Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

2646 matches found

OpenVAS
OpenVASadded 2021/04/19 12:0 a.m.32 views

SUSE: Security Advisory (SUSE-SU-2016:2872-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS7.8AI score0.91694EPSS
Exploits36References10
OpenVAS
OpenVASadded 2021/04/19 12:0 a.m.22 views

SUSE: Security Advisory (SUSE-SU-2018:2814-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.8CVSS8.8AI score0.00639EPSS
Exploits0References16
OpenVAS
OpenVASadded 2021/04/19 12:0 a.m.19 views

SUSE: Security Advisory (SUSE-SU-2018:1398-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

8.4CVSS6.9AI score0.03691EPSS
Exploits0References6
OpenVAS
OpenVASadded 2021/04/19 12:0 a.m.29 views

SUSE: Security Advisory (SUSE-SU-2014:1260-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS10AI score0.9422EPSS
Exploits130References4
OpenVAS
OpenVASadded 2021/04/19 12:0 a.m.14 views

SUSE: Security Advisory (SUSE-SU-2018:2071-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.8CVSS7.9AI score0.00052EPSS
Exploits0References7
Rapid7 Blog
Rapid7 Blogadded 2021/04/16 5:12 p.m.73 views

Codecov Discloses Supply Chain Compromise

The following blog was co-authored by Curt Barnard and Caitlin Condon. On April 15, 2021, code coverage and testing company Codecov announced a supply chain compromise in which a malicious party gained access to their Bash Uploader script and modified it without authorization, enabling the...

0.8AI score
Exploits0
OpenVAS
OpenVASadded 2021/04/16 12:0 a.m.6 views

openSUSE: Security Advisory for tpm2-tss-engine (openSUSE-SU-2021:0542-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

7.5AI score
Exploits0References2
Gitee
Giteeadded 2021/03/29 10:15 a.m.7 views

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

It is an offensive tool for various areas. The repository contains a collection of vulnerable docker environments, including: CouchDB FFmpeg Git InfluxDB Jenkins Nginx Oracle Java Apache HTTP Server GitLab FastJSON Jenkins Electron The vulnerabilities include: CVE-2016-9086 GitLab CVE-2016-10134...

9.8CVSS7.5AI score0.94479EPSS
Exploits74
Securelist
Securelistadded 2021/03/18 10:0 a.m.50 views

Convuster: macOS adware now in Rust

Introduction Traditionally, most malicious objects detected on the macOS platform are adware: besides the already familiar Shlayer family, the TOP 10 includes Bnodlero, Cimpli, Adload and Pirrit adware. As a rule, most tend to be written in C, Objective-C or Swift. Recently, however, cybercrimina...

7.3AI score
Exploits0
ThreatPost
ThreatPostadded 2021/03/03 7:12 p.m.39 views

Malicious Code Bombs Target Amazon, Lyft, Slack, Zillow

Researchers have spotted malicious packages targeting internal applications for Amazon, Lyft, Slack and Zillow among others inside the npm public code repository — all of which exfiltrate sensitive information. The packages weaponize a proof-of-concept PoC code dependency-confusion exploit that w...

7.2AI score
Exploits0References6
Kitploit
Kitploitadded 2021/02/24 11:30 a.m.39 views

BugBountyScanner - A Bash Script And Docker Image For Bug Bounty Reconnaissance

A Bash script and Docker image for Bug Bounty reconnaissance, intended for headless use. Low on resources, high on information output. Helpful? BugBountyScanner helped you net a bounty? Description Note: Using the script over a VPN is highly recommended. It's recommended to run BugBountyScanner...

6.8AI score
Exploits0References1
Kitploit
Kitploitadded 2021/02/22 8:30 p.m.962 views

Remote-Method-Guesser - Tool For Java RMI Enumeration And Bruteforce Of Remote Methods

remote-method-guesser rmg is a command line utility written in Java and can be used to identify security vulnerabilities on Java RMI endpoints. Currently, the following operations are supported: List available bound names and their corresponding interface class names List codebase locations if...

5.9CVSS7.7AI score0.01264EPSS
Exploits0References16
Packet Storm
Packet Stormadded 2021/02/15 12:0 a.m.179 views

Klog Server 2.4.1 Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Klog Server authenticate.php user Unauthenticated Command Injection', 'Description' = %q This module exploits an unauthenticated command injectio...

10CVSS0.1AI score0.89753EPSS
Exploits8
Exploit DB
Exploit DBadded 2021/02/10 12:0 a.m.281 views

Node.JS - 'node-serialize' Remote Code Execution (2)

Exploit Title: Node.JS - 'node-serialize' Remote Code Execution 2 Exploit Author: UndeadLarva Software Link: https://www.npmjs.com/package/node-serialize Version: 0.0.4 CVE: CVE-2017-5941 import requests import re import base64 import sys url = 'http://192.168.100.133:8000/' change this payload =...

9.8CVSS9.6AI score0.7793EPSS
Exploits5
GithubExploit
GithubExploitadded 2021/02/07 4:0 p.m.173 views

Exploit for Command Injection in Rapid7 Metasploit

CVE-2020-7384 This is a small exploit in bash which I had mad...

9.3CVSS7.7AI score0.7009EPSS
Exploits8
Veracode
Veracodeadded 2021/02/04 1:36 a.m.11 views

Command Injection

awssamcli is vulnerable to command injection. An attacker is able to inject an arbitrary shell command into the bash script via the title of public GitHub pull request in 'prtitle.yml' , triggering some workflows with limited repository token with no access to secrets or running its own code in t...

3.4AI score
Exploits0
GithubExploit
GithubExploitadded 2021/01/28 2:20 a.m.56 views

Exploit for Off-by-one Error in Sudo_Project Sudo

sudo Heap Overflow Vulnerability CVE-2021-3156 Vulnerabi...

7.8CVSS7AI score0.92579EPSS
Exploits81
NVD
NVDadded 2021/01/26 6:15 p.m.9 views

CVE-2020-27542

Rostelecom CS-C2SHW 5.0.082.1 is affected by: Bash command injection. The camera reads configuration from QR code including network settings. The static IP configuration from QR code is copied to the file /config/ip-static and after reboot data from this file is inserted into bash command without...

6.8CVSS7.2AI score0.00758EPSS
Exploits1References1
OSV
OSVadded 2021/01/26 6:15 p.m.3 views

CVE-2020-27540

Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vc\version.json. fw-sign parameter and from this configuration is directly inserted into a bash command. Firmware update is run...

9.8CVSS7.3AI score
Exploits0References1
NVD
NVDadded 2021/01/26 6:15 p.m.9 views

CVE-2020-27540

Bash injection vulnerability and bypass of signature verification in Rostelecom CS-C2SHW 5.0.082.1. The camera reads firmware update configuration from SD card file vc\version.json. fw-sign parameter and from this configuration is directly inserted into a bash command. Firmware update is run...

9.8CVSS9.6AI score0.00203EPSS
Exploits1References1
Rows per page
Query Builder