43 matches found
CVE-2026-25760
CVE-2026-25760 (Sliver): A path traversal in Sliver’s website content subsystem allows an authenticated operator to read arbitrary files on the Sliver server host (credentials, configs, keys). Prior to 1.6.11, this is exploitable via manipulated content paths; fixed in 1.6.11. Affected components...
CVE-2026-25760 Website Path Traversal / Arbitrary File Read (Authenticated) in Sliver
Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated path traversal / arbitrary file read issue, a...
Sliver 路径遍历漏洞
Sliver is an open-source, cross-platform opponent simulation/red team framework developed by Bishop Fox. It can be used by organizations of various sizes for security testing. Versions of Sliver prior to 1.6.11 contained a path traversal vulnerability. This vulnerability stemmed from path travers...
PT-2026-6802
Name of the Vulnerable Software and Affected Versions Sliver versions prior to 1.6.11 Description Sliver is a command and control framework that utilizes a custom Wireguard netstack. A path traversal issue exists in the website content subsystem, allowing an authenticated operator to read arbitra...
SUSE CVE-2025-27093
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially...
CVE-2025-27093
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially...
CVE-2025-27093 Sliver does not restricted traffic between Wireguard clients.
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially...
CVE-2025-27093
CVE-2025-27093 affects Sliver’s custom WireGuard netstack. In affected releases (1.5.43 and earlier, and 1.6.0-dev) the netstack does not restrict traffic between WireGuard clients, enabling unrestricted inter-client communication and potentially allowing leaked/recovered keys to be used across o...
CVE-2025-27093 Sliver does not restricted traffic between Wireguard clients.
Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially...
PT-2025-44202
Name of the Vulnerable Software and Affected Versions Sliver versions 1.5.43 and earlier, and version 1.6.0-dev Description Sliver is a command and control framework that utilizes a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does...
EUVD-2025-4563
Malicious code in bioql PyPI...
EUVD-2024-2358
Malicious code in bioql PyPI...
CVE-2025-27090
Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the...
CVE-2025-27090
Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the...
CVE-2025-27090
CVE-2025-27090 pertains to Sliver, an open-source adversary emulation framework. The issue is in the reverse port forwarding feature of the Sliver teamserver: the implant can open a reverse tunnel without verifying operator intent. The documented impact is the exposure of the server’s IP address ...
CVE-2025-27090 Server-Side Request Forgery (SSRF) in sliver teamserver
Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the...
Sliver 代码问题漏洞
Sliver is an open source cross-platform adversary simulation/red teaming framework from Bishop Fox Open Source. It can be used by organizations of all sizes to perform security testing. Sliver suffers from a code issue vulnerability that stems from unverified reverse port forwarding, leading to...
CVE-2024-41111
Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. Sliver version 1.6.0 prerelease is vulnerable to RCE on the teamserver by a low-privileged "operator" user. The RCE is as the system root user...
RCE to Sliver: IR Tales from the Field
Rapid7 Incident Response consultants Noah Hemker, Tyler Starks, and malware analyst Tom Elkins contributed analysis and insight to this blog. Rapid7 Incident Response was engaged to investigate an incident involving unauthorized access to two publicly-facing Confluence servers that were the sourc...
Sliver 加密问题漏洞
Sliver is Bishop Fox open source an open source cross-platform adversary simulation / red team framework. It can be used by organizations of all sizes to perform security testing. A security vulnerability exists in Sliver v1.5.x version v1.5.39 that stems from having an incorrect cryptographic...