Lucene search
K

29 matches found

Cvelist
Cvelist
added 2026/06/08 4:49 p.m.40 views

CVE-2026-25855 OpenBullet2 0.3.2 Authenticated RCE via FileProxySource Script Upload

OpenBullet2 through version 0.3.2 contains a remote code execution vulnerability that allows authenticated users to execute arbitrary commands by uploading script files .bat.ps1.sh through the FileProxySource proxy loading feature. Attackers can upload malicious script files as proxy sources,...

8.8CVSS0.0057EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 4:49 p.m.27 views

CVE-2026-25855

CVE-2026-25855 affects OpenBullet2 up to version 0.3.2. The issue is a remote code execution vulnerability where authenticated users can upload script files (.bat, .ps1, .sh) via the FileProxySource proxy loading feature. The server then executes the uploaded scripts and returns their output as p...

8.8CVSS6.7AI score0.0057EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/08 4:47 p.m.11 views

EUVD-2026-35133

OpenBullet2 through version 0.3.2 on Windows contains a credential disclosure vulnerability that allows remote attackers to capture the NTLMv2 hash of the process user by configuring a job proxy source with a UNC path pointing to an attacker-controlled server. When the job starts, the application...

7.1CVSS5.5AI score0.00314EPSS
Exploits0References2
CVE
CVE
added 2026/06/08 4:47 p.m.21 views

CVE-2026-39908

OpenBullet2 ≤ v0.3.2 on Windows suffers a credential disclosure via a UNC-path proxy source. When a job loads proxies from an attacker-controlled UNC path, an SMB authentication occurs and reveals the NTLMv2 hash of the process user, enabling relay or offline cracking. Affected component is the p...

7.1CVSS5.6AI score0.00314EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/08 12:0 a.m.10 views

PT-2026-47341

OpenBullet2 through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that allows authenticated attackers to perform arbitrary file read, write, and delete operations by supplying unsanitized absolute paths to the upload handler and wordlist functions. Attackers can...

8.8CVSS6.4AI score0.00566EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.9 views

OpenBullet2 安全漏洞

OpenBullet2 is a cross-platform automated testing and data scraping tool developed by the OpenBullet team. Versions of OpenBullet2 prior to 0.3.2 have security vulnerabilities on Windows. These vulnerabilities stem from credential exposure, and it is possible for remote attackers to exploit them ...

7.1CVSS5.5AI score0.00314EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.9 views

OpenBullet2 代码注入漏洞

OpenBullet2 is a cross-platform automated testing and data scraping tool developed by the OpenBullet team. Versions of OpenBullet2 prior to 0.3.2 contained a code injection vulnerability. This vulnerability originated from the job configuration feature, which could allow authenticated users to...

8.8CVSS6.1AI score0.00473EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.6 views

OpenBullet2 路径遍历漏洞

OpenBullet2 is a cross-platform automated testing and data scraping tool developed by the OpenBullet team. Versions of OpenBullet2 prior to 0.3.2 contained a path traversal vulnerability. This vulnerability originated from the wordlist endpoint’s path traversal flaw, which could allow authenticat...

8.8CVSS6.7AI score0.00566EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/08 12:0 a.m.9 views

OpenBullet2 安全漏洞

OpenBullet2 is a cross-platform automated testing and data scraping tool developed by the OpenBullet team. Versions of OpenBullet2 prior to 0.3.2 contained security vulnerabilities. These vulnerabilities stemmed from an authentication bypass vulnerability in the API key authentication middleware,...

9.8CVSS5.5AI score0.01509EPSS
Exploits0References1
Rows per page
Query Builder