Malicious code in telegram-notifications (RubyGems)
-= Per source details. Do not edit below this...
7.1AI Score
Vulnerabilities for packages: kubeflow-volumes-web-app, py3-flask-cors,...
5.3CVSS
6AI Score
0.0004EPSS
9.8CVSS
9.7AI Score
0.002EPSS
7.5AI Score
GHSA-84PR-M4JR-85G5 vulnerabilities
Vulnerabilities for packages: kubeflow-volumes-web-app, py3-flask-cors,...
7.5AI Score
GHSA-X84C-P2G9-RQV9 vulnerabilities
Vulnerabilities for packages: dagger, docker-compose, kaniko, harbor-scanner-trivy, helm-push, cri-tools, syft, melange, docker, neuvector-scanner, grype, buf, wolfictl, k3d, policy-controller, prometheus,...
7.5AI Score
CVE-2023-45803 vulnerabilities
Vulnerabilities for packages: py3-tensorflow-serving-api, py3-urllib3, kubeflow-jupyter-web-app, jwt-tool,...
4.2CVSS
7.1AI Score
0.0004EPSS
GHSA-G4MX-Q9VG-27P4 vulnerabilities
Vulnerabilities for packages: py3-tensorflow-serving-api, py3-urllib3, kubeflow-jupyter-web-app, jwt-tool,...
7.5AI Score
GHSA-2G68-C3QC-8985 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-werkzeug, superset, py3.10-tensorflow-core,...
7.5AI Score
CVE-2024-34069 vulnerabilities
Vulnerabilities for packages: kubeflow-jupyter-web-app, py3-werkzeug, superset, py3.10-tensorflow-core,...
7.5CVSS
7.8AI Score
0.0004EPSS
CVE-2024-34064 vulnerabilities
Vulnerabilities for packages: py3-jinja2, confluent-docker-utils, kubeflow-jupyter-web-app, reflex, superset, dask-gateway, pytorch,...
5.4CVSS
6.1AI Score
0.0004EPSS
GHSA-H75V-3VVJ-5MFJ vulnerabilities
Vulnerabilities for packages: py3-jinja2, confluent-docker-utils, kubeflow-jupyter-web-app, reflex, superset, dask-gateway, pytorch,...
7.5AI Score
CVE-2023-46136 vulnerabilities
Vulnerabilities for packages: airflow, py3-tensorflow-serving-api, kubeflow-jupyter-web-app, py3-werkzeug,...
8CVSS
7.9AI Score
0.001EPSS
GHSA-HRFV-MQP8-Q5RW vulnerabilities
Vulnerabilities for packages: airflow, py3-tensorflow-serving-api, kubeflow-jupyter-web-app, py3-werkzeug,...
7.5AI Score
GHSA-V845-JXX5-VC9F vulnerabilities
Vulnerabilities for packages: k8s-sidecar, kubeflow-jupyter-web-app, py3-urllib3, dask-gateway, kubeflow-volumes-web-app,...
7.5AI Score
CVE-2023-43804 vulnerabilities
Vulnerabilities for packages: k8s-sidecar, kubeflow-jupyter-web-app, py3-urllib3, dask-gateway, kubeflow-volumes-web-app,...
8.1CVSS
7.7AI Score
0.001EPSS
CVE-2024-26147 vulnerabilities
Vulnerabilities for packages: flux-helm-controller, helm-push, chartmuseum, k8sgpt, trivy, up, cert-manager, zarf, istio-operator, cilium-cli, eksctl, kots, kubescape, flux-source-controller, helm-operator, zot,...
7.5CVSS
7.7AI Score
0.0004EPSS
SonarQube logs sensitive information
In SonarQube before 10.4 and 9.9.4 LTA, encrypted values generated using the Settings Encryption feature are potentially exposed in cleartext as part of the URL parameters in the logs (such as SonarQube Access Logs, Proxy Logs,...
4.9CVSS
6.9AI Score
0.0004EPSS
CVE-2024-25620 vulnerabilities
Vulnerabilities for packages: flux-helm-controller, helm-push, chartmuseum, k8sgpt, trivy, up, cert-manager, zarf, istio-operator, cilium-cli, eksctl, kots, kubescape, flux-source-controller, helm-operator, zot,...
6.4CVSS
6.7AI Score
0.0004EPSS
GHSA-R53H-JV2G-VPX6 vulnerabilities
Vulnerabilities for packages: flux-helm-controller, helm-push, chartmuseum, k8sgpt, trivy, up, cert-manager, zarf, istio-operator, cilium-cli, eksctl, kots, kubescape, flux-source-controller, helm-operator, zot,...
7.5AI Score
CVE-2024-37891 vulnerabilities
Vulnerabilities for packages: airflow, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, py3-urllib3, ggshield, reflex, superset, py3-cassandra-medusa, az, dask-gateway, kubeflow-katib, kubeflow-volumes-web-app,...
4.4CVSS
4.9AI Score
0.0004EPSS
CVE-2024-32473 vulnerabilities
Vulnerabilities for packages: dagger, docker-compose, kaniko, harbor-scanner-trivy, helm-push, cri-tools, syft, melange, docker, neuvector-scanner, grype, buf, wolfictl, k3d, policy-controller, prometheus,...
4.7CVSS
4.9AI Score
0.0004EPSS
GHSA-9WX4-H78V-VM56 vulnerabilities
Vulnerabilities for packages: airflow, datadog-agent, kubeflow-katib, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, reflex, ggshield, superset, py3.10-tensorflow-core, patroni, py3-cassandra-medusa, az, jwt-tool, kubeflow-volumes-web-app,...
