| CVE ID | Title | Vendor | Product | Severity | CVSS Score | Published At | AI Analysis |
|---|---|---|---|---|---|---|---|
| CVE-2024-4029 | Wildfly: no timeout for eap management interface may lead to denial of service (dos) | - | - | Medium | 4.1 | 2024-05-02 14:55:27 | Deep Dive |
| CVE-2024-4369 | Cluster-image-registry-operator: exposes a secret via env variable in pod definition on azure | - | - | Medium | 6.8 | 2024-04-30 23:49:02 | Deep Dive |
| CVE-2024-3154 | Cri-o: arbitrary command injection via pod annotation | - | - | High | 7.2 | 2024-04-26 03:12:38 | Deep Dive |
| CVE-2024-2905 | Rpm-ostree: world-readable /etc/shadow file | - | - | Medium | 6.2 | 2024-04-25 17:44:16 | Deep Dive |
| CVE-2024-1657 | Platform: insecure websocket used when interacting with eda server | - | - | High | 8.1 | 2024-04-25 16:28:38 | Deep Dive |
| CVE-2024-1139 | Cluster-monitoring-operator: credentials leak | - | - | High | 7.7 | 2024-04-25 16:25:01 | Deep Dive |
| CVE-2024-1102 | Jberet: jberet-core logging database credentials | - | - | Medium | 6.5 | 2024-04-25 16:24:30 | Deep Dive |
| CVE-2024-0874 | Coredns: cd bit response is cached and served later | - | - | Medium | 5.3 | 2024-04-25 16:22:44 | Deep Dive |
| CVE-2023-6717 | Keycloak: xss via assertion consumer service url in saml post-binding flow | - | - | Medium | 6.0 | 2024-04-25 16:02:03 | Deep Dive |
| CVE-2023-6596 | Openshift: incomplete fix for rapid reset (cve-2023-44487/cve-2023-39325) | - | - | High | 7.5 | 2024-04-25 16:00:24 | Deep Dive |
| CVE-2023-5675 | Quarkus: authorization flaw in quarkus resteasy reactive and classic when "quarkus.security.jaxrs.deny-unannotated-endpoints" or "quarkus.security.jaxrs.default-roles-allowed" properties are used. | - | - | Medium | 6.5 | 2024-04-25 15:44:56 | Deep Dive |
| CVE-2024-4019 | Byzoro Smart S80 Management Platform importhtml.php deserialization | Byzoro | Smart S80 Management Platform | Medium | 6.3 | 2024-04-20 13:31:04 | Deep Dive |
| CVE-2024-32470 | Tolgee' API keys created by server admin users bypass the permission check | tolgee | tolgee-platform | Medium | 6.5 | 2024-04-18 15:05:26 | Deep Dive |
| CVE-2024-2796 | SSRF in Akana API Platform | Akana | Akana API Platform | Critical | 9.3 | 2024-04-18 15:04:56 | Deep Dive |
| CVE-2024-32466 | Tolgee's API key scopes not checked when querying translation data | tolgee | tolgee-platform | Low | 2.7 | 2024-04-18 15:02:44 | Deep Dive |
| CVE-2024-29003 | SolarWinds Platform Cross Site Scripting Vulnerability | SolarWinds | SolarWinds Platform | High | 7.5 | 2024-04-18 09:07:17 | Deep Dive |
| CVE-2024-29001 | SolarWinds Platform SWQL Injection Vulnerability | SolarWinds | SolarWinds Platform | High | 7.5 | 2024-04-18 09:06:41 | Deep Dive |
| CVE-2024-28076 | SolarWinds Platform Arbitrary Open Redirection Vulnerability | SolarWinds | SolarWinds Platform | High | 7.0 | 2024-04-18 09:05:43 | Deep Dive |
| CVE-2024-3928 | Dromara open-capacity-platform auth-server heapdump information disclosure | Dromara | open-capacity-platform | Medium | 4.3 | 2024-04-17 23:31:05 | Deep Dive |
| CVE-2024-1249 | Keycloak: org.keycloak.protocol.oidc: unvalidated cross-origin messages in checkloginiframe leads to ddos | - | - | High | 7.4 | 2024-04-17 13:22:48 | Deep Dive |