CVE-2024-26147 vulnerabilities
Vulnerabilities for packages: flux-helm-controller, helm-push, chartmuseum, k8sgpt, trivy, up, cert-manager, zarf, istio-operator, cilium-cli, eksctl, kots, kubescape, flux-source-controller, helm-operator, zot,...
7.5CVSS
7.7AI Score
0.0004EPSS
9.8CVSS
9.9AI Score
0.005EPSS
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: coredns, dex, stakater-reloader, cosign, keda, rqlite, kots, falcoctl, vertical-pod-autoscaler, flux, flux-notification-controller, prometheus-stackdriver-exporter, yq, dgraph, nri-prometheus, prometheus-pushgateway, kubernetes-ingress-defaultbackend, trillian,...
7.5CVSS
8.4AI Score
0.002EPSS
CVE-2024-29903 vulnerabilities
Vulnerabilities for packages: aactl, falcoctl, ko, goreleaser, tkn, zarf, melange, falco, kubescape, slsa-verifier, flux-source-controller, policy-controller, neuvector-sigstore-interface, zot, gitsign, tekton-chains, wolfictl, skaffold, apko, spire-server,...
4.2CVSS
4.6AI Score
0.0004EPSS
GHSA-QPPJ-FM5R-HXR3 vulnerabilities
Vulnerabilities for packages: coredns, dex, stakater-reloader, cosign, keda, rqlite, kots, istio-envoy, flux-notification-controller, prometheus-stackdriver-exporter, dgraph, nri-prometheus, ip-masq-agent, nginx-stable, goreleaser, minio, cert-manager, sigstore-scaffolding, envoy-ratelimit,...
7.5AI Score
GHSA-32CH-6X54-Q4H9 vulnerabilities
Vulnerabilities for packages: dex, stakater-reloader, keda, velero, nri-mssql, prometheus-beat-exporter, nri-apache, rqlite, go-bindata, vertical-pod-autoscaler, flux, go-md2man, configmap-reload, yq, newrelic-prometheus-configurator, aws-flb-cloudwatch, dagger, dgraph,...
7.5AI Score
GHSA-MW99-9CHC-XW7R vulnerabilities
Vulnerabilities for packages: go-licenses, pulumi, kots, pulumi-kubernetes-operator, pulumi-language-java, src-fingerprint, kubevela, pulumi-language-yaml, gomplate, goreleaser, pulumi-language-dotnet, bom, flux-kustomize-controller, zot, tekton-pipelines, gitsign, argo-cd, scorecard, gitness,...
7.5AI Score
GHSA-9F76-WG39-X86H vulnerabilities
Vulnerabilities for packages: gosu, go-licenses, aactl, flannel-cni-plugin, nats, render-template, gobuster, hey, k3d, go-bindata, mage, sbom-scorecard, sops, vertical-pod-autoscaler, cilium-envoy, configmap-reload, docker-cli, ctop, go-md2man, aws-flb-cloudwatch, prometheus-stackdriver-exporter,.....
7.5AI Score
CVE-2024-28180 vulnerabilities
Vulnerabilities for packages: dex, vault, aactl, nerdctl, cosign, keda, istio-pilot-discovery, frp, istio-cni, istio-pilot-agent, rook, step, falcoctl, containerd, fulcio, dgraph, external-secrets-operator, grpc-health-probe, kargo, ko, gomplate, goreleaser, terragrunt, guac, cilium, minio, tkn,...
4.3CVSS
6AI Score
0.0005EPSS
GHSA-2WRH-6PVC-2JM9 vulnerabilities
Vulnerabilities for packages: coredns, dex, stakater-reloader, cosign, keda, rqlite, kots, falcoctl, vertical-pod-autoscaler, flux, flux-notification-controller, prometheus-stackdriver-exporter, yq, dgraph, nri-prometheus, prometheus-pushgateway, trillian, goreleaser, prometheus-postgres-exporter,....
