Vulnerabilities for packages: aws-ebs-csi-driver, calico, spark-operator, cluster-autoscaler, kubernetes-csi-driver-hostpath, kubernetes-dns-node-cache, ip-masq-agent, node-feature-discovery, nodetaint, local-static-provisioner,...
2.7CVSS
4.3AI Score
0.0004EPSS
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: dex, stakater-reloader, keda, velero, nri-mssql, prometheus-beat-exporter, nri-apache, rqlite, go-bindata, vertical-pod-autoscaler, flux, go-md2man, configmap-reload, yq, newrelic-prometheus-configurator, aws-flb-cloudwatch, dagger, dgraph,...
7.8AI Score
0.0004EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: dex, stakater-reloader, cosign, keda, syft, velero, cilium-cli, prometheus-beat-exporter, kots, restic, rook, rqlite, falcoctl, spicedb, vertical-pod-autoscaler, flux, configmap-reload, flux-notification-controller, fulcio, prometheus-stackdriver-exporter, dagger,...
7.5AI Score
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: coredns, dex, stakater-reloader, cosign, keda, rqlite, kots, istio-envoy, flux-notification-controller, prometheus-stackdriver-exporter, dgraph, nri-prometheus, ip-masq-agent, nginx-stable, goreleaser, minio, cert-manager, sigstore-scaffolding, envoy-ratelimit,...
7.5CVSS
9AI Score
0.732EPSS
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: coredns, dex, falcosidekick, nvidia-container-toolkit, harbor-scanner-trivy, cosign, cilium-cli, mkcert, prometheus-beat-exporter, go-bindata, spicedb, falcoctl, ghaudit, vertical-pod-autoscaler, configmap-reload, flux-notification-controller, fulcio, go-md2man,...
6.5AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: coredns, dex, falcosidekick, nvidia-container-toolkit, harbor-scanner-trivy, cosign, cilium-cli, mkcert, prometheus-beat-exporter, go-bindata, spicedb, falcoctl, ghaudit, vertical-pod-autoscaler, configmap-reload, flux-notification-controller, fulcio, go-md2man,...
7.5AI Score
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: falcosidekick, nri-mssql, ghaudit, flux, yq, newrelic-prometheus-configurator, dgraph, kubeadm-controlplane-controller, ip-masq-agent, kubernetes-ingress-defaultbackend, trillian, php-fpm_exporter, cfssl, metallb, buildkitd, loki, task, gitness,...
5.5CVSS
6.1AI Score
0.0004EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: dex, stakater-reloader, cosign, keda, syft, velero, cilium-cli, prometheus-beat-exporter, kots, restic, rook, rqlite, falcoctl, spicedb, vertical-pod-autoscaler, flux, configmap-reload, flux-notification-controller, fulcio, prometheus-stackdriver-exporter, dagger,...
6.6AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: dex, stakater-reloader, keda, velero, nri-mssql, prometheus-beat-exporter, nri-apache, rqlite, go-bindata, vertical-pod-autoscaler, flux, go-md2man, configmap-reload, yq, newrelic-prometheus-configurator, aws-flb-cloudwatch, dagger, dgraph,...
7.5AI Score
CVE-2023-45285 vulnerabilities
Vulnerabilities for packages: gosu, go-licenses, aactl, flannel-cni-plugin, nats, render-template, gobuster, hey, k3d, go-bindata, mage, sbom-scorecard, sops, vertical-pod-autoscaler, cilium-envoy, configmap-reload, docker-cli, ctop, go-md2man, aws-flb-cloudwatch, prometheus-stackdriver-exporter,.....
7.5CVSS
8AI Score
0.001EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: dex, stakater-reloader, keda, velero, nri-mssql, prometheus-beat-exporter, nri-apache, rqlite, go-bindata, vertical-pod-autoscaler, flux, go-md2man, configmap-reload, yq, newrelic-prometheus-configurator, aws-flb-cloudwatch, dagger, dgraph,...
