High
CVSS: 7.1
Synapse is an open source Matrix homeserver implementation. A malicious server can craft events which, when received, prevent Synapse version up to 1.127.0 from federating with other servers. The vulnerability has been exploited in the wild…
Medium
CVSS: 4.3
In Splunk Enterprise versions below 9.4.1, 9.3.3, 9.2.5, and 9.1.8, and Splunk Cloud Platform versions below 9.3.2408.107, 9.2.2406.112, 9.2.2403.115, 9.1.2312.208 and 9.1.2308.214, a low-privileged user that does not hold the "admin" or "p…
Medium
CVSS: 5.3
The Advanced iFrame plugin for WordPress is vulnerable to unauthorized excessive creation of options on the aip_map_url_callback() function in all versions up to, and including, 2024.5 due to insufficient restrictions. This makes it possibl…
High
CVSS: 7.3
The Active Products Tables for WooCommerce. Use constructor to create tables plugin for WordPress is vulnerable to unauthorized filter calling due to insufficient restrictions on the get_smth() function in all versions up to, and including,…
Medium
CVSS: 6.3
Frappe is a full-stack web application framework. Prior to versions 14.91.0 and 15.52.0, a system user was able to create certain documents in a specific way that could lead to remote code execution. Versions 14.9.1 and 15.52.0 contain a pa…
High
CVSS: 8.8
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-url` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the context…
Medium
CVSS: 4.8
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where attacker-provided data are included in a filename by the ingress-nginx Admission Controller feature, resulting in directory traversal withi…
High
CVSS: 8.8
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `mirror-target` and `mirror-host` Ingress annotations can be used to inject arbitrary configuration into nginx. This can lead to arbitr…
High
CVSS: 8.8
A security issue was discovered in ingress-nginx https://github.com/kubernetes/ingress-nginx where the `auth-tls-match-cn` Ingress annotation can be used to inject configuration into nginx. This can lead to arbitrary code execution in the…
Medium
CVSS: 4.4
API Platform Core is a system to create hypermedia-driven REST and GraphQL APIs. Starting in version 3.3.8, a security check that gets called after GraphQl resolvers is always replaced by another one as there's no break in a clause. As this…
Medium
CVSS: 5.3
A vulnerability, which was classified as critical, was found in yiisoft Yii2 up to 2.0.39. This affects the function Generate of the file phpunit\src\Framework\MockObject\MockClass.php. The manipulation leads to deserialization. It is possi…
Medium
CVSS: 5.3
A vulnerability, which was classified as critical, has been found in yiisoft Yii2 up to 2.0.45. Affected by this issue is the function getIterator of the file symfony\finder\Iterator\SortableIterator.php. The manipulation leads to deseriali…
Medium
CVSS: 5.3
A vulnerability was found in aizuda snail-job 1.4.0. It has been classified as critical. Affected is the function getRuntime of the file /snail-job/workflow/check-node-expression of the component Workflow-Task Management Module. The manipul…
Medium
CVSS: 5.3
The Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder plugin for WordPress is vulnerable to IP Address Spoofing in all versions up to, and including, 5.2.12 due to insufficient IP address validation and…
Critical
CVSS: 9.3
Improper authorization in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network.
Low
CVSS: 3.7
go-redis is the official Redis client library for the Go programming language. Prior to 9.5.5, 9.6.3, and 9.7.3, go-redis potentially responds out of order when `CLIENT SETINFO` times out during connection establishment. This can happen whe…
High
CVSS: 7.5
When the library bridge feature is enabled, the clickhouse-library-bridge exposes an HTTP API on localhost. This allows clickhouse-server to dynamically load a library from a specified path and execute it in an isolated process. Combined wi…
Medium
CVSS: 6.9
A vulnerability has been found in viames Pair Framework up to 1.9.11 and classified as critical. Affected by this vulnerability is the function getCookieContent of the file /src/UserRemember.php of the component PHP Object Handler. The mani…
Medium
CVSS: 6.5
This CVE only affects Kubernetes clusters that utilize the in-tree gitRepo volume to clone git repositories from other pods within the same node. Since the in-tree gitRepo volume feature has been deprecated and will not receive security upd…
Medium
CVSS: 5.9
This CVE affects only Windows worker nodes. Your worker node is vulnerable to this issue if it is running one of the affected versions listed below.