Lucene search
K

43 matches found

CVE
CVE
added 2026/02/06 9:32 p.m.17 views

CVE-2026-25760

CVE-2026-25760 (Sliver): A path traversal in Sliver’s website content subsystem allows an authenticated operator to read arbitrary files on the Sliver server host (credentials, configs, keys). Prior to 1.6.11, this is exploitable via manipulated content paths; fixed in 1.6.11. Affected components...

6.5CVSS5.6AI score0.00485EPSS
Exploits1References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/02/06 9:32 p.m.6 views

CVE-2026-25760 Website Path Traversal / Arbitrary File Read (Authenticated) in Sliver

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated path traversal / arbitrary file read issue, a...

6.5CVSS5.8AI score0.00485EPSS
Exploits1References2
CNNVD
CNNVD
added 2026/02/06 12:0 a.m.9 views

Sliver 路径遍历漏洞

Sliver is an open-source, cross-platform opponent simulation/red team framework developed by Bishop Fox. It can be used by organizations of various sizes for security testing. Versions of Sliver prior to 1.6.11 contained a path traversal vulnerability. This vulnerability stemmed from path travers...

6.5CVSS5.8AI score0.00485EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2026/02/05 12:0 a.m.8 views

PT-2026-6802

Name of the Vulnerable Software and Affected Versions Sliver versions prior to 1.6.11 Description Sliver is a command and control framework that utilizes a custom Wireguard netstack. A path traversal issue exists in the website content subsystem, allowing an authenticated operator to read arbitra...

9.9CVSS5.8AI score0.27661EPSS
Exploits45References116
SUSE CVE
SUSE CVE
added 2025/11/09 12:33 a.m.9 views

SUSE CVE-2025-27093

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially...

6.3CVSS7AI score0.00217EPSS
Exploits0References2
NVD
NVD
added 2025/10/28 8:15 p.m.5 views

CVE-2025-27093

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially...

6.3CVSS0.00217EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2025/10/28 7:29 p.m.4 views

CVE-2025-27093 Sliver does not restricted traffic between Wireguard clients.

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially...

6.3CVSS6.5AI score0.00217EPSS
Exploits0References3
CVE
CVE
added 2025/10/28 7:29 p.m.14 views

CVE-2025-27093

CVE-2025-27093 affects Sliver’s custom WireGuard netstack. In affected releases (1.5.43 and earlier, and 1.6.0-dev) the netstack does not restrict traffic between WireGuard clients, enabling unrestricted inter-client communication and potentially allowing leaked/recovered keys to be used across o...

6.3CVSS6.5AI score0.00217EPSS
Exploits0References3
OSV
OSV
added 2025/10/28 7:29 p.m.3 views

CVE-2025-27093 Sliver does not restricted traffic between Wireguard clients.

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially...

6.3CVSS6.9AI score0.00217EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/10/28 12:0 a.m.3 views

PT-2025-44202

Name of the Vulnerable Software and Affected Versions Sliver versions 1.5.43 and earlier, and version 1.6.0-dev Description Sliver is a command and control framework that utilizes a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does...

6.3CVSS6.5AI score0.00217EPSS
Exploits0References18
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2025-4563

Malicious code in bioql PyPI...

6.9CVSS8.7AI score0.00578EPSS
Exploits1References5
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2024-2358

Malicious code in bioql PyPI...

7.2CVSS6.4AI score0.00704EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2025/02/21 9:27 p.m.7 views

CVE-2025-27090

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the...

6.9CVSS6.7AI score0.00578EPSS
Exploits1References1
NVD
NVD
added 2025/02/19 10:15 p.m.52 views

CVE-2025-27090

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the...

6.9CVSS0.00578EPSS
Exploits1References3
CVE
CVE
added 2025/02/19 9:11 p.m.85 views

CVE-2025-27090

CVE-2025-27090 pertains to Sliver, an open-source adversary emulation framework. The issue is in the reverse port forwarding feature of the Sliver teamserver: the implant can open a reverse tunnel without verifying operator intent. The documented impact is the exposure of the server’s IP address ...

6.9CVSS6.5AI score0.00578EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2025/02/19 9:11 p.m.29 views

CVE-2025-27090 Server-Side Request Forgery (SSRF) in sliver teamserver

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the...

6.9CVSS8.5AI score0.00578EPSS
Exploits1References5
CNNVD
CNNVD
added 2025/02/19 12:0 a.m.4 views

Sliver 代码问题漏洞

Sliver is an open source cross-platform adversary simulation/red teaming framework from Bishop Fox Open Source. It can be used by organizations of all sizes to perform security testing. Sliver suffers from a code issue vulnerability that stems from unverified reverse port forwarding, leading to...

6.9CVSS8.6AI score0.00578EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/02/05 7:40 a.m.5 views

CVE-2024-41111

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 prerelease is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user...

7.2CVSS7AI score0.00704EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2024/02/15 7:38 p.m.8 views

RCE to Sliver: IR Tales from the Field

Rapid7 Incident Response consultants Noah Hemker, Tyler Starks, and malware analyst Tom Elkins contributed analysis and insight to this blog. Rapid7 Incident Response was engaged to investigate an incident involving unauthorized access to two publicly-facing Confluence servers that were the sourc...

10CVSS10AI score0.99984EPSS
Exploits32
CNNVD
CNNVD
added 2023/08/28 12:0 a.m.3 views

Sliver 加密问题漏洞

Sliver is Bishop Fox open source an open source cross-platform adversary simulation / red team framework. It can be used by organizations of all sizes to perform security testing. A security vulnerability exists in Sliver v1.5.x version v1.5.39 that stems from having an incorrect cryptographic...

8.1CVSS7.6AI score0.00588EPSS
Exploits0References5
Rows per page
Query Builder