cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-11831,https://securityvulnerability.io/vulnerability/CVE-2024-11831,Cross-site Scripting Vulnerability in Serialize-Javascript by Yahoo,"A vulnerability exists in the serialize-javascript module due to inadequate sanitization of inputs, particularly JavaScript object types and regex expressions. This flaw allows attackers to inject malicious code that may be executed in a web browser context when the serialized data is deserialized. This poses significant risks in scenarios where the serialized outputs are shared with web clients, rendering the web applications reliant on this package susceptible to XSS attacks.",Red Hat,"Red Hat Advanced Cluster Security 4.4,Red Hat Advanced Cluster Security 4.5,Cryostat 3,Logging Subsystem For Red Hat Openshift,Migration Toolkit For Applications 7,Migration Toolkit For Virtualization,.net 6.0 On Red Hat Enterprise Linux,Openshift Lightspeed,Openshift Pipelines,Openshift Serverless,Openshift Service Mesh 2,Red Hat 3scale Api Management Platform 2,Red Hat Advanced Cluster Management For Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Apicurio Registry,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Discovery,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Openshift Ai (rhoai),Red Hat Openshift Container Platform 3.11,Red Hat Openshift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Dev Spaces,Red Hat Openshift Distributed Tracing 3,Red Hat Process Automation 7,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Single Sign-on 7,Red Hat Trusted Profile Analyzer",5.4,MEDIUM,0.0004400000034365803,false,,false,false,false,,false,false,false,,2025-02-10T15:27:46.732Z,0
CVE-2024-10295,https://securityvulnerability.io/vulnerability/CVE-2024-10295,Unauthorized Access via Malformed Basic Authentication in APICast,"A vulnerability exists in Red Hat's Gateway impacting its ability to authenticate requests correctly. When a non-base64 encoded basic authentication header contains special characters, the APICast service fails to carry out the necessary authentication checks due to an oversight in the base64 decoding process. This flaw enables unauthorized users to access backend systems by circumventing standard authentication mechanisms, exposing critical resources to potential threats.",Red Hat,Red Hat 3scale Api Management Platform 2,7.5,HIGH,0.0008699999889358878,false,,false,false,false,,,false,false,,2024-10-24T17:55:10.314Z,0
CVE-2024-9671,https://securityvulnerability.io/vulnerability/CVE-2024-9671,System: pdf invoices of the developer users can be seen if the url is known,"A significant vulnerability exists in 3Scale that permits unauthorized access to PDF invoices of Developer users when the specific URL is known. This flaw arises from the absence of an authentication mechanism, allowing any person aware of or capable of guessing the invoice URL to gain access to sensitive billing information. Protecting this data is critical, as the exposure can lead to significant privacy concerns for affected users.",Red Hat,Red Hat 3scale Api Management Platform 2,5.3,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2024-10-09T15:15:00.000Z,0
CVE-2023-4910,https://securityvulnerability.io/vulnerability/CVE-2023-4910,3scale-admin-portal: logged out users tokens can be accessed,"A flaw was found In 3Scale Admin Portal. If a user logs out from the personal tokens page and then presses the back button in the browser, the tokens page is rendered from the browser cache.",Red Hat,Red Hat 3scale Api Management Platform 2,5.5,MEDIUM,0.0004299999854993075,false,,false,false,false,,,false,false,,2023-11-06T13:15:00.000Z,0
CVE-2023-5349,https://securityvulnerability.io/vulnerability/CVE-2023-5349,Draw while calling getdrawinfo(),"A memory leak flaw was found in ruby-magick, an interface between Ruby and ImageMagick. This issue can lead to a denial of service (DOS) by memory exhaustion.",Red Hat,"Rmagick,Red Hat 3scale Api Management Platform 2,Fedora",5.3,MEDIUM,0.000590000010561198,false,,false,false,false,,,false,false,,2023-10-30T21:15:00.000Z,0
CVE-2023-0456,https://securityvulnerability.io/vulnerability/CVE-2023-0456,Apicast proxies the api call with incorrect jwt token to the api backend without proper authorization check,"A flaw in the APICast OIDC module fails to properly handle responses from mismatched tokens originating from different realms. This oversight can potentially allow attackers to gain unauthorized access to sensitive information, as it might open doors to realms that should remain secure. Timely patching and updates are essential to safeguard against such vulnerabilities.",Red Hat,"Apicast,Red Hat 3scale Api Management Platform 2",7.4,HIGH,0.00215999991632998,false,,false,false,false,,,false,false,,2023-09-27T15:16:00.000Z,0