Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application
A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database. Tracked as CVE-2024-5276, the vulnerability carries a CVSS score of 9.8. It impacts FileCatalyst Workflow versions 5.1.6 Build 135...
9.8CVSS
8.2AI Score
0.0004EPSS
The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the...
EPSS
The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the...
6.5AI Score
EPSS
CVE-2024-1330 Kadence Blocks Pro < 2.3.8 - Contributor+ Arbitrary Option Access
The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the...
EPSS
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL parameter of the De Gallery widget in all versions up to and including 2.1.5 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for....
5.4CVSS
EPSS
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL parameter of the De Gallery widget in all versions up to and including 2.1.5 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for....
5.4CVSS
5.1AI Score
EPSS
The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL parameter of the De Gallery widget in all versions up to and including 2.1.5 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for....
5.4CVSS
EPSS
In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with...
6.7AI Score
EPSS
Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with ...
6.1CVSS
6.1AI Score
0.0004EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.4CVSS
EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.4CVSS
5.8AI Score
EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.4CVSS
5.8AI Score
EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.4CVSS
EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.4CVSS
EPSS
The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...
6.4CVSS
EPSS
Security Bulletin: IBM MQ Appliance vulnerable to open redirect (CVE-2024-29041)
Summary IBM MQ Appliance has addressed an open redirect vulnerability. Vulnerability Details CVEID: CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using....
6.1CVSS
6.7AI Score
0.0004EPSS
Security Bulletin: IBM MQ Appliance vulnerable to "Terrapin" attack in OpenSSH (CVE-2023-48795)
Summary By manipulating sequence numbers during SSH connection setup, a MITM attacker can delete negotiation messages without causing a MAC failure. To mitigate this vulnerability, IBM MQ Appliance has removed the chacha20-poly1305 cipher and all etm HMACs from the default set of algorithms...
5.9CVSS
6.9AI Score
0.963EPSS
The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above....
8.8CVSS
8.9AI Score
EPSS
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget parameters in all versions up to, and including, 3.2.42 due to insufficient input sanitization and output escaping. This makes it possible....
6.4CVSS
EPSS
The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above....
8.8CVSS
EPSS
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget parameters in all versions up to, and including, 3.2.42 due to insufficient input sanitization and output escaping. This makes it possible....
6.4CVSS
5.7AI Score
EPSS
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: gatekeeper, nats-server, helm, prometheus-elasticsearch-exporter, lazygit, ctop, hubble-ui, chartmuseum, cni-plugins, nri-rabbitmq, secrets-store-csi-driver-provider-aws, cue, rqlite, bazelisk, tctl, k8ssandra-operator, nvidia-device-plugin, pulumi,...
7.8AI Score
0.0004EPSS
Vulnerabilities for packages: rook, flux-image-automation-controller, sops, kyverno, sigstore-scaffolding, grafana-mimir, consul, nuclei, kargo, gitlab-kas, tekton-pipelines, zarf, flux-kustomize-controller, goreleaser, guac, rabbitmq-messaging-topology-operator, pulumi, vexctl,...
6CVSS
6AI Score
0.0004EPSS
9.8CVSS
9.7AI Score
0.002EPSS
7.5AI Score
GHSA-2G68-C3QC-8985 vulnerabilities
Vulnerabilities for packages: py3.10-tensorflow-core, py3-werkzeug, kubeflow-volumes-web-app, kubeflow-jupyter-web-app,...
7.5AI Score
CVE-2024-34069 vulnerabilities
Vulnerabilities for packages: py3.10-tensorflow-core, py3-werkzeug, kubeflow-volumes-web-app, kubeflow-jupyter-web-app,...
7.5CVSS
7.8AI Score
0.0004EPSS
GHSA-84PR-M4JR-85G5 vulnerabilities
Vulnerabilities for packages: py3-flask-cors, kubeflow-volumes-web-app,...