7.8AI Score
0.0004EPSS
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: falcosidekick, nri-mssql, ghaudit, flux, yq, newrelic-prometheus-configurator, dgraph, kubeadm-controlplane-controller, ip-masq-agent, kubernetes-ingress-defaultbackend, trillian, goreleaser, php-fpm_exporter, cfssl, metallb, buildkitd, loki, task, gitness,...
6.8AI Score
0.0004EPSS
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: falcosidekick, nri-mssql, ghaudit, flux, yq, newrelic-prometheus-configurator, dgraph, kubeadm-controlplane-controller, ip-masq-agent, kubernetes-ingress-defaultbackend, trillian, goreleaser, php-fpm_exporter, cfssl, metallb, buildkitd, loki, task, gitness,...
7.5AI Score
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: coredns, dex, falcosidekick, nvidia-container-toolkit, harbor-scanner-trivy, cosign, cilium-cli, mkcert, prometheus-beat-exporter, go-bindata, spicedb, falcoctl, ghaudit, vertical-pod-autoscaler, configmap-reload, flux-notification-controller, fulcio, go-md2man,...
7.5AI Score
CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: falcosidekick, nri-mssql, ghaudit, flux, yq, newrelic-prometheus-configurator, dgraph, kubeadm-controlplane-controller, ip-masq-agent, kubernetes-ingress-defaultbackend, trillian, php-fpm_exporter, cfssl, metallb, buildkitd, loki, task, gitness,...
9.8CVSS
9.8AI Score
0.001EPSS
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: dex, stakater-reloader, keda, velero, nri-mssql, prometheus-beat-exporter, nri-apache, rqlite, go-bindata, vertical-pod-autoscaler, flux, go-md2man, configmap-reload, yq, newrelic-prometheus-configurator, aws-flb-cloudwatch, dagger, dgraph,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: dex, stakater-reloader, keda, velero, nri-mssql, prometheus-beat-exporter, nri-apache, rqlite, go-bindata, vertical-pod-autoscaler, flux, go-md2man, configmap-reload, yq, newrelic-prometheus-configurator, aws-flb-cloudwatch, dagger, dgraph,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: dex, stakater-reloader, keda, velero, nri-mssql, prometheus-beat-exporter, nri-apache, rqlite, go-bindata, vertical-pod-autoscaler, flux, go-md2man, configmap-reload, yq, newrelic-prometheus-configurator, aws-flb-cloudwatch, dagger, dgraph,...
7.5AI Score
Vulnerabilities for packages: aws-ebs-csi-driver, calico, spark-operator, aws-efs-csi-driver, cluster-autoscaler, kubernetes-dns-node-cache, prometheus-adapter, ip-masq-agent,...
8.8CVSS
8.1AI Score
0.001EPSS
GHSA-HQ6Q-C2X6-HMCH vulnerabilities
Vulnerabilities for packages: aws-ebs-csi-driver, calico, spark-operator, aws-efs-csi-driver, cluster-autoscaler, kubernetes-dns-node-cache, prometheus-adapter, ip-masq-agent,...
7.5AI Score
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: coredns, dex, stakater-reloader, cosign, keda, rqlite, kots, istio-envoy, flux-notification-controller, prometheus-stackdriver-exporter, dgraph, nri-prometheus, ip-masq-agent, nginx-stable, goreleaser, minio, cert-manager, sigstore-scaffolding, envoy-ratelimit,...
7.5AI Score
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: dex, stakater-reloader, keda, velero, nri-mssql, prometheus-beat-exporter, nri-apache, rqlite, go-bindata, vertical-pod-autoscaler, flux, go-md2man, configmap-reload, yq, newrelic-prometheus-configurator, aws-flb-cloudwatch, dagger, dgraph,...
7.5AI Score
GHSA-9F76-WG39-X86H vulnerabilities
Vulnerabilities for packages: gosu, go-licenses, aactl, flannel-cni-plugin, nats, render-template, gobuster, hey, k3d, go-bindata, mage, sbom-scorecard, sops, vertical-pod-autoscaler, cilium-envoy, configmap-reload, docker-cli, ctop, go-md2man, aws-flb-cloudwatch, prometheus-stackdriver-exporter,.....
