Desigo PX Automation Controllers PXC22.1-E.D, PXC36-E.D, PXC36.1-E.D With Activated Web Server Security Vulnerabilities

CVE-2023-4017 Goya <= 1.0.8.7 - Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters

The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2023-4017 Goya <= 1.0.8.7 - Unauthenticated Reflected Cross-Site Scripting via Multiple Parameters

The Goya theme for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘attra-color’, 'attra-size', and 'product-cata' parameters in versions up to, and including, 1.0.8.7 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated...

CVE-2024-5819

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-5819

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on user supplied...

CVE-2024-5819 Gutenberg Blocks with AI by Kadence WP – Page Builder Features <= 3.2.45 - Authenticated (Contributor+) Stored DOM-Based Cross-Site Scripting via HTML Data Attributes

The Gutenberg Blocks with AI by Kadence WP – Page Builder Features plugin for WordPress is vulnerable to DOM-based Stored Cross-Site Scripting via HTML data attributes in all versions up to, and including, 3.2.45 due to insufficient input sanitization and output escaping on user supplied...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: bom, gitlab-pages, hey, hugo, kubewatch, gke-gcloud-auth-plugin, nats, wireguard-go, nri-prometheus, stakater-reloader, cluster-autoscaler, dynamic-localpv-provisioner, cilium-envoy, kubernetes-csi-external-attacher, pulumi, secrets-store-csi-driver,...

GHSA-95PR-FXF5-86GV vulnerabilities

Vulnerabilities for packages: aactl, gitsign, spire-server, zot, melange, tekton-chains, policy-controller, falcoctl, falco, apko, flux-source-controller, kubescape, wolfictl, skaffold, vexctl, zarf, neuvector-sigstore-interface, slsa-verifier, tkn, ko,...

CVE-2024-6104 vulnerabilities

Vulnerabilities for packages: aactl, gitlab-kas, buildkitd, gitsign, spire-server, actions-runner-controller, gh, zot, k3d, skopeo, terraform, bank-vaults, loki, tekton-chains, rekor, flux-kustomize-controller, keda, influxd, policy-controller, ksops, external-dns, k3s, terragrunt, falcoctl,...

CVE-2024-29018 vulnerabilities

Vulnerabilities for packages: aactl, buildkitd, spire-server, zot, melange, ctop, loki, buf, crossplane, up, kargo, telegraf, syft, conftest, kaniko, datadog-agent, grype, kubescape, cadvisor, wolfictl, trivy, docker-compose, dagger, prometheus, tkn, ko,...

GHSA-MQ39-4GV4-MVPX vulnerabilities

Vulnerabilities for packages: aactl, buildkitd, spire-server, zot, melange, ctop, loki, buf, crossplane, up, kargo, telegraf, syft, conftest, kaniko, datadog-agent, grype, kubescape, cadvisor, wolfictl, trivy, docker-compose, dagger, prometheus, tkn, ko,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: gitlab-pages, prometheus-operator, actions-runner-controller, kube-bench, runc, aws-flb-kinesis, bank-vaults, crossplane-provider-gcp, tekton-chains, vertical-pod-autoscaler, kubernetes-dns-node-cache, cass-operator, hugo, kubewatch, chartmuseum, kargo, nats,...

GHSA-MRWW-27VC-GGHV vulnerabilities

Vulnerabilities for packages: temporal-server, src, kots, caddy, kube-bench, step-ca, spicedb, telegraf, argo-workflows, trillian, amass, ferretdb, keda, kine, vault,...

CVE-2024-21506 vulnerabilities

Vulnerabilities for packages: py3-pymongo, kubeflow-pipelines-visualization-server,...

CVE-2023-41419 vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app,...

GHSA-X7M3-JPRG-WC5G vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app,...

CVE-2024-34069 vulnerabilities

Vulnerabilities for packages: py3-werkzeug, superset, kubeflow-jupyter-web-app, py3.10-tensorflow-core,...

GHSA-2G68-C3QC-8985 vulnerabilities

Vulnerabilities for packages: py3-werkzeug, superset, kubeflow-jupyter-web-app, py3.10-tensorflow-core,...

