7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
Vulnerabilities for packages: py3-flask-cors, kubeflow-jupyter-web-app,...
5.3CVSS
6AI Score
0.0004EPSS
Summary The IBM® Engineering System Design Rhapsody 10.0 iFix001, The IBM® Engineering System Design Rhapsody 9.0.2 iFix002 and The IBM® Engineering System Design Rhapsody 9.0.1 iFix006 contain fixes for vulnerabilities identified in the Vulnerabilities Details section. The refererred iFix...
5.3CVSS
8AI Score
0.033EPSS
7.5AI Score
9.8CVSS
9.7AI Score
0.002EPSS
GHSA-84PR-M4JR-85G5 vulnerabilities
Vulnerabilities for packages: py3-flask-cors, kubeflow-jupyter-web-app,...
7.5AI Score
CVE-2023-45803 vulnerabilities
Vulnerabilities for packages: py3-urllib3, kubeflow-volumes-web-app, jwt-tool, kubeflow-jupyter-web-app,...
4.2CVSS
7.1AI Score
0.0004EPSS
GHSA-G4MX-Q9VG-27P4 vulnerabilities
Vulnerabilities for packages: py3-urllib3, kubeflow-volumes-web-app, jwt-tool, kubeflow-jupyter-web-app,...
7.5AI Score
GHSA-2G68-C3QC-8985 vulnerabilities
Vulnerabilities for packages: py3-werkzeug, py3.10-tensorflow-core, kubeflow-volumes-web-app, superset,...
7.5AI Score
CVE-2024-34069 vulnerabilities
Vulnerabilities for packages: py3-werkzeug, py3.10-tensorflow-core, kubeflow-volumes-web-app, superset,...
7.5CVSS
7.8AI Score
0.0004EPSS
CVE-2024-34064 vulnerabilities
Vulnerabilities for packages: reflex, dask-gateway, py3-jinja2, confluent-docker-utils, kubeflow-volumes-web-app, superset, kubeflow-jupyter-web-app,...
5.4CVSS
6.1AI Score
0.0004EPSS
GHSA-H75V-3VVJ-5MFJ vulnerabilities
Vulnerabilities for packages: reflex, dask-gateway, py3-jinja2, confluent-docker-utils, kubeflow-volumes-web-app, superset, kubeflow-jupyter-web-app,...
7.5AI Score
CVE-2023-46136 vulnerabilities
Vulnerabilities for packages: py3-werkzeug, kubeflow-volumes-web-app, kubeflow-jupyter-web-app, airflow,...
8CVSS
7.9AI Score
0.001EPSS
GHSA-HRFV-MQP8-Q5RW vulnerabilities
Vulnerabilities for packages: py3-werkzeug, kubeflow-volumes-web-app, kubeflow-jupyter-web-app, airflow,...
7.5AI Score
SonarQube logs sensitive information
In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs,...
4.9CVSS
6.9AI Score
0.0004EPSS
GHSA-V845-JXX5-VC9F vulnerabilities
Vulnerabilities for packages: dask-gateway, py3-urllib3, kubeflow-volumes-web-app, kube-downscaler, kubeflow-jupyter-web-app,...
7.5AI Score
CVE-2023-43804 vulnerabilities
Vulnerabilities for packages: dask-gateway, py3-urllib3, kubeflow-volumes-web-app, kube-downscaler, kubeflow-jupyter-web-app,...
8.1CVSS
7.7AI Score
0.001EPSS
CVE-2024-37891 vulnerabilities
Vulnerabilities for packages: mlflow, dask-gateway, ggshield, kubeflow-katib, az, confluent-docker-utils, py3-urllib3, kubeflow-volumes-web-app, superset, py3-cassandra-medusa, k8s-sidecar, kubeflow-jupyter-web-app, airflow, reflex,...
4.4CVSS
4.9AI Score
0.0004EPSS
GHSA-9WX4-H78V-VM56 vulnerabilities
Vulnerabilities for packages: mlflow, patroni, ggshield, kubeflow-katib, az, confluent-docker-utils, py3.10-tensorflow-core, kubeflow-volumes-web-app, superset, jwt-tool, py3-cassandra-medusa, k8s-sidecar, kubeflow-jupyter-web-app, airflow, datadog-agent, reflex,...
7.5AI Score
Malicious code in scm-design-system-cra (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (a41692a79d6b73b049dbff75d56c8a18218a4878d024ef4c0da7b19b16ebab3a) The OpenSSF Package Analysis project identified 'scm-design-system-cra' @ 0.1.1 (npm) as malicious. It is considered malicious because: The...
7.1AI Score
7.1AI Score
GHSA-34JH-P97F-MPXF vulnerabilities
Vulnerabilities for packages: mlflow, dask-gateway, ggshield, kubeflow-katib, az, confluent-docker-utils, py3-urllib3, kubeflow-volumes-web-app, superset, py3-cassandra-medusa, k8s-sidecar, kubeflow-jupyter-web-app, airflow, reflex,...
