skaffold, telegraf, cue, vault-k8s, direnv, temporal-ui-server, supercronic, lazygit, nri-mssql, dex, crossplane, yq, wire-go, task,...
7.8AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: goreleaser, dask-gateway, consul, nri-f5, grype, eksctl, terraform-docs, php-fpm_exporter, minio, gke-gcloud-auth-plugin, hey, runc, skaffold, telegraf, cue, vault-k8s, direnv, temporal-ui-server, supercronic, lazygit, nri-mssql, dex, crossplane, yq, wire-go, task,...
7.8AI Score
0.0004EPSS
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: goreleaser, dask-gateway, consul, nri-f5, grype, eksctl, terraform-docs, php-fpm_exporter, minio, gke-gcloud-auth-plugin, hey, runc, skaffold, telegraf, cue, vault-k8s, direnv, temporal-ui-server, supercronic, lazygit, nri-mssql, dex, crossplane, yq, wire-go, task,...
7.5AI Score
CVE-2024-29025 vulnerabilities
Vulnerabilities for packages: selenium, management-api-for-apache-cassandra, neo4j, opensearch, wavefront-proxy, cloudwatch-exporter, spark,...
5.3CVSS
5.9AI Score
0.0004EPSS
GHSA-5JPM-X58V-624V vulnerabilities
Vulnerabilities for packages: selenium, management-api-for-apache-cassandra, neo4j, opensearch, wavefront-proxy, cloudwatch-exporter, spark,...
7.5AI Score
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: dask-gateway, cilium, ksops, hey, flux-notification-controller, prometheus-blackbox-exporter, gitlab-pages, bom, fluent-bit-plugin-loki, nerdctl, go-licenses, doppler-kubernetes-operator, kube-fluentd-operator, influxd, spire-server, dataplaneapi, dive, nodetaint,...
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: goreleaser, dask-gateway, consul, nri-f5, grype, eksctl, terraform-docs, php-fpm_exporter, minio, gke-gcloud-auth-plugin, hey, runc, skaffold, telegraf, cue, vault-k8s, direnv, temporal-ui-server, supercronic, lazygit, nri-mssql, dex, crossplane, yq, wire-go, task,...
6AI Score
0.0004EPSS
CVE-2023-46136 vulnerabilities
Vulnerabilities for packages: py3-tensorflow-serving-api, py3-werkzeug, kubeflow-volumes-web-app, kubeflow-jupyter-web-app,...
8CVSS
7.9AI Score
0.001EPSS
GHSA-HRFV-MQP8-Q5RW vulnerabilities
Vulnerabilities for packages: py3-tensorflow-serving-api, py3-werkzeug, kubeflow-volumes-web-app, kubeflow-jupyter-web-app,...
7.5AI Score
This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An...
7.2CVSS
7AI Score
0.0004EPSS
This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An...
7.2CVSS
0.0004EPSS
This affects versions of the package opencart/opencart from 4.0.0.0. A Zip Slip issue was identified via the marketplace installer due to improper sanitization of the target path, allowing files within a malicious archive to traverse the filesystem and be extracted to arbitrary locations. An...
7.2CVSS
0.0004EPSS
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp_id' parameter in all versions up to, and including, 4.4.2 due to missing authorization checks on processAction function, as well as insufficient input...
7.2CVSS
6.3AI Score
0.0005EPSS
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp_id' parameter in all versions up to, and including, 4.4.2 due to missing authorization checks on processAction function, as well as insufficient input...
7.2CVSS
0.0005EPSS
The Online Booking & Scheduling Calendar for WordPress by vcita plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wp_id' parameter in all versions up to, and including, 4.4.2 due to missing authorization checks on processAction function, as well as insufficient input...
7.2CVSS
0.0005EPSS
ArcGIS Enterprise Server 10.8.0 allows a remote attacker to obtain sensitive information because /arcgis/rest/services does not require...
0.0004EPSS
ArcGIS Enterprise Server 10.8.0 allows a remote attacker to obtain sensitive information because /arcgis/rest/services does not require...
6.5AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support with F2FS) [failed]...
