Top 4 vulnerabilities
Grafana through 6.7.1 allows stored XSS due to insufficient input protection in the originalUrl field, which allows an attacker to inject JavaScript code that will be executed after clicking on Open Original Dashboard after visiting the snapshot.
The vSphere Client (HTML5) contains a remote code execution vulnerability due to lack of input validation in the Virtual SAN Health Check plug-in which is enabled by default in vCenter Server. A malicious actor with network access to port 443 may exploit this issue to execute commands with unrestricted privileges on the underlying operating system that hosts vCenter Server.
Windows Print Spooler Elevation of Privilege Vulnerability
We collect the tweet related to vulnerability, then process them to create rankings and graphs.
The CVSS is a good value to think about the severity of the vulnerability. But the popularity is also should be considered as a good barometer. Because when the vulnerability becomes very popular, it is very likely to have more attacks.
