Insufficient Session Expiration in github.com/greenpau/caddy-security
Insufficient Session Expiration in...
4.8CVSS
6.7AI Score
0.0004EPSS
The DES/3DES cipher was used as part of the TLS protocol by installation tools in...
7.1AI Score
Nginx-UI vulnerable to authenticated RCE through injecting into the application config via CRLF in...
8.8CVSS
6.5AI Score
0.001EPSS
5.4CVSS
5.6AI Score
0.005EPSS
Insecure random string generator used for sensitive data in github.com/cubefs/cubefs
Insecure random string generator used for sensitive data in...
9.8CVSS
6.7AI Score
0.001EPSS
chasquid HTTP Request/Response Smuggling vulnerability in github.com/albertito/chasquid in...
7.5CVSS
6.7AI Score
0.0005EPSS
Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server
Mattermost fails to limit the number of role names in...
4.3CVSS
6.6AI Score
0.0004EPSS
Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability in...
7.5CVSS
6.6AI Score
0.001EPSS
SFTP is possible on the Proxy server for any user with SFTP access in...
7.2AI Score
Etcd pkg Insecure ciphers are allowed by default in go.etcd.io/etcd/client/pkg/v3
Etcd pkg Insecure ciphers are allowed by default in...
7.1AI Score
Rancher's External RoleTemplates can lead to privilege escalation in github.com/rancher/rancher
Rancher's External RoleTemplates can lead to privilege escalation in...
7.1AI Score
EPSS
LocalAI path traversal vulnerability in github.com/go-skynet/LocalAI
LocalAI path traversal vulnerability in...
7.5CVSS
6.7AI Score
0.0004EPSS
Rancher's RKE1 Encryption Config kept in plain-text within cluster AppliedSpec in...
6.9AI Score
EPSS
Argo-cd authenticated users can enumerate clusters by name in github.com/argoproj/argo-cd
Argo-cd authenticated users can enumerate clusters by name in...
4.3CVSS
6.5AI Score
0.0004EPSS
Evmos is missing precompile checks in github.com/evmos/evmos
Evmos is missing precompile checks in...
3.5CVSS
6.6AI Score
0.0004EPSS
SpiceDB exclusions can result in no permission returned when permission expected in...
3.7CVSS
6.7AI Score
0.0004EPSS
ACME DNS: Azure Identity Libraries Elevation of Privilege Vulnerability in...
5.5CVSS
6.7AI Score
0.0004EPSS
Improper trust check in Bazel Build intellij plugin in github.com/bazelbuild/intellij
Improper trust check in Bazel Build intellij plugin in...
6.9AI Score
0.0004EPSS
AdGuardHome privilege escalation vulnerability in github.com/AdguardTeam/AdGuardHome
AdGuardHome privilege escalation vulnerability in...
7AI Score
0.0004EPSS
Openshift/telemeter: iss check during jwt authentication can be bypassed in...
7.5CVSS
7AI Score
0.001EPSS
Rancher does not automatically clean up a user deleted or disabled from the configured Authentication Provider in...
6.8AI Score
EPSS
Minder affected by denial of service from maliciously configured Git repository in...
5.7CVSS
6.7AI Score
0.0004EPSS
Evmos is missing create validator check in github.com/evmos/evmos
Evmos is missing create validator check in...
3.5CVSS
3.9AI Score
0.0004EPSS
SQL injection vulnerability in Gin-vue-admin in github.com/flipped-aurora/gin-vue-admin
SQL injection vulnerability in Gin-vue-admin in...
8.8CVSS
7.9AI Score
0.0004EPSS
SFTPGo has insufficient access control for password reset in github.com/drakkan/sftpgo
SFTPGo has insufficient access control for password reset in...
5.4CVSS
7AI Score
0.0004EPSS
Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an remote authenticated attacker to obtain sensitive information on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability....
6.3AI Score
0.0004EPSS
Security Bulletin: Vulnerability in Apache Commons Compress affects IBM Process Mining Multiple CVEs
Summary There is a vulnerability in Apache Commons Compress that could allow an remote attacker exploit to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability...
8.1CVSS
7.2AI Score
0.001EPSS
Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an attacker to perform a DNS poisoning attack on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details...
6.9AI Score
0.0004EPSS
Security Bulletin: Vulnerability in Netty affects IBM Process Mining CVE-2024-29025
Summary There is a vulnerability in Netty that could allow an attacker to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-29025 ...
5.3CVSS
7.1AI Score
0.0004EPSS
Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an attacker to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability...