7.5AI Score
7.1AI Score
Vulnerabilities for packages: datadog-agent, kubeflow-katib, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, ggshield, py3.10-tensorflow-core, py3-idna, py3-cassandra-medusa, az, dask-gateway, jwt-tool, kubeflow-volumes-web-app,...
6.7AI Score
EPSS
GHSA-JJG7-2V4V-X38H vulnerabilities
Vulnerabilities for packages: datadog-agent, kubeflow-katib, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, ggshield, py3.10-tensorflow-core, py3-idna, py3-cassandra-medusa, az, dask-gateway, jwt-tool, kubeflow-volumes-web-app,...
7.5AI Score
GHSA-34JH-P97F-MPXF vulnerabilities
Vulnerabilities for packages: airflow, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, py3-urllib3, ggshield, reflex, superset, py3-cassandra-medusa, az, dask-gateway, kubeflow-katib, kubeflow-volumes-web-app,...
7.5AI Score
parse-server-push-adapter is the official Push Notification adapter for Parse Server. The Parse Server Push Adapter can crash Parse Server due to an invalid push notification payload. This issue has been patched in version...
7.5CVSS
7AI Score
0.003EPSS
CVE-2024-35195 vulnerabilities
Vulnerabilities for packages: airflow, datadog-agent, kubeflow-katib, confluent-docker-utils, k8s-sidecar, kubeflow-jupyter-web-app, kubeflow-pipelines, reflex, ggshield, superset, py3.10-tensorflow-core, patroni, py3-cassandra-medusa, az, jwt-tool, kubeflow-volumes-web-app,...
5.6CVSS
6.2AI Score
0.0004EPSS
Spring Framework URL Parsing with Host Validation Vulnerability
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...
8.1CVSS
7AI Score
0.0004EPSS
Spring Framework URL Parsing with Host Validation
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL...
8.1CVSS
7.9AI Score
0.0004EPSS
GHSA-V53G-5GJP-272R vulnerabilities
Vulnerabilities for packages: flux-helm-controller, helm-push, chartmuseum, k8sgpt, trivy, up, cert-manager, zarf, istio-operator, cilium-cli, eksctl, kots, kubescape, flux-source-controller, helm-operator, zot,...
7.5AI Score
GHSA-7WW5-4WQC-M92C vulnerabilities
Vulnerabilities for packages: helm, flux-helm-controller, cilium-cli, fuse-overlayfs-snapshotter, eksctl, grype, k3d, kots, ctop, neuvector-agent, kubevela, newrelic-infrastructure-agent, trivy, cert-manager, melange, kubescape, flux-source-controller, zot, tekton-pipelines, telegraf, kaniko,...
7.5AI Score
7.1AI Score
Malicious code in dist-web (npm)
-= Per source details. Do not edit below this line.=- Source: ossf-package-analysis (ff355bd5f2422ce630aeb0652869d4bdaa8f3f18cf576fc60a76588f3acf36b4) The OpenSSF Package Analysis project identified 'dist-web' @ 99.1.1 (npm) as malicious. It is considered malicious because: - The package...
7.1AI Score
Spring Web vulnerable to Open Redirect or Server Side Request Forgery
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL is used after passing validation...
8.1CVSS
6.7AI Score
0.0004EPSS
7.1AI Score
Malicious code in virtuoso-web-chat (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (09f5be1f1f3cad8c43378afb0ddb0aed39e00e1e3169ff5e1559ab4c39d1bf06) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7AI Score
7.1AI Score
OpenSearch Notifications is a notifications plugin for OpenSearch that enables other plugins to send notifications via Email, Slack, Amazon Chime, Custom web-hook etc channels. A potential SSRF issue in OpenSearch Notifications Plugin starting in 2.0.0 and prior to 2.2.1 could allow an existing...
8.7CVSS
6.7AI Score
0.001EPSS
7.1AI Score
org.springframework: spring-web is vulnerable Open Redirect. The vulnerability is caused due to improper validation checks on the host of the parsed URL, which could lead to potential SSRF attacks if the URL is utilized...
8.1CVSS
7AI Score
0.0004EPSS
7.1AI Score
Server Side Request Forgery (SSRF)
org.springframework:spring-web is vulnerable to Open Redirect. The vulnerability is due to insufficient validation checks of the host URL within UriComponentsBuilder.java. If an application utilizes the host validation checks, an attacker can perform an open redirect or Server-Side Request Forgery....
8.1CVSS
6.7AI Score
0.0004EPSS
Server Side Request Forgery (SSRF)
org.springframework:spring-web is vulnerable to Open Redirect. The vulnerability is due to insufficient validation checks of the host URL within UriComponentsBuilder.java. If an application utilizes the host validation checks, an attacker can perform an open redirect or Server-Side Request Forgery....
8.1CVSS
8AI Score
0.0004EPSS
7.1AI Score
Spring Framework URL Parsing with Host Validation
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF attack if the URL...
8.1CVSS
6.5AI Score
0.0004EPSS
Spring Web vulnerable to Open Redirect or Server Side Request Forgery
Applications that use UriComponentsBuilder to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect attack or to a SSRF attack if the URL is used after passing validation...
8.1CVSS
7AI Score
0.0004EPSS
Talkback reads notifications of non-current Android user
In buzzBeepBlinkLocked of NotificationManagerService.java, there is a possible way to share data across users due to a permissions bypass. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for...
5.5CVSS
6.7AI Score
0.0004EPSS
Spring Framework URL Parsing with Host Validation Vulnerability
Applications that use UriComponentsBuilder in Spring Framework to parse an externally provided URL (e.g. through a query parameter) AND perform validation checks on the host of the parsed URL may be vulnerable to a open redirect https://cwe.mitre.org/data/definitions/601.html attack or to a SSRF...
8.1CVSS
7AI Score
0.0004EPSS