Feedify – Web Push Notifications Security Vulnerabilities

Malicious code in telegram-notifications (RubyGems)

-= Per source details. Do not edit below this...

CVE-2024-1681 vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app, py3-flask-cors,...

CVE-2023-41419 vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app,...

GHSA-X7M3-JPRG-WC5G vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app,...

GHSA-84PR-M4JR-85G5 vulnerabilities

Vulnerabilities for packages: kubeflow-volumes-web-app, py3-flask-cors,...

GHSA-X84C-P2G9-RQV9 vulnerabilities

Vulnerabilities for packages: dagger, docker-compose, kaniko, harbor-scanner-trivy, helm-push, cri-tools, syft, melange, docker, neuvector-scanner, grype, buf, wolfictl, k3d, policy-controller, prometheus,...

CVE-2023-45803 vulnerabilities

Vulnerabilities for packages: py3-tensorflow-serving-api, py3-urllib3, kubeflow-jupyter-web-app, jwt-tool,...

GHSA-G4MX-Q9VG-27P4 vulnerabilities

Vulnerabilities for packages: py3-tensorflow-serving-api, py3-urllib3, kubeflow-jupyter-web-app, jwt-tool,...

GHSA-2G68-C3QC-8985 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-werkzeug, superset, py3.10-tensorflow-core,...

CVE-2024-34069 vulnerabilities

Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-werkzeug, superset, py3.10-tensorflow-core,...

CVE-2024-34064 vulnerabilities

Vulnerabilities for packages: py3-jinja2, confluent-docker-utils, kubeflow-jupyter-web-app, reflex, superset, dask-gateway, pytorch,...

GHSA-H75V-3VVJ-5MFJ vulnerabilities

Vulnerabilities for packages: py3-jinja2, confluent-docker-utils, kubeflow-jupyter-web-app, reflex, superset, dask-gateway, pytorch,...

CVE-2023-46136 vulnerabilities

Vulnerabilities for packages: airflow, py3-tensorflow-serving-api, kubeflow-jupyter-web-app, py3-werkzeug,...

GHSA-HRFV-MQP8-Q5RW vulnerabilities

Vulnerabilities for packages: airflow, py3-tensorflow-serving-api, kubeflow-jupyter-web-app, py3-werkzeug,...

GHSA-V845-JXX5-VC9F vulnerabilities

Vulnerabilities for packages: k8s-sidecar, kubeflow-jupyter-web-app, py3-urllib3, dask-gateway, kubeflow-volumes-web-app,...

CVE-2023-43804 vulnerabilities

Vulnerabilities for packages: k8s-sidecar, kubeflow-jupyter-web-app, py3-urllib3, dask-gateway, kubeflow-volumes-web-app,...

CVE-2024-26147 vulnerabilities

Vulnerabilities for packages: flux-helm-controller, helm-push, chartmuseum, k8sgpt, trivy, up, cert-manager, zarf, istio-operator, cilium-cli, eksctl, kots, kubescape, flux-source-controller, helm-operator, zot,...

SonarQube logs sensitive information

In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs,...

CVE-2024-25620 vulnerabilities

Vulnerabilities for packages: flux-helm-controller, helm-push, chartmuseum, k8sgpt, trivy, up, cert-manager, zarf, istio-operator, cilium-cli, eksctl, kots, kubescape, flux-source-controller, helm-operator, zot,...

GHSA-R53H-JV2G-VPX6 vulnerabilities

Vulnerabilities for packages: flux-helm-controller, helm-push, chartmuseum, k8sgpt, trivy, up, cert-manager, zarf, istio-operator, cilium-cli, eksctl, kots, kubescape, flux-source-controller, helm-operator, zot,...

CVE-2024-37891 vulnerabilities

Vulnerabilities for packages: airflow, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, py3-urllib3, ggshield, reflex, superset, py3-cassandra-medusa, az, dask-gateway, kubeflow-katib, kubeflow-volumes-web-app,...

CVE-2024-32473 vulnerabilities

Vulnerabilities for packages: dagger, docker-compose, kaniko, harbor-scanner-trivy, helm-push, cri-tools, syft, melange, docker, neuvector-scanner, grype, buf, wolfictl, k3d, policy-controller, prometheus,...

GHSA-9WX4-H78V-VM56 vulnerabilities

Vulnerabilities for packages: airflow, datadog-agent, kubeflow-katib, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, reflex, ggshield, superset, py3.10-tensorflow-core, patroni, py3-cassandra-medusa, az, jwt-tool, kubeflow-volumes-web-app,...

