CVE-2022-3857 affecting package libpng for versions less than 1.6.39-1
CVE-2022-3857 affecting package libpng for versions less than 1.6.39-1. No patch is available...
5.5CVSS
5.5AI Score
0.001EPSS
CVE-2023-0286 affecting package reaper 3.1.1-6
CVE-2023-0286 affecting package reaper 3.1.1-6. This CVE either no longer is or was never...
7.4CVSS
8AI Score
0.003EPSS
CVE-2023-25136 affecting package openssh 8.9p1-5
CVE-2023-25136 affecting package openssh 8.9p1-5. This CVE either no longer is or was never...
6.5CVSS
7AI Score
0.009EPSS
CVE-2022-3437 affecting package samba 4.12.5-6
CVE-2022-3437 affecting package samba 4.12.5-6. No patch is available...
6.5CVSS
7.3AI Score
0.01EPSS
CVE-2023-22466 affecting package rpm-ostree 2022.1-6
CVE-2023-22466 affecting package rpm-ostree 2022.1-6. This CVE either no longer is or was never...
5.4CVSS
5.9AI Score
0.001EPSS
CVE-2022-42898 affecting package samba 4.12.5-6
CVE-2022-42898 affecting package samba 4.12.5-6. No patch is available...
8.8CVSS
8.1AI Score
0.005EPSS
CVE-2022-2989 affecting package podman 4.1.1-5
CVE-2022-2989 affecting package podman 4.1.1-5. This CVE either no longer is or was never...
7.1CVSS
7.8AI Score
0.0005EPSS
CVE-2022-32742 affecting package samba 4.12.5-6
CVE-2022-32742 affecting package samba 4.12.5-6. No patch is available...
4.3CVSS
5.2AI Score
0.038EPSS
CVE-2020-25718 affecting package samba 4.12.5-6
CVE-2020-25718 affecting package samba 4.12.5-6. No patch is available...
8.8CVSS
7.9AI Score
0.002EPSS
CVE-2020-25717 affecting package samba 4.12.5-6
CVE-2020-25717 affecting package samba 4.12.5-6. No patch is available...
8.1CVSS
8.1AI Score
0.001EPSS
CVE-2021-44142 affecting package samba 4.12.5-6
CVE-2021-44142 affecting package samba 4.12.5-6. No patch is available...
8.8CVSS
9.1AI Score
0.18EPSS
CVE-2020-27840 affecting package samba 4.12.5-6
CVE-2020-27840 affecting package samba 4.12.5-6. No patch is available...
7.5CVSS
7.6AI Score
0.009EPSS
CVE-2019-25051 affecting package aspell 0.60.8-5
CVE-2019-25051 affecting package aspell 0.60.8-5. This CVE either no longer is or was never...
7.8CVSS
7.7AI Score
0.001EPSS
CVE-2022-4515 affecting package ctags 5.8-6
CVE-2022-4515 affecting package ctags 5.8-6. No patch is available...
7.8CVSS
7.5AI Score
0.001EPSS
CVE-2021-25741 affecting package kubernetes-1.19.13 1.19.13-5
CVE-2021-25741 affecting package kubernetes-1.19.13 1.19.13-5. No patch is available...
8.8CVSS
8.9AI Score
EPSS
CVE-2022-30699 affecting package unbound 1.10.0-5
CVE-2022-30699 affecting package unbound 1.10.0-5. No patch is available...
6.5CVSS
7.5AI Score
0.001EPSS
CVE-2022-30698 affecting package unbound 1.10.0-5
CVE-2022-30698 affecting package unbound 1.10.0-5. No patch is available...
6.5CVSS
7.5AI Score
0.001EPSS
CVE-2020-8563 affecting package kubernetes-1.18.17 1.18.17-6
CVE-2020-8563 affecting package kubernetes-1.18.17 1.18.17-6. No patch is available...
5.5CVSS
7.5AI Score
0.0005EPSS
CVE-2022-4904 affecting package python-gevent 1.3.6-5
CVE-2022-4904 affecting package python-gevent 1.3.6-5. No patch is available...
8.6CVSS
9.5AI Score
0.001EPSS
CVE-2023-0215 affecting package shim-unsigned-aarch64 15-5
CVE-2023-0215 affecting package shim-unsigned-aarch64 15-5. This CVE either no longer is or was never...
7.5CVSS
8.4AI Score
0.004EPSS
CVE-2018-25078 affecting package man-db 2.8.4-5
CVE-2018-25078 affecting package man-db 2.8.4-5. This CVE either no longer is or was never...
