GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: gatekeeper, nats-server, helm, prometheus-elasticsearch-exporter, lazygit, ctop, hubble-ui, chartmuseum, cni-plugins, nri-rabbitmq, secrets-store-csi-driver-provider-aws, cue, rqlite, bazelisk, tctl, k8ssandra-operator, nvidia-device-plugin, pulumi,...
7.5AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: gatekeeper, nats-server, helm, prometheus-elasticsearch-exporter, lazygit, ctop, hubble-ui, chartmuseum, cni-plugins, nri-rabbitmq, secrets-store-csi-driver-provider-aws, cue, rqlite, bazelisk, tctl, k8ssandra-operator, nvidia-device-plugin, pulumi,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: gatekeeper, nats-server, helm, prometheus-elasticsearch-exporter, lazygit, ctop, hubble-ui, chartmuseum, cni-plugins, nri-rabbitmq, secrets-store-csi-driver-provider-aws, cue, rqlite, bazelisk, tctl, k8ssandra-operator, nvidia-device-plugin, pulumi,...
7.5AI Score
7.2AI Score
0.0004EPSS
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: rook, nats-server, git-lfs, harbor-registry, bazelisk, osv-scanner, vexctl, prometheus-mysqld-exporter, volume-modifier-for-k8s, teleport, keda, k9s, hey, tfsec, gitness, chezmoi, k3d, nri-haproxy, wolfictl, boring-registry, regclient, controller-gen, cloud-sql-proxy,....
7.5AI Score
CVE-2023-39326 vulnerabilities
Vulnerabilities for packages: amass, configmap-reload, mage, sops, docker-cli, petname, aws-flb-cloudwatch, cass-operator, go-md2man, ctop, kubernetes-dashboard-metrics-scraper, gitlab-logger, render-template, cni-plugins, prometheus-stackdriver-exporter, grpcurl, nats, goreleaser, gosu,...
5.3CVSS
7.2AI Score
0.001EPSS
GHSA-9F76-WG39-X86H vulnerabilities
Vulnerabilities for packages: amass, configmap-reload, mage, sops, docker-cli, petname, aws-flb-cloudwatch, cass-operator, go-md2man, ctop, kubernetes-dashboard-metrics-scraper, gitlab-logger, render-template, cni-plugins, prometheus-stackdriver-exporter, grpcurl, nats, goreleaser, gosu,...
7.5AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: gatekeeper, git-lfs, helm, prometheus-elasticsearch-exporter, chartmuseum, vault, cue, rqlite, tctl, go, nvidia-device-plugin, pulumi, prometheus-mysqld-exporter, karpenter, kubernetes-dns-node-cache, keda, flux-notification-controller, external-secrets-operator,...
7.5AI Score
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: gatekeeper, git-lfs, helm, prometheus-elasticsearch-exporter, chartmuseum, vault, cue, rqlite, tctl, nvidia-device-plugin, pulumi, prometheus-mysqld-exporter, karpenter, keda, flux-notification-controller, external-secrets-operator, argo-cd, hey, gitness, k3d,...
7.5AI Score
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: gatekeeper, kubernetes-csi-external-attacher, envoy-ratelimit, helm, prometheus-adapter, gitlab-pages, prometheus-stackdriver-exporter, tctl, slsa-verifier, src, up, flux-kustomize-controller, goreleaser, nvidia-device-plugin, conftest, pulumi-language-java, pulumi,...
7.5AI Score
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: gatekeeper, git-lfs, helm, prometheus-elasticsearch-exporter, cue, rqlite, tctl, tomcat, traefik, nvidia-device-plugin, pulumi, keda, flux-notification-controller, terraform-provider-aws, argo-cd, hey, gitness, spark-operator, kubernetes-csi-livenessprobe,...
7.5AI Score
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: gatekeeper, nats-server, helm, prometheus-elasticsearch-exporter, lazygit, ctop, hubble-ui, chartmuseum, cni-plugins, nri-rabbitmq, secrets-store-csi-driver-provider-aws, cue, rqlite, bazelisk, tctl, k8ssandra-operator, nvidia-device-plugin, pulumi,...
7.8AI Score
0.0004EPSS
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: gatekeeper, nats-server, helm, prometheus-elasticsearch-exporter, lazygit, ctop, hubble-ui, chartmuseum, cni-plugins, nri-rabbitmq, secrets-store-csi-driver-provider-aws, cue, rqlite, bazelisk, tctl, k8ssandra-operator, nvidia-device-plugin, pulumi,...
7.8AI Score
0.0004EPSS
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: gatekeeper, nats-server, helm, prometheus-elasticsearch-exporter, lazygit, ctop, hubble-ui, chartmuseum, cni-plugins, nri-rabbitmq, secrets-store-csi-driver-provider-aws, cue, rqlite, bazelisk, tctl, k8ssandra-operator, nvidia-device-plugin, pulumi,...
7.5AI Score
GHSA-5F94-VHJQ-RPG8 vulnerabilities
Vulnerabilities for packages: amass, configmap-reload, mage, sops, docker-cli, petname, aws-flb-cloudwatch, cass-operator, go-md2man, ctop, kubernetes-dashboard-metrics-scraper, gitlab-logger, render-template, cni-plugins, prometheus-stackdriver-exporter, grpcurl, nats, goreleaser, gosu,...
7.5AI Score
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: nats-server, multus-cni, git-lfs, melange, helm, lazygit, ctop, harbor-registry, hubble-ui, chartmuseum, step, extism, secrets-store-csi-driver-provider-aws, cue, osv-scanner, traefik, go, grafana-agent-operator, nvidia-device-plugin, gobump,...
