Lucene search
+L

181 matches found

RedhatCVE
RedhatCVE
added 2025/09/14 5:31 p.m.7 views

CVE-2025-4235

An information exposure vulnerability in the Palo Alto Networks User-ID Credential Agent Windows-based can expose the service account password under specific non-default configurations. This allows an unprivileged Domain User to escalate privileges by exploiting the account’s permissions. The...

7.2CVSS6.9AI score0.00175EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/12 5:16 p.m.4 views

CVE-2025-4235 User-ID Credential Agent: Cleartext Exposure of Service Account password

An information exposure vulnerability in the Palo Alto Networks User-ID Credential Agent Windows-based can expose the service account password under specific non-default configurations. This allows an unprivileged Domain User to escalate privileges by exploiting the account’s permissions. The...

7.2CVSS6.5AI score0.00175EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/09/12 5:16 p.m.13 views

CVE-2025-4235 User-ID Credential Agent: Cleartext Exposure of Service Account password

An information exposure vulnerability in the Palo Alto Networks User-ID Credential Agent Windows-based can expose the service account password under specific non-default configurations. This allows an unprivileged Domain User to escalate privileges by exploiting the account’s permissions. The...

7.2CVSS0.00175EPSS
Exploits0References1
CVE
CVE
added 2025/09/12 5:16 p.m.66 views

CVE-2025-4235

The CVE-2025-4235 entry describes an information-exposure vulnerability in Palo Alto Networks’ User-ID Credential Agent (Windows). Under specific non-default configurations, the service account password can be exposed, enabling an unprivileged Domain User to escalate privileges by abusing the acc...

7.2CVSS6.5AI score0.00175EPSS
Exploits0References1
CISA KEV Catalog
CISA KEV Catalog
added 2025/08/25 12:0 a.m.8 views

Citrix Session Recording Improper Privilege Management Vulnerability

Citrix Session Recording contains an improper privilege management vulnerability that could allow for privilege escalation to NetworkService Account access. An attacker must be an authenticated user in the same Windows Active Directory domain as the session recording server domain...

8CVSS9.1AI score0.01399EPSS
In wildExploits0
NVD
NVD
added 2025/06/19 12:15 a.m.13 views

CVE-2025-23121

A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user...

9.9CVSS0.12442EPSS
Exploits0References1
OSV
OSV
added 2025/06/19 12:15 a.m.7 views

CVE-2025-23121

A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user...

8.8CVSS8.1AI score0.12442EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/06/18 11:30 p.m.3 views

CVE-2025-23121

A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user...

9.9CVSS9.8AI score0.12442EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/06/18 11:30 p.m.105 views

CVE-2025-23121

A vulnerability allowing remote code execution RCE on the Backup Server by an authenticated domain user...

9.9CVSS0.12442EPSS
Exploits0References1
CVE
CVE
added 2025/06/18 11:30 p.m.116 views

CVE-2025-23121

CVE-2025-23121 affects Veeam Backup & Replication (Backup Server) with remote code execution achievable by an authenticated domain user on domain-joined servers. Public details consistently cite version pre-12.3.2.3617 as vulnerable; remediation is to upgrade to 12.3.2.3617 or newer. Multiple sou...

9.9CVSS9.8AI score0.12442EPSS
Exploits0References1Affected Software1
Positive Technologies
Positive Technologies
added 2025/06/17 12:0 a.m.10 views

PT-2025-25742

Name of the Vulnerable Software and Affected Versions Veeam Backup & Replication versions prior to 12.3.2.3617 Description A critical remote code execution RCE vulnerability allows authenticated domain users to execute code on the Backup Server. This vulnerability affects Veeam Backup & Replicati...

9.9CVSS9.9AI score0.12442EPSS
Exploits0References87
RedhatCVE
RedhatCVE
added 2025/05/22 8:5 p.m.8 views

CVE-2021-37424

ManageEngine ADSelfService Plus before 6112 is vulnerable to domain user account takeover...

9.8CVSS6.9AI score0.04773EPSS
Exploits0References1
NCSC
NCSC
added 2025/03/20 2:10 p.m.11 views

Vulnerability fixed in Veeam Backup & Replication

Veeam has fixed a vulnerability in Veeam Backup & Replication. The vulnerability is located in the authorization mechanism of the Backup & Replication software and allows a domain user to execute arbitrary code on the system where Backup & Replication is implemented. Veeam has released critical...

9.9CVSS7.8AI score0.21522EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2025/02/04 11:48 p.m.5 views

CVE-2024-22250

Session Hijack vulnerability in Deprecated VMware Enhanced Authentication Plug-in could allow a malicious actor with unprivileged local access to a windows operating system can hijack a privileged EAP session when initiated by a privileged domain user on the same system...

7.8CVSS6.6AI score0.00348EPSS
Exploits0References1
NVD
NVD
added 2024/11/19 7:15 p.m.33 views

CVE-2024-51503

A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to...

8.8CVSS0.04032EPSS
Exploits0References2
Cvelist
Cvelist
added 2024/11/19 7:0 p.m.17 views

CVE-2024-51503

A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to...

8CVSS0.04032EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2024/11/19 7:0 p.m.15 views

CVE-2024-51503

A security agent manual scan command injection vulnerability in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected machine. In certain circumstances, attackers that have legitimate access to the domain may be able to...

8CVSS8.6AI score0.04032EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/11/18 12:0 a.m.8 views

PT-2024-8684 · Trend Micro · Trend Micro Deep Security Agent

Name of the Vulnerable Software and Affected Versions: Trend Micro Deep Security Agent version 20 Description: A security agent manual scan command injection issue in the Trend Micro Deep Security 20 Agent could allow an attacker to escalate privileges and execute arbitrary code on an affected...

8CVSS9.2AI score0.04032EPSS
Exploits0References13
Packet Storm
Packet Storm
added 2024/10/02 12:0 a.m.276 views

Microsoft Office NTLMv2 Disclosure

Exploit Title: Microsoft Office NTLMv2 Disclosure Vulnerability Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.office.com/ Software Link: https://www.office.com/ Details: https://github.com/passtheticket/CVE-2024-38200 Version: Microsoft Office 2019 MSO Build 1808...

9.1CVSS7.2AI score0.20296EPSS
Exploits2
Citrix
Citrix
added 2024/07/13 12:0 a.m.6 views

Error: "The domain/user does not have access to the farm" when Accessing the Management Console

Administrator account is not able to access the management console and it generates error, "the domain/user does not have access to the farm"...

7.1AI score
Exploits0
Rows per page
Query Builder