7.8CVSS
7.5AI Score
0.0004EPSS
CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5
CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...
7.5CVSS
8.2AI Score
0.732EPSS
CVE-2023-44487 affecting package vitess for versions less than 16.0.2-5
CVE-2023-44487 affecting package vitess for versions less than 16.0.2-5. An upgraded version of the package is available that resolves this...
7.5CVSS
8.8AI Score
0.732EPSS
CVE-2023-39325 affecting package vitess for versions less than 16.0.2-5
CVE-2023-39325 affecting package vitess for versions less than 16.0.2-5. An upgraded version of the package is available that resolves this...
7.5CVSS
8.3AI Score
0.002EPSS
CVE-2023-3817 affecting package rust for versions less than 1.68.2-5
CVE-2023-3817 affecting package rust for versions less than 1.68.2-5. A patched version of the package is...
5.3CVSS
5.7AI Score
0.002EPSS
CVE-2023-44487 affecting package opa for versions less than 0.50.2-6
CVE-2023-44487 affecting package opa for versions less than 0.50.2-6. A patched version of the package is...
7.5CVSS
8.2AI Score
0.732EPSS
CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5
CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...
7.5CVSS
7.8AI Score
0.002EPSS
CVE-2023-39325 affecting package opa for versions less than 0.50.2-6
CVE-2023-39325 affecting package opa for versions less than 0.50.2-6. A patched version of the package is...
7.5CVSS
7.8AI Score
0.002EPSS
CVE-2024-38368 Trunk's 'Claim your pod' could be used to obtain un-used pods
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. A vulnerability affected older pods which migrated from the pre-2014 pull request workflow to trunk. If the pods had never been claimed then it was still possible to do so. It was also possible to have all...
9.9CVSS
EPSS
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. Prior to commit d4fa66f49cedab449af9a56a21ab40697b9f7b97, the trunk sessions verification step could be manipulated for owner session hijacking Compromising a victim’s session will result in a full takeover of.....
8CVSS
EPSS
CVE-2024-38366 CoacoaPods trunk RCE in email verification system rfc-822
trunk.cocoapods.org is the authentication server for the CoacoaPods dependency manager. The part of trunk which verifies whether a user has a real email address on signup used a rfc-822 library which executes a shell command to validate the email domain MX records validity. It works via an DNS MX.....
9CVSS
EPSS
Remote Code Execution (RCE) vulnerability in geoserver
Summary Multiple OGC request parameters allow Remote Code Execution (RCE) by unauthenticated users through specially crafted input against a default GeoServer installation due to unsafely evaluating property names as XPath expressions. Details The GeoTools library API that GeoServer calls...
9.8CVSS
8AI Score
EPSS
Improper Input Validation, Uncontrolled Resource Consumption vulnerability in Apache Commons Compress in TAR parsing.This issue affects Apache Commons Compress: from 1.22 before 1.24.0. Users are recommended to upgrade to version 1.24.0, which fixes the issue. A third party can create a malformed.....
5.5CVSS
6.9AI Score
0.026EPSS
Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat
Impact If GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache ByteStreamController class and read arbitrary classpath resources with specific file name extensions. If GeoServer is....
7.5CVSS
7.2AI Score
EPSS
ZDI-CAN-23894: Parse Server literalizeRegexPart SQL Injection Authentication Bypass Vulnerability
Impact This vulnerability allows SQL injection when Parse Server is configured to use the PostgreSQL database. Patches The algorithm to detect SQL injection has been improved. Workarounds None. References https://github.com/parse-community/parse-server/security/advisories/GHSA-c2hr-cqg6-8j6r...
7.8AI Score
EPSS
CVE-2024-5655: GitLab Fixes CI/CD Vulnerability & 13 Other Flaws With Latest Patch Release
A security flaw that impacts specific versions of GitLab's Community and Enterprise Edition products was just detected. This vulnerability can be exploited to execute pipelines under any user's credentials. GitLab is a web-based DevOps platform offering tools for software development, version...
9.6CVSS
6.9AI Score
EPSS
WordPress Security Research: A Beginner’s Series
Learn How To Find WordPress Vulnerabilities Step-by-Step Welcome to the inaugural post of our WordPress Security Research Beginner's Series! With the success of the Wordfence Bug Bounty Program, we wanted to provide emerging vulnerability researchers, and experienced Bug Bounty Hunters, with a...
7.7AI Score
Critical Flaws in CocoaPods Expose iOS and macOS Apps to Supply Chain Attacks
A trio of security flaws has been uncovered in the CocoaPods dependency manager for Swift and Objective-C Cocoa projects that could be exploited to stage software supply chain attacks, putting downstream customers at severe risks. The vulnerabilities allow "any malicious actor to claim ownership...
