Lucene search
K

24 matches found

Nuclei
Nuclei
added yesterday38 views

Nagios 5.5.6-5.7.5 - Authenticated Remote Command Injection

Nagios XI 5.5.6 through 5.7.5 is susceptible to authenticated remote command injection. There is improper sanitization of authenticated user-controlled input by a single HTTP request via the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php. This in turn can lead to remot...

9CVSS7.5AI score0.42935EPSS
Exploits8References5
Circl
Circl
added 2026/01/16 11:28 p.m.4 views

CVE-2019-25297

creationtimestamp| type| source ---|---|--- 2026-01-16 23:28:45+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mclatwxcnb2r 2026-01-18 21:02:59+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3mcpzn4dx7426...

5.1CVSS5.7AI score0.00456EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2025-25297

Malicious code in bioql PyPI...

7.5CVSS6.6AI score0.0037EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/23 9:45 a.m.6 views

CVE-2024-25297

Cross Site Scripting XSS vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php...

4.8CVSS6.4AI score0.00566EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 7:25 p.m.7 views

CVE-2021-25297

Nagios XI version xi-5.7.5 is affected by OS command injection. The vulnerability exists in the file /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php due to improper sanitization of authenticated user-controlled input by a single HTTP request, which can lead to OS command...

9CVSS7.3AI score0.42935EPSS
Exploits8References1
NVD
NVD
added 2025/02/14 8:15 p.m.20 views

CVE-2025-25297

Label Studio is an open source data labeling tool. Prior to version 1.16.0, Label Studio's S3 storage integration feature contains a Server-Side Request Forgery SSRF vulnerability in its endpoint configuration. When creating an S3 storage connection, the application allows users to specify a cust...

8.6CVSS0.00536EPSS
Exploits1References2
CVE
CVE
added 2025/02/14 7:25 p.m.115 views

CVE-2025-25297

Label Studio (Open Source) contains a CVE-2025-25297 SSRF in the S3 storage endpoint configuration prior to version 1.16.0. The s3_endpoint parameter is passed directly to the boto3 AWS SDK without validation, allowing an authenticated user to trigger HTTP requests to arbitrary internal services ...

8.6CVSS7AI score0.00536EPSS
Exploits1References2Affected Software1
Circl
Circl
added 2024/02/17 7:31 a.m.4 views

CVE-2024-25297

creationtimestamp| type| source ---|---|--- 2024-02-17 07:31:30+00:00| seen| https://t.me/ctinow/186797 2024-02-17 09:26:13+00:00| seen| https://t.me/ctinow/186830...

4.8CVSS5.8AI score0.00566EPSS
Exploits1References2
Vulnrichment
Vulnrichment
added 2024/02/17 12:0 a.m.21 views

CVE-2024-25297

Cross Site Scripting XSS vulnerability in Bludit CMS version 3.15, allows remote attackers to execute arbitrary code and obtain sensitive information via edit-content.php...

6.3AI score0.00566EPSS
Exploits1References1
CVE
CVE
added 2024/02/17 12:0 a.m.102 views

CVE-2024-25297

CVE-2024-25297 is a Cross Site Scripting (XSS) vulnerability in Bludit CMS 3.15 exploitable via the endpoint edit-content.php . Multiple connected sources describe that remote attackers can execute arbitrary code and access sensitive information through this vector. Exploitation details in public...

4.8CVSS5.3AI score0.00566EPSS
Exploits1References1Affected Software1
0day.today
0day.today
added 2023/02/13 12:0 a.m.431 views

Nagios XI 5.7.5 Remote Code Execution Exploit

This Metasploit module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions 5.5.6 to 5.7.5 a...

8.8CVSS9.3AI score0.75196EPSS
Exploits9
Metasploit
Metasploit
added 2023/02/08 7:51 p.m.560 views

Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection

This module exploits CVE-2021-25296, CVE-2021-25297, and CVE-2021-25298, which are OS command injection vulnerabilities in the windowswmi, switch, and cloud-vm configuration wizards that allow an authenticated user to perform remote code execution on Nagios XI versions 5.5.6 to 5.7.5 as the apach...

9CVSS8.3AI score0.71737EPSS
Exploits8
Packet Storm
Packet Storm
added 2023/02/08 12:0 a.m.508 views

Nagios XI 5.7.5 Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI 5.5.6 to 5.7.5 - ConfigWizards Authenticated Remote Code Exection', 'Description' = %q This module exploits CVE-2021-25296,...

9CVSS0.75196EPSS
Exploits9
NVD
NVD
added 2022/02/21 8:15 a.m.12 views

CVE-2022-25297

This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save method may enable attackers to write files to arbitrary locations outside the designated target folder...

8.8CVSS0.01867EPSS
Exploits1References3
OSV
OSV
added 2022/02/21 8:15 a.m.23 views

CVE-2022-25297

This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save method may enable attackers to write files to arbitrary locations outside the designated target folder...

8.8CVSS7.2AI score
Exploits0References3
Cvelist
Cvelist
added 2022/02/21 8:0 a.m.14 views

CVE-2022-25297 Arbitrary File Write

This affects the package drogonframework/drogon before 1.7.5. The unsafe handling of file names during upload using HttpFile::save method may enable attackers to write files to arbitrary locations outside the designated target folder...

7.5CVSS8.9AI score0.01867EPSS
Exploits1References3
CVE
CVE
added 2022/02/21 8:0 a.m.96 views

CVE-2022-25297

CVE-2022-25297 affects the Drogon framework (drogon) before 1.7.5. The vulnerability arises from unsafe handling of file names during uploads in HttpFile::save(), allowing an attacker to write files to arbitrary locations outside the target directory. Impact is partial to high depending on contex...

8.8CVSS8.3AI score0.01867EPSS
Exploits1References3Affected Software1
Check Point Advisories
Check Point Advisories
added 2021/02/18 12:0 a.m.8 views

Nagios XI Remote Code Execution (CVE-2021-25296; CVE-2021-25297; CVE-2021-25298; CVE-2021-25299)

A remote code execution vulnerability exists in Nagios XI. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...

9CVSS5.7AI score0.96861EPSS
Exploits10
Circl
Circl
added 2021/02/15 4:46 p.m.10 views

CVE-2021-25297

creationtimestamp| type| source ---|---|--- 2021-02-15 16:46:46+00:00| seen| https://t.me/cibsecurity/23595 2023-02-07 21:54:12+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/linux/http/nagiosxiconfigwizardsauthenticatedrce.rb 2023-04-27 09:58:59+00:00|...

9CVSS7.3AI score0.42935EPSS
Exploits8References8
CVE
CVE
added 2021/02/15 12:0 a.m.1045 views

CVE-2021-25297

CVE-2021-25297 affects Nagios XI 5.7.5 (and related versions) with an OS command injection vulnerability in /usr/local/nagiosxi/html/includes/configwizards/switch/switch.inc.php. The vulnerability stems from improper sanitization of input provided by an authenticated user via a single HTTP reques...

9CVSS8.8AI score0.71737EPSS
In wildExploits8References7Affected Software1
Rows per page
Query Builder