7.5AI Score
GHSA-JJG7-2V4V-X38H vulnerabilities
Vulnerabilities for packages: dask-gateway, ggshield, kubeflow-katib, az, confluent-docker-utils, py3.10-tensorflow-core, kubeflow-volumes-web-app, jwt-tool, py3-cassandra-medusa, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines-visualization-server, datadog-agent, py3-idna,...
7.5AI Score
Vulnerabilities for packages: dask-gateway, ggshield, kubeflow-katib, az, confluent-docker-utils, py3.10-tensorflow-core, kubeflow-volumes-web-app, jwt-tool, py3-cassandra-medusa, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines-visualization-server, datadog-agent, py3-idna,...
6.7AI Score
EPSS
Malicious code in nespresso-design-system (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (e4df4d16cd100a965fef42c58150e9688849a5acfa8de2f809b3ed66f5ef9f29) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
Spring Framework URL Parsing with Host Validation
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL...
8.1CVSS
7.9AI Score
0.0004EPSS
CVE-2024-35195 vulnerabilities
Vulnerabilities for packages: mlflow, patroni, ggshield, kubeflow-katib, az, confluent-docker-utils, py3.10-tensorflow-core, kubeflow-volumes-web-app, superset, jwt-tool, py3-cassandra-medusa, k8s-sidecar, kubeflow-jupyter-web-app, airflow, datadog-agent, reflex,...
5.6CVSS
6.2AI Score
0.0004EPSS
Spring Framework URL Parsing with Host Validation Vulnerability
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...
8.1CVSS
7AI Score
0.0004EPSS
Spring Web vulnerable to Open Redirect or Server Side Request Forgery
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL is used after passing validation...
8.1CVSS
6.7AI Score
0.0004EPSS
7.1AI Score
Malicious code in dist-web (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (ff355bd5f2422ce630aeb0652869d4bdaa8f3f18cf576fc60a76588f3acf36b4) The OpenSSF Package Analysis project identified 'dist-web' @ 99.1.1 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
7.1AI Score
org.springframework: spring-web is vulnerable Open Redirect. The vulnerability is caused due to improper validation checks on the host of the parsed URL, which could lead to potential SSRF attacks if the URL is utilized...
8.1CVSS
7AI Score
0.0004EPSS
Server Side Request Forgery (SSRF)
org.springframework:spring-web is vulnerable to Open Redirect. The vulnerability is due to insufficient validation checks of the host URL within UriComponentsBuilder.java. If an application utilizes the host validation checks, an attacker can perform an open redirect or Server-Side Request Forgery....
8.1CVSS
6.7AI Score
0.0004EPSS
Server Side Request Forgery (SSRF)
org.springframework:spring-web is vulnerable to Open Redirect. The vulnerability is due to insufficient validation checks of the host URL within UriComponentsBuilder.java. If an application utilizes the host validation checks, an attacker can perform an open redirect or Server-Side Request Forgery....
8.1CVSS
8AI Score
0.0004EPSS
Malicious code in virtuoso-web-chat (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (09f5be1f1f3cad8c43378afb0ddb0aed39e00e1e3169ff5e1559ab4c39d1bf06) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
7.1AI Score
7.1AI Score
7.1AI Score
7.1AI Score
Spring Web vulnerable to Open Redirect or Server Side Request Forgery
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL is used after passing validation...
8.1CVSS
7AI Score
0.0004EPSS
Spring Framework URL Parsing with Host Validation
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL...
8.1CVSS
6.5AI Score
0.0004EPSS
Spring Framework URL Parsing with Host Validation Vulnerability
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...
8.1CVSS
7AI Score
0.0004EPSS
The RPC interface in datax-web v1.0.0 and v2.0.0 to v2.1.2 contains no permission checks by default which allows attackers to execute arbitrary commands via crafted Hessian serialized...
9.8CVSS
7.7AI Score
0.002EPSS
It was discovered that the IcedTea-Web used codebase attribute of the tag on the HTML page that hosts Java applet in the Same Origin Policy (SOP) checks. As the specified codebase does not have to match the applet's actual origin, this allowed malicious site to bypass SOP via spoofed codebase...
7.5CVSS
6.4AI Score
0.002EPSS
Multiple vulnerabilities in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager; Secure Email Gateway, formerly Email Security Appliance (ESA); and Secure Web Appliance could allow a remote attacker to conduct a cross-site scripting (XSS) attack...
5.9AI Score
0.0004EPSS
Web Sockets do not execute any AuthenticateMethod methods which may be set, leading to a nil pointer dereference if the returned UserData pointer is assumed to be non-nil, or authentication bypass. This issue only affects WebSockets with an AuthenticateMethod hook. Request handlers that do not...
9.8CVSS
9.7AI Score
0.002EPSS