The Void Contact Form 7 Widget For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cf7_redirect_page' attribute within the plugin's Void Contact From 7 widget in all versions up to, and including, 2.4 due to insufficient input sanitization and...
6.4CVSS
EPSS
The Void Contact Form 7 Widget For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cf7_redirect_page' attribute within the plugin's Void Contact From 7 widget in all versions up to, and including, 2.4 due to insufficient input sanitization and...
6.4CVSS
5.7AI Score
EPSS
The Void Contact Form 7 Widget For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'cf7_redirect_page' attribute within the plugin's Void Contact From 7 widget in all versions up to, and including, 2.4 due to insufficient input sanitization and...
6.4CVSS
EPSS
9.8CVSS
9.7AI Score
0.002EPSS
7.5AI Score
GHSA-2G68-C3QC-8985 vulnerabilities
Vulnerabilities for packages: py3-werkzeug, kubeflow-jupyter-web-app, superset, kubeflow-volumes-web-app,...
7.5AI Score
CVE-2024-34069 vulnerabilities
Vulnerabilities for packages: py3-werkzeug, kubeflow-jupyter-web-app, superset, kubeflow-volumes-web-app,...
7.5CVSS
7.8AI Score
0.0004EPSS
GHSA-84PR-M4JR-85G5 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, kubeflow-volumes-web-app,...
7.5AI Score
GHSA-JJG7-2V4V-X38H vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, dask-gateway, py3-cassandra-medusa, kubeflow-katib, py3-idna, ggshield, confluent-docker-utils, datadog-agent, py3.10-tensorflow-core, kubeflow-volumes-web-app, jwt-tool, kubeflow-pipelines, kubeflow-pipelines-visualization-server,...
7.5AI Score
GHSA-H75V-3VVJ-5MFJ vulnerabilities
Vulnerabilities for packages: pytorch, kubeflow-jupyter-web-app, dask-gateway, reflex, confluent-docker-utils, superset, kubeflow-volumes-web-app,...
7.5AI Score
GHSA-G4MX-Q9VG-27P4 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-tensorflow-serving-api, py3-urllib3, kubeflow-volumes-web-app,...
7.5AI Score
Vulnerabilities for packages: kubeflow-jupyter-web-app, dask-gateway, py3-cassandra-medusa, kubeflow-katib, py3-idna, ggshield, confluent-docker-utils, datadog-agent, py3.10-tensorflow-core, kubeflow-volumes-web-app, jwt-tool, kubeflow-pipelines, kubeflow-pipelines-visualization-server,...
6.7AI Score
EPSS
CVE-2023-45803 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-tensorflow-serving-api, py3-urllib3, kubeflow-volumes-web-app,...
4.2CVSS
7.1AI Score
0.0004EPSS
CVE-2024-34064 vulnerabilities
Vulnerabilities for packages: pytorch, kubeflow-jupyter-web-app, dask-gateway, reflex, confluent-docker-utils, superset, kubeflow-volumes-web-app,...
5.4CVSS
6.1AI Score
0.0004EPSS
GHSA-9WX4-H78V-VM56 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, mlflow, patroni, py3-cassandra-medusa, kubeflow-katib, reflex, ggshield, datadog-agent, confluent-docker-utils, airflow, py3.10-tensorflow-core, kubeflow-volumes-web-app, jwt-tool, kubeflow-pipelines, superset, k8s-sidecar,...
7.5AI Score
CVE-2024-37891 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, dask-gateway, mlflow, py3-cassandra-medusa, kubeflow-katib, reflex, py3-urllib3, ggshield, confluent-docker-utils, airflow, superset, kubeflow-volumes-web-app, kubeflow-pipelines, k8s-sidecar,...
4.4CVSS
4.9AI Score
0.0004EPSS
Vulnerabilities for packages: kubeflow-jupyter-web-app, kubeflow-volumes-web-app,...
5.3CVSS
6AI Score
0.0004EPSS
CVE-2023-46136 vulnerabilities
Vulnerabilities for packages: py3-werkzeug, kubeflow-jupyter-web-app, py3-tensorflow-serving-api, airflow,...
8CVSS
7.9AI Score
0.001EPSS
CVE-2024-35195 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, mlflow, patroni, py3-cassandra-medusa, kubeflow-katib, reflex, ggshield, datadog-agent, confluent-docker-utils, airflow, py3.10-tensorflow-core, kubeflow-volumes-web-app, jwt-tool, kubeflow-pipelines, superset, k8s-sidecar,...
5.6CVSS
6.2AI Score
0.0004EPSS
GHSA-HRFV-MQP8-Q5RW vulnerabilities
Vulnerabilities for packages: py3-werkzeug, kubeflow-jupyter-web-app, py3-tensorflow-serving-api, airflow,...
7.5AI Score
GHSA-34JH-P97F-MPXF vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, dask-gateway, mlflow, py3-cassandra-medusa, kubeflow-katib, reflex, py3-urllib3, ggshield, confluent-docker-utils, airflow, superset, kubeflow-volumes-web-app, kubeflow-pipelines, k8s-sidecar,...
7.5AI Score
GHSA-V845-JXX5-VC9F vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, dask-gateway, py3-urllib3, kubeflow-volumes-web-app, k8s-sidecar,...
7.5AI Score
CVE-2023-43804 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, dask-gateway, py3-urllib3, kubeflow-volumes-web-app, k8s-sidecar,...
8.1CVSS
7.7AI Score
0.001EPSS
9AI Score
The Boot Store theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
6.4CVSS
5.8AI Score
EPSS
Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job Management Partner1/Extensible SNMP Agent on Windows allows File Manipulation.This issue affects JP1/Extensible SNMP Agent for Windows: from 12-00....
