Media Library Folder & File Manager Security Vulnerabilities

CVE-2024-4652

A vulnerability, which was classified as problematic, was found in Campcodes Complete Web-Based School Management System 1.0. Affected is an unknown function of the file /view/show_teacher2.php. The manipulation of the argument month leads to cross site scripting. It is possible to launch the...

CVE-2024-4649

A vulnerability classified as problematic has been found in Campcodes Complete Web-Based School Management System 1.0. This affects an unknown part of the file /view/student_exam_mark_insert_form1.php. The manipulation of the argument page leads to cross site scripting. It is possible to initiate.....

CVE-2024-4651

A vulnerability, which was classified as problematic, has been found in Campcodes Complete Web-Based School Management System 1.0. This issue affects some unknown processing of the file /view/student_attendance_history1.php. The manipulation of the argument year leads to cross site scripting. The.....

CVE-2024-4650

A vulnerability classified as problematic was found in Campcodes Complete Web-Based School Management System 1.0. This vulnerability affects unknown code of the file /view/student_due_payment.php. The manipulation of the argument due_month leads to cross site scripting. The attack can be initiated....

CVE-2024-4647

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /view/student_first_payment.php. The manipulation of the argument index leads to cross site scripting.....

CVE-2024-4645

A vulnerability was found in SourceCodester Prison Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file /Admin/changepassword.php. The manipulation of the argument txtold_password/txtnew_password/txtconfirm_password leads to cross site...

CVE-2024-4646

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been classified as problematic. Affected is an unknown function of the file /view/student_payment_details.php. The manipulation of the argument index leads to cross site scripting. It is possible to...

CVE-2024-4648

A vulnerability was found in Campcodes Complete Web-Based School Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /view/student_exam_mark_update_form.php. The manipulation of the argument std_index leads to cross site...

Rapid7 Signs 100% Talent Compact with Boston Women’s Workforce Council

The effort aims to help close gender and racial pay gaps Rapid7 is proud to announce their signing of the 100% Talent Compact through the Boston Women’s Workforce Council (BWWC). The Talent Compact is a collective effort among the Boston Mayor and local employers to close the gender and racial...

Ioctlance - A Tool That Is Used To Hunt Vulnerabilities In X64 WDM Drivers

Description Presented at CODE BLUE 2023, this project titled Enhanced Vulnerability Hunting in WDM Drivers with Symbolic Execution and Taint Analysis introduces IOCTLance, a tool that enhances its capacity to detect various vulnerability types in Windows Driver Model (WDM) drivers. In a...

CVE-2024-4644

A vulnerability has been found in SourceCodester Prison Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /Employee/changepassword.php. The manipulation of the argument txtold_password/txtnew_password/txtconfirm_password leads to cross site...

CVE-2024-34561

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Creative interactive media 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook WordPress Plugin allows Stored XSS.This issue affects 3D FlipBook, PDF Viewer, PDF Embedder – Real 3D FlipBook...

CVE-2024-34547

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Noor alam Magical Addons For Elementor allows Stored XSS.This issue affects Magical Addons For Elementor: from n/a through...

CVE-2024-34558

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in realmag777 WOLF allows Stored XSS.This issue affects WOLF: from n/a through...

CVE-2024-4281

The Link Library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'link-library' shortcode in all versions up to, and including, 7.6.11 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated....

State of ransomware in 2024

Ransomware attacks continue to be one of the biggest contemporary cybersecurity threats, affecting organizations and individuals alike on a global scale. From high-profile breaches in healthcare and industrial sectors – compromising huge volumes of sensitive data or halting production entirely –...

CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5

CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...

CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5

CVE-2023-39325 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: external-dns-fips, rclone, external-secrets-fips, kubernetes-dns-node-cache, hubble-fips, k8ssandra-operator-fips, karpenter, nri-kubernetes, kustomize, cfssl, nfs-subdir-external-provisioner-fips, newrelic-infra-operator, eks-distro-kubernetes-csi-external-resizer,...

GHSA-7WW5-4WQC-M92C vulnerabilities

Vulnerabilities for packages: k3d, newrelic-infrastructure-agent, tekton-pipelines, kubevela, grype, kubescape, trivy, flux-helm-controller, melange, kaniko, zot, eksctl, gitness, fuse-overlayfs-snapshotter, helm-push, ctop, cert-manager, flux-source-controller, up, helm, cilium-cli, telegraf,...

CVE-2024-25620 vulnerabilities

Vulnerabilities for packages: helm-operator, zot, cert-manager, eksctl, cilium-cli, k9s, flux-source-controller, trivy, istio-operator, up, zarf, chartmuseum, k8sgpt, kots, kubescape, flux-helm-controller,...

GHSA-R53H-JV2G-VPX6 vulnerabilities

Vulnerabilities for packages: helm-operator, zot, cert-manager, eksctl, cilium-cli, k9s, flux-source-controller, trivy, istio-operator, up, zarf, chartmuseum, k8sgpt, kots, kubescape, flux-helm-controller,...

