Lucene search
K

22 matches found

RedhatCVE
RedhatCVE
added 2026/01/09 11:21 a.m.8 views

CVE-2021-22952

A vulnerability found in UniFi Talk application V1.12.3 and earlier permits a malicious actor who has already gained access to a network to subsequently control Talk devices assigned to said network if they are not yet adopted. This vulnerability is fixed in UniFi Talk application V1.12.5 and lat...

8.8CVSS6.8AI score0.0099EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/03/01 12:26 a.m.5 views

CVE-2025-22952

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery SSRF due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks...

9.8CVSS6.8AI score0.02818EPSS
Exploits1References1
Circl
Circl
added 2025/02/27 9:59 p.m.7 views

CVE-2025-22952

creationtimestamp| type| source ---|---|--- 2025-02-27 21:59:03+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lj6v7znxps25 2025-02-27 23:27:09+00:00| seen| https://t.me/cvedetector/19091 2025-03-04 11:20:50+00:00| confirmed|...

9.8CVSS8.7AI score0.02818EPSS
Exploits1References5
NVD
NVD
added 2025/02/27 8:16 p.m.11 views

CVE-2025-22952

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery SSRF due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks...

9.8CVSS0.02818EPSS
Exploits1References4
CVE
CVE
added 2025/02/27 12:0 a.m.102 views

CVE-2025-22952

Elestio Memos (v0.23.0) is affected by CVE-2025-22952: a Server-Side Request Forgery (SSRF) due to insufficient validation of user-supplied URLs. The Nuclei template confirms the issue as applicable to MEMOS versions up to 0.24.0 and notes that unauthenticated attackers can exploit SSRF to access...

9.8CVSS7AI score0.02818EPSS
In wildExploits1References4Affected Software1
Vulnrichment
Vulnrichment
added 2025/02/27 12:0 a.m.8 views

CVE-2025-22952

elestio memos v0.23.0 is vulnerable to Server-Side Request Forgery SSRF due to insufficient validation of user-supplied URLs, which can be exploited to perform SSRF attacks...

9.6AI score0.02818EPSS
Exploits1References4
0day.today
0day.today
added 2023/03/10 12:0 a.m.642 views

SugarCRM 12.x Remote Code Execution / Shell Upload Exploit

This Metasploit module exploits CVE-2023-22952, a remote code execution vulnerability in SugarCRM 11.0 Enterprise, Professional, Sell, Serve, and Ultimate versions prior to 11.0.5 and SugarCRM 12.0 Enterprise, Sell, and Serve versions prior to 12.0.2. This module requires Metasploit:...

8.8CVSS9AI score0.80274EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/03/10 12:0 a.m.333 views

SugarCRM 12.x Remote Code Execution / Shell Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'securerandom' class MetasploitModule 'SugarCRM unauthenticated Remote Code Execution RCE', 'Description' = %q This module exploits CVE-2023-22952, a Remote Code...

8.8CVSS0.3AI score0.80274EPSS
Exploits4
Metasploit
Metasploit
added 2023/03/09 7:53 p.m.722 views

SugarCRM unauthenticated Remote Code Execution (RCE)

This module exploits CVE-2023-22952, a Remote Code Execution RCE vulnerability in SugarCRM 11.0 Enterprise, Professional, Sell, Serve, and Ultimate versions prior to 11.0.5 and SugarCRM 12.0 Enterprise, Sell, and Serve versions prior to 12.0.2. The vulnerability occurs due to a lack of appropriat...

8.8CVSS9.9AI score0.80274EPSS
Exploits4
Circl
Circl
added 2023/02/03 6:39 a.m.8 views

CVE-2023-22952

creationtimestamp| type| source ---|---|--- 2023-02-03 06:39:42+00:00| exploited| https://t.me/thehackernews/3014 2023-03-09 17:01:25+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/sugarcrmwebshellcve202322952.rb 2023-03-11 12:57:01+00:00|...

8.8CVSS7.6AI score0.80274EPSS
In wildExploits4References15
The Hacker News
The Hacker News
added 2023/02/03 5:23 a.m.134 views

CISA Alert: Oracle E-Business Suite and SugarCRM Vulnerabilities Under Attack

The U.S. Cybersecurity and Infrastructure Security Agency CISA on February 2 added two security flaws to its Known Exploited Vulnerabilities KEV Catalog, citing evidence of active exploitation. The first of the two vulnerabilities is CVE-2022-21587 CVSS score: 9.8, a critical issue impacting...

