Custom Dashboard & Login Page – Agca Security Vulnerabilities

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: k3s, gh, tigera-operator, kubeflow-pipelines, nerdctl, grafana-operator, argo-cd, thanos-operator, gcsfuse, boring-registry, cilium, nuclei, dgraph, tekton-chains, kaf, pulumi, spire-server, doppler-kubernetes-operator, zot, prometheus-adapter, cri-tools, gitness,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: k3s, bazelisk, paranoia, gh, tigera-operator, kubeflow-pipelines, nerdctl, grafana-operator, helm-push, argo-cd, flannel-cni-plugin, nri-mssql, thanos-operator, wait-for-port, esbuild, gcsfuse, nuclei, dgraph, wazero, mage, direnv, nri-haproxy, nri-nginx, kaf,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: tfsec, wait-for-port, argo-cd, mods, boring-registry, cilium, tekton-chains, wazero, kaf, spire-server, shfmt, gitlab-logger, kube-rbac-proxy, metacontroller, grafana, kubevela, istio-cni, haproxy-ingress, temporal, cluster-api-controller, velero-plugin-for-aws,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: tfsec, ghaudit, paranoia, tigera-operator, wait-for-port, hcloud, grafana-operator, helm-push, mods, boring-registry, dgraph, tekton-chains, mage, direnv, rabbitmq-default-user-credential-updater, kaf, src-fingerprint, zot, go-md2man, prometheus-adapter, shfmt,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: tfsec, ghaudit, paranoia, tigera-operator, wait-for-port, hcloud, grafana-operator, helm-push, mods, boring-registry, dgraph, tekton-chains, mage, direnv, rabbitmq-default-user-credential-updater, kaf, src-fingerprint, zot, go-md2man, prometheus-adapter, shfmt,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: tfsec, wait-for-port, mods, boring-registry, cilium, tekton-chains, wazero, kaf, spire-server, shfmt, gitlab-logger, fluent-operator, rook, metacontroller, grafana, kubevela, istio-cni, haproxy-ingress, temporal, cluster-api-controller, velero-plugin-for-aws,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: cilium-envoy, render-template, wait-for-port, go-licenses, helm-push, flannel-cni-plugin, nsc, sops, gops, aws-flb-firehose, cni-plugins, vertical-pod-autoscaler, dgraph, kubernetes-dashboard-metrics-scraper, mage, metrics-server, go-bindata, scorecard, ctop, oras,...

CVE-2023-2253 vulnerabilities

Vulnerabilities for packages: aactl, goreleaser, kpt, bom, kubernetes-dashboard,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: k3s, argo-cd, thanos-operator, dgraph, kaf, pulumi, zot, prometheus-adapter, gitness, nfs-subdir-external-provisioner, newrelic-infrastructure-agent, prometheus-node-exporter, kpt, prometheus-stackdriver-exporter, gomplate, metacontroller, tctl, thanos, kubevela,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: k3s, tigera-operator, kubeflow-pipelines, nerdctl, helm-push, nri-mssql, argo-cd, boring-registry, dgraph, tekton-chains, kaf, src-fingerprint, pulumi, spire-server, zot, prometheus-adapter, gitness, nfs-subdir-external-provisioner, prometheus-node-exporter, falco,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: k3s, gh, tigera-operator, kubeflow-pipelines, nerdctl, grafana-operator, argo-cd, thanos-operator, gcsfuse, boring-registry, cilium, nuclei, dgraph, tekton-chains, kaf, pulumi, spire-server, doppler-kubernetes-operator, zot, prometheus-adapter, cri-tools, gitness,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: k3s, bazelisk, paranoia, gh, tigera-operator, kubeflow-pipelines, nerdctl, grafana-operator, helm-push, argo-cd, flannel-cni-plugin, nri-mssql, thanos-operator, wait-for-port, esbuild, gcsfuse, nuclei, dgraph, wazero, mage, direnv, nri-haproxy, nri-nginx, kaf,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: k3s, bazelisk, paranoia, gh, tigera-operator, kubeflow-pipelines, nerdctl, grafana-operator, helm-push, argo-cd, flannel-cni-plugin, nri-mssql, thanos-operator, wait-for-port, esbuild, gcsfuse, nuclei, dgraph, wazero, mage, direnv, nri-haproxy, nri-nginx, kaf,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: tfsec, wait-for-port, argo-cd, mods, boring-registry, cilium, tekton-chains, wazero, kaf, spire-server, shfmt, gitlab-logger, kube-rbac-proxy, metacontroller, grafana, kubevela, istio-cni, haproxy-ingress, temporal, cluster-api-controller, velero-plugin-for-aws,...

