Lucene search
K

299 matches found

RedhatCVE
RedhatCVE
added 2025/05/22 7:10 p.m.17 views

CVE-2021-2138

Vulnerability in the Oracle Cloud Infrastructure Data Science Notebook Sessions. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Cloud Infrastructure Data Science Notebook Sessions executes...

4.6CVSS5.5AI score0.00441EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 6:22 p.m.8 views

CVE-2021-2318

Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway component: Management Console. The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise...

9.1CVSS7.2AI score0.01074EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/22 4:21 p.m.8 views

CVE-2020-14874

Vulnerability in the Oracle Cloud Infrastructure Identity and Access Management product of Oracle Cloud Services. Easily exploitable vulnerability allows high privileged attacker with network access to compromise Oracle Cloud Infrastructure Identity and Access Management. Successful attacks of th...

6.5CVSS5.4AI score0.00834EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2025/05/22 4:14 a.m.18 views

CVE-2019-10457

A missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...

4.3CVSS6.4AI score0.00615EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2025/05/08 3:23 p.m.24 views

38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases

Cybersecurity researchers have exposed what they say is an "industrial-scale, global cryptocurrency phishing operation" engineered to steal digital assets from cryptocurrency wallets for several years. The campaign has been codenamed FreeDrain by threat intelligence firms SentinelOne and Validin...

7.5AI score
Exploits0
Positive Technologies
Positive Technologies
added 2025/04/18 12:0 a.m.7 views

PT-2025-32193

Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server versions prior to the April 2025 Hot Fix Description A high-severity vulnerability CVE-2025-53786 exists in Microsoft Exchange Server hybrid deployments. This vulnerability allows attackers with administrative access ...

8CVSS7.8AI score0.07448EPSS
Exploits0References216
GithubExploit
GithubExploit
added 2025/04/14 10:39 p.m.340 views

Exploit for Uncontrolled Resource Consumption in Ietf Http

PoC - CVE-2023-44487: HTTP/2 Rapid Reset Attack Este reposito...

7.5CVSS7.4AI score0.99999EPSS
Exploits19
BDU FSTEC
BDU FSTEC
added 2025/03/06 12:0 a.m.8 views

The vulnerability of the VMware ESXi hypervisor, the VMware Cloud Foundation virtualization platform, the VMware Telco Cloud Platform telecommunications cloud platform, and the VMware Telco Cloud Infrastructure involves writing arbitrary values anywhere and overflowing buffers. This allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of VMware ESXi hypervisor, the VMware Cloud Foundation virtualization platform, the VMware Telco Cloud Platform telecommunications cloud platform, and the VMware Telco Cloud Infrastructure are related to writing arbitrary values anywhere and overwriting buffers. Exploiting this...

8.2CVSS8.1AI score0.00963EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/03/05 12:0 a.m.7 views

Linux Distros Unpatched Vulnerability : CVE-2021-43784

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization syste...

6CVSS7.3AI score0.01677EPSS
Exploits1References3
RedhatCVE
RedhatCVE
added 2025/03/02 5:18 p.m.5 views

CVE-2025-24849

Lack of encryption in transit for cloud infrastructure facilitating potential for sensitive data manipulation or exposure...

7.5CVSS6.8AI score0.00085EPSS
Exploits0References1
NVD
NVD
added 2025/02/28 5:15 p.m.7 views

CVE-2025-24849

Lack of encryption in transit for cloud infrastructure facilitating potential for sensitive data manipulation or exposure...

7.5CVSS0.00085EPSS
Exploits0References2
CVE
CVE
added 2025/02/28 4:58 p.m.60 views

CVE-2025-24849

CVE-2025-24849 corresponds to a data-in-transit encryption issue tied to Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android App. Multiple trusted sources (NVD/Red Hat/CVE List) describe lack of encryption in transit for cloud infrastructure, enabling potential exposure or mani...

7.5CVSS6.9AI score0.00085EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/02/04 11:36 p.m.7 views

CVE-2024-48874

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud...

9.8CVSS7AI score0.00605EPSS
Exploits0References1
BDU FSTEC
BDU FSTEC
added 2025/01/21 12:0 a.m.10 views

The vulnerability of the Aviatrix Controller software, a cloud infrastructure management tool, arises from the lack of measures to neutralize specific elements, allowing a perpetrator to execute arbitrary code.

The vulnerability of the Aviatrix Controller software for managing cloud infrastructure is related to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

10CVSS8.5AI score0.98545EPSS
Exploits5References4Affected Software1
OSV
OSV
added 2024/12/06 7:15 p.m.3 views

CVE-2024-48874

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud...

9.8CVSS7.5AI score0.00605EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2024/12/06 6:22 p.m.29 views

CVE-2024-48874 Ruijie Reyee OS Server-Side Request Forgery

Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud...

9.8CVSS6.9AI score0.00605EPSS
Exploits0References1
NVD
NVD
added 2024/11/24 11:15 p.m.16 views

CVE-2024-11666

Affected devices beacon to eCharge cloud infrastructure asking if there are any command they should run. This communication is established over an insecure channel since peer verification is disabled everywhere. Therefore, remote unauthenticated users suitably positioned on the network between an...

9.8CVSS0.00417EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 2024/11/24 10:36 p.m.15 views

CVE-2024-11666 Unauthenticated Remote Command Injection in eCharge Salia PLCC

Affected devices beacon to eCharge cloud infrastructure asking if there are any command they should run. This communication is established over an insecure channel since peer verification is disabled everywhere. Therefore, remote unauthenticated users suitably positioned on the network between an...

9CVSS8.1AI score0.00417EPSS
Exploits1References1
Cvelist
Cvelist
added 2024/11/24 10:36 p.m.24 views

CVE-2024-11666 Unauthenticated Remote Command Injection in eCharge Salia PLCC

Affected devices beacon to eCharge cloud infrastructure asking if there are any command they should run. This communication is established over an insecure channel since peer verification is disabled everywhere. Therefore, remote unauthenticated users suitably positioned on the network between an...

9CVSS0.00417EPSS
Exploits1References1
OSV
OSV
added 2024/11/22 8:15 p.m.7 views

CVE-2024-6248

Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The...

7.5CVSS5.8AI score0.01186EPSS
Exploits0References2
Rows per page
Query Builder