A vulnerability classified as problematic was found in Ingenico Estate Manager 2023. Affected by this vulnerability is an unknown functionality of the file /emgui/rest/preferences/PREF_HOME_PAGE/sponsor/3/ of the component New Widget Handler. The manipulation of the argument URL leads to cross...
2.4CVSS
EPSS
A vulnerability classified as problematic was found in Ingenico Estate Manager 2023. Affected by this vulnerability is an unknown functionality of the file /emgui/rest/preferences/PREF_HOME_PAGE/sponsor/3/ of the component New Widget Handler. The manipulation of the argument URL leads to cross...
2.4CVSS
3.4AI Score
EPSS
CVE-2024-6415 Ingenico Estate Manager New Widget cross site scripting
A vulnerability classified as problematic was found in Ingenico Estate Manager 2023. Affected by this vulnerability is an unknown functionality of the file /emgui/rest/preferences/PREF_HOME_PAGE/sponsor/3/ of the component New Widget Handler. The manipulation of the argument URL leads to cross...
2.4CVSS
EPSS
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: caddy, esbuild, ferretdb, nfs-subdir-external-provisioner, filebeat, flannel-cni-plugin, newrelic-prometheus-configurator, nats, nuclei, sonobuoy, k3s, prometheus-operator, telegraf, kubebuilder, kubernetes-dashboard, eksctl, kubeflow-katib, nri-apache,...
7.8AI Score
0.0004EPSS
GHSA-G4MX-Q9VG-27P4 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, jwt-tool, py3-urllib3, kubeflow-volumes-web-app,...
7.5AI Score
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: nri-consul, kubernetes-dashboard, harbor-cli, docker-credential-acr-env, tempo, tailscale, prometheus-nats-exporter, calico, hugo-extended, govulncheck, mage, memcached-exporter, gosu, tigera-operator, bom, newrelic-nri-kube-events, pulumi-language-java,...
6.8AI Score
0.0004EPSS
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: nri-consul, kubernetes-dashboard, gpu-feature-discovery, harbor-cli, docker-credential-acr-env, tempo, tailscale, prometheus-nats-exporter, govulncheck, mage, memcached-exporter, gosu, bom, dagger, newrelic-nri-kube-events, jitsucom-bulker, vcluster,...
5.5CVSS
6.1AI Score
0.0004EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: caddy, esbuild, ferretdb, nfs-subdir-external-provisioner, filebeat, flannel-cni-plugin, newrelic-prometheus-configurator, nats, nuclei, sonobuoy, k3s, prometheus-operator, telegraf, kubebuilder, kubernetes-dashboard, eksctl, kubeflow-katib, nri-apache,...
7.8AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: caddy, esbuild, ferretdb, nfs-subdir-external-provisioner, filebeat, flannel-cni-plugin, newrelic-prometheus-configurator, nats, nuclei, sonobuoy, k3s, prometheus-operator, telegraf, kubebuilder, kubernetes-dashboard, eksctl, kubeflow-katib, nri-apache,...
7.5AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: nri-consul, kubernetes-dashboard, harbor-cli, docker-credential-acr-env, tempo, tailscale, prometheus-nats-exporter, calico, hugo-extended, govulncheck, mage, memcached-exporter, gosu, tigera-operator, bom, newrelic-nri-kube-events, pulumi-language-java,...
7.5AI Score
CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: nri-consul, kubernetes-dashboard, gpu-feature-discovery, harbor-cli, docker-credential-acr-env, tempo, tailscale, prometheus-nats-exporter, govulncheck, mage, memcached-exporter, gosu, bom, dagger, newrelic-nri-kube-events, jitsucom-bulker, vcluster,...
9.8CVSS
9.8AI Score
0.001EPSS
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: caddy, esbuild, ferretdb, nfs-subdir-external-provisioner, filebeat, flannel-cni-plugin, newrelic-prometheus-configurator, nats, nuclei, sonobuoy, k3s, prometheus-operator, telegraf, kubebuilder, kubernetes-dashboard, eksctl, kubeflow-katib, nri-apache,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: caddy, esbuild, ferretdb, nfs-subdir-external-provisioner, filebeat, flannel-cni-plugin, newrelic-prometheus-configurator, nats, nuclei, sonobuoy, k3s, prometheus-operator, telegraf, kubebuilder, kubernetes-dashboard, eksctl, kubeflow-katib, nri-apache,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: caddy, esbuild, ferretdb, nfs-subdir-external-provisioner, filebeat, flannel-cni-plugin, newrelic-prometheus-configurator, nats, nuclei, sonobuoy, k3s, prometheus-operator, telegraf, kubebuilder, kubernetes-dashboard, eksctl, kubeflow-katib, nri-apache,...