7.5AI Score
CVE-2021-28543 affecting package varnish-modules 0.16.0-4
CVE-2021-28543 affecting package varnish-modules 0.16.0-4. This CVE either no longer is or was never...
7.5CVSS
7AI Score
0.002EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: gatekeeper, rook, melange, helm, prometheus-elasticsearch-exporter, ctop, hubble-ui, chartmuseum, newrelic-nri-kube-events, secrets-store-csi-driver-provider-aws, rqlite, vault, tctl, k8ssandra-operator, osv-scanner, traefik, grafana-agent-operator,...
7.5AI Score
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: gatekeeper, nats-server, git-lfs, melange, helm, libssh2, step, vault, rqlite, gitlab-kas, traefik, pulumi, prometheus-mysqld-exporter, vexctl, external-secrets-operator, terraform-provider-aws, argo-cd, gitness, k3d, kubernetes-event-exporter, kubernetes-dashboard,...
5.9CVSS
7.1AI Score
0.963EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: nats-server, git-lfs, harbor-registry, cue, bazelisk, osv-scanner, aws-network-policy-agent, vexctl, prometheus-mysqld-exporter, volume-modifier-for-k8s, bincapz, keda, k9s, tfsec, gitness, chezmoi, k3d, kube-rbac-proxy, nri-haproxy, boring-registry, regclient,...
6.8AI Score
0.0004EPSS
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: rook, nats-server, git-lfs, harbor-registry, bazelisk, osv-scanner, vexctl, prometheus-mysqld-exporter, volume-modifier-for-k8s, teleport, keda, k9s, hey, tfsec, gitness, chezmoi, k3d, nri-haproxy, wolfictl, boring-registry, regclient, controller-gen, cloud-sql-proxy,....
5.5CVSS
6.1AI Score
0.0004EPSS
GHSA-V6V8-XJ6M-XWQH vulnerabilities
Vulnerabilities for packages: rook, flux-image-automation-controller, sops, kyverno, sigstore-scaffolding, grafana-mimir, consul, nuclei, kargo, gitlab-kas, tekton-pipelines, zarf, flux-kustomize-controller, goreleaser, guac, rabbitmq-messaging-topology-operator, pulumi, vexctl,...
7.5AI Score
Vulnerabilities for packages: gatekeeper, git-lfs, helm, prometheus-elasticsearch-exporter, chartmuseum, vault, cue, rqlite, tctl, nvidia-device-plugin, pulumi, prometheus-mysqld-exporter, karpenter, keda, flux-notification-controller, external-secrets-operator, argo-cd, hey, gitness, k3d,...
6.1CVSS
7.3AI Score
0.001EPSS
GHSA-JJG7-2V4V-X38H vulnerabilities
Vulnerabilities for packages: dask-gateway, ggshield, datadog-agent, py3.10-tensorflow-core, kubeflow-volumes-web-app, jwt-tool, kubeflow-pipelines-visualization-server, py3-idna, confluent-docker-utils, py3-cassandra-medusa, az, kubeflow-jupyter-web-app, kubeflow-katib, k8s-sidecar,...
7.5AI Score
GHSA-H75V-3VVJ-5MFJ vulnerabilities
Vulnerabilities for packages: dask-gateway, kubeflow-volumes-web-app, pytorch, confluent-docker-utils, py3-jinja2, kubeflow-jupyter-web-app, superset,...
7.5AI Score
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: gatekeeper, rook, melange, helm, prometheus-elasticsearch-exporter, ctop, hubble-ui, chartmuseum, newrelic-nri-kube-events, secrets-store-csi-driver-provider-aws, rqlite, vault, tctl, k8ssandra-operator, osv-scanner, traefik, grafana-agent-operator,...
6.8AI Score
0.0004EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: gatekeeper, nats-server, helm, prometheus-elasticsearch-exporter, lazygit, ctop, hubble-ui, chartmuseum, cni-plugins, nri-rabbitmq, secrets-store-csi-driver-provider-aws, cue, rqlite, bazelisk, tctl, k8ssandra-operator, nvidia-device-plugin, pulumi,...