Malicious code in apm-web-vitals (npm)

-= Per source details. Do not edit below this...

CVE-2024-3651 vulnerabilities

Vulnerabilities for packages: datadog-agent, kubeflow-katib, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, ggshield, py3.10-tensorflow-core, py3-idna, py3-cassandra-medusa, az, dask-gateway, jwt-tool, kubeflow-volumes-web-app,...

GHSA-JJG7-2V4V-X38H vulnerabilities

Vulnerabilities for packages: datadog-agent, kubeflow-katib, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, ggshield, py3.10-tensorflow-core, py3-idna, py3-cassandra-medusa, az, dask-gateway, jwt-tool, kubeflow-volumes-web-app,...

GHSA-34JH-P97F-MPXF vulnerabilities

Vulnerabilities for packages: airflow, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, py3-urllib3, ggshield, reflex, superset, py3-cassandra-medusa, az, dask-gateway, kubeflow-katib, kubeflow-volumes-web-app,...

CVE-2023-32688

parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version...

CVE-2024-35195 vulnerabilities

Vulnerabilities for packages: airflow, datadog-agent, kubeflow-katib, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, reflex, ggshield, superset, py3.10-tensorflow-core, patroni, py3-cassandra-medusa, az, jwt-tool, kubeflow-volumes-web-app,...

Spring Framework URL Parsing with Host Validation Vulnerability

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...

Spring Framework URL Parsing with Host Validation

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL...

GHSA-V53G-5GJP-272R vulnerabilities

Vulnerabilities for packages: flux-helm-controller, helm-push, chartmuseum, k8sgpt, trivy, up, cert-manager, zarf, istio-operator, cilium-cli, eksctl, kots, kubescape, flux-source-controller, helm-operator, zot,...

GHSA-7WW5-4WQC-M92C vulnerabilities

Vulnerabilities for packages: helm, flux-helm-controller, cilium-cli, fuse-overlayfs-snapshotter, eksctl, grype, k3d, kots, ctop, neuvector-agent, kubevela, newrelic-infrastructure-agent, trivy, cert-manager, melange, kubescape, flux-source-controller, zot, tekton-pipelines, telegraf, kaniko,...

Malicious code in epc-staticpages-web (npm)

-= Per source details. Do not edit below this...

Malicious code in dist-web (npm)

-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (ff355bd5f2422ce630aeb0652869d4bdaa8f3f18cf576fc60a76588f3acf36b4) The OpenSSF Package Analysis project identified 'dist-web' @ 99.1.1 (npm) as malicious. It is considered malicious because: - The package...

Spring Web vulnerable to Open Redirect or Server Side Request Forgery

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL is used after passing validation...

Malicious code in identity-web (npm)

-= Per source details. Do not edit below this...

Malicious code in virtuoso-web-chat (npm)

-= Per source details. Do not edit below this line.=- Source: ghsa-malware (09f5be1f1f3cad8c43378afb0ddb0aed39e00e1e3169ff5e1559ab4c39d1bf06) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in grablink-web-sdk (npm)

-= Per source details. Do not edit below this...

CVE-2022-41906

OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin starting in 2.0.0 and prior to 2.2.1 could allow an existing...

Malicious code in sift-web-sdk (npm)

-= Per source details. Do not edit below this...

Open Redirect

org.springframework: spring-web is vulnerable Open Redirect. The vulnerability is caused due to improper validation checks on the host of the parsed URL, which could lead to potential SSRF attacks if the URL is utilized...

Malicious code in plumo-verifier-web (npm)

-= Per source details. Do not edit below this...

Server Side Request Forgery (SSRF)

org.springframework:spring-web is vulnerable to Open Redirect. The vulnerability is due to insufficient validation checks of the host URL within UriComponentsBuilder.java. If an application utilizes the host validation checks, an attacker can perform an open redirect or Server-Side Request Forgery....

Server Side Request Forgery (SSRF)

org.springframework:spring-web is vulnerable to Open Redirect. The vulnerability is due to insufficient validation checks of the host URL within UriComponentsBuilder.java. If an application utilizes the host validation checks, an attacker can perform an open redirect or Server-Side Request Forgery....

Malicious code in spg-web-tools-compressor (npm)

-= Per source details. Do not edit below this...

Spring Framework URL Parsing with Host Validation

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL...

Spring Web vulnerable to Open Redirect or Server Side Request Forgery

Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL is used after passing validation...

Talkback reads notifications of non-current Android user

In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...

Spring Framework URL Parsing with Host Validation Vulnerability

Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...