7.5AI Score
CVE-2023-45803 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, jwt-tool, py3-urllib3, kubeflow-volumes-web-app,...
4.2CVSS
7.1AI Score
0.0004EPSS
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: nri-consul, kubernetes-dashboard, gpu-feature-discovery, harbor-cli, docker-credential-acr-env, tempo, tailscale, prometheus-nats-exporter, govulncheck, mage, memcached-exporter, gosu, bom, dagger, newrelic-nri-kube-events, jitsucom-bulker, vcluster,...
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: caddy, esbuild, ferretdb, nfs-subdir-external-provisioner, filebeat, flannel-cni-plugin, newrelic-prometheus-configurator, nats, nuclei, sonobuoy, k3s, prometheus-operator, telegraf, kubebuilder, kubernetes-dashboard, eksctl, kubeflow-katib, nri-apache,...
7.8AI Score
0.0004EPSS
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: caddy, esbuild, ferretdb, nfs-subdir-external-provisioner, filebeat, flannel-cni-plugin, newrelic-prometheus-configurator, nats, nuclei, sonobuoy, k3s, prometheus-operator, telegraf, kubebuilder, kubernetes-dashboard, eksctl, kubeflow-katib, nri-apache,...
7.5AI Score
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: caddy, esbuild, ferretdb, nfs-subdir-external-provisioner, filebeat, flannel-cni-plugin, newrelic-prometheus-configurator, nats, nuclei, sonobuoy, k3s, prometheus-operator, telegraf, kubebuilder, kubernetes-dashboard, eksctl, kubeflow-katib, nri-apache,...
7.8AI Score
0.0004EPSS
GHSA-5JPM-X58V-624V vulnerabilities
Vulnerabilities for packages: opensearch, management-api-for-apache-cassandra, selenium, spark, wavefront-proxy, neo4j, cloudwatch-exporter,...
7.5AI Score
CVE-2024-29025 vulnerabilities
Vulnerabilities for packages: opensearch, management-api-for-apache-cassandra, selenium, spark, wavefront-proxy, neo4j, cloudwatch-exporter,...
5.3CVSS
5.9AI Score
0.0004EPSS
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: nri-consul, kubernetes-dashboard, gpu-feature-discovery, harbor-cli, docker-credential-acr-env, tempo, tailscale, prometheus-nats-exporter, govulncheck, mage, memcached-exporter, gosu, bom, dagger, newrelic-nri-kube-events, jitsucom-bulker, vcluster,...
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: caddy, esbuild, ferretdb, nfs-subdir-external-provisioner, filebeat, flannel-cni-plugin, newrelic-prometheus-configurator, nats, nuclei, sonobuoy, k3s, prometheus-operator, telegraf, kubebuilder, kubernetes-dashboard, eksctl, kubeflow-katib, nri-apache,...
6AI Score
0.0004EPSS
CVE-2023-46136 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-werkzeug, airflow, kubeflow-volumes-web-app,...
8CVSS
7.9AI Score
0.001EPSS
GHSA-HRFV-MQP8-Q5RW vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-werkzeug, airflow, kubeflow-volumes-web-app,...
7.5AI Score
NewPass before 1.2.0 stores passwords (rather than password hashes) directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during...
6.8AI Score
EPSS
NewPass before 1.2.0 stores passwords (rather than password hashes) directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during...
EPSS
Virtuozzo Hybrid Infrastructure 6.2 (6.2.0-136)
In this release, Virtuozzo Hybrid Infrastructure provides a range of new features that cover the compute service, high availability of the management node, object storage management, networking, and monitoring. Additionally, this release delivers stability improvements and addresses issues found...
7.2AI Score
NewPass before 1.2.0 stores passwords (rather than password hashes) directly, which makes it easier to obtain unauthorized access to sensitive information. NOTE: in each case, data at rest is encrypted, but is decrypted within process memory during...
EPSS
9.8CVSS
9.6AI Score
0.038EPSS
Summary Multiple vulnerabilities in Kubernetes used by IBM InfoSphere Information Server were addressed. Vulnerability Details ** CVEID: CVE-2020-8562 DESCRIPTION: **Kubernetes could allow a remote authenticated attacker to obtain sensitive information, caused by a time-of-check time-of-use...