6.8AI Score
0.0004EPSS
Metasploit Weekly Wrap-Up 06/21/2024
Argument Injection for PHP on Windows This week includes modules that target file traversal and arbitrary file read vulnerabilities for software such as Apache, SolarWinds and Check Point, with the highlight being a module for the recent PHP vulnerability submitted by sfewer-r7. This module...
9.8CVSS
8.9AI Score
0.967EPSS
Military-themed Email Scam Spreads Malware to Infect Pakistani Users
Cybersecurity researchers have shed light on a new phishing campaign that has been identified as targeting people in Pakistan using a custom backdoor. Dubbed PHANTOM#SPIKE by Securonix, the unknown threat actors behind the activity have leveraged military-related phishing documents to activate the....
7.2AI Score
Unveiling SpiceRAT: SneakyChef's latest tool targeting EMEA and Asia
Cisco Talos discovered a new remote access trojan (RAT) dubbed SpiceRAT, used by the threat actor SneakyChef in a recent campaign targeting government agencies in EMEA and Asia. We observed that SneakyChef launched a phishing campaign, sending emails delivering SugarGh0st and SpiceRAT with the...
7.5AI Score
In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support with...
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support with...
6.8AI Score
0.0004EPSS
In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support with...
6.4AI Score
0.0004EPSS
How to Use Tines's SOC Automation Capability Matrix
Created by John Tuckner and the team at automation and AI-powered workflow platform Tines, the SOC Automation Capability Matrix (SOC ACM) is a set of techniques designed to help security operations teams understand their automation capabilities and respond more effectively to incidents. A...
7AI Score
CVE-2024-38636 f2fs: multidev: fix to recognize valid zero block address
In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support with...
6.8AI Score
0.0004EPSS
CVE-2024-38636 f2fs: multidev: fix to recognize valid zero block address
In the Linux kernel, the following vulnerability has been resolved: f2fs: multidev: fix to recognize valid zero block address As reported by Yi Zhang in mailing list [1], kernel warning was catched during zbd/010 test as below: ./check zbd/010 zbd/010 (test gap zone support with...
0.0004EPSS
Oyster Backdoor Spreading via Trojanized Popular Software Downloads
A malvertising campaign is leveraging trojanized installers for popular software such as Google Chrome and Microsoft Teams to drop a backdoor called Oyster (aka Broomstick and CleanUpLoader). That's according to findings from Rapid7, which identified lookalike websites hosting the malicious...
7.5AI Score
js2py is vulnerable to Remote Code Execution (RCE). The vulnerability is due to the js2py.disable_pyimport() function failing to prevent JS sandbox escape, which allows an attacker to send crafted API calls which results in arbitrary code...
7.7AI Score
0.0004EPSS
This script is designed to exploit vulnerabilities in a Mailcow...
6.2CVSS
7AI Score
0.0004EPSS
7.1AI Score
0.0004EPSS
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up to, and including, 2.4.9. This makes it possible for...
5.3CVSS
0.0005EPSS
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up to, and including, 2.4.9. This makes it possible for...
5.3CVSS
5.1AI Score
0.0005EPSS
CVE-2024-3961 ConvertKit <= 2.4.9 - Missing Authorization
The ConvertKit – Email Newsletter, Email Marketing, Subscribers and Landing Pages plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the tag_subscriber function in all versions up to, and including, 2.4.9. This makes it possible for...
5.3CVSS
0.0005EPSS
PCI DSS 4.0.1: New Clarifications on Client-Side Security – What You Need to Know
As a leading provider of web application and API security solutions, Imperva is committed to helping merchants, payment processors, and anyone seeking to comply with the latest PCI DSS requirements. We previously discussed the changes introduced in PCI DSS 4.0. This blog will cover the...
7.1AI Score
(Pwn2Own) Synology BC500 update_ntp_config Command Injection Remote Code Execution Vulnerability
This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Synology BC500 IP cameras. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the server parameter provided to the syno-api handler....
7.5AI Score
Kibana 8.6.3 < 8.14 (ESA-2024-15)
The version of Kibana installed on the remote host is between 8.6.3 and 8.13.4. It is, therefore, affected by a vulnerability as referenced in the ESA-2024-15 advisory. A flaw was discovered in Kibana, allowing view-only users of alerting to use the run_soon API making the alerting rule run...
4.3CVSS
7.2AI Score
0.0004EPSS