Desigo Px Automation Controllers Pxc00-u, Pxc64-u, Pxc128-u With Desigo Px Web Modules Pxa30-w0, Pxa30-w1, Pxa30-w2 Security Vulnerabilities

Critical SQLi Vulnerability Found in Fortra FileCatalyst Workflow Application

A critical security flaw has been disclosed in Fortra FileCatalyst Workflow that, if left unpatched, could allow an attacker to tamper with the application database. Tracked as CVE-2024-5276, the vulnerability carries a CVSS score of 9.8. It impacts FileCatalyst Workflow versions 5.1.6 Build 135...

CVE-2024-1330

The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the...

CVE-2024-1330

The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the...

CVE-2024-1330 Kadence Blocks Pro < 2.3.8 - Contributor+ Arbitrary Option Access

The kadence-blocks-pro WordPress plugin before 2.3.8 does not prevent users with at least the contributor role using some of its shortcode's functionalities to leak arbitrary options from the...

CVE-2024-6283

The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL parameter of the De Gallery widget in all versions up to and including 2.1.5 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for....

CVE-2024-6283

The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL parameter of the De Gallery widget in all versions up to and including 2.1.5 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for....

CVE-2024-6283 DethemeKit For Elementor <= 2.1.5 - Authenticated (Contributor+) Stored Cross-Site Scripting via URL Parameter of the De Gallery Widget

The DethemeKit For Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the URL parameter of the De Gallery widget in all versions up to and including 2.1.5 due to insufficient input sanitization and output escaping on user-supplied attributes. This makes it possible for....

CVE-2024-39459

In rare cases Jenkins Plain Credentials Plugin 182.v468b_97b_9dcb_8 and earlier stores secret file credentials unencrypted (only Base64 encoded) on the Jenkins controller file system, where they can be viewed by users with access to the Jenkins controller file system (global credentials) or with...

CVE-2024-21520

Versions of the package djangorestframework before 3.15.2 are vulnerable to Cross-site Scripting (XSS) via the break_long_headers template filter due to improper input sanitization before splitting and joining with ...

CVE-2024-4570

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

CVE-2024-4570

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

CVE-2024-4569

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

CVE-2024-4569

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

CVE-2024-4570 Elementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

CVE-2024-4569 Elementor Addon Elements <= 1.13.5 - Authenticated (Contributor+) Stored Cross-Site Scripting

The Elementor Addon Elements plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter in versions up to, and including, 1.13.5 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with contributor-level...

Security Bulletin: IBM MQ Appliance vulnerable to open redirect (CVE-2024-29041)

Summary IBM MQ Appliance has addressed an open redirect vulnerability. Vulnerability Details CVEID: CVE-2024-29041 DESCRIPTION: Express.js Express could allow a remote attacker to conduct phishing attacks, caused by an open redirect vulnerability. An attacker could exploit this vulnerability using....

Security Bulletin: IBM MQ Appliance vulnerable to "Terrapin" attack in OpenSSH (CVE-2023-48795)

Summary By manipulating sequence numbers during SSH connection setup, a MITM attacker can delete negotiation messages without causing a MAC failure. To mitigate this vulnerability, IBM MQ Appliance has removed the chacha20-poly1305 cipher and all etm HMACs from the default set of algorithms...

CVE-2024-6054

The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above....

CVE-2024-5289

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget parameters in all versions up to, and including, 3.2.42 due to insufficient input sanitization and output escaping. This makes it possible....

CVE-2024-6054

The Auto Featured Image plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'create_post_attachment_from_url' function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with contributor-level and above....

CVE-2024-5289

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Google Maps widget parameters in all versions up to, and including, 3.2.42 due to insufficient input sanitization and output escaping. This makes it possible....

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: gatekeeper, nats-server, helm, prometheus-elasticsearch-exporter, lazygit, ctop, hubble-ui, chartmuseum, cni-plugins, nri-rabbitmq, secrets-store-csi-driver-provider-aws, cue, rqlite, bazelisk, tctl, k8ssandra-operator, nvidia-device-plugin, pulumi,...

