9.8CVSS
9.7AI Score
0.002EPSS
CVE-2024-34069 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-werkzeug, py3.10-tensorflow-core, kubeflow-volumes-web-app,...
7.5CVSS
7.8AI Score
0.0004EPSS
GHSA-2G68-C3QC-8985 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-werkzeug, py3.10-tensorflow-core, kubeflow-volumes-web-app,...
7.5AI Score
GHSA-84PR-M4JR-85G5 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, kubeflow-volumes-web-app,...
7.5AI Score
7.5AI Score
Vulnerabilities for packages: ggshield, jwt-tool, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, py3-cassandra-medusa, py3.10-tensorflow-core, py3-idna, kubeflow-pipelines-visualization-server, datadog-agent, confluent-docker-utils, kubeflow-katib, dask-gateway,...
6.7AI Score
EPSS
GHSA-JJG7-2V4V-X38H vulnerabilities
Vulnerabilities for packages: ggshield, jwt-tool, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, py3-cassandra-medusa, py3.10-tensorflow-core, py3-idna, kubeflow-pipelines-visualization-server, datadog-agent, confluent-docker-utils, kubeflow-katib, dask-gateway,...
7.5AI Score
GHSA-H75V-3VVJ-5MFJ vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-jinja2, pytorch, confluent-docker-utils, dask-gateway, kubeflow-volumes-web-app, reflex,...
7.5AI Score
GHSA-G4MX-Q9VG-27P4 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, jwt-tool, py3-urllib3, kubeflow-volumes-web-app,...
7.5AI Score
CVE-2024-34064 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-jinja2, pytorch, confluent-docker-utils, dask-gateway, kubeflow-volumes-web-app, reflex,...
5.4CVSS
6.1AI Score
0.0004EPSS
CVE-2023-45803 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, jwt-tool, py3-urllib3, kubeflow-volumes-web-app,...
4.2CVSS
7.1AI Score
0.0004EPSS
GHSA-9WX4-H78V-VM56 vulnerabilities
Vulnerabilities for packages: ggshield, jwt-tool, k8s-sidecar, kubeflow-jupyter-web-app, mlflow, patroni, kubeflow-pipelines, py3-cassandra-medusa, py3.10-tensorflow-core, airflow, datadog-agent, confluent-docker-utils, kubeflow-katib, kubeflow-volumes-web-app, az, reflex,...
7.5AI Score
CVE-2024-37891 vulnerabilities
Vulnerabilities for packages: ggshield, kubeflow-jupyter-web-app, k8s-sidecar, py3-urllib3, mlflow, kubeflow-pipelines, py3-cassandra-medusa, airflow, confluent-docker-utils, kubeflow-katib, dask-gateway, kubeflow-volumes-web-app, az, reflex,...
4.4CVSS
4.9AI Score
0.0004EPSS
Vulnerabilities for packages: kubeflow-jupyter-web-app, kubeflow-volumes-web-app,...
5.3CVSS
6AI Score
0.0004EPSS
GHSA-34JH-P97F-MPXF vulnerabilities
Vulnerabilities for packages: ggshield, kubeflow-jupyter-web-app, k8s-sidecar, py3-urllib3, mlflow, kubeflow-pipelines, py3-cassandra-medusa, airflow, confluent-docker-utils, kubeflow-katib, dask-gateway, kubeflow-volumes-web-app, az, reflex,...
7.5AI Score
CVE-2023-46136 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-werkzeug, airflow, kubeflow-volumes-web-app,...
8CVSS
7.9AI Score
0.001EPSS
CVE-2024-35195 vulnerabilities
Vulnerabilities for packages: ggshield, jwt-tool, k8s-sidecar, kubeflow-jupyter-web-app, mlflow, patroni, kubeflow-pipelines, py3-cassandra-medusa, py3.10-tensorflow-core, airflow, datadog-agent, confluent-docker-utils, kubeflow-katib, kubeflow-volumes-web-app, az, reflex,...
5.6CVSS
6.2AI Score
0.0004EPSS
GHSA-HRFV-MQP8-Q5RW vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-werkzeug, airflow, kubeflow-volumes-web-app,...
