Lucene search
+L

362 matches found

wolfi
wolfi
added 2024/03/06 12:31 a.m.423 views

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: fulcio, influx, kubernetes-dashboard, nri-discovery-kubernetes, kubernetes-csi-driver-hostpath, rabbitmq-messaging-topology-operator, kube-logging-operator, timoni, actions-runner-controller, ctop, rabbitmq-cluster-operator, terraform-provider-aws,...

6.1AI score
Exploits0
osv
osv
added 2024/01/23 10:15 a.m.6 views

CVE-2024-23183

Cross-site scripting vulnerability in a-blog cms Ver.3.1.x series versions prior to Ver.3.1.7, Ver.3.0.x series versions prior to Ver.3.0.29, Ver.2.11.x series versions prior to Ver.2.11.58, Ver.2.10.x series versions prior to Ver.2.10.50, and Ver.2.9.0 and earlier allows a remote authenticated...

5.4CVSS6AI score0.00361EPSS
Exploits0References2
github
github
added 2023/12/20 9:30 a.m.30 views

Apache Pulsar WebSocket Proxy contains an Improper Authentication vulnerability

Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy allows an attacker to connect to the /pingpong endpoint without authentication. This issue affects Apache Pulsar WebSocket Proxy: from 2.8.0 through 2.8., from 2.9.0 through 2.9., from 2.10.0 through 2.10.4, from 2.11.0 throug...

7.5CVSS7.1AI score0.01351EPSS
Exploits0References7Affected Software1
cvelist
cvelist
added 2023/12/20 8:34 a.m.29 views

CVE-2023-37544 Apache Pulsar WebSocket Proxy: Improper Authentication for WebSocket Proxy Endpoint Allows DoS

Improper Authentication vulnerability in Apache Pulsar WebSocket Proxy allows an attacker to connect to the /pingpong endpoint without authentication. This issue affects Apache Pulsar WebSocket Proxy: from 2.8.0 through 2.8., from 2.9.0 through 2.9., from 2.10.0 through 2.10.4, from 2.11.0 throug...

7.5CVSS7.7AI score0.01351EPSS
Exploits0References2
rosalinux
rosalinux
added 2023/12/19 8:49 a.m.47 views

Advisory ROSA-SA-2023-2311

software: hostapd 2.9 WASP: ROSA-CHROME packageevrstring: hostapd-2.9-2.src.rpm CVE-ID: CVE-2022-23303 BDU-ID: 2022-07363 CVE-Crit: CRITICAL. CVE-DESC.: A vulnerability in the SAE implementation of the Wi-Fi WPA Supplicant secure access client is related to information disclosure via a mismatch...

9.8CVSS6.2AI score0.02944EPSS
Exploits0
patchstack
patchstack
added 2023/11/24 12:0 a.m.16 views

WordPress Captcha Code Plugin <= 2.9 is vulnerable to Bypass Vulnerability

Software Captcha Code Type Plugin Vulnerable versions = 2.9 Fixed in 3.0 OWASP Top 10 A5: Security Misconfiguration Classification Bypass Vulnerability CVE CVE-2023-48745 Patch priority Low CVSS severity Low 5.3 Developer WebFactory Ltd. PSID c2ae3ab19d4d Credits qilin99 Required privilege...

5.3CVSS7AI score0.00352EPSS
Exploits0References2Affected Software1
wolfi
wolfi
added 2023/11/18 12:15 a.m.591 views

CVE-2023-46402 vulnerabilities

Vulnerabilities for packages: melange, snyk-cli, pulumi-kubernetes-operator, argo-events, task, flux-notification-controller, argo-workflows...

7.5CVSS6.5AI score0.0085EPSS
Exploits1
cgr
cgr
added 2023/11/18 12:15 a.m.56 views

CVE-2023-46402 vulnerabilities

Vulnerabilities for packages: melange, flux-notification-controller, argo-events, task, pulumi-kubernetes-operator, snyk-cli, argo-events-fips, argo-workflows...

7.5CVSS6.5AI score0.0085EPSS
Exploits1
cgr
cgr
added 2023/11/14 9:31 p.m.258 views

GHSA-HQ6Q-C2X6-HMCH vulnerabilities

Vulnerabilities for packages: aws-ebs-csi-driver, ip-masq-agent, prometheus-adapter, kubernetes-dns-node-cache, nodetaint, spark-operator, aws-efs-csi-driver-fips, aws-efs-csi-driver, cluster-autoscaler-fips...