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: falco, tekton-pipelines, vault, kubescape, slsa-verifier, tekton-chains, cloudflared, flux-kustomize-controller, keda, fulcio, cert-manager, sops, tkn, flux-source-controller, argo-workflows, rekor, kyverno, dex, oauth2-proxy, argo-cd, aactl, istio-pilot-discovery,...

GHSA-JQ35-85CJ-FJ4P vulnerabilities

Vulnerabilities for packages: k3d, bom, falco, tekton-pipelines, kubescape, kpt, slsa-verifier, tekton-chains, k3s, paranoia, ctop, cert-manager, up, chartmuseum, aactl, scorecard, loki, prometheus,...

GHSA-2C7C-3MJ9-8FQH vulnerabilities

Vulnerabilities for packages: spire-server, falcoctl-fips, spire-server-fips, kots, istio-pilot-discovery, gitsign, sops, bank-vaults-fips, kyverno, slsa-verifier, tekton-pipelines, cosign-fips, keda, vault-fips, tekton-chains, aactl, cloudflared, cilium-envoy, dex, falco, argo-cd, vault,...

GHSA-8R3F-844C-MC37 vulnerabilities

Vulnerabilities for packages: influx, mc, litefs, k3d, terraform, docker, flux-notification-controller, tekton-pipelines, gitlab-runner, php-fpm_exporter, buf, step-ca, gitlab-pages, prometheus-node-exporter, istio-cni, goreleaser, kyverno-policy-reporter-kyverno-plugin, nuclei, eksctl,...

GHSA-679V-HH23-H5JH vulnerabilities

Vulnerabilities for packages: configmap-reload-fips, falco, kind, smarter-device-manager-fips,...

CVE-2023-39323 vulnerabilities

Vulnerabilities for packages: configmap-reload-fips, falco, kind, smarter-device-manager-fips,...

CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5

CVE-2023-44487 affecting package cert-manager for versions less than 1.11.2-5. A patched version of the package is...

CVE-2023-45290 vulnerabilities

Vulnerabilities for packages: external-dns-fips, external-secrets-fips, kubernetes-dns-node-cache, k8ssandra-operator-fips, karpenter, nri-kubernetes, kustomize, docker-credential-acr-env, wait-for-port, cfssl, nfs-subdir-external-provisioner-fips, vite, newrelic-infra-operator,...

CVE-2024-24785 vulnerabilities

Vulnerabilities for packages: external-dns-fips, external-secrets-fips, kubernetes-dns-node-cache, k8ssandra-operator-fips, karpenter, nri-kubernetes, kustomize, docker-credential-acr-env, wait-for-port, cfssl, nfs-subdir-external-provisioner-fips, vite, newrelic-infra-operator,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: influx, litefs, k3d, terraform, flannel-cni-plugin, aws-flb-firehose, kube-rbac-proxy, gitlab-runner, php-fpm_exporter, protoc-gen-go-grpc, prometheus-node-exporter, goreleaser, kyverno-policy-reporter-kyverno-plugin, nri-kafka, nuclei, eksctl, slsa-verifier,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: falcoctl-fips, cortex, external-dns-fips, cluster-autoscaler, karpenter, src, tctl, kaf, kubernetes-csi-external-resizer-fips, nfs-subdir-external-provisioner-fips, flux-source-controller, helm, kiam, dgraph, kubernetes-csi-external-attacher, kubescape, nats, cosign,.....

CVE-2023-47108 vulnerabilities

Vulnerabilities for packages: kyverno, docker-compose, keda, aws-ebs-csi-driver, kubernetes-csi-external-resizer, envoy-ratelimit, argo-cd, kubernetes, cert-manager-fips, containerd, cluster-autoscaler-fips, temporal, cert-manager, cri-tools, kubescape, metrics-server-fips, kubernetes-fips,...

CVE-2023-39325 vulnerabilities

Vulnerabilities for packages: falcoctl-fips, external-dns-fips, prometheus-mongodb-exporter-fips, cluster-autoscaler, kubernetes-dns-node-cache, nfs-subdir-external-provisioner, karpenter, prometheus-statsd-exporter, src, crossplane-provider-azure, tctl, yq, kaf,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: cortex, cluster-autoscaler, render-template, smarter-device-manager, prometheus-statsd-exporter, wait-for-port, nats, influx, dgraph, gosu, jsonnet-bundler, fulcio-fips, sbom-scorecard, stakater-reloader, kyverno-policy-reporter-kyverno-plugin, calico-fips,...

CVE-2023-44487 vulnerabilities

Vulnerabilities for packages: mc, terraform, flux-notification-controller, gitlab-runner, dotnet, gitlab-pages, slsa-verifier, nginx-stable, ingress-nginx-controller, src, nvidia-device-plugin, cert-manager, cue, flux-source-controller, aws-efs-csi-driver, up, oauth2-proxy, argo-cd, helm,...

