CVE-2023-7270 Local Privilege Escalation via MSI installer
An issue was discovered in SoftMaker Office 2024 / NX before revision 1214 and SoftMaker FreeOffice 2014 before revision 1215. FreeOffice 2021 is also affected, but won't be fixed. The SoftMaker Office and FreeOffice MSI installer files were found to produce a visible conhost.exe window running...
EPSS
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘video_color’ parameter in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output...
6.4CVSS
EPSS
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘video_color’ parameter in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output...
6.4CVSS
5.8AI Score
EPSS
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: helm-push, clusterctl, prometheus-redis-exporter, cass-operator, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, aws-load-balancer-controller, k8sgpt, velero, docker-cli, kpt, kubewatch, secrets-store-csi-driver-provider-azure,...
7.8AI Score
0.0004EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: clusterctl, prometheus-redis-exporter, skopeo, cass-operator, kubernetes-csi-external-provisioner, configmap-reload, aws-load-balancer-controller, k8sgpt, rclone, velero, kpt, kubewatch, kaniko, ollama, secrets-store-csi-driver-provider-azure, docker-compose,...
7.5AI Score
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: helm-push, libnvidia-container, clusterctl, prometheus-redis-exporter, go, skopeo, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, k8sgpt, rclone, crane, kpt, kubewatch, secrets-store-csi-driver-provider-azure, docker-compose, spicedb,...
6.5AI Score
0.0004EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: clusterctl, go, cass-operator, shfmt, crane, kaniko, fuse-overlayfs-snapshotter, k9s, kubernetes-dashboard, sbomqs, envoy-ratelimit, yq, kubernetes, falcoctl, flux-helm-controller, runc, node-problem-detector, prometheus-elasticsearch-exporter, trillian,...
6.8AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: helm-push, libnvidia-container, clusterctl, prometheus-redis-exporter, go, skopeo, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, k8sgpt, rclone, crane, kpt, kubewatch, secrets-store-csi-driver-provider-azure, docker-compose, spicedb,...
7.5AI Score
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: clusterctl, go, cass-operator, shfmt, crane, kaniko, fuse-overlayfs-snapshotter, k9s, kubernetes-dashboard, sbomqs, yq, kubernetes, kots, falcoctl, flux-helm-controller, nvidia-container-toolkit, runc, node-problem-detector, prometheus-elasticsearch-exporter,...
5.5CVSS
6.1AI Score
0.0004EPSS
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: helm-push, skopeo, src-fingerprint, nsc, kubewatch, ollama, secrets-store-csi-driver-provider-azure, slsa-verifier, kube-state-metrics, dgraph, kyverno, kubernetes-dashboard, ferretdb, falco, weaviate, istio-pilot-discovery, terraform-provider-azurerm, gitsign,...
5.9CVSS
7.1AI Score
0.963EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: clusterctl, prometheus-redis-exporter, skopeo, cass-operator, kubernetes-csi-external-provisioner, configmap-reload, aws-load-balancer-controller, k8sgpt, rclone, velero, kpt, kubewatch, kaniko, ollama, secrets-store-csi-driver-provider-azure, docker-compose,...
6.8AI Score
0.0004EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: helm-push, clusterctl, prometheus-redis-exporter, cass-operator, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, aws-load-balancer-controller, k8sgpt, velero, docker-cli, kpt, kubewatch, secrets-store-csi-driver-provider-azure,...
7.8AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: helm-push, clusterctl, prometheus-redis-exporter, cass-operator, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, aws-load-balancer-controller, k8sgpt, velero, docker-cli, kpt, kubewatch, secrets-store-csi-driver-provider-azure,...
7.5AI Score
GHSA-9763-4F94-GFCH vulnerabilities
Vulnerabilities for packages: pulumi-language-java, pulumi-kubernetes-operator, keda, crossplane-provider-aws, flux-notification-controller, rclone, crossplane, flux-image-automation-controller, terraform-provider-google, kaniko, tkn, slsa-verifier, spire-server, flux-source-controller,...
7.5AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: clusterctl, go, cass-operator, shfmt, crane, kaniko, fuse-overlayfs-snapshotter, k9s, kubernetes-dashboard, sbomqs, envoy-ratelimit, yq, kubernetes, falcoctl, flux-helm-controller, runc, node-problem-detector, prometheus-elasticsearch-exporter, trillian,...
7.5AI Score
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: helm-push, libnvidia-container, clusterctl, prometheus-redis-exporter, go, skopeo, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, k8sgpt, rclone, crane, kpt, kubewatch, secrets-store-csi-driver-provider-azure, docker-compose, spicedb,...
7.5AI Score
CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: clusterctl, go, cass-operator, shfmt, crane, kaniko, fuse-overlayfs-snapshotter, k9s, kubernetes-dashboard, sbomqs, yq, kubernetes, kots, falcoctl, flux-helm-controller, nvidia-container-toolkit, runc, node-problem-detector, prometheus-elasticsearch-exporter,...
9.8CVSS
9.8AI Score
0.001EPSS
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: helm-push, clusterctl, prometheus-redis-exporter, cass-operator, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, aws-load-balancer-controller, k8sgpt, velero, docker-cli, kpt, kubewatch, secrets-store-csi-driver-provider-azure,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: helm-push, clusterctl, prometheus-redis-exporter, cass-operator, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, aws-load-balancer-controller, k8sgpt, velero, docker-cli, kpt, kubewatch, secrets-store-csi-driver-provider-azure,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: helm-push, clusterctl, prometheus-redis-exporter, cass-operator, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, aws-load-balancer-controller, k8sgpt, velero, docker-cli, kpt, kubewatch, secrets-store-csi-driver-provider-azure,...
