Lucene search
K

12 matches found

RedHat Linux
RedHat Linux
added 2026/06/30 11:33 a.m.7 views

erb: ERB: Arbitrary code execution via deserialization bypass

A flaw was found in ERB, a templating system for Ruby. An attacker who can trigger deserialization of untrusted data in a Ruby application can bypass existing protections. This vulnerability allows for arbitrary code execution by exploiting specific public methods that evaluate template source...

8.1CVSS6.4AI score0.01131EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2025/11/26 4:56 p.m.5 views

CVE-2025-0645

Unrestricted Upload of File with Dangerous Type vulnerability in Narkom Communication and Software Technologies Trade Ltd. Co. Pyxis Signage allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Pyxis Signage: through 31012025...

7.2CVSS7AI score0.00306EPSS
Exploits0References1
Gitee
Gitee
added 2025/09/06 2:18 p.m.84 views

awesome-windows-exploitation

This is a curated list of Windows Exploitation resources and tools. The list is organized by category, including Windows stack overflows, Windows heap overflows, kernel-based Windows overflows, Windows kernel memory corruption, return-oriented programming, Windows memory protections, bypassing...

6.8AI score
Exploits0
CVE
CVE
added 2024/07/31 4:56 p.m.60 views

CVE-2024-6977

Cato Networks Windows SDP Client has a vulnerability prior to version 5.10.34 where sensitive information can be written into trace/log files, potentially enabling an account takeover. The issue requires bypassing protections that modify the tunnel token on the attacker’s system. Affected softwar...

6.5CVSS6.3AI score0.00227EPSS
Exploits1References1Affected Software1
NVD
NVD
added 2024/07/09 2:15 p.m.19 views

CVE-2023-39328

A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file...

5.5CVSS0.00242EPSS
Exploits0References5
OSV
OSV
added 2024/07/09 2:15 p.m.2 views

UBUNTU-CVE-2023-39328

A vulnerability was found in OpenJPEG similar to CVE-2019-6988. This flaw allows an attacker to bypass existing protections and cause an application crash through a maliciously crafted file...

5.5CVSS6.5AI score0.00242EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2024/06/19 5:9 p.m.68 views

CVE-2022-23829

A flaw was found in AMD SPI. The protection features may allow a malicious attacker with Ring0 kernel mode access to bypass the native System Management Mode SMM ROM protections. Mitigation Platform BIOS changes are needed to enable AMD ROM Armor. Please contact OEM supplier for the BIOS update...

8.2CVSS6.6AI score0.00196EPSS
Exploits0References4
Prion
Prion
added 2024/03/14 10:47 p.m.21 views

Design/Logic Flaw

The Artica Proxy administrative web application will deserialize arbitrary PHP objects supplied by unauthenticated users and subsequently enable code execution as the "www-data" user. This issue was demonstrated on version 4.50 of the The Artica-Proxy administrative web application attempts to...

7.9AI score0.44579EPSS
Exploits4References2Affected Software1
IBM Security Bulletins
IBM Security Bulletins
added 2023/06/20 4:49 p.m.59 views

Security Bulletin: Vulnerabilities in Apache Commons, Tomcat, Go, libcurl, OpenSSL, Python, Node.js, and Linux can affect IBM Spectrum Protect Plus.

Summary IBM Spectrum Protect Plus can be affected by vulnerabilities in Apache Commons, Tomcat, Go, libcurl, OpenSSL, Python, Node.js, and Linux. Vulnerabilities include causing a denial of service, obtaining sensitive information, bypassing protections and restrictions, causing system crashes,...

9.8CVSS9.8AI score0.59501EPSS
Exploits27Affected Software1
RedHat Linux
RedHat Linux
added 2021/04/06 5:15 p.m.5 views

kernel: race conditions caused by wrong locking in net/vmw_vsock/af_vsock.c

A flaw was found in the Linux kernel. Wrong locking in the AFVSOCK socket can cause a local privilege escalation, bypassing SMEP and SMAP. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability...

7CVSS7AI score0.01602EPSS
Exploits1References5
Hacker One
Hacker One
added 2018/07/13 3:38 a.m.49 views

Slack: SSRF in api.slack.com, using slash commands and bypassing the protections.

Bypassing the reports 61312 and 356765 Tutorial: Go to api.slack.com and create an application with your own slash command. F320014 Enter your own domain: in your own domain: index.php location: http://:::22/ F320019 And save. Go to your Slack and type /youslash Try with my server...

0.2AI score
Exploits0
Packet Storm
Packet Storm
added 2014/11/27 12:0 a.m.131 views

Sniffit Root Shell

CVE-2014-5439 - Root shell on Sniffit Authors: Ismael Ripoll & Hector Marco CVE: CVE-2014-5439 Dates: July 2014 - Discovered the vulnerability Description Sniffit is a packet sniffer and monitoring tool. A bug in sniffit prior to 0.3.7 has been found. The bug is caused by an incorrect...

10CVSS9.4AI score0.9994EPSS
Exploits18
Rows per page
Query Builder