GHSA-3Q2C-PVP5-3CQP vulnerabilities

Vulnerabilities for packages: external-dns-fips, external-secrets-fips, kubernetes-dns-node-cache, k8ssandra-operator-fips, karpenter, nri-kubernetes, kustomize, docker-credential-acr-env, wait-for-port, cfssl, nfs-subdir-external-provisioner-fips, vite, newrelic-infra-operator,...

GHSA-32CH-6X54-Q4H9 vulnerabilities

Vulnerabilities for packages: external-dns-fips, external-secrets-fips, kubernetes-dns-node-cache, k8ssandra-operator-fips, karpenter, nri-kubernetes, kustomize, docker-credential-acr-env, wait-for-port, cfssl, nfs-subdir-external-provisioner-fips, vite, newrelic-infra-operator,...

CVE-2023-45285 vulnerabilities

Vulnerabilities for packages: influx, wait-for-port, k3d, flannel-cni-plugin, aws-flb-firehose, falco, aws-flb-kinesis, gosu, cni-plugins, protoc-gen-go-grpc, cortex, prometheus-bind-exporter, smarter-device-manager, gops, goreleaser, docker-cli, local-path-provisioner, slsa-verifier,...

CVE-2023-3978 vulnerabilities

Vulnerabilities for packages: mc, terraform, k3d, flux-notification-controller, gitlab-runner, gitlab-pages, prometheus-node-exporter, k3s, src, apko, nvidia-device-plugin, cue, tkn, flux-source-controller, aws-efs-csi-driver, dive, oauth2-proxy, argo-cd, helm, k8sgpt-operator, nri-prometheus,...

GHSA-5F94-VHJQ-RPG8 vulnerabilities

Vulnerabilities for packages: cortex, cluster-autoscaler, render-template, smarter-device-manager, prometheus-statsd-exporter, wait-for-port, nats, influx, dgraph, gosu, jsonnet-bundler, fulcio-fips, sbom-scorecard, stakater-reloader, kyverno-policy-reporter-kyverno-plugin, calico-fips,...

CVE-2023-48795 vulnerabilities

Vulnerabilities for packages: libssh, terraform, k3d, kube-rbac-proxy, tekton-pipelines, gitlab-runner, buf, step-ca, gitlab-pages, prometheus-node-exporter, istio-cni, nri-kafka, slsa-verifier, eksctl, tekton-chains, boring-registry, tigera-operator, k3s, src, mongo-tools, apko, gitlab-kas,...

CVE-2024-24557 vulnerabilities

Vulnerabilities for packages: dagger, flux-image-reflector-controller, helm-operator, bom, newrelic-infrastructure-agent, falco, tekton-pipelines, gitlab-runner, kubevela, buildkitd, zarf, kubescape, istio-pilot-agent, flux-helm-controller, trivy, goreleaser, policy-controller, zot, eksctl,...

GHSA-V53G-5GJP-272R vulnerabilities

Vulnerabilities for packages: istio-fips, k9s, kots, istio-operator-fips, istio-operator, up, flux-source-controller, cert-manager-fips, zot, cilium-cli, cert-manager, kubescape, helm-operator, eksctl, trivy, flux-helm-controller, zarf, k8sgpt, chartmuseum,...

CVE-2024-25620 vulnerabilities

Vulnerabilities for packages: istio-fips, k9s, kots, istio-operator-fips, istio-operator, up, flux-source-controller, cert-manager-fips, zot, cilium-cli, cert-manager, kubescape, helm-operator, eksctl, trivy, flux-helm-controller, zarf, k8sgpt, chartmuseum,...

GHSA-RR6R-CFGF-GC6H vulnerabilities

Vulnerabilities for packages: influx, litefs, k3d, terraform, flannel-cni-plugin, aws-flb-firehose, kube-rbac-proxy, gitlab-runner, php-fpm_exporter, protoc-gen-go-grpc, prometheus-node-exporter, goreleaser, kyverno-policy-reporter-kyverno-plugin, nri-kafka, nuclei, eksctl, slsa-verifier,...

CVE-2024-26147 vulnerabilities

Vulnerabilities for packages: istio-fips, k9s, kots, istio-operator-fips, istio-operator, up, flux-source-controller, cert-manager-fips, zot, cilium-cli, cert-manager, kubescape, helm-operator, eksctl, trivy, flux-helm-controller, zarf, k8sgpt, chartmuseum,...

GHSA-RCJV-MGP8-QVMR vulnerabilities

Vulnerabilities for packages: k3s, cert-manager, prometheus, caddy, prometheus-adapter, gitlab-kas, kube-oidc-proxy, metrics-server-fips, kubernetes, kubernetes-fips, gatekeeper, ipfs, calico, thanos, kubevela, cluster-autoscaler-fips, keda,...

CVE-2023-45289 vulnerabilities

Vulnerabilities for packages: external-dns-fips, external-secrets-fips, kubernetes-dns-node-cache, k8ssandra-operator-fips, karpenter, nri-kubernetes, kustomize, docker-credential-acr-env, wait-for-port, cfssl, nfs-subdir-external-provisioner-fips, vite, newrelic-infra-operator,...