CVE-2024-6104 vulnerabilities

Vulnerabilities for packages: rook, flux-image-automation-controller, sops, kyverno, sigstore-scaffolding, grafana-mimir, consul, nuclei, kargo, gitlab-kas, tekton-pipelines, zarf, flux-kustomize-controller, goreleaser, guac, rabbitmq-messaging-topology-operator, pulumi, vexctl,...

CVE-2023-41419 vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app,...

GHSA-X7M3-JPRG-WC5G vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app,...

GHSA-2G68-C3QC-8985 vulnerabilities

Vulnerabilities for packages: py3.10-tensorflow-core, py3-werkzeug, kubeflow-volumes-web-app, kubeflow-jupyter-web-app,...

CVE-2024-34069 vulnerabilities

Vulnerabilities for packages: py3.10-tensorflow-core, py3-werkzeug, kubeflow-volumes-web-app, kubeflow-jupyter-web-app,...

GHSA-84PR-M4JR-85G5 vulnerabilities

Vulnerabilities for packages: py3-flask-cors, kubeflow-volumes-web-app,...

CVE-2021-28543 affecting package varnish-modules 0.16.0-4

CVE-2021-28543 affecting package varnish-modules 0.16.0-4. This CVE either no longer is or was never...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: gatekeeper, rook, melange, helm, prometheus-elasticsearch-exporter, ctop, hubble-ui, chartmuseum, newrelic-nri-kube-events, secrets-store-csi-driver-provider-aws, rqlite, vault, tctl, k8ssandra-operator, osv-scanner, traefik, grafana-agent-operator,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: gatekeeper, nats-server, git-lfs, melange, helm, libssh2, step, vault, rqlite, gitlab-kas, traefik, pulumi, prometheus-mysqld-exporter, vexctl, external-secrets-operator, terraform-provider-aws, argo-cd, gitness, k3d, kubernetes-event-exporter, kubernetes-dashboard,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: nats-server, git-lfs, harbor-registry, cue, bazelisk, osv-scanner, aws-network-policy-agent, vexctl, prometheus-mysqld-exporter, volume-modifier-for-k8s, bincapz, keda, k9s, tfsec, gitness, chezmoi, k3d, kube-rbac-proxy, nri-haproxy, boring-registry, regclient,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: rook, nats-server, git-lfs, harbor-registry, bazelisk, osv-scanner, vexctl, prometheus-mysqld-exporter, volume-modifier-for-k8s, teleport, keda, k9s, hey, tfsec, gitness, chezmoi, k3d, nri-haproxy, wolfictl, boring-registry, regclient, controller-gen, cloud-sql-proxy,....

GHSA-V6V8-XJ6M-XWQH vulnerabilities

Vulnerabilities for packages: rook, flux-image-automation-controller, sops, kyverno, sigstore-scaffolding, grafana-mimir, consul, nuclei, kargo, gitlab-kas, tekton-pipelines, zarf, flux-kustomize-controller, goreleaser, guac, rabbitmq-messaging-topology-operator, pulumi, vexctl,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: gatekeeper, git-lfs, helm, prometheus-elasticsearch-exporter, chartmuseum, vault, cue, rqlite, tctl, nvidia-device-plugin, pulumi, prometheus-mysqld-exporter, karpenter, keda, flux-notification-controller, external-secrets-operator, argo-cd, hey, gitness, k3d,...

GHSA-JJG7-2V4V-X38H vulnerabilities

Vulnerabilities for packages: dask-gateway, ggshield, datadog-agent, py3.10-tensorflow-core, kubeflow-volumes-web-app, jwt-tool, kubeflow-pipelines-visualization-server, py3-idna, confluent-docker-utils, py3-cassandra-medusa, az, kubeflow-jupyter-web-app, kubeflow-katib, k8s-sidecar,...

GHSA-H75V-3VVJ-5MFJ vulnerabilities

Vulnerabilities for packages: dask-gateway, kubeflow-volumes-web-app, pytorch, confluent-docker-utils, py3-jinja2, kubeflow-jupyter-web-app, superset,...

