GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache....
7.5CVSS
7.1AI Score
EPSS
Improper Neutralization of Input During Web Page Generation vulnerability in SOKRATES-software SOWA OPAC allows a Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects SOWA OPAC...
6AI Score
EPSS
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache....
7.5CVSS
EPSS
Improper Neutralization of Input During Web Page Generation vulnerability in SOKRATES-software SOWA OPAC allows a Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects SOWA OPAC...
EPSS
CVE-2024-24749 Classpath resource disclosure in GWC Web Resource API on Windows / Tomcat
GeoServer is an open source server that allows users to share and edit geospatial data. Prior to versions 2.23.5 and 2.24.3, if GeoServer is deployed in the Windows operating system using an Apache Tomcat web application server, it is possible to bypass existing input validation in the GeoWebCache....
7.5CVSS
EPSS
CVE-2024-6050 Reflected XSS in SOWA OPAC
Improper Neutralization of Input During Web Page Generation vulnerability in SOKRATES-software SOWA OPAC allows a Reflected Cross-Site Scripting (XSS). An attacker might trick somebody into using a crafted URL, which will cause a script to be run in user's browser. This issue affects SOWA OPAC...
EPSS
External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint...
9.3CVSS
9.2AI Score
EPSS
External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint...
9.3CVSS
EPSS
CVE-2024-6424 Server-Side Request Forgery vulnerability in MESbook
External server-side request vulnerability in MESbook 20221021.03 version, which could allow a remote, unauthenticated attacker to exploit the endpoint...
9.3CVSS
EPSS
Indian Software Firm's Products Hacked to Spread Data-Stealing Malware
Installers for three different software products developed by an Indian company named Conceptworld have been trojanized to distribute information-stealing malware. The installers correspond to Notezilla, RecentX, and Copywhiz, according to cybersecurity firm Rapid7, which discovered the supply...
7AI Score
End-to-End Secrets Security: Making a Plan to Secure Your Machine Identities
At the heart of every application are secrets. Credentials that allow human-to-machine and machine-to-machine communication. Machine identities outnumber human identities by a factor of 45-to-1 and represent the majority of secrets we need to worry about. According to CyberArk's recent research,...
6.7AI Score
9.8CVSS
9.7AI Score
0.002EPSS
7.5AI Score
GHSA-2G68-C3QC-8985 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-werkzeug, superset, py3.10-tensorflow-core,...
7.5AI Score
CVE-2024-34069 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-werkzeug, superset, py3.10-tensorflow-core,...
7.5CVSS
7.8AI Score
0.0004EPSS
GHSA-84PR-M4JR-85G5 vulnerabilities
Vulnerabilities for packages: kubeflow-volumes-web-app, py3-flask-cors,...
7.5AI Score
Vulnerabilities for packages: datadog-agent, kubeflow-katib, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, ggshield, py3.10-tensorflow-core, py3-idna, py3-cassandra-medusa, az, dask-gateway, jwt-tool, kubeflow-volumes-web-app,...
6.7AI Score
EPSS
GHSA-JJG7-2V4V-X38H vulnerabilities
Vulnerabilities for packages: datadog-agent, kubeflow-katib, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, ggshield, py3.10-tensorflow-core, py3-idna, py3-cassandra-medusa, az, dask-gateway, jwt-tool, kubeflow-volumes-web-app,...
7.5AI Score
GHSA-G4MX-Q9VG-27P4 vulnerabilities
Vulnerabilities for packages: py3-tensorflow-serving-api, py3-urllib3, kubeflow-jupyter-web-app, jwt-tool,...
7.5AI Score
GHSA-H75V-3VVJ-5MFJ vulnerabilities
Vulnerabilities for packages: py3-jinja2, confluent-docker-utils, kubeflow-jupyter-web-app, reflex, superset, dask-gateway, pytorch,...
7.5AI Score
CVE-2024-34064 vulnerabilities
Vulnerabilities for packages: py3-jinja2, confluent-docker-utils, kubeflow-jupyter-web-app, reflex, superset, dask-gateway, pytorch,...
5.4CVSS
6.1AI Score
0.0004EPSS
CVE-2023-45803 vulnerabilities
Vulnerabilities for packages: py3-tensorflow-serving-api, py3-urllib3, kubeflow-jupyter-web-app, jwt-tool,...
4.2CVSS
7.1AI Score
0.0004EPSS
CVE-2024-37891 vulnerabilities
Vulnerabilities for packages: airflow, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, py3-urllib3, ggshield, reflex, superset, py3-cassandra-medusa, az, dask-gateway, kubeflow-katib, kubeflow-volumes-web-app,...
