Lucene search
K

109 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2022-3441

Malicious code in bioql PyPI...

6.5CVSS7AI score0.01591EPSS
Exploits0References2
NVD
NVD
added 2025/07/16 4:15 p.m.31 views

CVE-2025-53943

VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler where permission checks are not properly enforced for certain administrative commands. This allows users without the required roles or privileges to...

8.7CVSS0.00325EPSS
Exploits0References2
OSV
OSV
added 2025/07/16 4:7 p.m.11 views

CVE-2025-53943 VoidBot Open-Source Has Improper Permission Check That Allows Unauthorized Command Execution

VoidBot Open-Source is a customizable Discord bot. VoidBot Open-Source versions 0.0.1 through 0.8.1 contain a vulnerability in the command handler where permission checks are not properly enforced for certain administrative commands. This allows users without the required roles or privileges to...

8.7CVSS7.3AI score0.00325EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/22 8:49 p.m.8 views

CVE-2021-22707

A CWE-798: Use of Hard-coded Credentials vulnerability exists in EVlink City EVC1S22P4 / EVC1S7P4 all versions prior to R8 V3.4.0.1, EVlink Parking EVW2 / EVF2 / EV.2 all versions prior to R8 V3.4.0.1, and EVlink Smart Wallbox EVB1A all versions prior to R8 V3.4.0.1 that could allow an attacker t...

10CVSS6.9AI score0.64612EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:57 p.m.11 views

CVE-2021-39232

In Apache Ozone versions prior to 1.2.0, certain admin related SCM commands can be executed by any authenticated users, not just by admins...

8.8CVSS6.8AI score0.01632EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/01/21 12:0 a.m.6 views

mjolnir 安全漏洞

mjolnir is a Matrix open source auditing tool for Matrix. A security vulnerability exists in mjolnir version v1.9.0 that stems from the bot responding to administrative commands in any room, which could allow non-operator users to utilize the bot's functionality...

9.1CVSS6.8AI score0.00573EPSS
Exploits0References4
CNNVD
CNNVD
added 2024/11/07 12:0 a.m.5 views

Apache Zookeeper 安全漏洞

Apache ZooKeeper is a centralized service under the Apache Software Foundation for maintaining configuration information, naming, providing distributed synchronization, and providing group services. An authentication bypass vulnerability exists in Apache ZooKeeper versions prior to 3.9.3. The...

9.1CVSS6.7AI score0.00924EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2024/10/16 12:0 a.m.7 views

PT-2024-7345 · Cisco · Cisco Ata 190 Series Analog Telephone Adapter

Name of the Vulnerable Software and Affected Versions: Cisco ATA 190 Series Analog Telephone Adapter firmware affected versions not specified Description: A vulnerability in the web-based management interface could allow an authenticated, remote attacker with low privileges to run commands as an...

9CVSS7.2AI score0.00363EPSS
Exploits0References7
Packet Storm
Packet Storm
added 2024/08/31 12:0 a.m.279 views

SaltStack Salt Master Server Root Key Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SaltStack Salt Master Server Root Key Disclosure', 'Description' = %q This module exploits unauthenticated access to the prepauthinfo method in t...

9.8CVSS7.4AI score0.96405EPSS
Exploits25
NVD
NVD
added 2024/04/08 4:15 p.m.19 views

CVE-2024-31442

Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command...

8.8CVSS9AI score0.00545EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/04/08 3:33 p.m.19 views

CVE-2024-31442 Redon-Hub has incorrect permissions on all admin related commands

Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command...

8.8CVSS9.2AI score0.00545EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/04/08 3:33 p.m.7 views

CVE-2024-31442 Redon-Hub has incorrect permissions on all admin related commands

Redon Hub is a Roblox Product Delivery Bot, also known as a Hub. In all hubs before version 1.0.2, all commands are capable of being ran by all users, including admin commands. This allows users to receive products for free and delete/create/update products/tags/etc. The only non-affected command...

8.8CVSS7.3AI score0.00545EPSS
Exploits0References2
CVE
CVE
added 2024/04/08 3:33 p.m.50 views

CVE-2024-31442

CVE-2024-31442 concerns Redon Hub, a Roblox Product Delivery Bot. Pre-1.0.2 versions permit all users to execute admin commands due to a permissions misconfiguration, allowing actions like receiving products for free and deleting/creating/updating products and tags. The only non-affected command ...

8.8CVSS9AI score0.00545EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2024/04/08 12:0 a.m.3 views

PT-2024-24079

Name of the Vulnerable Software and Affected Versions Redon Hub versions prior to 1.0.2 Description The issue affects Redon Hub, a Roblox Product Delivery Bot. In affected versions, all commands can be executed by all users, including admin commands. This allows users to receive products for free...

8.8CVSS6.8AI score0.00545EPSS
Exploits0References10
Positive Technologies
Positive Technologies
added 2024/03/12 12:0 a.m.2 views

PT-2024-20959 · Asus · Asus Download Master

Name of the Vulnerable Software and Affected Versions: ASUS Download Master affected versions not specified Description: The issue allows an attacker to execute commands in the context of the web server, running as admin. Recommendations: At the moment, there is no information about a newer versi...

7.3AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2023/11/22 6:15 p.m.4 views

CVE-2023-48646

Zoho ManageEngine RecoveryManager Plus before 6070 allows admin users to execute arbitrary commands via proxy settings...

7.2CVSS6.1AI score0.82163EPSS
Exploits0References2
NCSC
NCSC
added 2023/08/22 12:0 a.m.4 views

Vulnerability fixed in Ivanti MobileIron Sentry

Ivanti has fixed a vulnerability in MobileIron Sentry. A unauthenticated malicious person with access to the management interface could exploit the vulnerability to use API calls to manipulate the Sentry system and execute commands with administrator privileges. For successful misuse, the malicio...

9.8CVSS7.2AI score0.99949EPSS
Exploits6
OSV
OSV
added 2023/08/04 5:26 p.m.18 views

GHSA-3PMJ-JQQP-2MJ3 matrix-appservice-irc IRC command injection via admin commands containing newlines

Impact It is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. Patches Versions 1.0.1 and above are patched. Workarounds There are no robust workaround...

5CVSS7.6AI score0.00777EPSS
Exploits0References5
Github Security Blog
Github Security Blog
added 2023/08/04 5:26 p.m.34 views

matrix-appservice-irc IRC command injection via admin commands containing newlines

Impact It is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. Patches Versions 1.0.1 and above are patched. Workarounds There are no robust workaround...

9.8CVSS7.1AI score0.00777EPSS
Exploits0References5Affected Software1
Cvelist
Cvelist
added 2023/08/04 4:31 p.m.37 views

CVE-2023-38690 matrix-appservice-irc IRC command injection via admin commands containing newlines

matrix-appservice-irc is a Node.js IRC bridge for Matrix. Prior to version 1.0.1, it is possible to craft a command with newlines which would not be properly parsed. This would mean you could pass a string of commands as a channel name, which would then be run by the IRC bridge bot. Versions 1.0....

5.8CVSS9.9AI score0.00777EPSS
Exploits0References3
Rows per page
Query Builder