GHSA-2JWV-JMQ4-4J3R vulnerabilities

Vulnerabilities for packages: tfsec, ghaudit, paranoia, tigera-operator, wait-for-port, hcloud, grafana-operator, helm-push, mods, boring-registry, dgraph, tekton-chains, mage, direnv, rabbitmq-default-user-credential-updater, kaf, src-fingerprint, zot, go-md2man, prometheus-adapter, shfmt,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: tfsec, wait-for-port, mods, boring-registry, cilium, tekton-chains, wazero, kaf, spire-server, shfmt, gitlab-logger, fluent-operator, rook, metacontroller, grafana, kubevela, istio-cni, haproxy-ingress, temporal, cluster-api-controller, velero-plugin-for-aws,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: k3s, argo-cd, thanos-operator, dgraph, tekton-chains, kaf, pulumi, zot, prometheus-adapter, gitness, nfs-subdir-external-provisioner, newrelic-infrastructure-agent, prometheus-node-exporter, falco, nats, kpt, prometheus-stackdriver-exporter, gomplate, metacontroller,.....

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: k3s, bazelisk, paranoia, gh, tigera-operator, kubeflow-pipelines, nerdctl, grafana-operator, helm-push, argo-cd, flannel-cni-plugin, nri-mssql, thanos-operator, wait-for-port, esbuild, gcsfuse, nuclei, dgraph, wazero, mage, direnv, nri-haproxy, nri-nginx, kaf,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: k3s, bazelisk, paranoia, gh, tigera-operator, kubeflow-pipelines, nerdctl, grafana-operator, helm-push, argo-cd, flannel-cni-plugin, nri-mssql, thanos-operator, wait-for-port, esbuild, gcsfuse, nuclei, dgraph, wazero, mage, direnv, nri-haproxy, nri-nginx, kaf,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: k3s, bazelisk, paranoia, gh, tigera-operator, kubeflow-pipelines, nerdctl, grafana-operator, helm-push, argo-cd, flannel-cni-plugin, nri-mssql, thanos-operator, wait-for-port, esbuild, gcsfuse, nuclei, dgraph, wazero, mage, direnv, nri-haproxy, nri-nginx, kaf,...

GHSA-49GW-VXVF-FC2G vulnerabilities

Vulnerabilities for packages: tfsec, wait-for-port, mods, boring-registry, cilium, tekton-chains, wazero, kaf, spire-server, shfmt, gitlab-logger, fluent-operator, rook, metacontroller, grafana, kubevela, istio-cni, haproxy-ingress, temporal, cluster-api-controller, velero-plugin-for-aws,...

CVE-2023-39326 vulnerabilities

Vulnerabilities for packages: cilium-envoy, render-template, wait-for-port, go-licenses, helm-push, flannel-cni-plugin, nsc, sops, gops, aws-flb-firehose, cni-plugins, vertical-pod-autoscaler, dgraph, kubernetes-dashboard-metrics-scraper, mage, metrics-server, go-bindata, scorecard, ctop, oras,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: cilium-envoy, render-template, wait-for-port, go-licenses, helm-push, flannel-cni-plugin, nsc, sops, gops, aws-flb-firehose, cni-plugins, vertical-pod-autoscaler, dgraph, kubernetes-dashboard-metrics-scraper, mage, metrics-server, go-bindata, scorecard, ctop, oras,...

GHSA-9F76-WG39-X86H vulnerabilities

Vulnerabilities for packages: cilium-envoy, render-template, wait-for-port, go-licenses, helm-push, flannel-cni-plugin, nsc, sops, gops, aws-flb-firehose, cni-plugins, vertical-pod-autoscaler, dgraph, kubernetes-dashboard-metrics-scraper, mage, metrics-server, go-bindata, scorecard, ctop, oras,...

GHSA-2WRH-6PVC-2JM9 vulnerabilities

Vulnerabilities for packages: k3s, argo-cd, thanos-operator, dgraph, kaf, pulumi, zot, prometheus-adapter, gitness, nfs-subdir-external-provisioner, newrelic-infrastructure-agent, prometheus-node-exporter, kpt, prometheus-stackdriver-exporter, gomplate, metacontroller, tctl, thanos, kubevela,...

GHSA-4374-P667-P6C8 vulnerabilities

Vulnerabilities for packages: k3s, argo-cd, thanos-operator, dgraph, tekton-chains, kaf, pulumi, zot, prometheus-adapter, gitness, nfs-subdir-external-provisioner, newrelic-infrastructure-agent, prometheus-node-exporter, falco, nats, kpt, prometheus-stackdriver-exporter, gomplate, metacontroller,.....