7.5AI Score
GHSA-45X7-PX36-X8W8 vulnerabilities
Vulnerabilities for packages: coredns, dex, cosign, cilium-cli, nri-mssql, rqlite, kots, falcoctl, flux, fulcio, prometheus-stackdriver-exporter, dgraph, trillian, goreleaser, kubernetes-event-exporter, prometheus-postgres-exporter, certificate-transparency, cfssl, temporal-ui-server, tkn,...
7.5AI Score
GHSA-V53G-5GJP-272R vulnerabilities
Vulnerabilities for packages: flux-helm-controller, helm-push, chartmuseum, k8sgpt, trivy, up, cert-manager, zarf, istio-operator, cilium-cli, eksctl, kots, kubescape, flux-source-controller, helm-operator, zot,...
7.5AI Score
9.8CVSS
9.9AI Score
0.005EPSS
9.8CVSS
9.9AI Score
0.005EPSS
7.5AI Score
GHSA-4374-P667-P6C8 vulnerabilities
Vulnerabilities for packages: coredns, dex, stakater-reloader, cosign, keda, rqlite, kots, falcoctl, vertical-pod-autoscaler, flux, flux-notification-controller, prometheus-stackdriver-exporter, yq, dgraph, nri-prometheus, prometheus-pushgateway, kubernetes-ingress-defaultbackend, trillian,...
7.5AI Score
GHSA-M425-MQ94-257G vulnerabilities
Vulnerabilities for packages: coredns, dex, aactl, flux-helm-controller, helm, aws-efs-csi-driver, cosign, keda, prometheus-adapter, pulumi, nvidia-device-plugin, grype, prometheus-blackbox-exporter, k3d, kots, pulumi-kubernetes-operator, cilium-envoy, flux-notification-controller,...
7.5AI Score
CVE-2024-29902 vulnerabilities
Vulnerabilities for packages: aactl, falcoctl, ko, goreleaser, tkn, zarf, melange, falco, kubescape, slsa-verifier, flux-source-controller, policy-controller, neuvector-sigstore-interface, zot, gitsign, tekton-chains, wolfictl, skaffold, apko, spire-server,...
4.2CVSS
4.5AI Score
0.0004EPSS
GHSA-49GW-VXVF-FC2G vulnerabilities
Vulnerabilities for packages: falcosidekick, nri-mssql, ghaudit, flux, yq, newrelic-prometheus-configurator, dgraph, kubeadm-controlplane-controller, ip-masq-agent, kubernetes-ingress-defaultbackend, trillian, php-fpm_exporter, cfssl, metallb, buildkitd, loki, task, gitness,...
7.5AI Score
GHSA-5F94-VHJQ-RPG8 vulnerabilities
Vulnerabilities for packages: gosu, go-licenses, aactl, flannel-cni-plugin, nats, render-template, gobuster, hey, k3d, go-bindata, mage, sbom-scorecard, sops, vertical-pod-autoscaler, cilium-envoy, configmap-reload, docker-cli, ctop, go-md2man, aws-flb-cloudwatch, prometheus-stackdriver-exporter,.....
7.5AI Score
CVE-2023-39326 vulnerabilities
Vulnerabilities for packages: gosu, go-licenses, aactl, flannel-cni-plugin, nats, render-template, gobuster, hey, k3d, go-bindata, mage, sbom-scorecard, sops, vertical-pod-autoscaler, cilium-envoy, configmap-reload, docker-cli, ctop, go-md2man, aws-flb-cloudwatch, prometheus-stackdriver-exporter,.....
5.3CVSS
7.2AI Score
0.001EPSS
CVE-2024-24783 vulnerabilities
Vulnerabilities for packages: dex, stakater-reloader, keda, velero, nri-mssql, prometheus-beat-exporter, nri-apache, rqlite, go-bindata, vertical-pod-autoscaler, flux, go-md2man, configmap-reload, yq, newrelic-prometheus-configurator, aws-flb-cloudwatch, dagger, dgraph,...
