CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

kubeflow/kubeflow is vulnerable to a Regular Expression Denial of Service ReDoS attack due to inefficient regular expression complexity in its email validation mechanism. An attacker can remotely exploit this vulnerability without authentication by providing specially crafted input that causes th...

7.5CVSS7AI score0.00416EPSS

Exploits1References1

CVE•added 2024/06/06 6:9 p.m.•57 views

CVE-2024-5552

CVE-2024-5552 affects kubeflow/kubeflow, specifically the centraldashboard-angular backend component. The vulnerability arises from inefficient regular expression complexity in the email validation logic, enabling a remote, unauthenticated attacker to trigger a denial of service via crafted input...

7.5CVSS7.5AI score0.00416EPSS

Exploits1References1Affected Software1

Cvelist•added 2024/06/06 6:9 p.m.•16 views

CVE-2024-5552 ReDoS in kubeflow/kubeflow

7.5CVSS0.00416EPSS

Exploits1References1

SUSE CVE•added 2024/06/04 12:54 p.m.•2 views

SUSE CVE-2021-41174

Grafana is an open-source platform for monitoring and observability. In affected versions if an attacker is able to convince a victim to visit a URL referencing a vulnerable page, arbitrary JavaScript content may be executed within the context of the victim's browser. The user visiting the...

6.9CVSS7.9AI score0.87697EPSS

Exploits0References16

Tenable Nessus•added 2024/06/03 12:0 a.m.•29 views

RHEL 8 : gjs (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 8 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - json5: Prototype Pollution in JSON5 via Parse Method CVE-2022-46175 Note that Nessus has not tested for this issue...

8.8CVSS7.6AI score0.42304EPSS

Exploits1References1

Tenable Nessus•added 2024/06/03 12:0 a.m.•33 views

RHEL 9 : firefox (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by multiple vulnerabilities that have been acknowledged by the vendor but will not be patched. - wasm2c: DoS via crafted binary CVE-2023-31670 - Versions of the package angular from 1.2.21 are vulnerabl...

9.8CVSS8.8AI score0.30808EPSS

Exploits7References20

Tenable Nessus•added 2024/06/03 12:0 a.m.•24 views

RHEL 9 : ceph (Unpatched Vulnerability)

The remote Redhat Enterprise Linux 9 host has one or more packages installed that are affected by a vulnerability that has been acknowledged by the vendor but will not be patched. - angularjs: Regular expression denial of service via the $resource service CVE-2023-26117 Note that Nessus has not...

5.3CVSS6.4AI score0.00318EPSS

Exploits1References1

Openbugbounty•added 2024/06/02 12:59 p.m.•11 views

angular-workshops.de Cross Site Scripting vulnerability OBB-3932497

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score

Exploits0

OSV•added 2024/04/26 1:15 a.m.•3 views

CVE-2024-33665

angular-translate through 2.19.1 allows XSS via a crafted key that is used by the translate directive. NOTE: the vendor indicates that there is no documentation indicating that a key is supposed to be safe against XSS attacks...

6.1CVSS5.6AI score

Exploits0References4