7.8AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: gatekeeper, nats-server, helm, prometheus-elasticsearch-exporter, lazygit, ctop, hubble-ui, chartmuseum, cni-plugins, nri-rabbitmq, secrets-store-csi-driver-provider-aws, cue, rqlite, bazelisk, tctl, k8ssandra-operator, nvidia-device-plugin, pulumi,...
7.5AI Score
Vulnerabilities for packages: dask-gateway, ggshield, datadog-agent, py3.10-tensorflow-core, kubeflow-volumes-web-app, jwt-tool, kubeflow-pipelines-visualization-server, py3-idna, confluent-docker-utils, py3-cassandra-medusa, az, kubeflow-jupyter-web-app, kubeflow-katib, k8s-sidecar,...
6.7AI Score
EPSS
GHSA-G4MX-Q9VG-27P4 vulnerabilities
Vulnerabilities for packages: kubeflow-volumes-web-app, jwt-tool, py3-urllib3, kubeflow-jupyter-web-app,...
7.5AI Score
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: gatekeeper, git-lfs, helm, prometheus-elasticsearch-exporter, chartmuseum, vault, cue, rqlite, tctl, go, nvidia-device-plugin, pulumi, prometheus-mysqld-exporter, karpenter, kubernetes-dns-node-cache, keda, flux-notification-controller, external-secrets-operator,...
7.5CVSS
8.4AI Score
0.002EPSS
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: nats-server, git-lfs, harbor-registry, cue, bazelisk, osv-scanner, aws-network-policy-agent, vexctl, prometheus-mysqld-exporter, volume-modifier-for-k8s, bincapz, keda, k9s, tfsec, gitness, chezmoi, k3d, kube-rbac-proxy, nri-haproxy, boring-registry, regclient,...
7.5AI Score
CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: rook, nats-server, git-lfs, harbor-registry, bazelisk, osv-scanner, vexctl, prometheus-mysqld-exporter, volume-modifier-for-k8s, teleport, keda, k9s, hey, tfsec, gitness, chezmoi, k3d, nri-haproxy, wolfictl, boring-registry, regclient, controller-gen, cloud-sql-proxy,....
9.8CVSS
9.8AI Score
0.001EPSS
GHSA-9763-4F94-GFCH vulnerabilities
Vulnerabilities for packages: flux-image-automation-controller, sops, melange, terraform-provider-google, vault, crossplane-provider-aws, zarf, flux-kustomize-controller, goreleaser, pulumi-language-java, pulumi, vexctl, grafana, spire-server, keda, flux, flux-notification-controller,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: gatekeeper, nats-server, helm, prometheus-elasticsearch-exporter, lazygit, ctop, hubble-ui, chartmuseum, cni-plugins, nri-rabbitmq, secrets-store-csi-driver-provider-aws, cue, rqlite, bazelisk, tctl, k8ssandra-operator, nvidia-device-plugin, pulumi,...
7.5AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: gatekeeper, nats-server, helm, prometheus-elasticsearch-exporter, lazygit, ctop, hubble-ui, chartmuseum, cni-plugins, nri-rabbitmq, secrets-store-csi-driver-provider-aws, cue, rqlite, bazelisk, tctl, k8ssandra-operator, nvidia-device-plugin, pulumi,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: gatekeeper, nats-server, helm, prometheus-elasticsearch-exporter, lazygit, ctop, hubble-ui, chartmuseum, cni-plugins, nri-rabbitmq, secrets-store-csi-driver-provider-aws, cue, rqlite, bazelisk, tctl, k8ssandra-operator, nvidia-device-plugin, pulumi,...
7.5AI Score
CVE-2024-34064 vulnerabilities
Vulnerabilities for packages: dask-gateway, kubeflow-volumes-web-app, pytorch, confluent-docker-utils, py3-jinja2, kubeflow-jupyter-web-app, superset,...
5.4CVSS
6.1AI Score
0.0004EPSS