7.8CVSS
7.7AI Score
EPSS
Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before...
5.1CVSS
5.4AI Score
EPSS
Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before...
5.1CVSS
EPSS
Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job Management Partner1/Extensible SNMP Agent on Windows allows File Manipulation.This issue affects JP1/Extensible SNMP Agent for Windows: from 12-00....
7.8CVSS
EPSS
The Boot Store theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
6.4CVSS
EPSS
The Boot Store theme for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter within the theme's Button shortcode in all versions up to, and including, 1.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers,...
6.4CVSS
EPSS
CVE-2024-2819 File Permission Vulnerability in Hitachi Ops Center Common Services
Incorrect Default Permissions, Improper Preservation of Permissions vulnerability in Hitachi Ops Center Common Services allows File Manipulation.This issue affects Hitachi Ops Center Common Services: before...
5.1CVSS
EPSS
CVE-2024-4679 Folder Permission Vulnerability in JP1/Extensible SNMP Agent
Incorrect Default Permissions vulnerability in Hitachi JP1/Extensible SNMP Agent for Windows, Hitachi JP1/Extensible SNMP Agent on Windows, Hitachi Job Management Partner1/Extensible SNMP Agent on Windows allows File Manipulation.This issue affects JP1/Extensible SNMP Agent for Windows: from 12-00....
7.8CVSS
EPSS
degerforsmusikkar.se Cross Site Scripting vulnerability OBB-3939928
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
toscanakarneval.dk Cross Site Scripting vulnerability OBB-3939927
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
mec-kreischa.de Cross Site Scripting vulnerability OBB-3939926
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
karnevalsclub-lungkwitz.de Cross Site Scripting vulnerability OBB-3939925
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
nancy-roemer.de Cross Site Scripting vulnerability OBB-3939924
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
Summary Security vulnerabilities may affect IBM WebSphere Application Server Liberty shipped with IBM CICS TX Advanced. IBM CICS TX Advanced has addressed the issues. Vulnerability Details ** CVEID: CVE-2024-25026 DESCRIPTION: **IBM WebSphere Application Server 8.5, 9.0 and IBM WebSphere...
7.5CVSS
6.8AI Score
0.0004EPSS
This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be...
7.2AI Score
Summary TSSC/IMC is vulnerable to low availability, low integrity and low confidentiality due to Java SE. A patch has been provided that updates the Java SE library. CVE-2023-22006, CVE-2023-22036, CVE-2023-22041, CVE-2023-22045, CVE-2023-22049, CVE-2023-25193. Vulnerability Details ** CVEID:...
7.5CVSS
7.2AI Score
0.002EPSS
Security Bulletin: TSSC/IMC is vulnerable to aritrary code execution due to Linux Kernel
Summary TSSC/IMC is vulnerable to arbitrary code execution due to Linux Kernel. A patch that updates the Kernel library has been provided. CVE-2023-2002, CVE-2023-3090, CVE-2023-3390, CVE-2023-3776, CVE-2023-4004, CVE-2023-20593, CVE-2023-35001, CVE-2023-35788. Vulnerability Details ** CVEID:...
7.8CVSS
9.2AI Score
0.001EPSS
Security Bulletin: TSSC/IMC is vulnerable to arbitrary code execution due to systemd
Summary TSSC/IMC is vulnerable to arbitrary code execution due to systemd. A patch has been provided that updates the systemd library. CVE-2023-26604. Vulnerability Details ** CVEID: CVE-2023-26604 DESCRIPTION: **systemd could allow a local authenticated attacker to gain elevated privileges on...
7.8CVSS
7.4AI Score
0.0005EPSS
Security Bulletin: TSSC/IMC is vulnerable to arbitrary code execution due to Linux Kernel
Summary TSSC/IMC is vulnerable to aritrary code excecution due to kernel. A patch has been provided that updates the kernel library. CVE-2022-42896, CVE-2023-1281, CVE-2023-1829, CVE-2023-2124, CVE-2023-2194, CVE-2023-2235. Vulnerability Details ** CVEID: CVE-2022-42896 DESCRIPTION: **Linux...
8.8CVSS
8.5AI Score
0.001EPSS
Tuesday, July 2, 2024 Security Releases
Summary The Node.js project will release new versions of the 22.x, 20.x, 18.x releases lines on or shortly after, Tuesday, July 2, 2024 in order to address: 1 high severity issues. 1 medium severity issues. 3 low severity issues. Node.js fetch will be upgraded to undici v6.19.2 on Node.js 18.x...
7AI Score
Imperva Client-Side Protection Mitigates the Polyfill Supply Chain Attack
The recent discovery of a website supply chain attack using the cdn.polyfill.io domain has left many websites vulnerable to malicious code injection. Once a trusted resource for adding JavaScript polyfills to websites, the domain has recently become the epicenter of a significant website supply...
8AI Score
drivemode.oneskyapp.com Cross Site Scripting vulnerability OBB-3939922
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
digit-eyes.com Cross Site Scripting vulnerability OBB-3939921
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
6.2AI Score
toy-blog is a headless content management system implementation. Starting in version 0.4.3 and prior to version 0.5.0, the administrative password was leaked through the command line parameter. The problem was patched in version 0.5.0. As a workaround, pass --read-bearer-token-from-stdin to the...
4.7CVSS
EPSS
toy-blog is a headless content management system implementation. Starting in version 0.5.4 and prior to version 0.6.1, articles with private visibility can be read if the reader does not set credentials for the request. Users should upgrade to 0.6.1 or later to receive a patch. No known...
6.5CVSS
EPSS