Lucene search
K

283 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-4487

Malicious code in bioql PyPI...

6.5CVSS6.5AI score0.01536EPSS
Exploits0References4
Metasploit
Metasploit
added 2025/10/01 6:56 p.m.627 views

SpecialFolderDatablock - Windows LNK File Special UNC Path NTLM Leak

This module creates a malicious Windows shortcut LNK file that specifies a special UNC path in SpecialFolderDatablock of Shell Link .LNK that can trigger an authentication attempt to a remote server. This can be used to harvest NTLM authentication credentials. When a victim browse to the location...

5.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2025/08/20 12:0 a.m.2 views

Linux Distros Unpatched Vulnerability : CVE-2019-2503

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Connection Handling. Supported versions that are affected are 5.6.42 and prior...

6.4CVSS5.7AI score0.02487EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.3 views

Linux Distros Unpatched Vulnerability : CVE-2023-53006

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: cifs: Fix oops due to uncleared server-smbdconn in reconnect In smbddestroy, clear the...

5.5CVSS6.2AI score0.00189EPSS
Exploits0References3
NVD
NVD
added 2025/08/14 5:15 a.m.3 views

CVE-2025-0309

An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to...

6CVSS0.00173EPSS
Exploits1References2
Cvelist
Cvelist
added 2025/08/14 4:35 a.m.10 views

CVE-2025-0309 Netskope Client Local Elevation of Privileges

An insufficient validation on the server connection endpoint in Netskope Client allows local users to elevate privileges on the system. The insufficient validation allows Netskope Client to connect to any other server with Public Signed CA TLS certificates and send specially crafted responses to...

6CVSS0.00173EPSS
Exploits1References2
CNNVD
CNNVD
added 2025/08/14 12:0 a.m.2 views

Netskope Client 安全漏洞

Netskope Client is a client program for connecting to manage the Netskope Cloud Platform from Netskope USA. A security vulnerability exists in Netskope Client that stems from insufficient authentication of server connection endpoints, which could result in elevated privileges for local users...

6CVSS6.7AI score0.00173EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2025/08/14 12:0 a.m.6 views

PT-2025-33117

Name of the Vulnerable Software and Affected Versions Netskope Client for Windows affected versions not specified Description An insufficient validation exists in the server connection endpoint of Netskope Client for Windows. This flaw allows local users to elevate their privileges on the system...

6CVSS6.1AI score0.00173EPSS
Exploits1References23
Citrix
Citrix
added 2025/06/02 12:0 a.m.12 views

Citrix Director Infrastructure Monitoring – License Server Connection status is not available

When admin checks Delivery Controller data in Citrix Director - Infrastructure Monitoring, the license server related information is not available. All other metrics are displayed correctly. License Server is configured correctly and there are no issues with licenses. CVAD Site is functioning...

6.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 4:8 a.m.18 views

CVE-2023-38547

A vulnerability in Veeam ONE allows an unauthenticated user to gain information about the SQL server connection Veeam ONE uses to access its configuration database. This may lead to remote code execution on the SQL server hosting the Veeam ONE configuration database...

9.9CVSS8.3AI score0.18942EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/23 1:24 a.m.6 views

CVE-2022-25201

Missing permission checks in Jenkins Checkmarx Plugin 2022.1.2 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...

6.5CVSS6.4AI score0.00731EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 11:3 p.m.9 views

CVE-2022-34203

A cross-site request forgery CSRF vulnerability in Jenkins EasyQA Plugin 1.0 and earlier allows attackers to connect to an attacker-specified HTTP server...

8.8CVSS6.7AI score0.00503EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:32 p.m.6 views

CVE-2022-25212

A cross-site request forgery CSRF vulnerability in Jenkins SWAMP Plugin 1.2.6 and earlier allows attackers to connect to an attacker-specified web server using attacker-specified credentials...

8.8CVSS6.8AI score0.00673EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:51 p.m.9 views

CVE-2020-8241

A vulnerability in the Pulse Secure Desktop Client 9.1R9 could allow the attacker to perform a MITM Attack if end users are convinced to connect to a malicious server...

7.5CVSS6.6AI score0.01743EPSS
Exploits2References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:29 p.m.11 views

CVE-2020-2148

A missing permission check in Jenkins Mac Plugin 1.1.0 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials...

4.3CVSS6.6AI score0.00809EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:8 p.m.9 views

CVE-2020-2253

Jenkins Email Extension Plugin 2.75 and earlier does not perform hostname validation when connecting to the configured SMTP server...

5.8CVSS6.7AI score0.00691EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 3:19 p.m.9 views

CVE-2020-2216

A missing permission check in Jenkins Zephyr for JIRA Test Management Plugin 1.5 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified HTTP server using attacker-specified username and password...

4.3CVSS6.6AI score0.00656EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 10:7 a.m.8 views

CVE-2019-1003079

A missing permission check in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpldoTestConnection form validation method allows attackers with Overall/Read permission to initiate a connection to an attacker-specified server...

6.5CVSS6.5AI score0.01536EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 10:7 a.m.16 views

CVE-2019-1003084

A cross-site request forgery vulnerability in Jenkins Zephyr Enterprise Test Management Plugin in the ZeeDescriptordoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.6AI score0.01296EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 9:21 a.m.11 views

CVE-2019-1003078

A cross-site request forgery vulnerability in Jenkins VMware Lab Manager Slaves Plugin in the LabManager.DescriptorImpldoTestConnection form validation method allows attackers to initiate a connection to an attacker-specified server...

6.5CVSS6.6AI score0.00719EPSS
Exploits0References1
Rows per page
Query Builder