7.5AI Score
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: clusterctl, go, cass-operator, shfmt, crane, kaniko, fuse-overlayfs-snapshotter, k9s, kubernetes-dashboard, sbomqs, yq, kubernetes, kots, falcoctl, flux-helm-controller, nvidia-container-toolkit, runc, node-problem-detector, prometheus-elasticsearch-exporter,...
7.5AI Score
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: helm-push, skopeo, src-fingerprint, nsc, kubewatch, ollama, secrets-store-csi-driver-provider-azure, slsa-verifier, kube-state-metrics, dgraph, kyverno, kubernetes-dashboard, ferretdb, falco, weaviate, istio-pilot-discovery, terraform-provider-azurerm, gitsign,...
7.5AI Score
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: helm-push, clusterctl, prometheus-redis-exporter, cass-operator, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, aws-load-balancer-controller, k8sgpt, velero, docker-cli, kpt, kubewatch, secrets-store-csi-driver-provider-azure,...
7.8AI Score
0.0004EPSS
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: helm-push, clusterctl, prometheus-redis-exporter, cass-operator, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, aws-load-balancer-controller, k8sgpt, velero, docker-cli, kpt, kubewatch, secrets-store-csi-driver-provider-azure,...
7.5AI Score
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: helm-push, clusterctl, prometheus-redis-exporter, cass-operator, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, aws-load-balancer-controller, k8sgpt, velero, docker-cli, kpt, kubewatch, secrets-store-csi-driver-provider-azure,...
7.8AI Score
0.0004EPSS
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: clusterctl, go, cass-operator, shfmt, crane, kaniko, fuse-overlayfs-snapshotter, k9s, kubernetes-dashboard, sbomqs, yq, kubernetes, kots, falcoctl, flux-helm-controller, nvidia-container-toolkit, runc, node-problem-detector, prometheus-elasticsearch-exporter,...
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: helm-push, clusterctl, prometheus-redis-exporter, cass-operator, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, aws-load-balancer-controller, k8sgpt, velero, docker-cli, kpt, kubewatch, secrets-store-csi-driver-provider-azure,...
6AI Score
0.0004EPSS
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: helm-push, libnvidia-container, clusterctl, prometheus-redis-exporter, go, skopeo, kubernetes-csi-external-provisioner, configmap-reload, shfmt, src-fingerprint, k8sgpt, rclone, crane, kpt, kubewatch, secrets-store-csi-driver-provider-azure, docker-compose, spicedb,...
6.5AI Score
0.0004EPSS
Summary There is a vulnerability in the XML toolkit for Ruby component used by IBM License Metric Tool. Vulnerability Details ** CVEID: CVE-2024-35176 DESCRIPTION: **Ruby REXML is vulnerable to a denial of service, caused by improper input validation. By parsing a specially crafted XML content...
5.3CVSS
6.6AI Score
0.0004EPSS
Security Bulletin: Multiple vulnerabilities in Bouncy Castle API affect IBM License Metric Tool.
Summary IBM License Metric Tool is affected by Bouncy Castle Cryptography vulnerabilities. Vulnerability Details ** CVEID: CVE-2024-30172 DESCRIPTION: **The Bouncy Castle Crypto Package For Java is vulnerable to a denial of service, caused by an infinite loop in the Ed25519 verification code. By...
7.2AI Score
EPSS
Summary There are security vulnerabilities in IBM WebSphere Application Server Liberty used by IBM License Metric Tool. Vulnerability Details ** CVEID: CVE-2024-22329 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.3...
7.5CVSS
8.1AI Score
0.0004EPSS
Summary IBM Storage Protect Plus Microsoft File Systems Backup and Restore can be affected by vulnerabilities in Jinja, idna & cryptography which include cross-site scripting & a denial of service, as described by the CVEs in the "Vulnerability Details" section. These vulnerabilities have been...
7.5CVSS
7.4AI Score
EPSS
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘video_color’ parameter in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output...
6.4CVSS
5.9AI Score
EPSS
The The Plus Addons for Elementor – Elementor Addons, Page Templates, Widgets, Mega Menu, WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘video_color’ parameter in all versions up to, and including, 5.6.0 due to insufficient input sanitization and output...
6.4CVSS
EPSS
wasem.de Cross Site Scripting vulnerability OBB-3939253
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
santoamaro.sc.gov.br Cross Site Scripting vulnerability OBB-3939251
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
ukbabynames.com Cross Site Scripting vulnerability OBB-3939252
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
petitefouine.fr Cross Site Scripting vulnerability OBB-3939250
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
monitortools.com Cross Site Scripting vulnerability OBB-3939248
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
The Create by Mediavine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Schema Meta shortcode in all versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
0.0004EPSS
The Create by Mediavine plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Schema Meta shortcode in all versions up to, and including, 1.9.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...
6.4CVSS
5.8AI Score
0.0004EPSS
lafonteimmobiliare.it Cross Site Scripting vulnerability OBB-3939246
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
lacourgettesolidaire.fr Cross Site Scripting vulnerability OBB-3939245
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
dobrzyca-muzeum.pl Cross Site Scripting vulnerability OBB-3939243
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
ceifadores.com.br Cross Site Scripting vulnerability OBB-3939240
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
cbc.esp.br Cross Site Scripting vulnerability OBB-3939238
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
ccnet21.ne.jp Cross Site Scripting vulnerability OBB-3939239
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
pocky53.blog.fc2.com Cross Site Scripting vulnerability OBB-3939234
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
vanessa-tugendhaft.com Cross Site Scripting vulnerability OBB-3939233
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
ulm-albatros.fr Cross Site Scripting vulnerability OBB-3939229
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score