7.5AI Score
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: falcosidekick, nri-mssql, ghaudit, flux, yq, newrelic-prometheus-configurator, dgraph, kubeadm-controlplane-controller, ip-masq-agent, kubernetes-ingress-defaultbackend, trillian, php-fpm_exporter, cfssl, metallb, buildkitd, loki, task, gitness,...
7.5AI Score
GHSA-5F94-VHJQ-RPG8 vulnerabilities
Vulnerabilities for packages: gosu, go-licenses, aactl, flannel-cni-plugin, nats, render-template, gobuster, hey, k3d, go-bindata, mage, sbom-scorecard, sops, vertical-pod-autoscaler, cilium-envoy, configmap-reload, docker-cli, ctop, go-md2man, aws-flb-cloudwatch, prometheus-stackdriver-exporter,.....
7.5AI Score
CVE-2023-39326 vulnerabilities
Vulnerabilities for packages: gosu, go-licenses, aactl, flannel-cni-plugin, nats, render-template, gobuster, hey, k3d, go-bindata, mage, sbom-scorecard, sops, vertical-pod-autoscaler, cilium-envoy, configmap-reload, docker-cli, ctop, go-md2man, aws-flb-cloudwatch, prometheus-stackdriver-exporter,.....
5.3CVSS
7.2AI Score
0.001EPSS
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: dex, stakater-reloader, keda, velero, nri-mssql, prometheus-beat-exporter, nri-apache, rqlite, go-bindata, vertical-pod-autoscaler, flux, go-md2man, configmap-reload, yq, newrelic-prometheus-configurator, aws-flb-cloudwatch, dagger, dgraph,...
7.9AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: dex, stakater-reloader, keda, velero, nri-mssql, prometheus-beat-exporter, nri-apache, rqlite, go-bindata, vertical-pod-autoscaler, flux, go-md2man, configmap-reload, yq, newrelic-prometheus-configurator, aws-flb-cloudwatch, dagger, dgraph,...
7.8AI Score
0.0004EPSS
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: coredns, dex, falcosidekick, nvidia-container-toolkit, harbor-scanner-trivy, cosign, cilium-cli, mkcert, prometheus-beat-exporter, go-bindata, spicedb, falcoctl, ghaudit, vertical-pod-autoscaler, configmap-reload, flux-notification-controller, fulcio, go-md2man,...
6.5AI Score
0.0004EPSS
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: falcosidekick, nri-mssql, ghaudit, flux, yq, newrelic-prometheus-configurator, dgraph, kubeadm-controlplane-controller, ip-masq-agent, kubernetes-ingress-defaultbackend, trillian, php-fpm_exporter, cfssl, metallb, buildkitd, loki, task, gitness,...
7.5AI Score
GHSA-PXHW-596R-RWQ5 vulnerabilities
Vulnerabilities for packages: aws-ebs-csi-driver, calico, spark-operator, cluster-autoscaler, kubernetes-csi-driver-hostpath, kubernetes-dns-node-cache, ip-masq-agent, node-feature-discovery, nodetaint, local-static-provisioner,...
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: dex, stakater-reloader, keda, velero, nri-mssql, prometheus-beat-exporter, nri-apache, rqlite, go-bindata, vertical-pod-autoscaler, flux, go-md2man, configmap-reload, yq, newrelic-prometheus-configurator, aws-flb-cloudwatch, dagger, dgraph,...
6AI Score
0.0004EPSS
9.8CVSS
9.6AI Score
0.038EPSS
Google to Block Entrust Certificates in Chrome Starting November 2024
Google has announced that it's going to start blocking websites that use certificates from Entrust starting around November 1, 2024, in its Chrome browser, citing compliance failures and the certificate authority's inability to address security issues in a timely manner. "Over the past several...
7.1AI Score
The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive...
7.5CVSS
7.5AI Score
0.001EPSS
The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive...
7.5CVSS
0.001EPSS
CVE-2024-5598 Advanced File Manager <= 5.2.4 - Sensitive Information Exposure via Directory Listing
The Advanced File Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 5.2.4 via the 'fma_local_file_system' function. This makes it possible for unauthenticated attackers to extract sensitive data including backups or other sensitive...