8AI Score
EPSS
WordPress Security Research Series: WordPress Request Architecture and Hooks
Welcome to Part 1 of the WordPress Security Research Beginner Series! If you haven’t had a chance, please review the series introduction blog post for more details on the goal of this series and what to expect. Before diving into the security features of WordPress, it's critical to understand the.....
7.1AI Score
Cisco NX-OS Software CLI Command Injection Vulnerability
A vulnerability in the CLI of Cisco NX-OS Software could allow an authenticated, local attacker to execute arbitrary commands as root on the underlying operating system of an affected device. This vulnerability is due to insufficient validation of arguments that are passed to specific...
7.4AI Score
EPSS
Vulnerabilities for packages: zarf, consul, flux, influxd, flux-source-controller, policy-controller, ksops, timestamp-authority, flux-helm-controller, opentofu, fulcio, argo-cd, neuvector-sigstore-interface, zot, nuclei, pulumi-kubernetes-operator, k3s, vexctl, glab, snyk-cli, kargo,...
6CVSS
6AI Score
0.0004EPSS
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: flux-source-controller, grype, kubeflow-katib, ip-masq-agent, nghttp2, cortex, tctl, gke-gcloud-auth-plugin, mc, kubescape, gitlab-shell, kyverno, node-problem-detector, weaviate, kaf, metacontroller, prometheus-blackbox-exporter, helm, cluster-autoscaler,...
7.5CVSS
9AI Score
0.732EPSS
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: istio-pilot-discovery, flux-source-controller, cloudflared, argo-cd, fulcio, vexctl, traefik, tekton-pipelines, terragrunt, gitsign, aactl, keda, kubescape, sops, kots, tekton-chains, external-secrets-operator, cosign, kyverno, vault, slsa-verifier, cilium-envoy,...
7.5AI Score
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: temporal-ui-server, supercronic, docker, logstash-exporter, prometheus-alertmanager, doppler-kubernetes-operator, flux-source-controller, kuberay-operator, grype, policy-controller, k8sgpt-operator, cloud-sql-proxy, kubeflow-katib, ip-masq-agent, zot, golangci-lint,...
7.5AI Score
GHSA-7WW5-4WQC-M92C vulnerabilities
Vulnerabilities for packages: kaniko, flux-source-controller, grype, telegraf, skaffold, flux-helm-controller, zot, tekton-pipelines, helm-push, k3d, kubescape, melange, kots, newrelic-infrastructure-agent, ctop, up, cert-manager, trivy, eksctl, helm, neuvector-agent, fuse-overlayfs-snapshotter,...
7.5AI Score
CVE-2024-25620 vulnerabilities
Vulnerabilities for packages: helm-operator, k9s, k8sgpt, zarf, helm-push, istio-operator, flux-source-controller, cilium-cli, cert-manager, chartmuseum, kubescape, flux-helm-controller, kots, trivy, eksctl, zot,...
6.4CVSS
6.7AI Score
0.0004EPSS
GHSA-R53H-JV2G-VPX6 vulnerabilities
Vulnerabilities for packages: helm-operator, k9s, k8sgpt, zarf, helm-push, istio-operator, flux-source-controller, cilium-cli, cert-manager, chartmuseum, kubescape, flux-helm-controller, kots, trivy, eksctl, zot,...
7.5AI Score
GHSA-JQ35-85CJ-FJ4P vulnerabilities
Vulnerabilities for packages: skaffold, k3s, tekton-pipelines, k3d, aactl, chartmuseum, kubescape, kpt, tekton-chains, ctop, loki, up, scorecard, slsa-verifier, cert-manager, bom, goreleaser, falco, paranoia,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: temporal-ui-server, supercronic, logstash-exporter, prometheus-alertmanager, direnv, doppler-kubernetes-operator, kuberay-operator, grype, k8sgpt-operator, cloud-sql-proxy, kubeflow-katib, mongo-tools, ip-masq-agent, golangci-lint, kubernetes, k3s, go-bindata,...
7.8AI Score
0.0004EPSS
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: temporal-ui-server, prometheus-alertmanager, flux-source-controller, grype, cloud-sql-proxy, kubeflow-katib, mongo-tools, zot, kubernetes, k3s, cortex, helm-push, kubescape, gitlab-shell, loki, kyverno, node-problem-detector, flux-image-reflector-controller,...
5.9CVSS
7.1AI Score
0.963EPSS