4.4CVSS
4.9AI Score
0.0004EPSS
GHSA-9WX4-H78V-VM56 vulnerabilities
Vulnerabilities for packages: airflow, datadog-agent, kubeflow-katib, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, reflex, ggshield, superset, py3.10-tensorflow-core, patroni, py3-cassandra-medusa, az, jwt-tool, kubeflow-volumes-web-app,...
7.5AI Score
Vulnerabilities for packages: kubeflow-volumes-web-app, py3-flask-cors,...
5.3CVSS
6AI Score
0.0004EPSS
CVE-2023-46136 vulnerabilities
Vulnerabilities for packages: airflow, py3-tensorflow-serving-api, kubeflow-jupyter-web-app, py3-werkzeug,...
8CVSS
7.9AI Score
0.001EPSS
CVE-2024-35195 vulnerabilities
Vulnerabilities for packages: airflow, datadog-agent, kubeflow-katib, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, reflex, ggshield, superset, py3.10-tensorflow-core, patroni, py3-cassandra-medusa, az, jwt-tool, kubeflow-volumes-web-app,...
5.6CVSS
6.2AI Score
0.0004EPSS
GHSA-HRFV-MQP8-Q5RW vulnerabilities
Vulnerabilities for packages: airflow, py3-tensorflow-serving-api, kubeflow-jupyter-web-app, py3-werkzeug,...
7.5AI Score
GHSA-34JH-P97F-MPXF vulnerabilities
Vulnerabilities for packages: airflow, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, py3-urllib3, ggshield, reflex, superset, py3-cassandra-medusa, az, dask-gateway, kubeflow-katib, kubeflow-volumes-web-app,...
7.5AI Score
GHSA-V845-JXX5-VC9F vulnerabilities
Vulnerabilities for packages: k8s-sidecar, kubeflow-jupyter-web-app, py3-urllib3, dask-gateway, kubeflow-volumes-web-app,...
7.5AI Score
CVE-2023-43804 vulnerabilities
Vulnerabilities for packages: k8s-sidecar, kubeflow-jupyter-web-app, py3-urllib3, dask-gateway, kubeflow-volumes-web-app,...
8.1CVSS
7.7AI Score
0.001EPSS
Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to a machine-in-the-middle attack, caused by a flaw in the extension negotiation process in the SSH transport protocol when used with certain OpenSSH extensions. Vulnerability Details ** CVEID:...
5.9CVSS
6.9AI Score
0.963EPSS
Summary Golang Go is used by the IBM Storage Protect Server OSSM component. Golang Go is vulnerable to denial of service, loss of confidentiality and availability of host system. This bulletin identifies the steps to address the vulnerabilities. CVE-2023-39318, CVE-2023-39321, CVE-2023-39319,...
7.5CVSS
7.5AI Score
0.001EPSS
[SECURITY] [DLA 3855-1] pdns-recursor security update
Debian LTS Advisory DLA-3855-1 [email protected] https://www.debian.org/lts/security/ ; Daniel Leidert July 01, 2024 https://wiki.debian.org/LTS Package : pdns-recursor Version : 4.1.11-1+deb10u2 CVE...
7.5CVSS
6.9AI Score
0.006EPSS
Liferea: Remote Code Execution
Background Liferea is a feed reader/news aggregator that brings together all of the content from your favorite subscriptions into a simple interface that makes it easy to organize and browse feeds. Its GUI is similar to a desktop mail/news client, with an embedded web browser. Description A...
9.8CVSS
7.3AI Score
0.003EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
5.4CVSS
5.2AI Score
0.0004EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
5.4CVSS
0.0004EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
5.4CVSS
5.2AI Score
0.0004EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
5.4CVSS
0.0004EPSS
IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
6.4CVSS
0.0004EPSS
IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
6.4CVSS
5.8AI Score
0.0004EPSS
CVE-2023-50964 IBM InfoSphere Information Server cross-site scripting
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
5.4CVSS
0.0004EPSS
CVE-2024-28794 IBM InfoSphere Information Server cross-site scripting
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
5.4CVSS
0.0004EPSS
CVE-2024-28797 IBM InfoSphere Information Server cross-site scripting
IBM InfoSphere Information Server 11.7 is vulnerable stored to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
6.4CVSS
0.0004EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
7.2CVSS
0.0004EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to stored cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
7.2CVSS
6.2AI Score
0.0004EPSS
A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a.....
5.3CVSS
0.0004EPSS
A reflected Cross-Site Scripting (XSS) vulnerability was identified in zenml-io/zenml version 0.57.1. The vulnerability exists due to improper neutralization of input during web page generation, specifically within the survey redirect parameter. This flaw allows an attacker to redirect users to a.....
5.3CVSS
5.9AI Score
0.0004EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
5.4CVSS
6AI Score
0.0004EPSS
IBM InfoSphere Information Server 11.7 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session. IBM X-Force ID: ...
5.4CVSS
0.0004EPSS