3.1CVSS
7AI Score
0.001EPSS
CVE-2024-38518 bbb-web API additional parameters considered
BigBlueButton is an open-source virtual classroom designed to help teachers teach and learners learn. An attacker with a valid join link to a meeting can trick BigBlueButton into generating a signed join link with additional parameters. One of those parameters may be "role=moderator", allowing an.....
4.6CVSS
0.0004EPSS
NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery (SSRF) vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance (MKCOL, PUT and...
7.4CVSS
0.0004EPSS
NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery (SSRF) vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance (MKCOL, PUT and...
7.4CVSS
7.6AI Score
0.0004EPSS
authentik is an open-source Identity Provider that emphasizes flexibility and versatility. Authentik API-Access-Token mechanism can be exploited to gain admin user privileges. A successful exploit of the issue will result in a user gaining full admin access to the Authentik application, including.....
8.8CVSS
0.0004EPSS
authentik is an open-source Identity Provider that emphasizes flexibility and versatility. Authentik API-Access-Token mechanism can be exploited to gain admin user privileges. A successful exploit of the issue will result in a user gaining full admin access to the Authentik application, including.....
8.8CVSS
8.8AI Score
0.0004EPSS
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: ...
5.9CVSS
5.6AI Score
0.0004EPSS
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: ...
5.9CVSS
0.0004EPSS
CVE-2024-38514 NextChat Server-Side Request Forgery (SSRF)
NextChat is a cross-platform ChatGPT/Gemini UI. There is a Server-Side Request Forgery (SSRF) vulnerability due to a lack of validation of the endpoint GET parameter on the WebDav API endpoint. This SSRF can be used to perform arbitrary HTTPS request from the vulnerable instance (MKCOL, PUT and...
7.4CVSS
0.0004EPSS
CVE-2024-31919 IBM MQ denial of service
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: ...
5.9CVSS
0.0004EPSS
CVE-2024-31919 IBM MQ denial of service
IBM MQ 9.0 LTS, 9.1 LTS, 9.2 LTS, 9.3 LTS and 9.3 CD, in certain configurations, is vulnerable to a denial of service attack caused by an error processing messages when an API Exit using MQBUFMH is used. IBM X-Force ID: ...
5.9CVSS
6.5AI Score
0.0004EPSS
Exploit for SQL Injection in Progress Moveit Cloud
CVE-2023-34362: MOVEit Transfer Unauthenticated RCE For a...
9.8CVSS
7.3AI Score
0.969EPSS
Exploit for SQL Injection in Progress Moveit Cloud
CVE-2023-34362: MOVEit Transfer Unauthenticated RCE For a...
9.8CVSS
9.8AI Score
0.969EPSS
authentik is an open-source Identity Provider that emphasizes flexibility and versatility. Authentik API-Access-Token mechanism can be exploited to gain admin user privileges. A successful exploit of the issue will result in a user gaining full admin access to the Authentik application, including.....
8.8CVSS
0.0004EPSS
TEMU sued for being “dangerous malware” by Arkansas Attorney General
Chinese online shopping giant Temu is facing a lawsuit filed by State of Arkansas Attorney General Tim Griffin, alleging that the retailer's mobile app spies on users. “Temu purports to be an online shopping platform, but it is dangerous malware, surreptitiously granting itself access to...
7.5AI Score
Nginx-UI vulnerable to arbitrary file write through the Import Certificate feature in...
9.8CVSS
6.8AI Score
0.002EPSS
Rancher permissions on 'namespaces' in any API group grants 'edit' permissions on namespaces in 'core' in...
6.9AI Score
EPSS
9.8CVSS
7.4AI Score
0.038EPSS
GitLab Releases Patch for Critical CI/CD Pipeline Vulnerability and 13 Others
GitLab has released security updates to address 14 security flaws, including one critical vulnerability that could be exploited to run continuous integration and continuous deployment (CI/CD) pipelines as any user. The weaknesses, which affect GitLab Community Edition (CE) and Enterprise Edition...
9.6CVSS
7.3AI Score
EPSS
Security Bulletin: A vulnerability in containerd affects Data Replication on Cloud Pak for Data
Summary A vulnerability in the containerd package has been addressed. Vulnerability Details ** CVEID: CVE-2022-31030 DESCRIPTION: **containerd is vulnerable to a denial of service, caused by a flaw in the CRI implementation. By sending a specially-crafted request using the ExecSync API, a local...
5.5CVSS
6.2AI Score
0.0004EPSS