Vulnerabilities for packages: prometheus, bank-vaults, policy-controller, step-ca, flux-image-automation-controller, gomplate, goreleaser, pulumi, nuclei, pulumi-kubernetes-operator, k3s, rabbitmq-messaging-topology-operator, zarf, falcoctl, slsa-verifier, zot, neuvector-sigstore-interface, glab,.....
6CVSS
6AI Score
0.0004EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: caddy, nfs-subdir-external-provisioner, ferretdb, ollama, filebeat, policy-controller, nats, nuclei, sonobuoy, k3s, traefik, prometheus-operator, rabbitmq-messaging-topology-operator, telegraf, kubernetes-dashboard, cilium, eksctl, kubeflow-katib, protoc-gen-go-grpc,.....
7.5AI Score
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: caddy, nfs-subdir-external-provisioner, ferretdb, policy-controller, newrelic-prometheus-configurator, crane, traefik, sonobuoy, telegraf, kubebuilder, kubernetes-dashboard, eksctl, wait-for-port, confluent-common-docker, harbor-cli, docker-credential-acr-env,...
6.5AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: caddy, nfs-subdir-external-provisioner, ferretdb, policy-controller, newrelic-prometheus-configurator, crane, traefik, sonobuoy, telegraf, kubebuilder, kubernetes-dashboard, eksctl, wait-for-port, confluent-common-docker, harbor-cli, docker-credential-acr-env,...
7.5AI Score
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: nri-consul, kubernetes-dashboard, gpu-feature-discovery, harbor-cli, docker-credential-acr-env, tempo, tailscale, prometheus-nats-exporter, govulncheck, mage, memcached-exporter, gosu, bom, dagger, newrelic-nri-kube-events, jitsucom-bulker, vcluster,...
5.5CVSS
6.1AI Score
0.0004EPSS
GHSA-V6V8-XJ6M-XWQH vulnerabilities
Vulnerabilities for packages: prometheus, bank-vaults, policy-controller, step-ca, flux-image-automation-controller, gomplate, goreleaser, pulumi, nuclei, pulumi-kubernetes-operator, k3s, rabbitmq-messaging-topology-operator, zarf, falcoctl, slsa-verifier, zot, neuvector-sigstore-interface, glab,.....
7.5AI Score
CVE-2024-35255 vulnerabilities
Vulnerabilities for packages: prometheus, bank-vaults, cortex, policy-controller, sqlpad, filebeat, goreleaser, pulumi, external-secrets-operator, nuclei, traefik, velero, up, prometheus-operator, telegraf, zarf, falcoctl, teleport, zot, trivy, tempo, flux, keda, spire-server, argo-workflows,...
5.5CVSS
6AI Score
0.0004EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: nri-consul, kubernetes-dashboard, harbor-cli, docker-credential-acr-env, tempo, tailscale, prometheus-nats-exporter, calico, hugo-extended, govulncheck, mage, memcached-exporter, gosu, tigera-operator, bom, newrelic-nri-kube-events, pulumi-language-java,...
6.8AI Score
0.0004EPSS
Vulnerabilities for packages: nfs-subdir-external-provisioner, ollama, k3s, prometheus-operator, telegraf, kubernetes-dashboard, kubeflow-katib, karpenter, cue, kubernetes-dashboard-metrics-scraper, memcached-exporter, apko, thanos-operator, spark-operator, flux-source-controller,...
6.1CVSS
7.3AI Score
0.001EPSS
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: caddy, nfs-subdir-external-provisioner, ferretdb, ollama, nats, traefik, k3s, telegraf, kubernetes-dashboard, eksctl, kubeflow-katib, nsc, docker-credential-acr-env, prometheus-nats-exporter, calico, memcached-exporter, apko, dockerize, spark-operator,...
5.9CVSS
7.1AI Score
0.963EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: caddy, nfs-subdir-external-provisioner, ferretdb, ollama, filebeat, policy-controller, nats, nuclei, sonobuoy, k3s, traefik, prometheus-operator, rabbitmq-messaging-topology-operator, telegraf, kubernetes-dashboard, cilium, eksctl, kubeflow-katib, protoc-gen-go-grpc,.....
6.6AI Score
0.0004EPSS
GHSA-M5VV-6R4H-3VJ9 vulnerabilities
Vulnerabilities for packages: prometheus, bank-vaults, cortex, policy-controller, sqlpad, filebeat, goreleaser, pulumi, external-secrets-operator, nuclei, traefik, velero, up, prometheus-operator, telegraf, zarf, falcoctl, teleport, zot, trivy, tempo, flux, keda, spire-server, argo-workflows,...
7.5AI Score
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: caddy, nfs-subdir-external-provisioner, ferretdb, policy-controller, newrelic-prometheus-configurator, crane, traefik, sonobuoy, telegraf, kubebuilder, kubernetes-dashboard, eksctl, wait-for-port, confluent-common-docker, harbor-cli, docker-credential-acr-env,...