7.5CVSS
0.001EPSS
Friday Squid Blogging: New Squid Species
A new squid species--of the Gonatidae family--was discovered. The video shows her holding a brood of very large eggs. Research...
7.3AI Score
3 More Plugins Infected in WordPress.org Supply Chain Attack Due to Compromised Developer Passwords
Update #1: As of 12:36PM EST, another plugin has been infected. We've updated the list below to include this fourth plugin and the plugins team has been notified. Update #2: As of 2:20 PM EST, two more plugins appear to have malicious commits, however, the releases have not officially been made...
7.1AI Score
Researchers Warn of Flaws in Widely Used Industrial Gas Analysis Equipment
Multiple security flaws have been disclosed in Emerson Rosemount gas chromatographs that could be exploited by malicious actors to obtain sensitive information, induce a denial-of-service (DoS) condition, and even execute arbitrary commands. The flaws impact GC370XA, GC700XA, and GC1500XA and...
9.8CVSS
9AI Score
0.001EPSS
A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the IP block functionality. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following...
7.2CVSS
0.0004EPSS
A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the IP block functionality. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following...
7.2CVSS
7.8AI Score
0.0004EPSS
A vulnerability regarding improper neutralization of special elements used in an OS command ('OS Command Injection') is found in the IP block functionality. This allows remote authenticated users with administrator privileges to execute arbitrary commands via unspecified vectors. The following...
7.2CVSS
0.0004EPSS
K000140188: PostgreSQL vulnerability CVE-2024-0985
Security Advisory Description Late privilege drop in REFRESH MATERIALIZED VIEW CONCURRENTLY in PostgreSQL allows an object creator to execute arbitrary SQL functions as the command issuer. The command intends to run SQL functions as the owner of the materialized view, enabling safe refresh of...
8CVSS
8.1AI Score
0.001EPSS
K000140189: Linux kernel vulnerability CVE-2021-47572
Security Advisory Description In the Linux kernel, the following vulnerability has been resolved: net: nexthop: fix null pointer dereference when IPv6 is not enabled When we try to add an IPv6 nexthop and IPv6 is not enabled (!CONFIG_IPV6) we'll hit a NULL pointer dereference[1] in the error path.....
5.5CVSS
6.4AI Score
0.0004EPSS
CVE-2024-34102 POC for CVE-2024-34102. A pre-authentication...
9.8CVSS
6.9AI Score
0.038EPSS
Decoding OWASP – A Security Engineer’s Roadmap to Application Security
In a time where over 60% of data breaches are linked to software vulnerabilities and a single overlooked software vulnerability can expose sensitive data, the imperative of robust application security cannot be overstated. The 2023 IBM Security Cost of a Data Breach Report highlights that...
8.4AI Score
An Inside Look at The Malware and Techniques Used in the WordPress.org Supply Chain Attack
On Monday June 24th, 2024 the Wordfence Threat Intelligence team was made aware of the presence of malware in the Social Warfare repository plugin (see post Supply Chain Attack on WordPress.org Plugins Leads to 5 Maliciously Compromised WordPress Plugins). After adding the malicious code to our...
7.8AI Score
Supply Chain Compromise Leads to Trojanized Installers for Notezilla, RecentX, Copywhiz
The following Rapid7 analysts contributed to this research: Leo Gutierrez, Tyler McGraw, Sarah Lee, and Thomas Elkins. Executive Summary On Tuesday, June 18th, 2024, Rapid7 initiated an investigation into suspicious activity in a customer environment. Our investigation identified that the...
6.9AI Score
Wordfence Intelligence Weekly WordPress Vulnerability Report (June 17, 2024 to June 23, 2024)
_ Did you know Wordfence runs a Bug Bounty Program for all WordPress plugin and themes at no cost to vendors? __Researchers can earn up to $10,400, for all in-scope vulnerabilities submitted to our Bug Bounty Program! Find a vulnerability, submit the details directly to us, and we handle all the...
10CVSS
9.7AI Score
EPSS