cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-11831,https://securityvulnerability.io/vulnerability/CVE-2024-11831,Cross-site Scripting Vulnerability in Serialize-Javascript by Yahoo,"A vulnerability exists in the serialize-javascript module due to inadequate sanitization of inputs, particularly JavaScript object types and regex expressions. This flaw allows attackers to inject malicious code that may be executed in a web browser context when the serialized data is deserialized. This poses significant risks in scenarios where the serialized outputs are shared with web clients, rendering the web applications reliant on this package susceptible to XSS attacks.",Red Hat,"Red Hat Advanced Cluster Security 4.5,Cryostat 3,Logging Subsystem For Red Hat Openshift,Migration Toolkit For Applications 7,Migration Toolkit For Virtualization,.net 6.0 On Red Hat Enterprise Linux,Openshift Lightspeed,Openshift Pipelines,Openshift Serverless,Openshift Service Mesh 2,Red Hat 3scale Api Management Platform 2,Red Hat Advanced Cluster Management For Kubernetes 2,Red Hat Advanced Cluster Security 4,Red Hat Ansible Automation Platform 2,Red Hat Build Of Apache Camel - Hawtio,Red Hat Build Of Apicurio Registry,Red Hat Build Of Keycloak,Red Hat Build Of Optaplanner 8,Red Hat Data Grid 8,Red Hat Developer Hub,Red Hat Discovery,Red Hat Enterprise Linux 8,Red Hat Enterprise Linux 9,Red Hat Fuse 7,Red Hat Integration Camel K,Red Hat Jboss Enterprise Application Platform 7,Red Hat Jboss Enterprise Application Platform 8,Red Hat Jboss Enterprise Application Platform Expansion Pack,Red Hat Openshift Ai (rhoai),Red Hat Openshift Container Platform 3.11,Red Hat Openshift Container Platform 4,Red Hat Openshift Data Foundation 4,Red Hat Openshift Dev Spaces,Red Hat Openshift Distributed Tracing 3,Red Hat Process Automation 7,Red Hat Quay 3,Red Hat Satellite 6,Red Hat Single Sign-on 7,Red Hat Trusted Profile Analyzer",5.4,MEDIUM,0.0006799999973736703,false,,false,false,false,,false,false,false,,2025-02-10T15:27:46.732Z,0
CVE-2024-7557,https://securityvulnerability.io/vulnerability/CVE-2024-7557,Authentication Bypass and Privilege Escalation Vulnerability in OpenShift AI,"In OpenShift AI, a vulnerability exists that permits authentication bypass and privilege escalation across models within the same namespace. This concern arises during AI model deployment, where the user interface allows the configuration of authentication for models. Unfortunately, tokens from one model are inadvertently usable for accessing other models and APIs within the same namespace. The vulnerability is exacerbated by the exposure of ServiceAccount tokens in the UI, enabling malicious users to exploit these tokens through commands like 'oc --token={token}', thereby gaining unauthorized access to resources and elevating privileges significantly.",Red Hat,"Red Hat Openshift Ai (rhoai),Red Hat Openshift Data Science (rhods)",8.8,HIGH,0.0005000000237487257,false,,false,false,false,,,false,false,,2024-08-12T13:38:00.000Z,0