7.5AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: nri-consul, kubernetes-dashboard, harbor-cli, docker-credential-acr-env, tempo, tailscale, prometheus-nats-exporter, calico, hugo-extended, govulncheck, mage, memcached-exporter, gosu, tigera-operator, bom, newrelic-nri-kube-events, pulumi-language-java,...
7.5AI Score
CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: nri-consul, kubernetes-dashboard, gpu-feature-discovery, harbor-cli, docker-credential-acr-env, tempo, tailscale, prometheus-nats-exporter, govulncheck, mage, memcached-exporter, gosu, bom, dagger, newrelic-nri-kube-events, jitsucom-bulker, vcluster,...
9.8CVSS
9.8AI Score
0.001EPSS
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: caddy, nfs-subdir-external-provisioner, ollama, nats, k3s, prometheus-operator, telegraf, kubernetes-dashboard, kubeflow-katib, karpenter, cue, kubernetes-dashboard-metrics-scraper, memcached-exporter, apko, thanos-operator, spark-operator, flux-source-controller,...
7.5CVSS
8.4AI Score
0.002EPSS
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: nri-consul, kubernetes-dashboard, gpu-feature-discovery, harbor-cli, docker-credential-acr-env, tempo, tailscale, prometheus-nats-exporter, govulncheck, mage, memcached-exporter, gosu, bom, dagger, newrelic-nri-kube-events, jitsucom-bulker, vcluster,...
7.5AI Score
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: nfs-subdir-external-provisioner, ollama, k3s, prometheus-operator, telegraf, kubernetes-dashboard, kubeflow-katib, karpenter, cue, kubernetes-dashboard-metrics-scraper, memcached-exporter, apko, thanos-operator, spark-operator, flux-source-controller,...
7.5AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: caddy, nfs-subdir-external-provisioner, ollama, nats, k3s, prometheus-operator, telegraf, kubernetes-dashboard, kubeflow-katib, karpenter, cue, kubernetes-dashboard-metrics-scraper, memcached-exporter, apko, thanos-operator, spark-operator, flux-source-controller,...
7.5AI Score
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: caddy, nfs-subdir-external-provisioner, ferretdb, ollama, nats, traefik, k3s, telegraf, kubernetes-dashboard, eksctl, kubeflow-katib, nsc, docker-credential-acr-env, prometheus-nats-exporter, calico, memcached-exporter, apko, dockerize, spark-operator,...
7.5AI Score
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: nri-consul, kubernetes-dashboard, gpu-feature-discovery, harbor-cli, docker-credential-acr-env, tempo, tailscale, prometheus-nats-exporter, govulncheck, mage, memcached-exporter, gosu, bom, dagger, newrelic-nri-kube-events, jitsucom-bulker, vcluster,...
7.5AI Score
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: caddy, nfs-subdir-external-provisioner, ferretdb, policy-controller, newrelic-prometheus-configurator, crane, traefik, sonobuoy, telegraf, kubebuilder, kubernetes-dashboard, eksctl, wait-for-port, confluent-common-docker, harbor-cli, docker-credential-acr-env,...
6.5AI Score
0.0004EPSS
Google to Block Entrust Certificates in Chrome Starting November 2024
Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority's inability to address security issues in a timely manner. "Over the past several...
7.1AI Score
TEMU sued for being “dangerous malware” by Arkansas Attorney General
Chinese online shopping giant Temu is facing a lawsuit filed by State of Arkansas Attorney General Tim Griffin, alleging that the retailer's mobile app spies on users. “Temu purports to be an online shopping platform, but it is dangerous malware, surreptitiously granting itself access to...
7.5AI Score
Go package github.com/notaryproject/notation configured with permissive trust policies potentially susceptible to rollback attack from compromised...
6.8CVSS
6.7AI Score
0.001EPSS
Improper trust check in Bazel Build intellij plugin in github.com/bazelbuild/intellij
Improper trust check in Bazel Build intellij plugin in...
6.9AI Score
0.0004EPSS
Combatting the Evolving SaaS Kill Chain: How to Stay Ahead of Threat Actors
The modern kill chain is eluding enterprises because they aren't protecting the infrastructure of modern business: SaaS. SaaS continues to dominate software adoption, and it accounts for the greatest share of public cloud spending. But enterprises and SMBs alike haven't revised their security...
7.4AI Score
HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is...
3.3CVSS
3.7AI Score
0.0004EPSS
HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is...
3.3CVSS
0.0004EPSS
CVE-2024-30135 Sensitive Information Disclosure vulnerability affects DRYiCE AEX v10
HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is...
3.3CVSS
3.7AI Score
0.0004EPSS
CVE-2024-30135 Sensitive Information Disclosure vulnerability affects DRYiCE AEX v10
HCL DRYiCE AEX is potentially impacted by disclosure of sensitive information in the mobile application when a snapshot is...
3.3CVSS
0.0004EPSS
HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauthorized access to the rooted devices, compromising security and potentially leading to data...