GHSA-84PR-M4JR-85G5 vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app, kubeflow-jupyter-web-app,...

CVE-2024-28219 vulnerabilities

Vulnerabilities for packages: pytorch, py3-pillow,...

GHSA-M87M-MMVP-V9QM vulnerabilities

Vulnerabilities for packages:...

CVE-2024-20994 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21047 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21062 vulnerabilities

Vulnerabilities for packages:...

GHSA-5XQ9-RCPJ-P52V vulnerabilities

Vulnerabilities for packages:...

GHSA-88H4-JW57-85V9 vulnerabilities

Vulnerabilities for packages:...

GHSA-R27R-5FWH-VXQW vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21885 vulnerabilities

Vulnerabilities for packages:...

CVE-2024-21886 vulnerabilities

Vulnerabilities for packages:...

GHSA-49WX-9H9F-8C9G vulnerabilities

Vulnerabilities for packages:...

CVE-2024-31080 vulnerabilities

Vulnerabilities for packages:...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: bom, yq, prometheus-operator, actions-runner-controller, kube-bench, runc, hey, aws-flb-kinesis, aws-flb-cloudwatch, vertical-pod-autoscaler, aws-flb-firehose, kubernetes-dns-node-cache, cass-operator, docker-credential-acr-env, nri-f5, kubewatch, gitlab-logger,...

CVE-2024-27304 vulnerabilities

Vulnerabilities for packages: temporal-server, src, kots, caddy, kube-bench, step-ca, spicedb, telegraf, argo-workflows, trillian, amass, ferretdb, keda, kine, vault,...

GHSA-VQ7J-GX56-RXJH vulnerabilities

Vulnerabilities for packages: kind, metrics-server,...

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: aactl, gitsign, spire-server, oauth2-proxy, tekton-chains, rekor, flux-kustomize-controller, keda, traefik, terragrunt, cloudflared, falco, tekton-pipelines, cilium-envoy, vault, flux-source-controller, fulcio, dex, kubescape, external-secrets-operator, kots,...

CVE-2023-45288 vulnerabilities

Vulnerabilities for packages: gitlab-pages, yq, tekton-chains, aws-flb-firehose, cass-operator, kubewatch, stern, gke-gcloud-auth-plugin, kargo, nri-prometheus, timestamp-authority, tigera-operator, wire-go, cilium-cli, kubernetes-csi-external-attacher, task, paranoia, k8ssandra-operator, fq,...

CVE-2024-24787 vulnerabilities

Vulnerabilities for packages: bom, gitlab-pages, kube-bench, runc, hey, vertical-pod-autoscaler, bank-vaults, crossplane-provider-gcp, tekton-chains, kubernetes-dns-node-cache, docker-credential-acr-env, gobump, kubewatch, go-fips, stern, gke-gcloud-auth-plugin, chartmuseum, wireguard-go, ipfs,...

GHSA-5FQ7-4MXC-535H vulnerabilities

Vulnerabilities for packages: bom, gitlab-pages, kube-bench, runc, hey, vertical-pod-autoscaler, bank-vaults, crossplane-provider-gcp, tekton-chains, kubernetes-dns-node-cache, docker-credential-acr-env, gobump, kubewatch, go-fips, stern, gke-gcloud-auth-plugin, chartmuseum, wireguard-go, ipfs,...