6.1AI score
Exploits0
cgr
cgr
added 2023/11/14 9:15 p.m.59 views

CVE-2023-5528 vulnerabilities

Vulnerabilities for packages: aws-ebs-csi-driver, ip-masq-agent, prometheus-adapter, kubernetes-dns-node-cache, nodetaint, spark-operator, aws-efs-csi-driver-fips, aws-efs-csi-driver, cluster-autoscaler-fips...

8.8CVSS6.9AI score0.03578EPSS
Exploits0
wolfi
wolfi
added 2023/10/25 9:17 p.m.179 views

GHSA-M425-MQ94-257G vulnerabilities

Vulnerabilities for packages: terraform-provider-sendgrid, scorecard, buildkitd, src, cortex, slsa-verifier, up, falco, aactl, kubescape, k3d, kubevela, kubeflow, dgraph, spark-operator, prometheus-blackbox-exporter...

6.1AI score
Exploits0
patchstack
patchstack
added 2023/10/18 12:0 a.m.17 views

WordPress Super Testimonial Pro Plugin <= 2.9 is vulnerable to Cross Site Scripting (XSS)

Software Super Testimonial Pro Type Plugin Vulnerable versions = 2.9 Fixed in 3.0 OWASP Top 10 A7: Cross-Site Scripting XSS Classification Cross Site Scripting XSS CVE CVE-2023-5613 Patch priority Low CVSS severity Low 6.5 Developer Claim ownership PSID 4c345a4e70e4 Credits Lana Codes Required...

6.4CVSS5.7AI score0.00448EPSS
Exploits0References2Affected Software1
nvd
nvd
added 2023/10/16 11:15 a.m.17 views

CVE-2023-45763

Cross-Site Request Forgery CSRF vulnerability in Taggbox plugin = 2.9 versions...

8.8CVSS6.5AI score0.00192EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2023/10/16 10:15 a.m.18 views

CVE-2023-45763 WordPress Taggbox Plugin <= 2.9 is vulnerable to Cross Site Request Forgery (CSRF)

Cross-Site Request Forgery CSRF vulnerability in Taggbox plugin = 2.9 versions...

5.4CVSS7.1AI score0.00192EPSS
Exploits0References1
wolfi
wolfi
added 2023/10/10 9:28 p.m.46 views

GHSA-QPPJ-FM5R-HXR3 vulnerabilities

Vulnerabilities for packages: terraform-provider-aws, pulumi-language-dotnet, oauth2-proxy, aactl, atlantis, cosign, spark-operator, flux-helm-controller, ip-masq-agent, stakater-reloader, prometheus-blackbox-exporter, nodetaint, metrics-server, envoy-ratelimit, k3d, grype, flux-source-controller...

6.1AI score
Exploits0
github
github
added 2023/05/24 5:24 p.m.59 views

Ckan remote code execution and private information access via crafted resource ids

Specific vulnerabilities: Arbitrary file write in resourcecreate and packageupdate actions, using the ResourceUploader object. Also reachable via packagecreate, packagerevise, and packagepatch via calls to packageupdate. Remote code execution via unsafe pickle loading, via Beaker's session store...

9.8CVSS8.3AI score0.01684EPSS
Exploits0References4Affected Software1
prion
prion
added 2023/04/25 7:15 p.m.18 views

Design/Logic Flaw

PingID integration for Windows login prior to 2.9 does not handle duplicate usernames, which can lead to a username collision when two people with the same username are provisioned onto the same machine at different times...

1.7CVSS4.2AI score0.00218EPSS
Exploits0References1Affected Software1
vulnrichment
vulnrichment
added 2023/04/15 12:0 a.m.4 views

CVE-2021-39295

In OpenBMC 2.9, crafted IPMI messages allow an attacker to cause a denial of service to the BMC via the netipmid IPMI lan+ interface...

7.3AI score0.01282EPSS
Exploits1References6
susecve
susecve
added 2023/02/15 5:4 a.m.7 views

SUSE CVE-2016-3734

Cross-site request forgery CSRF vulnerability in markposts.php in Moodle 3.0 through 3.0.3, 2.9 through 2.9.5, 2.8 through 2.8.11, 2.7 through 2.7.13 and earlier allows remote attackers to hijack the authentication of users for requests that marks forum posts as read...

8.8CVSS7.2AI score0.01074EPSS
Exploits0References3
ptsecurity
ptsecurity
added 2022/11/14 12:0 a.m.4 views

PT-2022-5613 · Freerdp +9 · Freerdp +9

Name of the Vulnerable Software and Affected Versions: FreeRDP versions prior to 2.9.0 Description: The issue is related to a lack of input length validation in the drive channel of the FreeRDP protocol implementation. This can be exploited by a malicious server to trick a FreeRDP-based client in...

9.8CVSS6.5AI score0.0375EPSS
Exploits16References182
Rows per page
Query Builder