3.3CVSS
0.0004EPSS
HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauthorized access to the rooted devices, compromising security and potentially leading to data...
3.3CVSS
4.2AI Score
0.0004EPSS
CVE-2024-30111 Missing Root Detection vulnerability affects DRYiCE AEX v10
HCL DRYiCE AEX product is impacted by Missing Root Detection vulnerability in the mobile application. The mobile app can be installed in the rooted device due to which malicious users can gain unauthorized access to the rooted devices, compromising security and potentially leading to data...
3.3CVSS
0.0004EPSS
TeamViewer Detects Security Breach in Corporate IT Environment
TeamViewer on Thursday disclosed it detected an "irregularity" in its internal corporate IT environment on June 26, 2024. "We immediately activated our response team and procedures, started investigations together with a team of globally renowned cyber security experts and implemented necessary...
7AI Score
Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to privileged information...
3.8CVSS
6.3AI Score
0.0004EPSS
Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to privileged information...
3.8CVSS
0.0004EPSS
Dell Key Trust Platform, v3.0.6 and prior, contains Use of a Cryptographic Primitive with a Risky Implementation vulnerability. A local privileged attacker could potentially exploit this vulnerability, leading to privileged information...
3.8CVSS
0.0004EPSS
Certain HP PC BIOS Logo Vulnerabilities
Potential security vulnerabilities, known as LogoFAIL, have been reported in the AMI BIOS and the Insyde BIOS used in certain HP PC products, which might allow escalation of privilege, arbitrary code execution, denial of service, information disclosure, and/or data tampering. AMI and Insyde are...
7.8CVSS
7.8AI Score
0.0004EPSS
Intel Chipset Device Software May 2024 Security Update
Intel has informed HP of a potential security vulnerability in some Intel® Chipset Device Software, which might allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Intel has released updates to mitigate the potential vulnerability. HP has...
6.7CVSS
7.1AI Score
0.0004EPSS
Ivanti Endpoint Manager Mobile < 11.11.0.0 Authentication Bypass
Ivanti Endpoint Manager Mobile (EPMM), formerly MobileIron Core, versions before 11.11.0.0 suffer from an authentication bypass vulnerability, allowing unauthorized users to access restricted functionality or resources of the application without proper...
7.5AI Score
Autodesk Multiple Vulnerabilities (AutoCAD) (adsk-sa-2024-0010)
The version of Autodesk AutoCAD installed on the remote Windows host is a version prior to 2024.1.5. It is, therefore, affected by multiple vulnerabilities: A maliciously crafted PRT file, when parsed in odxug_dll.dll through Autodesk AutoCAD can force an Out-of-Bound Write. A malicious...
7.1AI Score
0.001EPSS
A company that helps to authenticate users for big brands had a set of administration credentials exposed online for over a year, potentially allowing access to user identity documents such as driving licenses. As more and more legislation emerges requiring websites and platforms—like gambling...
7.4AI Score
Security Analysis of the EU’s Digital Wallet
A group of cryptographers have analyzed the eiDAS 2.0 regulation (electronic identification and trust services) that defines the new EU Digital Identity...
7.3AI Score
How to Use Python to Build Secure Blockchain Applications
Did you know it's now possible to build blockchain applications, known also as decentralized applications (or "dApps" for short) in native Python? Blockchain development has traditionally required learning specialized languages, creating a barrier for many developers… until now. AlgoKit, an...
6.9AI Score
Developer Accounts Compromised Due to Credential Reuse in WordPress.org Supply Chain Attack
On June 24th, 2024, the Wordfence Threat Intelligence Team became aware of a WordPress plugin, Social Warfare, that was infected with malware through the WordPress repository. Upon further investigation, our team quickly identified 4 additional affected plugins through our internal Threat...
8.4AI Score
New “Snowblind” Android Malware Steals Logins, Bypasses Security Features
New Android Malware "Snowblind" bypasses security! It exploits Linux's seccomp to launch scalable attacks and steal your data. Download safely, update your device, and consider mobile security to stay...
7.4AI Score
Episode 2: Behind the Scenes of a Tailor-Made Massive Phishing Campaign Part 2
Executive Summary Last summer, we investigated a massive, global phishing campaign impersonating almost 350 legitimate companies. Our continued investigation into this expansive phishing campaign revealed leaked backend source code, shedding light on the infrastructure behind the operation. This...
7AI Score
[updated] Federal Reserve “breached” data may actually belong to Evolve Bank
A shockwave went through the financial world when ransomware group LockBit claimed to have breached the US Federal Reserve, the central banking system of the United States. On LockBit's dark web leak site, the group threatened to release over 30 TB of banking information containing Americans'...
7.4AI Score
Practical Guidance For Securing Your Software Supply Chain
The heightened regulatory and legal pressure on software-producing organizations to secure their supply chains and ensure the integrity of their software should come as no surprise. In the last several years, the software supply chain has become an increasingly attractive target for attackers who.....
6.7AI Score