CVE-2024-24789 vulnerabilities

Vulnerabilities for packages: gitlab-pages, yq, tekton-chains, aws-flb-firehose, cass-operator, kubewatch, stern, gke-gcloud-auth-plugin, kargo, nri-prometheus, timestamp-authority, local-static-provisioner, wire-go, cilium-cli, kubernetes-csi-external-attacher, task, wave, paranoia,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: aactl, sonobuoy, gosu, hey, gobuster, k3d, aws-flb-kinesis, aws-flb-cloudwatch, vertical-pod-autoscaler, ctop, docker-cli, aws-flb-firehose, cass-operator, gitlab-logger, gke-gcloud-auth-plugin, oras, protoc-gen-go-grpc, kind, nats, falco, dgraph, mage, petname,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: bom, gitlab-pages, prometheus-operator, yq, runc, hey, vertical-pod-autoscaler, bank-vaults, hugo, kubewatch, gke-gcloud-auth-plugin, chartmuseum, wireguard-go, nri-prometheus, stakater-reloader, cluster-autoscaler, dynamic-localpv-provisioner, apko,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: bom, gitlab-pages, actions-runner-controller, bank-vaults, tekton-chains, docker-credential-acr-env, hugo, kubewatch, nats, wireguard-go, cluster-autoscaler, dynamic-localpv-provisioner, apko, tigera-operator, tekton-pipelines, prometheus-mysqld-exporter, cilium-cli,.....

CVE-2024-24786 vulnerabilities

Vulnerabilities for packages: gitlab-pages, prometheus-operator, actions-runner-controller, kube-bench, runc, aws-flb-kinesis, bank-vaults, crossplane-provider-gcp, tekton-chains, vertical-pod-autoscaler, kubernetes-dns-node-cache, cass-operator, hugo, kubewatch, chartmuseum, kargo, nats,...

CVE-2024-24784 vulnerabilities

Vulnerabilities for packages: bom, yq, prometheus-operator, actions-runner-controller, kube-bench, runc, hey, aws-flb-kinesis, aws-flb-cloudwatch, vertical-pod-autoscaler, aws-flb-firehose, kubernetes-dns-node-cache, cass-operator, docker-credential-acr-env, nri-f5, kubewatch, gitlab-logger,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: bom, yq, prometheus-operator, actions-runner-controller, kube-bench, runc, hey, aws-flb-kinesis, aws-flb-cloudwatch, vertical-pod-autoscaler, aws-flb-firehose, kubernetes-dns-node-cache, cass-operator, docker-credential-acr-env, nri-f5, kubewatch, gitlab-logger,...

CVE-2024-35255 vulnerabilities

Vulnerabilities for packages: restic, buildkitd, prometheus-operator, spire-server, zot, py3-azure-identity, bank-vaults, fluent-bit-plugin-loki, loki, tekton-chains, rekor, flux-kustomize-controller, hugo, keda, traefik, policy-controller, ksops, external-dns, grafana-agent-operator, terragrunt,.....

GHSA-M5VV-6R4H-3VJ9 vulnerabilities

Vulnerabilities for packages: restic, buildkitd, prometheus-operator, spire-server, zot, py3-azure-identity, bank-vaults, fluent-bit-plugin-loki, loki, tekton-chains, rekor, flux-kustomize-controller, hugo, keda, traefik, policy-controller, ksops, external-dns, grafana-agent-operator, terragrunt,.....

CVE-2024-3651 vulnerabilities

Vulnerabilities for packages: dask-gateway, datadog-agent, kubeflow-pipelines, ggshield, confluent-docker-utils, kubeflow-jupyter-web-app, py3.10-tensorflow-core, kubeflow-volumes-web-app, py3-idna, kubeflow-pipelines-visualization-server, py3-cassandra-medusa, kubeflow-katib, k8s-sidecar,...

GHSA-JJG7-2V4V-X38H vulnerabilities

Vulnerabilities for packages: dask-gateway, datadog-agent, kubeflow-pipelines, ggshield, confluent-docker-utils, kubeflow-jupyter-web-app, py3.10-tensorflow-core, kubeflow-volumes-web-app, py3-idna, kubeflow-pipelines-visualization-server, py3-cassandra-medusa, kubeflow-katib, k8s-sidecar,...

GHSA-HJ3V-M684-V259 vulnerabilities

Vulnerabilities for packages: spire-server, falcoctl, mc, istio-operator, istio-pilot-discovery, falco, istio-cni, kyverno, external-secrets-operator, boring-registry, istio-pilot-agent,...

GHSA-H75V-3VVJ-5MFJ vulnerabilities

Vulnerabilities for packages: dask-gateway, reflex, superset, confluent-docker-utils, py3-jinja2, kubeflow-volumes-web-app, pytorch,...