CVE-2025-30201

CVE-2025-30201 affects Wazuh Agent prior to version 4.13.0. The vulnerability allows authenticated attackers to force NTLM authentication through crafted UNC paths in various agent configuration settings, enabling NTLM relay attacks that could lead to privilege escalation and remote code executio...

Wazuh 安全漏洞

Wazuh is a Wazuh open source application. It is used to collect, aggregate, index and analyze security data to help organizations detect intrusions, threats and behavioral anomalies. A security vulnerability exists in Wazuh versions prior to 4.13.0 that originates from an authenticated attacker w...

PT-2025-47793

Name of the Vulnerable Software and Affected Versions Wazuh versions prior to 4.13.0 Description Wazuh Agent, a platform for threat prevention, detection, and response, contains a flaw where authenticated attackers can trigger NTLM authentication through crafted UNC paths within agent configurati...

Abilis CPX 安全漏洞

Abilis CPX is a software platform for a range of, voice and data network management equipment from Abilis, Italy. A security vulnerability exists in Abilis CPX that originates from the ability to log into a restricted shell after three failed SSH authentication attempts, which could lead to a...

EUVD-2017-4356

Malware in sbrugna...

EUVD-2019-16648

Malware in sbrugna...

EUVD-2020-0402

Malware in sbrugna...

EUVD-2024-26842

Malicious code in bioql PyPI...

EUVD-2022-35021

Malicious code in bioql PyPI...

EUVD-2021-8743

Malicious code in bioql PyPI...

CVE-2025-55234

SMB Server might be susceptible to relay attacks depending on the configuration. An attacker who successfully exploited these vulnerabilities could perform relay attacks and make the users subject to elevation of privilege attacks. The SMB Server already supports mechanisms for hardening against...

Metabase 0.40.x < 0.40.8 / 0.41.x < 0.41.7 / 0.42.x < 0.42.4 / 1.40.x < 1.40.8 / 1.41.x < 1.41.7 / 1.42.x < 1.42.4

The version of Metabase installed on the remote host is prior to 1.42.4. It is, therefore, affected by multiple vulnerabilities. - Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a...

Linux Distros Unpatched Vulnerability : CVE-2024-35178

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Jupyter Server provides the backend for Jupyter web applications. Jupyter Server on Windows has a vulnerability that lets unauthenticated attackers leak the...

ServiceStack 输入验证错误漏洞

ServiceStack is an API for building high-performance web services from ServiceStack, Inc. An input validation error vulnerability exists in ServiceStack that stems from the GetErrorResponse method not properly validating user input, which could lead to an NTLM credential relay attack...

CVE-2024-1244

Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2...

CVE-2023-46595

Net-NTLM leak via HTML injection in FireFlow VisualFlow workflow editor allows an attacker to obtain victim’s domain credentials and Net-NTLM hash which can lead to relay domain attacks. Fixed in A32.20 b570 or above, A32.50 b390 or above...

CVE-2022-29281

Notable before 1.9.0-beta.8 doesn't effectively prevent the opening of executable files when clicking on a link. There is improper validation of the file URI scheme. A hyperlink to an SMB share could lead to execution of an arbitrary program or theft of NTLM credentials via an SMB relay attack,...

CVE-2022-24853

Metabase is an open source business intelligence and analytics application. Metabase has a proxy to load arbitrary URLs for JSON maps as part of our GeoJSON support. While we do validation to not return contents of arbitrary URLs, there is a case where a particularly crafted request could result ...

CVE-2022-2780

In affected versions of Octopus Server it is possible to use the Git Connectivity test function on the VCS project to initiate an SMB request resulting in the potential for an NTLM relay attack...

CVE-2021-21472

SAP Software Provisioning Manager 1.0 SAP NetWeaver Master Data Management Server 7.1 does not have an option to set password during its installation, this allows an authenticated attacker to perform various security attacks like Directory Traversal, Password Brute force Attack, SMB Relay attack,...