6.5AI Score
0.0004EPSS
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: rook, nats-server, git-lfs, harbor-registry, bazelisk, osv-scanner, vexctl, prometheus-mysqld-exporter, volume-modifier-for-k8s, teleport, keda, k9s, hey, tfsec, gitness, chezmoi, k3d, nri-haproxy, wolfictl, boring-registry, regclient, controller-gen, cloud-sql-proxy,....
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: gatekeeper, nats-server, helm, prometheus-elasticsearch-exporter, lazygit, ctop, hubble-ui, chartmuseum, cni-plugins, nri-rabbitmq, secrets-store-csi-driver-provider-aws, cue, rqlite, bazelisk, tctl, k8ssandra-operator, nvidia-device-plugin, pulumi,...
6AI Score
0.0004EPSS
GHSA-XR7R-F8XQ-VFVV vulnerabilities
Vulnerabilities for packages: ctop, docker, trivy, ingress-nginx-controller, cadvisor, zarf, nvidia-device-plugin, kubernetes, kaniko, grype, datadog-agent, k9s, telegraf, k3d, kots, k3s, wolfictl, newrelic-infrastructure-agent, buildkitd, skaffold, syft, skopeo, runc, kubescape, nerdctl,...
7.5AI Score
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget parameters in all versions up to, and including, 3.2.42 due to insufficient input sanitization and output escaping. This makes it possible....
6.4CVSS
EPSS
CVE-2024-6054 Auto Featured Image <= 1.2 - Authenticated (Contributor+) Arbitrary File Upload
The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above....
8.8CVSS
EPSS
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin...
8.8CVSS
EPSS
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin...
8.8CVSS
8.6AI Score
EPSS
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin...
8.8CVSS
EPSS
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin...
8.8CVSS
8.6AI Score
EPSS
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin...
8.8CVSS
EPSS
Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.1.0.0 and 9.3.0.7, including 8.3.x allow a malicious URL to inject content into the Analyzer plugin...
8.8CVSS
EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in twinpictures, baden03 jQuery T(-) Countdown Widget allows Stored XSS.This issue affects jQuery T(-) Countdown Widget: from n/a through...
6.5CVSS
6.5AI Score
EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in twinpictures, baden03 jQuery T(-) Countdown Widget allows Stored XSS.This issue affects jQuery T(-) Countdown Widget: from n/a through...
6.5CVSS
EPSS
Developer Accounts Compromised Due to Credential Reuse in WordPress.org Supply Chain Attack
On June 24th, 2024, the Wordfence Threat Intelligence Team became aware of a WordPress plugin, Social Warfare, that was infected with malware through the WordPress repository. Upon further investigation, our team quickly identified 4 additional affected plugins through our internal Threat...
8.4AI Score
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in twinpictures, baden03 jQuery T(-) Countdown Widget allows Stored XSS.This issue affects jQuery T(-) Countdown Widget: from n/a through...
6.5CVSS
6.8AI Score
EPSS
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in twinpictures, baden03 jQuery T(-) Countdown Widget allows Stored XSS.This issue affects jQuery T(-) Countdown Widget: from n/a through...
6.5CVSS
EPSS
Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin
Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases. Bitbucket Branch Source Plugin 887.va_d359b_3d2d8d does not include the Bitbucket OAuth access token as part of the Bitbucket URL in the....
6.8AI Score
EPSS
Exposure of secrets through system log in Jenkins Structs Plugin
Structs Plugin provides utility functionality used, e.g., in Pipeline to instantiate and configure build steps, typically before their execution. When Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that...
6.4AI Score
EPSS
Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin
Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases. Bitbucket Branch Source Plugin 887.va_d359b_3d2d8d does not include the Bitbucket OAuth access token as part of the Bitbucket URL in the....
6.8AI Score
EPSS
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin
When creating secret file credentials Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier attempts to decrypt the content of the file to check if it constitutes a valid encrypted secret. In rare cases the file content matches the expected format of an encrypted secret, and the file content...
6.4AI Score
EPSS
Secret file credentials stored unencrypted in rare cases by Plain Credentials Plugin
When creating secret file credentials Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier attempts to decrypt the content of the file to check if it constitutes a valid encrypted secret. In rare cases the file content matches the expected format of an encrypted secret, and the file content...
6.5AI Score
EPSS
Exposure of secrets through system log in Jenkins Structs Plugin
Structs Plugin provides utility functionality used, e.g., in Pipeline to instantiate and configure build steps, typically before their execution. When Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that...
6.4AI Score
EPSS
When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system...
EPSS
When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system...
6.2AI Score
EPSS
Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some...
6.9AI Score
EPSS
In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with...
6.8AI Score
EPSS
Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some...
EPSS
In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with...
EPSS
In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with...
EPSS
In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with...
6.8AI Score
EPSS
Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some...
EPSS
Jenkins Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some...
6.8AI Score
EPSS
When Jenkins Structs Plugin 337.v1b_04ea_4df7c8 and earlier fails to configure a build step, it logs a warning message containing diagnostic information that may contain secrets passed as step parameters, potentially resulting in accidental exposure of secrets through the default system...
EPSS
October is a self-hosted CMS platform based on the Laravel PHP Framework. The X-October-Request-Handler Header does not sanitize the AJAX handler name and allows unescaped HTML to be reflected back. There is no impact since this vulnerability cannot be exploited through normal browser...
3.1CVSS
3.9AI Score
EPSS