9.8CVSS2.3AI score0.98342EPSS
Exploits16
The Hacker News
The Hacker News
added 2023/01/14 8:11 a.m.76 views

Cacti Servers Under Attack as Majority Fail to Patch Critical Vulnerability

A majority of internet-exposed Cacti servers have not been patched against a recently patched critical security vulnerability that has come under active exploitation in the wild. That's according to attack surface management platform Censys, which found only 26 out of a total of 6,427 servers to ...

9.8CVSS0.5AI score0.99826EPSS
Exploits52
OSV
OSV
added 2023/01/11 9:15 a.m.4 views

CVE-2023-22952

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation...

8.8CVSS5.9AI score0.80274EPSS
Exploits4References3
ATTACKERKB
ATTACKERKB
added 2023/01/11 12:0 a.m.53 views

CVE-2023-22952

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation. Recent assessments: h00die-gr3y at January 18, 2023 8:56am UTC reported: Last December, 28th 2022, a zero.day vulnerability in the SugarCRM applicati...

8.8CVSS9AI score0.80274EPSS
In wildExploits4References3
Vulnrichment
Vulnrichment
added 2023/01/11 12:0 a.m.16 views

CVE-2023-22952

In SugarCRM before 12.0. Hotfix 91155, a crafted request can inject custom PHP code through the EmailTemplates because of missing input validation...

8.8AI score0.80274EPSS
Exploits4References2
CVE
CVE
added 2023/01/11 12:0 a.m.791 views

CVE-2023-22952

SugarCRM is affected by CVE-2023-22952, a remote code execution in the EmailTemplates flow before 12.0, hotfix 91155. An attacker can upload a crafted PNG with embedded PHP to /index.php?module=EmailTemplates&action=AttachFiles (no input validation) and execute code on the server. Some sources in...

8.8CVSS8.9AI score0.80274EPSS
In wildExploits4References3Affected Software1
The Hacker News
The Hacker News
added 2022/03/24 3:38 a.m.108 views

VMware Issues Patches for Critical Flaws Affecting Carbon Black App Control

VMware on Wednesday released software updates to plug two critical security vulnerabilities affecting its Carbon Black App Control platform that could be abused by a malicious actor to execute arbitrary code on affected installations in Windows systems. Tracked as CVE-2022-22951 and CVE-2022-2295...

9.1CVSS3.5AI score0.21926EPSS
Exploits0
Circl
Circl
added 2022/03/23 11:29 p.m.8 views

CVE-2022-22952

creationtimestamp| type| source ---|---|--- 2022-03-23 23:29:01+00:00| seen| https://t.me/cibsecurity/39445 2022-03-24 04:43:48+00:00| seen| https://t.me/thehackernews/2006 2022-03-24 13:28:00+00:00| seen| https://t.me/truesecator/2768 2022-03-25 12:32:59+00:00| seen|...

9.1CVSS9AI score0.01416EPSS
Exploits0References3
CVE
CVE
added 2022/03/23 7:46 p.m.219 views

CVE-2022-22952

CVE-2022-22952 affects VMware Carbon Black App Control. Affected only when an attacker has administrative access to the App Control administration interface: uploading a specially crafted file can lead to code execution on the Windows AppC Server. Affected versions are 8.5.x before 8.5.14, 8.6.x ...

9.1CVSS9.3AI score0.01416EPSS
Exploits0References1Affected Software1
VMware
VMware
added 2022/03/23 12:0 a.m.65 views

VMware Carbon Black App Control update addresses multiple vulnerabilities (CVE-2022-22951, CVE-2022-22952)

3a. OS command injection vulnerability in VMware Carbon Black App Control CVE-2022-22951 VMware Carbon Black App Control contains an OS command injection vulnerability. VMware has evaluated the severity of this issue to be in the Critical severity range with a maximum CVSSv3 base score of 9.1. 3b...

9CVSS9.6AI score0.21926EPSS
Exploits0References4Affected Software1
Rows per page
Query Builder