Lucene search
K

359 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2021-29526

Malicious code in bioql PyPI...

6.1CVSS6.3AI score0.01052EPSS
Exploits2References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-43880

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00417EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-33830

Malicious code in bioql PyPI...

8.8CVSS9.2AI score0.00389EPSS
Exploits1References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-45852

Malicious code in bioql PyPI...

6.5CVSS8.7AI score0.00217EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-52902

Malicious code in bioql PyPI...

4.3CVSS9AI score0.00346EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-43879

Malicious code in bioql PyPI...

6.1CVSS6.2AI score0.00417EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2025/08/05 12:0 a.m.3 views

Simulating Cyberattacks through a Breach Attack Simulation (BAS) Platform Empowered by Security Chaos Engineering (SCE)

In today digital landscape, organizations face constantly evolving cyber threats, making it essential to discover slippery attack vectors through novel techniques like Security Chaos Engineering SCE, which allows teams to test defenses and identify vulnerabilities effectively. This paper proposes...

7AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/07/21 12:0 a.m.7 views

PT-2025-30621 · Gnu · Caldera Graphics

Уязвимость автоматизированной системы эмуляции действий нарушителей Caldera связана с неверным ограничением имени пути к каталогу с ограниченным доступом. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код путём отправки специально сформированног...

9CVSS7.3AI score
Exploits0References3
BDU FSTEC
BDU FSTEC
added 2025/07/21 12:0 a.m.7 views

The vulnerability of the automated system for emulating intruder actions in Caldera, related to an incorrect restriction on the path name to the restricted catalog, allows an intruder to execute arbitrary code.

The vulnerability of the automated system for emulating intruder actions in Caldera is related to an incorrect restriction on the path name to the restricted catalog. Exploiting this vulnerability allows an intruder operating remotely to execute arbitrary code by sending a specially crafted HTTP...

9CVSS6AI score
Exploits0References2Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/23 10:45 a.m.7 views

CVE-2024-52347

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in wpwebsitecreator Website remote Install vor Gravity, WPForms, Formidable, Ninja, Caldera wp-website-creator allows Stored XSS.This issue affects Website remote Install vor Gravity, WPForms,...

6.5CVSS7.3AI score0.00217EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 6:23 a.m.8 views

CVE-2024-56003

Missing Authorization vulnerability in David Cramer Caldera SMTP Mailer caldera-smtp-mailer.This issue affects Caldera SMTP Mailer: from n/a through = 1.0.1...

4.3CVSS7.2AI score0.00346EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 3:17 a.m.5 views

CVE-2023-2330

The Caldera Forms Google Sheets Connector WordPress plugin before 1.3 does not have CSRF check when updating its Access Code, which could allow attackers to make logged in admin change the access code to an arbitrary one via a CSRF attack...

8.8CVSS8.5AI score0.00389EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:41 p.m.4 views

CVE-2022-41139

MITRE CALDERA 4.1.0 allows stored XSS via app.contact.gist aka the gist contact configuration field, leading to execution of arbitrary commands on agents...

5.4CVSS5.6AI score0.00507EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:39 p.m.4 views

CVE-2022-40605

MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40606...

6.1CVSS5.9AI score0.00417EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:39 p.m.8 views

CVE-2022-40606

MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605...

6.1CVSS5.8AI score0.00417EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:6 p.m.8 views

CVE-2021-42561

An issue was discovered in CALDERA 2.8.1. When activated, the Human plugin passes the unsanitized name parameter to a python "os.system" function. This allows attackers to use shell metacharacters e.g., backticks "" or dollar parenthesis "$" in order to escape the current command and execute...

9CVSS7.5AI score0.19572EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/22 9:6 p.m.9 views

CVE-2021-42558

An issue was discovered in CALDERA 2.8.1. It contains multiple reflected, stored, and self XSS vulnerabilities that may be exploited by authenticated and unauthenticated attackers...

6.1CVSS6.2AI score0.01052EPSS
Exploits2
RedhatCVE
RedhatCVE
added 2025/05/22 6:24 p.m.7 views

CVE-2021-24896

The Caldera Forms WordPress plugin before 1.9.5 does not sanitise and escape the Form Name before outputting it in attributes, which could allow high privilege users to perform Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed...

4.8CVSS5.9AI score0.00598EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 5:4 p.m.7 views

CVE-2020-19907

A command injection vulnerability in the sandcat plugin of Caldera 2.3.1 and earlier allows authenticated attackers to execute any command or service...

8.8CVSS7.5AI score0.03013EPSS
Exploits1
RedhatCVE
RedhatCVE
added 2025/05/22 4:7 p.m.5 views

CVE-2020-10807

authsvc in Caldera before 2.6.5 allows authentication bypass for REST API requests via a forged "localhost" string in the HTTP Host header...

5.3CVSS7.2AI score0.0144EPSS
Exploits0References1
Rows per page
Query Builder