7.1AI Score
0.0004EPSS
Security Bulletin: Vulnerability in Pydantic affects IBM Process Mining CVE-2024-3772
Summary There is a vulnerability in Pydantic that could allow an attacker to cause a denial of service on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-3772 ...
5.9CVSS
7.2AI Score
0.0004EPSS
Security Bulletin: Vulnerability in Node.js affects IBM Process Mining CVE-2024-28849
Summary There is a vulnerability in Node.js that could allow an remote authenticated attacker to obtain sensitive information on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID:...
6.5CVSS
6.3AI Score
0.0004EPSS
Summary There is a vulnerability in VMware Tanzu Spring Framework that could allow a remote attacker to conduct phishing attacks on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID:....
8.1CVSS
6.8AI Score
0.0004EPSS
Security Bulletin: Vulnerability in Gunicorn affects IBM Process Mining CVE-2024-1135
Summary There is a vulnerability in Gunicorn that could allow an attacker to conduct XSS attacks on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-1135 DESCRIPTION:...
7.5CVSS
6.2AI Score
0.0004EPSS
Summary There is a vulnerability in Bouncy Castle Crypto Package For Java that could allow an attacker to cause excessive CPU consumption on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details.....
7.1AI Score
EPSS
Security Bulletin: Vulnerability in sqlparse affects IBM Process Mining CVE-2024-4340
Summary There is a vulnerability in sqlparse that could allow an attacker to cause a denial of service condition on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-4340 .....
7.5CVSS
7.2AI Score
0.0004EPSS
Security Bulletin: Vulnerability in Pallets Werkzeug affects IBM Process Mining CVE-2024-34069
Summary There is a vulnerability in Pallets Werkzeug that could allow an attacker to gain elevated privileges on the system. The code is used by IBM Process Mining. This bulletin identifies the security fixes to apply to address the vulnerability. Vulnerability Details ** CVEID: CVE-2024-34069 ...
7.5CVSS
8AI Score
0.0004EPSS
3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords
Update #1: As of 12:36PM EST, another plugin has been infected. We've updated the list below to include this fourth plugin and the plugins team has been notified. Update #2: As of 2:20 PM EST, two more plugins appear to have malicious commits, however, the releases have not officially been made...
7.1AI Score
Summary WebSphere Application Server is shipped as a component of IBM Business Automation Workflow. Information about a security vulnerability affecting IBM WebSphere Application Server Traditional have been published in a security bulletin. Vulnerability Details Refer to the security bulletin(s).....
8.8CVSS
8.6AI Score
0.0004EPSS
CometBFT is unstability during blocksync when syncing from malicious peer
Name: ASA-2024-008: Instability during blocksync when syncing from malicious peer Component: CometBFT Criticality: Medium (ACMv1: I:Moderate; L: Possible) Affected versions: < v0.38.7 Summary An issue was identified for nodes syncing on an existing network during blocksync in which a malicious.....
6.7AI Score
CometBFT is unstability during blocksync when syncing from malicious peer
Name: ASA-2024-008: Instability during blocksync when syncing from malicious peer Component: CometBFT Criticality: Medium (ACMv1: I:Moderate; L: Possible) Affected versions: < v0.38.7 Summary An issue was identified for nodes syncing on an existing network during blocksync in which a malicious.....
6.7AI Score
Summary IBM Master Data Management version 11.6 and 12.0 is impacted by vulnerability to identity spoofing in WebSphere Application Server. IBM WebSphere Application Server is vulnerable to identity spoofing by an authenticated user due to improper signature validation. Vulnerability Details **...
8.8CVSS
8.3AI Score
0.0004EPSS
tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version...
4.3CVSS
0.0004EPSS
tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version...
4.3CVSS
6.8AI Score
0.0004EPSS
tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version...
4.3CVSS
4.5AI Score
0.0004EPSS
CVE-2024-29038 tpm2 does not detect if quote was not generated by TPM
tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version...
4.3CVSS
0.0004EPSS
CVE-2024-29038 tpm2 does not detect if quote was not generated by TPM
tpm2-tools is the source repository for the Trusted Platform Module (TPM2.0) tools. A malicious attacker can generate arbitrary quote data which is not detected by tpm2 checkquote. This issue was patched in version...
4.3CVSS
7.2AI Score
0.0004EPSS
5.5AI Score
0.0004EPSS
Summary An unspecified IBM SDK, Java Technology Edition vulnerability is addressed. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no confidentiality impact, no integrity...
5.9CVSS
7.6AI Score
0.001EPSS
Summary An unspecified IBM SDK, Java Technology Edition vulnerability is addressed. Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality impacts. CVSS Base...
3.7CVSS
5.9AI Score
0.001EPSS