Lucene search
K

158 matches found

Vulnrichment
Vulnrichment
added 2025/04/15 8:39 a.m.8 views

CVE-2024-45712 SolarWinds Serv-U Client-Side Cross-Site Scripting Vulnerability

SolarWinds Serv-U is vulnerable to a client-side cross-site scripting XSS vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low...

2.6CVSS3.4AI score0.00309EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/04/15 8:39 a.m.21 views

CVE-2024-45712 SolarWinds Serv-U Client-Side Cross-Site Scripting Vulnerability

SolarWinds Serv-U is vulnerable to a client-side cross-site scripting XSS vulnerability. The vulnerability can only be performed by an authenticated account, on the local machine, from the local browser session. Therefore the risk is very low...

2.6CVSS0.00309EPSS
Exploits1References2
CVE
CVE
added 2025/04/15 8:39 a.m.80 views

CVE-2024-45712

CVE-2024-45712 affects SolarWinds Serv-U. The vulnerability is a client-side cross-site scripting (XSS) issue that can be exploited only by an authenticated user from the local browser session. The documented risk is described as very low. Affected guidance indicates versions prior to 15.5.1 are ...

5.4CVSS3.4AI score0.00309EPSS
Exploits1References2Affected Software1
Ivanti
Ivanti
added 2024/12/07 8:17 a.m.11 views

SA-2024-07-12-CVE-2024-29213

SECURITY ADVISORY 07-12-2024 Product Affected: Ivanti Desktop and Server Management A vulnerability was recently discovered in DSM. This vulnerability is remediated in DSM 2024.2. Vulnerability Information CVE | CVSS | Summary | Product Affected ---|---|---|--- CVE-2024-29213 CVE Reserved | 7.8...

7.8CVSS6.7AI score0.00226EPSS
Exploits0
NVD
NVD
added 2024/11/04 11:15 p.m.28 views

CVE-2024-48061

langflow =1.0.18 is vulnerable to Remote Code Execution RCE as any component provided the code functionality and the components run on the local machine rather than in a sandbox...

9.8CVSS0.01318EPSS
Exploits2References2
CVE
CVE
added 2024/11/04 12:0 a.m.70 views

CVE-2024-48061

Langflow

9.8CVSS7.4AI score0.01318EPSS
Exploits2References2Affected Software1
Cvelist
Cvelist
added 2024/11/04 12:0 a.m.29 views

CVE-2024-48061

langflow =1.0.18 is vulnerable to Remote Code Execution RCE as any component provided the code functionality and the components run on the local machine rather than in a sandbox...

0.01318EPSS
Exploits2References2
NVD
NVD
added 2024/10/18 11:15 p.m.20 views

CVE-2024-29821

Ivanti DSM version 2024.2 allows authenticated users on the local machine to run code with elevated privileges due to insecure ACL via unspecified attack vector...

7.8CVSS0.00226EPSS
Exploits0References1
CVE
CVE
added 2024/10/18 11:6 p.m.67 views

CVE-2024-29213

CVE-2024-29213 affects Ivanti Desktop and Server Management (Ivanti DSM) and leverages an insecure ACL to allow an authenticated local user to execute code with elevated privileges. The advisory and multiple feeds confirm the vulnerability exists in DSM versions prior to 2024.2, with a CVSS v3 ba...

7.8CVSS6.8AI score0.00226EPSS
Exploits0References1Affected Software1
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/10/07 5:38 p.m.4 views

Malicious code in ws-api-typescript-websocket-hooks (npm)

The package contains code to exfiltrate local machine information to a remote server over DNS. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6241b41ae78615002b8b7670ca4926a95d9cdc39cdc814b7ed794226bc5f7014 Any computer that has this package installed or running...

