Lucene search
K

251 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-19298

Malicious code in bioql PyPI...

7.2CVSS7AI score0.00794EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.7 views

EUVD-2024-3338

Malicious code in bioql PyPI...

8.6CVSS6.3AI score0.23716EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2025-15721

Malicious code in bioql PyPI...

6CVSS6.5AI score0.0009EPSS
Exploits1References2
Packet Storm News
Packet Storm News
added 2025/10/03 12:0 a.m.7 views

PentestMCP: A Toolkit for Agentic Penetration Testing

Agentic AI is transforming security by automating many tasks being performed manually. While initial agentic approaches employed a monolithic architecture, the Model-Context-Protocol has now enabled a remote-procedure call RPC paradigm to agentic applications, allowing for the flexible constructi...

6.9AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/10/03 12:0 a.m.4 views

PT-2025-40598

Name of the Vulnerable Software and Affected Versions OpenSupports version 4.11.0 Description Two unauthenticated diagnostic endpoints permit arbitrary backend-initiated network connections to a destination specified by an attacker. These endpoints are accessible without authentication due to a...

6.9CVSS6.7AI score0.00281EPSS
Exploits1References7
GithubExploit
GithubExploit
added 2025/09/16 3:9 p.m.203 views

SemiAutoPenTestingTool

It is an offensive tool for network exploitation. This repositor...

8.3AI score
Exploits0
GithubExploit
GithubExploit
added 2025/09/14 9:28 p.m.366 views

Exploit for CVE-2025-12654

AnyDesk Exploit AnyDesk, remote access software, has faced se...

9.8CVSS7.8AI score0.80551EPSS
Exploits9
GithubExploit
GithubExploit
added 2025/09/06 11:53 a.m.191 views

VulnXploit

VulnScan Pro - Advanced Vulnerability Scanner A professional...

7AI score
Exploits0
Gitee
Gitee
added 2025/09/06 12:38 a.m.249 views

Exploit for CVE-2017-0143

💬 README中文 • Compile/Install/Run • Parameter Description • How to use • Scenario • POC List • Custom Scan • Best Practices Features - Free one id Multi-target web netcat for reverse shell - What is scan4all: integrated vscan, nuclei, ksubdomain, subfinder, etc., fully automated and intelligent。re...

9.3CVSS8.4AI score0.99693EPSS
Exploits94
GithubExploit
GithubExploit
added 2025/09/04 11:32 p.m.199 views

EternalBlueExploitation

Eternal Blue Exploitation Description For this project, I expl...

6.8AI score
Exploits0
Cvelist
Cvelist
added 2025/09/01 3:46 p.m.14 views

CVE-2025-55007 Knowage vulnerable to server-side request forgery

Knowage is an open source analytics and business intelligence suite. Prior to version 8.1.37, Knowage is vulnerable to server-side request forgery. The vulnerability allows attackers to send requests to arbitrary hosts/paths. Since the attacker is not able to read the response, the impact of this...

3.5CVSS0.00176EPSS
Exploits0References1
CNNVD
CNNVD
added 2025/09/01 12:0 a.m.5 views

Knowage 代码问题漏洞

Knowage is an open source suite for modern business analytics on legacy resources and big data systems from Knowage, Italy. A code issue vulnerability exists in Knowage versions prior to 8.1.37 that stems from server-side request forgery and could lead to scanning of the internal network...

5.3CVSS6.8AI score0.00176EPSS
Exploits0References3
NVD
NVD
added 2025/06/25 8:15 a.m.13 views

CVE-2024-51980

An unauthenticated attacker may perform a limited server side request forgery SSRF, forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address. This SSRF leverages the WS-Addressing ReplyTo element in a Web service HTTP TCP port 80 SOAP request. The...

5.3CVSS0.00858EPSS
Exploits0References10
Vulnrichment
Vulnrichment
added 2025/06/25 7:22 a.m.6 views

CVE-2024-51980 Unauthenticated Server Side Request Forgery (SSRF) via WS-Addressing affecting multiple models from Brother Industries, Ltd, FUJIFILM Business Innovation, Ricoh, Toshiba Tec, and Konica Minolta, Inc.

An unauthenticated attacker may perform a limited server side request forgery SSRF, forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address. This SSRF leverages the WS-Addressing ReplyTo element in a Web service HTTP TCP port 80 SOAP request. The...

5.3CVSS7.3AI score0.00858EPSS
Exploits0References10
Cvelist
Cvelist
added 2025/06/10 2:33 p.m.55 views

CVE-2024-34711 GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)

GeoServer is an open source server that allows users to share and edit geospatial data. An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities XEE attack, then send GET request to any HTTP server. By default, GeoServer use...

9.3CVSS0.00262EPSS
Exploits0References2
OSV
OSV
added 2025/06/10 2:13 p.m.6 views

GHSA-MC43-4FQR-C965 GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)

Summary An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities XEE attack, then send GET request to any HTTP server. Attacker can abuse this to scan internal networks and gain information about them then exploit further. Moreover,...

9.3CVSS7.1AI score0.00262EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2025/06/10 2:13 p.m.8 views

GeoServer has improper ENTITY_RESOLUTION_ALLOWLIST URI validation in XML Processing (SSRF)

Summary An improper URI validation vulnerability exists that enables an unauthorized attacker to perform XML External Entities XEE attack, then send GET request to any HTTP server. Attacker can abuse this to scan internal networks and gain information about them then exploit further. Moreover,...

9.3CVSS9.4AI score0.00262EPSS
Exploits0References4Affected Software2
GithubExploit
GithubExploit
added 2025/06/05 7:4 a.m.195 views

Exploit for Missing Authorization in Gitlab

CVE-2023-5612 – GitLab SSRF via Webhook URL PoC & Analysis...

5.3CVSS5.6AI score0.04392EPSS
Exploits3
The Hacker News
The Hacker News
added 2025/05/30 11:12 a.m.61 views

China-Linked Hackers Exploit SAP and SQL Server Flaws in Attacks Across Asia and Brazil

The China-linked threat actor behind the recent in-the-wild exploitation of a critical security flaw in SAP NetWeaver has been attributed to a broader set of attacks targeting organizations in Brazil, India, and Southeast Asia since 2023. "The threat actor mainly targets the SQL injection...

9.3CVSS10AI score0.99991EPSS
Exploits121
RedhatCVE
RedhatCVE
added 2025/05/22 4:50 p.m.10 views

CVE-2020-8205

The uppy npm package 1.13.2 and 2.0.0-alpha.5 is vulnerable to a Server-Side Request Forgery SSRF vulnerability, which allows an attacker to scan local or external networks or otherwise interact with internal systems...

7.5CVSS6.5AI score0.0119EPSS
Exploits1References1
Rows per page
Query Builder