7.9AI Score
0.0004EPSS
CVE-2024-24785 vulnerabilities
Vulnerabilities for packages: dex, stakater-reloader, keda, velero, nri-mssql, prometheus-beat-exporter, nri-apache, rqlite, go-bindata, vertical-pod-autoscaler, flux, go-md2man, configmap-reload, yq, newrelic-prometheus-configurator, aws-flb-cloudwatch, dagger, dgraph,...
7.8AI Score
0.0004EPSS
CVE-2024-24788 vulnerabilities
Vulnerabilities for packages: coredns, dex, falcosidekick, nvidia-container-toolkit, harbor-scanner-trivy, cosign, cilium-cli, mkcert, prometheus-beat-exporter, go-bindata, spicedb, falcoctl, ghaudit, vertical-pod-autoscaler, configmap-reload, flux-notification-controller, fulcio, go-md2man,...
6.5AI Score
0.0004EPSS
GHSA-236W-P7WF-5PH8 vulnerabilities
Vulnerabilities for packages: falcosidekick, nri-mssql, ghaudit, flux, yq, newrelic-prometheus-configurator, dgraph, kubeadm-controlplane-controller, ip-masq-agent, kubernetes-ingress-defaultbackend, trillian, php-fpm_exporter, cfssl, metallb, buildkitd, loki, task, gitness,...
7.5AI Score
GHSA-XW73-RW38-6VJC vulnerabilities
Vulnerabilities for packages: aactl, flux-helm-controller, helm, cosign, nerdctl, cri-tools, pulumi, istio-pilot-discovery, eksctl, istio-pilot-agent, kots, flux-image-reflector-controller, traefik, falcoctl, cadvisor, timoni, ctop, k3s, dagger, crane, k8sgpt, kargo, kubevela, scorecard,...
7.5AI Score
GHSA-PXHW-596R-RWQ5 vulnerabilities
Vulnerabilities for packages: aws-ebs-csi-driver, calico, spark-operator, cluster-autoscaler, kubernetes-csi-driver-hostpath, kubernetes-dns-node-cache, ip-masq-agent, node-feature-discovery, nodetaint, local-static-provisioner,...
7.5AI Score
CVE-2023-49568 vulnerabilities
Vulnerabilities for packages: go-licenses, pulumi, kots, pulumi-kubernetes-operator, pulumi-language-java, src-fingerprint, kubevela, pulumi-language-yaml, gomplate, goreleaser, pulumi-language-dotnet, bom, flux-kustomize-controller, zot, tekton-pipelines, gitsign, argo-cd, scorecard, gitness,...
7.5CVSS
7.8AI Score
0.0005EPSS
GHSA-XR7R-F8XQ-VFVV vulnerabilities
Vulnerabilities for packages: nerdctl, syft, docker, nvidia-device-plugin, grype, k3d, kots, cadvisor, ctop, k3s, kubernetes, newrelic-infrastructure-agent, trivy, zarf, kubescape, zot, runc, ingress-nginx-controller, telegraf, datadog-agent, kaniko, buildkitd, skopeo, wolfictl, skaffold,...
7.5AI Score
CVE-2023-45290 vulnerabilities
Vulnerabilities for packages: dex, stakater-reloader, keda, velero, nri-mssql, prometheus-beat-exporter, nri-apache, rqlite, go-bindata, vertical-pod-autoscaler, flux, go-md2man, configmap-reload, yq, newrelic-prometheus-configurator, aws-flb-cloudwatch, dagger, dgraph,...
6AI Score
0.0004EPSS
Security Bulletin: IBM Automation Decision Services for May 2024 - Multiple CVEs addressed
Summary "IBM Automation Decision Services is vulnerable to multiple remote code execution and denial of service attacks in third party and open source used in the product for various functions. See full list below. The vulnerabilities have been addressed." Vulnerability Details ** CVEID:...