6.8AI score
Exploits0References1
OSV
OSV
added 2024/10/07 5:38 p.m.5 views

MAL-2024-9261 Malicious code in ws-api-typescript-websocket-hooks (npm)

The package contains code to exfiltrate local machine information to a remote server over DNS. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 6241b41ae78615002b8b7670ca4926a95d9cdc39cdc814b7ed794226bc5f7014 Any computer that has this package installed or running...

7AI score
Exploits0References1
OSV
OSV
added 2024/10/07 5:38 p.m.1 views

MAL-2024-9221 Malicious code in descriptiongenerator-typescript-runtime (npm)

The package contains code to exfiltrate local machine information to a remote server over DNS. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 01ce8c140437db152bce12a94652fc2dbd5af9a9a2792e41ed7cdea5fe8b02c7 Any computer that has this package installed or running...

7AI score
Exploits0References1
NVD
NVD
added 2024/07/31 2:15 p.m.11 views

CVE-2024-31201

A “CWE-428: Unquoted Search Path or Element” affects the ThermoscanIPScrutation service. Such misconfiguration could be abused in scenarios where incorrect permissions were assigned to the C:\ path to attempt a privilege escalation on the local machine...

6.7CVSS0.00163EPSS
Exploits0References1
Cvelist
Cvelist
added 2024/07/31 1:17 p.m.14 views

CVE-2024-31201

A “CWE-428: Unquoted Search Path or Element” affects the ThermoscanIPScrutation service. Such misconfiguration could be abused in scenarios where incorrect permissions were assigned to the C:\ path to attempt a privilege escalation on the local machine...

6.5CVSS0.00163EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2024/06/17 12:0 a.m.17 views

Ivanti Endpoint Manager < 2022 (CVE-2024-22058)

The version of Ivanti Endpoint Manager installed on the remote host is prior to 2022. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-22058 advisory. - A buffer overflow allows a low privilege user on the local machine that has the EPM Agent installed to execute...

7.8CVSS8.2AI score0.00379EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2024/06/04 1:16 p.m.2 views

SUSE CVE-2019-1002101

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes creates a tar inside the container, copies it over the network, and kubectl unpacks it on the user's machine. If the tar binary in the container is malicious, it could r...

5.3CVSS6.3AI score0.13164EPSS
Exploits2References5
Positive Technologies
Positive Technologies
added 2024/05/29 12:0 a.m.5 views

PT-2024-19174 · Ivanti · Ivanti Epm

Name of the Vulnerable Software and Affected Versions: Ivanti EPM versions 2021.1 and older Description: A buffer overflow issue allows a low-privilege user on the local machine with the EPM Agent installed to execute arbitrary code with elevated permissions. Recommendations: For Ivanti EPM...

7.8CVSS8AI score0.00379EPSS
Exploits0References6
0day.today
0day.today
added 2024/01/22 12:0 a.m.404 views

Traceroute 2.1.2 Privilege Escalation Vulnerability

In Traceroute versions 2.0.12 through to 2.1.2, the wrapper scripts mishandle shell metacharacters, which can lead to privilege escalation if the wrapper scripts are executed via sudo. The affected wrapper scripts include tcptraceroute, tracepath, traceproto, and traceroute-nanog. Version 2.1.3...

5.5CVSS7.1AI score0.00367EPSS
Exploits2
OSV
OSV
added 2023/08/31 11:15 p.m.7 views

CVE-2023-39912

Zoho ManageEngine ADManager Plus before 7203 allows Help Desk Technician users to read arbitrary files on the machine where this product is installed...

4.9CVSS5.9AI score0.04041EPSS
Exploits0References2
OSV
OSV
added 2023/08/05 2:15 a.m.2 views

CVE-2022-46782

An issue was discovered in Stormshield SSL VPN Client before 3.2.0. A logged-in user, able to only launch the VPNSSL Client, can use the OpenVPN instance to execute malicious code as administrator on the local machine...

7.8CVSS5.9AI score0.00178EPSS
Exploits0References1
Rows per page
Query Builder