7.5AI Score
GHSA-V845-JXX5-VC9F vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, k8s-sidecar, py3-urllib3, kube-downscaler, dask-gateway,...
7.5AI Score
CVE-2023-43804 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, k8s-sidecar, py3-urllib3, kube-downscaler, dask-gateway,...
8.1CVSS
7.7AI Score
0.001EPSS
Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication and the use of the UyY29r password for the M3vwHr account. This also affects "Grouper for Web...
7AI Score
EPSS
Internet2 Grouper before 5.6 allows authentication bypass when LDAP authentication is used in certain ways. This is related to internet2.middleware.grouper.ws.security.WsGrouperLdapAuthentication and the use of the UyY29r password for the M3vwHr account. This also affects "Grouper for Web...
EPSS
The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
6.1CVSS
EPSS
The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
6.1CVSS
6.1AI Score
EPSS
The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
6.1CVSS
6.6AI Score
EPSS
The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
6.1CVSS
EPSS
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on user supplied...
6.4CVSS
EPSS
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on user supplied...
6.4CVSS
5.7AI Score
EPSS
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on user supplied...
6.4CVSS
5.9AI Score
EPSS
The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on user supplied...
6.4CVSS
EPSS
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
0.001EPSS
The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock_ticker shortcode in all versions up to, and including, 3.24.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6.4CVSS
5.7AI Score
0.001EPSS
The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock_ticker shortcode in all versions up to, and including, 3.24.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6.4CVSS
0.001EPSS
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
5.7AI Score
0.001EPSS
The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the EE Button widget in all versions up to, and including, 2.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
0.001EPSS
The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the EE Button widget in all versions up to, and including, 2.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
5.7AI Score
0.001EPSS
The Extensions for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ parameter within the EE Button widget in all versions up to, and including, 2.0.30 due to insufficient input sanitization and output escaping. This makes it possible for authenticated...
6.4CVSS
0.001EPSS
The Happy Addons for Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘url’ attribute within the plugin's Gradient Heading widget in all versions up to, and including, 3.11.1 due to insufficient input sanitization and output escaping. This makes it possible for...
6.4CVSS
0.001EPSS
The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock_ticker shortcode in all versions up to, and including, 3.24.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6.4CVSS
0.001EPSS
The Stock Ticker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's stock_ticker shortcode in all versions up to, and including, 3.24.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated...
6.4CVSS
5.9AI Score
0.001EPSS
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...
6.1CVSS
0.0005EPSS
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...
6.1CVSS
6AI Score
0.0005EPSS
The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimes’ parameter in all versions up to, and including, 3.3.1 due to insufficient...
6.4CVSS
0.0004EPSS
The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimes’ parameter in all versions up to, and including, 3.3.1 due to insufficient...
6.4CVSS
5.8AI Score
0.0004EPSS
CVE-2024-5889 Events Manager <= 6.4.8 - Reflected Cross-Site Scripting
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...
6.1CVSS
0.0005EPSS
The Funnel Builder for WordPress by FunnelKit – Customize WooCommerce Checkout Pages, Create Sales Funnels, Order Bumps & One Click Upsells plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘mimes’ parameter in all versions up to, and including, 3.3.1 due to insufficient...
6.4CVSS
0.0004EPSS
The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the floating_social_buttons_option() function. This makes it possible for unauthenticated attackers to...
6.1CVSS
0.0005EPSS
The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the floating_social_buttons_option() function. This makes it possible for unauthenticated attackers to...
6.1CVSS
6AI Score
0.0005EPSS
CVE-2024-6405 Floating Social Buttons <= 1.5 - Cross-Site Request Forgery
The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the floating_social_buttons_option() function. This makes it possible for unauthenticated attackers to...
6.1CVSS
0.0005EPSS
Polyfill.io Supply Chain Attack
The polyfill.js is a popular open-source library that supports older browsers. Thousands of sites embed it using the cdn[.]polyfill[.]io domain. In February 2024, a Chinese company (Funnull) bought the domain and the GitHub account. The company has modified Polyfill.js so malicious code would be...
7.7AI Score