Lucene search
K

89 matches found

AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.3 views

Astra Linux – Vulnerability in Samba

A flaw was discovered in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user can change other users’ passwords, allowing for full domain takeover...

8.8CVSS6.5AI score0.00956EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 9:16 p.m.9 views

CVE-2026-45013

ApostropheCMS is an open-source Node.js content management system. Versions up to and including 4.29.0 have a password reset flow that constructs the reset URL using req.hostname, which is derived directly from the attacker-controlled HTTP Host header when apos.baseUrl is not explicitly configure...

8.1CVSS0.0025EPSS
Exploits0References1
Packet Storm News
Packet Storm News
added 2026/05/20 12:0 a.m.7 views

Domijn: The Security of Domain Registrars and the Risk of a Domain Name Takeover

Domain names are key assets for organisation. They anchor an organisation's online presence and reputation, and serve as linking pin for web services and, e.g., email. Consequently, a malicious takeover of a domain can lead to significant damages. Organisations register domain names through...

5.8AI score
Exploits0
CNNVD
CNNVD
added 2026/05/19 12:0 a.m.7 views

Technitium DNS Server 安全漏洞

Technitium DNS Server is an open-source authoritative and recursive DNS server developed by the Technitium team. It can be used as a self-hosted DNS server to protect privacy and security. Versions of Technitium DNS Server prior to version 15.0 contained security vulnerabilities. These...

6.9CVSS5.8AI score0.00389EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/17 12:0 a.m.6 views

Apache Airflow 安全漏洞

Apache Airflow is the United States Apache Apache Foundation's set of open source platform with the creation, management and monitoring of workflow functions. The platform is scalable and dynamic monitoring and other features. Apache Airflow has an information disclosure vulnerability that stems...

7.5CVSS5.8AI score0.00677EPSS
Exploits0References3
Qualys Blog
Qualys Blog
added 2026/02/12 7:36 a.m.9 views

Active Directory Attacks Demystified: Pass-the-Hash (PtH), Pass-the-Ticket (PtT), and Beyond

Key Takeaways Active Directory attacks are identified as a significant threat in enterprise environments, with 74% of breaches involving compromised identities according to the Verizon DBIR 2025. Pass-the-Hash PtHattacks facilitate lateral movement by allowing the reuse of stolen NTLM hashes...

5.7AI score
Exploits0
GithubExploit
GithubExploit
added 2026/02/04 8:56 a.m.150 views

Ofensive-security-Portfolio

This repository contains my Offensive Cyber Security / Penetrati...

5.6AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2026/01/22 12:0 a.m.5 views

Azure Linux 3.0 Security Update: samba (CVE-2022-32744)

The version of samba installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2022-32744 advisory. - A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting...

8.8CVSS7.5AI score0.00956EPSS
Exploits0References2
The Hacker News
The Hacker News
added 2025/11/28 4:27 p.m.9 views

Legacy Python Bootstrap Scripts Create Domain-Takeover Risk in Multiple PyPI Packages

Cybersecurity researchers have discovered vulnerable code in legacy Python packages that could potentially pave the way for a supply chain compromise on the Python Package Index PyPI via a domain takeover attack. Software supply chain security company ReversingLabs said it found the "vulnerabilit...

9.8CVSS9.2AI score0.01535EPSS
Exploits1
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-35810

Malicious code in bioql PyPI...

8.8CVSS6.9AI score0.00956EPSS
Exploits0References8
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-53901

Malicious code in bioql PyPI...

9.8CVSS9.3AI score0.00605EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2025/08/27 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2022-32744

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Samba. The KDC accepts kpasswd requests encrypted with any key known to it. By encrypting forged kpasswd requests with its own key, a user c...

8.8CVSS7.2AI score0.00956EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/03/07 1:29 a.m.4 views

CVE-2024-57174

A misconfiguration in Alphion ASEE-1443 Firmware v0.4.H.00.02.15 defines a previously unregistered domain name as the default DNS suffix. This allows attackers to register the unclaimed domain and point its wildcard DNS entry to an attacker-controlled IP address, making it possible to access...

8.1CVSS6.9AI score0.00327EPSS
Exploits0References1
CVE
CVE
added 2025/03/05 12:0 a.m.42 views

CVE-2024-57174

The CVE-2024-57174 entry documents a misconfiguration in Alphion ASEE-1443 Firmware v0.4.H.00.02.15 where a previously unregistered domain is used as the default DNS suffix. This enables an attacker who can register that domain to point its wildcard DNS entry to an attacker-controlled IP address,...

8.1CVSS6.9AI score0.00327EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2024/10/15 12:0 a.m.3 views

CVE-2022-32744

...

8.8CVSS6.5AI score0.00956EPSS
Exploits0
Hacker One
Hacker One
added 2024/09/10 1:25 a.m.5 views

HackerOne: Takeover of hackerone.engineering via Medium

The report describes a broken link hijacking vulnerability on the hackerone.engineering domain, which belonged to HackerOne. The domain was found to be pointing to a non-existent page on Medium, allowing the reporter to create a page with the same URL and take over the domain...

7AI score
Exploits0
OSV
OSV
added 2024/08/21 6:31 p.m.17 views

GHSA-6V96-M24V-F58J CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover

Affected Packages The issue impacts only editor instances with enabled version notifications. Please note that this feature is disabled by default in all CKEditor 4 LTS versions. Therefore, if you use CKEditor 4 LTS, it is highly unlikely that you are affected by this vulnerability. If you are...

4.8CVSS4AI score0.004EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2024/08/21 6:31 p.m.32 views

CKEditor4 low-risk cross-site scripting (XSS) vulnerability linked to potential domain takeover

Affected Packages The issue impacts only editor instances with enabled version notifications. Please note that this feature is disabled by default in all CKEditor 4 LTS versions. Therefore, if you use CKEditor 4 LTS, it is highly unlikely that you are affected by this vulnerability. If you are...

3.1CVSS6.8AI score0.004EPSS
Exploits0References4Affected Software1
Vulnrichment
Vulnrichment
added 2024/08/21 3:17 p.m.16 views

CVE-2024-43411 CKEditor4 has a low risk cross-site scripting (XSS) vulnerability from domain takeover

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 and above. In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on...

3.1CVSS6.6AI score0.004EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/08/21 3:17 p.m.25 views

CVE-2024-43411 CKEditor4 has a low risk cross-site scripting (XSS) vulnerability from domain takeover

CKEditor4 is an open source what-you-see-is-what-you-get HTML editor. A theoretical vulnerability has been identified in CKEditor 4.22 and above. In a highly unlikely scenario where an attacker gains control over the https://cke4.ckeditor.com domain, they could potentially execute an attack on...

3.1CVSS0.004EPSS
Exploits0References2
Rows per page
Query Builder