GHSA-45X7-PX36-X8W8 vulnerabilities

Vulnerabilities for packages: k3s, tigera-operator, kubeflow-pipelines, nerdctl, helm-push, nri-mssql, argo-cd, boring-registry, dgraph, tekton-chains, kaf, src-fingerprint, pulumi, spire-server, zot, prometheus-adapter, gitness, nfs-subdir-external-provisioner, prometheus-node-exporter, falco,...

GHSA-HQXW-F8MX-CPMW vulnerabilities

Vulnerabilities for packages: aactl, goreleaser, kpt, bom, kubernetes-dashboard,...

CVE-2024-24783 vulnerabilities

Vulnerabilities for packages: k3s, bazelisk, paranoia, gh, tigera-operator, kubeflow-pipelines, nerdctl, grafana-operator, helm-push, argo-cd, flannel-cni-plugin, nri-mssql, thanos-operator, wait-for-port, esbuild, gcsfuse, nuclei, dgraph, wazero, mage, direnv, nri-haproxy, nri-nginx, kaf,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: k3s, bazelisk, paranoia, gh, tigera-operator, kubeflow-pipelines, nerdctl, grafana-operator, helm-push, argo-cd, flannel-cni-plugin, nri-mssql, thanos-operator, wait-for-port, esbuild, gcsfuse, nuclei, dgraph, wazero, mage, direnv, nri-haproxy, nri-nginx, kaf,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: k3s, bazelisk, paranoia, gh, tigera-operator, kubeflow-pipelines, nerdctl, grafana-operator, helm-push, argo-cd, flannel-cni-plugin, nri-mssql, thanos-operator, wait-for-port, esbuild, gcsfuse, nuclei, dgraph, wazero, mage, direnv, nri-haproxy, nri-nginx, kaf,...

CVE-2024-24788 vulnerabilities

Vulnerabilities for packages: tfsec, ghaudit, paranoia, tigera-operator, wait-for-port, hcloud, grafana-operator, helm-push, mods, boring-registry, dgraph, tekton-chains, mage, direnv, rabbitmq-default-user-credential-updater, kaf, src-fingerprint, zot, go-md2man, prometheus-adapter, shfmt,...

GHSA-236W-P7WF-5PH8 vulnerabilities

Vulnerabilities for packages: tfsec, wait-for-port, mods, boring-registry, cilium, tekton-chains, wazero, kaf, spire-server, shfmt, gitlab-logger, fluent-operator, rook, metacontroller, grafana, kubevela, istio-cni, haproxy-ingress, temporal, cluster-api-controller, velero-plugin-for-aws,...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: k3s, bazelisk, paranoia, gh, tigera-operator, kubeflow-pipelines, nerdctl, grafana-operator, helm-push, argo-cd, flannel-cni-plugin, nri-mssql, thanos-operator, wait-for-port, esbuild, gcsfuse, nuclei, dgraph, wazero, mage, direnv, nri-haproxy, nri-nginx, kaf,...

CVE-2024-5062

A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a.....

CVE-2024-5062

A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a.....

CVE-2024-5062 Reflected XSS through survey redirect parameter in zenml-io/zenml

A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a.....

CVE-2024-6414

A vulnerability classified as problematic has been found in Parsec Automation TrakSYS 11.x.x. Affected is an unknown function of the file TS/export/contentpage of the component Export Page. The manipulation of the argument ID leads to direct request. It is possible to launch the attack remotely....

CVE-2024-6414

A vulnerability classified as problematic has been found in Parsec Automation TrakSYS 11.x.x. Affected is an unknown function of the file TS/export/contentpage of the component Export Page. The manipulation of the argument ID leads to direct request. It is possible to launch the attack remotely....

CVE-2024-6414 Parsec Automation TrakSYS Export Page contentpage direct request

A vulnerability classified as problematic has been found in Parsec Automation TrakSYS 11.x.x. Affected is an unknown function of the file TS/export/contentpage of the component Export Page. The manipulation of the argument ID leads to direct request. It is possible to launch the attack remotely....

CVE-2024-5819

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-5819

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-5819 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.45 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-5819 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.45 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-5790

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-6363

The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock_ticker shortcode in all versions up to, and including, 3.24.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-6363

The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock_ticker shortcode in all versions up to, and including, 3.24.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...

CVE-2024-5790

The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for...

CVE-2024-5666

The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the EE Button widget in all versions up to, and including, 2.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...

CVE-2024-5666

The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the EE Button widget in all versions up to, and including, 2.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...