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: gatekeeper, rook, melange, helm, prometheus-elasticsearch-exporter, ctop, hubble-ui, chartmuseum, newrelic-nri-kube-events, secrets-store-csi-driver-provider-aws, rqlite, vault, tctl, k8ssandra-operator, osv-scanner, traefik, grafana-agent-operator,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: gatekeeper, nats-server, helm, prometheus-elasticsearch-exporter, lazygit, ctop, hubble-ui, chartmuseum, cni-plugins, nri-rabbitmq, secrets-store-csi-driver-provider-aws, cue, rqlite, bazelisk, tctl, k8ssandra-operator, nvidia-device-plugin, pulumi,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: gatekeeper, nats-server, helm, prometheus-elasticsearch-exporter, lazygit, ctop, hubble-ui, chartmuseum, cni-plugins, nri-rabbitmq, secrets-store-csi-driver-provider-aws, cue, rqlite, bazelisk, tctl, k8ssandra-operator, nvidia-device-plugin, pulumi,...

CVE-2024-3651 vulnerabilities

Vulnerabilities for packages: dask-gateway, ggshield, datadog-agent, py3.10-tensorflow-core, kubeflow-volumes-web-app, jwt-tool, kubeflow-pipelines-visualization-server, py3-idna, confluent-docker-utils, py3-cassandra-medusa, az, kubeflow-jupyter-web-app, kubeflow-katib, k8s-sidecar,...

GHSA-G4MX-Q9VG-27P4 vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app, jwt-tool, py3-urllib3, kubeflow-jupyter-web-app,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: gatekeeper, git-lfs, helm, prometheus-elasticsearch-exporter, chartmuseum, vault, cue, rqlite, tctl, go, nvidia-device-plugin, pulumi, prometheus-mysqld-exporter, karpenter, kubernetes-dns-node-cache, keda, flux-notification-controller, external-secrets-operator,...

GHSA-4V7X-PQXF-CX7M vulnerabilities

Vulnerabilities for packages: nats-server, git-lfs, harbor-registry, cue, bazelisk, osv-scanner, aws-network-policy-agent, vexctl, prometheus-mysqld-exporter, volume-modifier-for-k8s, bincapz, keda, k9s, tfsec, gitness, chezmoi, k3d, kube-rbac-proxy, nri-haproxy, boring-registry, regclient,...

CVE-2024-24790 vulnerabilities

Vulnerabilities for packages: rook, nats-server, git-lfs, harbor-registry, bazelisk, osv-scanner, vexctl, prometheus-mysqld-exporter, volume-modifier-for-k8s, teleport, keda, k9s, hey, tfsec, gitness, chezmoi, k3d, nri-haproxy, wolfictl, boring-registry, regclient, controller-gen, cloud-sql-proxy,....

GHSA-9763-4F94-GFCH vulnerabilities

Vulnerabilities for packages: flux-image-automation-controller, sops, melange, terraform-provider-google, vault, crossplane-provider-aws, zarf, flux-kustomize-controller, goreleaser, pulumi-language-java, pulumi, vexctl, grafana, spire-server, keda, flux, flux-notification-controller,...

GHSA-FGQ5-Q76C-GX78 vulnerabilities

Vulnerabilities for packages: gatekeeper, nats-server, helm, prometheus-elasticsearch-exporter, lazygit, ctop, hubble-ui, chartmuseum, cni-plugins, nri-rabbitmq, secrets-store-csi-driver-provider-aws, cue, rqlite, bazelisk, tctl, k8ssandra-operator, nvidia-device-plugin, pulumi,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: gatekeeper, nats-server, helm, prometheus-elasticsearch-exporter, lazygit, ctop, hubble-ui, chartmuseum, cni-plugins, nri-rabbitmq, secrets-store-csi-driver-provider-aws, cue, rqlite, bazelisk, tctl, k8ssandra-operator, nvidia-device-plugin, pulumi,...

GHSA-J6M3-GC37-6R6Q vulnerabilities

Vulnerabilities for packages: gatekeeper, nats-server, helm, prometheus-elasticsearch-exporter, lazygit, ctop, hubble-ui, chartmuseum, cni-plugins, nri-rabbitmq, secrets-store-csi-driver-provider-aws, cue, rqlite, bazelisk, tctl, k8ssandra-operator, nvidia-device-plugin, pulumi,...

CVE-2024-34064 vulnerabilities

Vulnerabilities for packages: dask-gateway, kubeflow-volumes-web-app, pytorch, confluent-docker-utils, py3-jinja2, kubeflow-jupyter-web-app, superset,...