359 matches found
EUVD-2021-29526
Malicious code in bioql PyPI...
EUVD-2022-43880
Malicious code in bioql PyPI...
EUVD-2023-33830
Malicious code in bioql PyPI...
EUVD-2024-45852
Malicious code in bioql PyPI...
EUVD-2024-52902
Malicious code in bioql PyPI...
EUVD-2022-43879
Malicious code in bioql PyPI...
Simulating Cyberattacks through a Breach Attack Simulation (BAS) Platform Empowered by Security Chaos Engineering (SCE)
In today digital landscape, organizations face constantly evolving cyber threats, making it essential to discover slippery attack vectors through novel techniques like Security Chaos Engineering SCE, which allows teams to test defenses and identify vulnerabilities effectively. This paper proposes...
PT-2025-30621 · Gnu · Caldera Graphics
Уязвимость автоматизированной системы эмуляции действий нарушителей Caldera связана с неверным ограничением имени пути к каталогу с ограниченным доступом. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код путём отправки специально сформированног...
The vulnerability of the automated system for emulating intruder actions in Caldera, related to an incorrect restriction on the path name to the restricted catalog, allows an intruder to execute arbitrary code.
The vulnerability of the automated system for emulating intruder actions in Caldera is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability allows an intruder operating remotely to execute arbitrary code by sending a specially crafted HTTP...
CVE-2024-52347
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpwebsitecreator Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera wp-website-creator allows Stored XSS.This issue affects Website remote Install vor Gravity, WPForms,...
CVE-2024-56003
Missing Authorization vulnerability in David Cramer Caldera SMTP Mailer caldera-smtp-mailer.This issue affects Caldera SMTP Mailer: from n/a through = 1.0.1...
CVE-2023-2330
The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...
CVE-2022-41139
MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist aka the gist contact configuration field, leading to execution of arbitrary commands on agents...
CVE-2022-40605
MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40606...
CVE-2022-40606
MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605...
CVE-2021-42561
An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows attackers to use shell metacharacters e.g., backticks "" or dollar parenthesis "$" in order to escape the current command and execute...
CVE-2021-42558
An issue was discovered in CALDERA 2.8.1. It contains multiple reflected, stored, and self XSS vulnerabilities that may be exploited by authenticated and unauthenticated attackers...
CVE-2021-24896
The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...
CVE-2020-19907
A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service...
CVE-2020-10807
authsvc in Caldera before 2.6.5 allows authentication bypass for REST API requests via a forged "localhost" string in the HTTP Host header...