Lucene search
+L

192 matches found

susecve
susecve
added 2025/10/24 11:23 p.m.5 views

SUSE CVE-2025-59163

vet is an open source software supply chain security tool. Versions 1.12.4 and below are vulnerable to a DNS rebinding attack due to lack of HTTP Host and Origin header validation. Data from the vet scan sqlite3 database may be exposed to remote attackers when vet is used as an MCP server in SSE...

2.1CVSS6.8AI score0.0038EPSS
Exploits0References2
euvd
euvd
added 2025/10/07 12:30 a.m.3 views

EUVD-2002-1634

Malware in sbrugna...

5CVSS6.4AI score0.01078EPSS
Exploits0References4
bdu_fstec
bdu_fstec
added 2025/07/07 12:0 a.m.11 views

The vulnerability of the LDAP authentication configuration in Server Mode of the pgAdmin 4 database management tool allows a hacker to bypass security restrictions and gain unauthorized access to protected information.

The vulnerability of the LDAP authentication configuration in the Server Mode mode of the pgAdmin 4 database management tool is related to improper session fixation due to incorrect access control. Exploiting this vulnerability can allow an attacker to bypass security restrictions and gain...

8CVSS5.5AI score0.00447EPSS
Exploits0References8Affected Software2
redos
redos
added 2025/07/03 12:0 a.m.6 views

ROS-20250703-01

Vulnerability in Server Mode LDAP authentication configuration of database management tool pgAdmin 4 is related to incorrect session commit as a result of improper access delimitation. Exploitation of the vulnerability could allow an attacker acting remotely to bypass the security restrictions...

8CVSS7.8AI score0.00447EPSS
Exploits0
vulncheck_kev
vulncheck_kev
added 2025/06/08 12:0 a.m.3 views

VulnCheck KEV: CVE-2023-47105

exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication...

8.6CVSS6AI score0.01669EPSS
Exploits0References1
redhatcve
redhatcve
added 2025/05/23 1:57 a.m.7 views

CVE-2023-47105

exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication...

8.6CVSS7.1AI score0.01669EPSS
Exploits0References1
osv
osv
added 2025/04/11 1:43 p.m.3 views

OESA-2025-1397 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

7.5CVSS6.7AI score0.00815EPSS
Exploits0References2
osv
osv
added 2025/04/11 1:43 p.m.4 views

OESA-2025-1396 openvpn security update

OpenVPN is a full-featured open source SSL VPN solution that accommodates a wide range of configurations, including remote access, site-to-site VPNs, Wi-Fi security, and enterprise-scale remote access solutions with load balancing, failover, and fine-grained access-controls. Starting with the...

7.5CVSS6.7AI score0.00815EPSS
Exploits0References2
osv
osv
added 2025/04/02 9:15 p.m.4 views

DEBIAN-CVE-2025-2704

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase...

7.5CVSS6.5AI score0.00815EPSS
Exploits0References1
alpinelinux
alpinelinux
added 2025/04/02 9:0 p.m.9 views

CVE-2025-2704

OpenVPN version 2.6.1 through 2.6.13 in server mode using TLS-crypt-v2 allows remote attackers to trigger a denial of service by corrupting and replaying network packets in the early handshake phase...

7.5CVSS7.4AI score0.00815EPSS
Exploits0
redhatcve
redhatcve
added 2025/02/05 2:30 a.m.12 views

CVE-2024-42452

A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. This allows the attacker to upload files to the server with elevated privileges. The vulnerability...

8.8CVSS6.9AI score0.00483EPSS
Exploits0References1
attackerkb
attackerkb
added 2025/01/09 8:15 a.m.6 views

CVE-2023-1907

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously...

8CVSS5.8AI score0.00447EPSS
Exploits0References3
osv
osv
added 2025/01/09 8:15 a.m.2 views

UBUNTU-CVE-2023-1907

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously...

8CVSS5.7AI score0.00447EPSS
Exploits0References3
osv
osv
added 2025/01/09 7:26 a.m.5 views

CVE-2023-1907 Pgadmin: users authenticated simultaneously via ldap may be attached to the wrong session

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously...

8CVSS7AI score0.00447EPSS
Exploits0References5
cnnvd
cnnvd
added 2025/01/09 12:0 a.m.4 views

pgAdmin 安全漏洞

pgAdmin is pgAdmin open source an open source management and development platform for the open source database PostgreSQL. A security vulnerability exists in pgAdmin that stems from the fact that a user logged into pgAdmin running in server mode using LDAP authentication may attach to another...

8CVSS6.5AI score0.00447EPSS
Exploits0References1
susecve
susecve
added 2024/12/27 12:43 a.m.3 views

SUSE CVE-2023-1907

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simultaneously...

7.1CVSS7.1AI score0.00447EPSS
Exploits0References5
ncsc
ncsc
added 2024/12/06 11:47 a.m.6 views

Vulnerabilities fixed in Veeam Backup & Replication

Veeam has fixed vulnerabilities in Veeam Backup & Replication. The vulnerabilities in Veeam Backup & Replication allow low-privileged users to remotely execute code, extract stored credentials in plain text, launch an agent in server mode, manipulate configurations within the virtual...

8.8CVSS7.2AI score0.1513EPSS
Exploits0References1
veracode
veracode
added 2024/09/23 5:51 a.m.10 views

OS Command Execution

github.com/chaosblade-io/chaosblade is vulnerable to OS Command Execution. The vulnerability is due to the lack of authentication when using the cmd parameter in the exec.CommandContext function in server mode. It allows an attacker to execute arbitrary OS commands on the server without...

8.6CVSS7.8AI score0.01669EPSS
Exploits0References4Affected Software1
osv
osv
added 2024/09/18 6:30 p.m.6 views

GHSA-723H-X37G-F8QM Chaosblade vulnerable to OS command execution

exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication...

9.8CVSS8.7AI score0.01669EPSS
Exploits0References6
github
github
added 2024/09/18 6:30 p.m.18 views

Chaosblade vulnerable to OS command execution

exec.CommandContext in Chaosblade 0.3 through 1.7.3, when server mode is used, allows OS command execution via the cmd parameter without authentication...

8.6CVSS7.1AI score0.01669EPSS
Exploits0References5Affected Software1
Rows per page
Query Builder