7.5CVSS
8.8AI Score
0.001EPSS
CosmicSting: critical unauthenticated XXE vulnerability in...
9.8CVSS
10AI Score
0.038EPSS
Summary IBM Storage Protect Operations Center may be affected by user configuration failures in IBM WebSphere Application Server Liberty. Vulnerability Details ** CVEID: CVE-2023-50312 DESCRIPTION: **IBM WebSphere Application Server Liberty 17.0.0.3 through 24.0.0.2 could provide weaker than...
5.3CVSS
5.2AI Score
0.0004EPSS
Summary IBM Storage Protect Operations Center may be affected by cross-site scripting vulnerability due to servlet-6.0 feature enabled in IBM WebSphere Application Server Liberty. Vulnerability Details ** CVEID: CVE-2024-27270 DESCRIPTION: **IBM WebSphere Application Server Liberty 23.0.0.3...
4.7CVSS
5.7AI Score
0.0004EPSS
Summary IBM Storage Protect Operations Center may be affected by server-side request forgery vulnerability in IBM WebSphere Application Server Liberty. Vulnerability Details ** CVEID: CVE-2024-22329 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere Application Server...
4.3CVSS
6AI Score
0.0004EPSS
Summary IBM Storage Protect Operations Center may be affected by denial of service caused by jose4j in IBM WebSphere Application Server Liberty. CVE-2023-51775. Vulnerability Details ** CVEID: CVE-2023-51775 DESCRIPTION: **jose4j is vulnerable to a denial of service, caused by improper input...
6.5AI Score
0.0004EPSS
Summary IBM Storage Protect Server may be affected by denial of service caused by stack-based overflow in Amazon Ion. CVE-2024-21634. Vulnerability Details ** CVEID: CVE-2024-21634 DESCRIPTION: **Amazon Ion is vulnerable to a denial of service, caused by a stack-based overflow in ion-java for...
7.5CVSS
6.9AI Score
0.0005EPSS
Huawei EulerOS: Security Advisory for iSulad (EulerOS-SA-2024-1858)
The remote host is missing an update for the Huawei...
7CVSS
7AI Score
0.0004EPSS
Huawei EulerOS: Security Advisory for iSulad (EulerOS-SA-2024-1872)
The remote host is missing an update for the Huawei...
7CVSS
7AI Score
0.0004EPSS
9.8CVSS
9.6AI Score
0.038EPSS
Debian dla-3846 : libmojolicious-perl - security update
The remote Debian 10 host has a package installed that is affected by a vulnerability as referenced in the dla-3846 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-3846-1 [email protected] ...
6.5AI Score
0.0004EPSS
iDRAC9, versions prior to 7.00.00.172 for 14th Generation and 7.10.50.00 for 15th and 16th Generations, contains a session hijacking vulnerability in IPMI. A remote attacker could potentially exploit this vulnerability, leading to arbitrary code execution on the vulnerable...
7.6CVSS
7.7AI Score
0.0004EPSS
The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
6.1CVSS
0.001EPSS
The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
6.1CVSS
6.1AI Score
0.001EPSS
The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
6.1CVSS
6.6AI Score
0.001EPSS
The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...
6.1CVSS
0.001EPSS
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...
6.1CVSS
0.0005EPSS
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...
6.1CVSS
6AI Score
0.0005EPSS
CVE-2024-5889 Events Manager <= 6.4.8 - Reflected Cross-Site Scripting
The Events Manager – Calendar, Bookings, Tickets, and more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘country’ parameter in all versions up to, and including, 6.4.8 due to insufficient input sanitization and output escaping. This makes it possible for...
6.1CVSS
0.0005EPSS
The Floating Social Buttons plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.5. This is due to missing or incorrect nonce validation on the floating_social_buttons_option() function. This makes it possible for unauthenticated attackers to...
6.1CVSS
0.0005EPSS