198 matches found
EUVD-2023-54557
Malicious code in bioql PyPI...
EUVD-2023-38307
Malicious code in bioql PyPI...
EUVD-2022-3893
Malicious code in bioql PyPI...
Zero-Day in Sitecore Exploited to Deploy WEEPSTEEL Malware
Hackers exploit a Sitecore zero-day CVE-2025-53690 to deploy WEEPSTEEL Malware via ViewState attacks, enabling Remote Code Execution RCE...
Sitecore XP Insecure Deserialization (SC2025-005)
The version of Sitecore XP running on the remote host is affected by an insecure deserialization vulnerability. Sitecore deployments using the sample key provided with deployment instructions for XP 9.0 or earlier and Active Directory 1.4 are potentially vulnerable to an insecure ViewState...
CVE-2025-53690 Sitecore Products ViewState Deserialization Vulnerability
Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager XM, Sitecore Experience Platform XP allows Code Injection.This issue affects Experience Manager XM: through 9.0; Experience Platform XP: through 9.0...
CVE-2025-53690 Sitecore Products ViewState Deserialization Vulnerability
Deserialization of Untrusted Data vulnerability in Sitecore Experience Manager XM, Sitecore Experience Platform XP allows Code Injection.This issue affects Experience Manager XM: through 9.0; Experience Platform XP: through 9.0...
CVE-2024-13980
H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters,...
CVE-2024-13980
H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters,...
CVE-2024-13980
CVE-2024-13980 affects H3C Intelligent Management Center (IMC) /byod/index.xhtml. The root cause is improper handling of JSF ViewState, allowing unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters and potentially achieve arbitrary command execution. Explo...
CVE-2024-13980 H3C Intelligent Management Center (iMC) /byod/index.xhtml RCE
H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters,...
CVE-2024-13980 H3C Intelligent Management Center (iMC) /byod/index.xhtml RCE
H3C Intelligent Management Center IMC versions up to and including E0632H07 contains a remote command execution vulnerability in the /byod/index.xhtml endpoint. Improper handling of JSF ViewState allows unauthenticated attackers to craft POST requests with forged javax.faces.ViewState parameters,...
PT-2025-34939 · H3C · H3C Intelligent Management Center
Name of the Vulnerable Software and Affected Versions: H3C Intelligent Management Center IMC versions up to and including E0632H07 Description: H3C Intelligent Management Center IMC contains a remote command execution issue in the /byod/index.xhtml endpoint. Improper handling of the...
H3C Intelligent Management Center 安全漏洞
H3C Intelligent Management Center is an integrated network management software platform from China's Xinhua San H3C. A security vulnerability exists in H3C Intelligent Management Center E0632H07 and prior versions, which stems from improper handling of JSF ViewState and could lead to remote comma...
Proactive Security and Insights for SharePoint Attacks (CVE-2025-53770 and CVE-2025-53771)
CVE-2025-53770 and CVE-2025-53771 are vulnerabilities in on-premise Microsoft SharePoint Servers that evolved from previously patched flaws, allowing unauthenticated remote code execution through advanced deserialization and ViewState abuse...
Proactive Security Insights for SharePoint Attacks (CVE-2025-53770 and CVE-2025-53771)
CVE-2025-53770 and CVE-2025-53771 are vulnerabilities in on-premise Microsoft SharePoint Servers that evolved from previously patched flaws, allowing unauthenticated remote code execution through advanced deserialization and ViewState abuse...
Gold Melody IAB Exploits Exposed ASP.NET Machine Keys for Unauthorized Access to Targets
The Initial Access Broker IAB known as Gold Melody has been attributed to a campaign that exploits leaked ASP.NET machine keys to obtain unauthorized access to organizations and peddle that access to other threat actors. The activity is being tracked by Palo Alto Networks Unit 42 under the monike...
ConnectWise ScreenConnect Improper Authentication Vulnerability
ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised...
The vulnerability of the ViewState mechanism of the ConnectWise ScreenConnect remote access software allows a perpetrator to execute arbitrary code.
The vulnerability of the ViewState mechanism of the ConnectWise ScreenConnect remote access software lies in the deficiencies of the authentication process. Exploiting this vulnerability allows an attacker to execute arbitrary code by sending a specially crafted ViewState request...
VulnCheck KEV: CVE-2025-3935
ConnectWise ScreenConnect contains an improper authentication vulnerability. This vulnerability could allow a ViewState code injection attack, which could allow remote code execution if machine keys are compromised...