299 matches found
CVE-2021-2138
Vulnerability in the Oracle Cloud Infrastructure Data Science Notebook Sessions. Easily exploitable vulnerability allows low privileged attacker with access to the physical communication segment attached to the hardware where the Oracle Cloud Infrastructure Data Science Notebook Sessions executes...
CVE-2021-2318
Vulnerability in the Oracle Cloud Infrastructure Storage Gateway product of Oracle Storage Gateway component: Management Console. The supported version that is affected is Prior to 1.4. Easily exploitable vulnerability allows high privileged attacker with network access via HTTP to compromise...
CVE-2020-14874
Vulnerability in the Oracle Cloud Infrastructure Identity and Access Management product of Oracle Cloud Services. Easily exploitable vulnerability allows high privileged attacker with network access to compromise Oracle Cloud Infrastructure Identity and Access Management. Successful attacks of th...
CVE-2019-10457
A missing permission check in Jenkins Oracle Cloud Infrastructure Compute Classic Plugin allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials...
38,000+ FreeDrain Subdomains Found Exploiting SEO to Steal Crypto Wallet Seed Phrases
Cybersecurity researchers have exposed what they say is an "industrial-scale, global cryptocurrency phishing operation" engineered to steal digital assets from cryptocurrency wallets for several years. The campaign has been codenamed FreeDrain by threat intelligence firms SentinelOne and Validin...
PT-2025-32193
Name of the Vulnerable Software and Affected Versions Microsoft Exchange Server versions prior to the April 2025 Hot Fix Description A high-severity vulnerability CVE-2025-53786 exists in Microsoft Exchange Server hybrid deployments. This vulnerability allows attackers with administrative access ...
Exploit for Uncontrolled Resource Consumption in Ietf Http
PoC - CVE-2023-44487: HTTP/2 Rapid Reset Attack Este reposito...
The vulnerability of the VMware ESXi hypervisor, the VMware Cloud Foundation virtualization platform, the VMware Telco Cloud Platform telecommunications cloud platform, and the VMware Telco Cloud Infrastructure involves writing arbitrary values anywhere and overflowing buffers. This allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
The vulnerability of VMware ESXi hypervisor, the VMware Cloud Foundation virtualization platform, the VMware Telco Cloud Platform telecommunications cloud platform, and the VMware Telco Cloud Infrastructure are related to writing arbitrary values anywhere and overwriting buffers. Exploiting this...
Linux Distros Unpatched Vulnerability : CVE-2021-43784
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc, netlink is used internally as a serialization syste...
CVE-2025-24849
Lack of encryption in transit for cloud infrastructure facilitating potential for sensitive data manipulation or exposure...
CVE-2025-24849
Lack of encryption in transit for cloud infrastructure facilitating potential for sensitive data manipulation or exposure...
CVE-2025-24849
CVE-2025-24849 corresponds to a data-in-transit encryption issue tied to Dario Health USB-C Blood Glucose Monitoring System Starter Kit Android App. Multiple trusted sources (NVD/Red Hat/CVE List) describe lack of encryption in transit for cloud infrastructure, enabling potential exposure or mani...
CVE-2024-48874
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud...
The vulnerability of the Aviatrix Controller software, a cloud infrastructure management tool, arises from the lack of measures to neutralize specific elements, allowing a perpetrator to execute arbitrary code.
The vulnerability of the Aviatrix Controller software for managing cloud infrastructure is related to the failure to take measures to neutralize specific elements. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...
CVE-2024-48874
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud...
CVE-2024-48874 Ruijie Reyee OS Server-Side Request Forgery
Ruijie Reyee OS versions 2.206.x up to but not including 2.320.x could give attackers the ability to force Ruijie's proxy servers to perform any request the attackers choose. Using this, attackers could access internal services used by Ruijie and their internal cloud infrastructure via AWS cloud...
CVE-2024-11666
Affected devices beacon to eCharge cloud infrastructure asking if there are any command they should run. This communication is established over an insecure channel since peer verification is disabled everywhere. Therefore, remote unauthenticated users suitably positioned on the network between an...
CVE-2024-11666 Unauthenticated Remote Command Injection in eCharge Salia PLCC
Affected devices beacon to eCharge cloud infrastructure asking if there are any command they should run. This communication is established over an insecure channel since peer verification is disabled everywhere. Therefore, remote unauthenticated users suitably positioned on the network between an...
CVE-2024-11666 Unauthenticated Remote Command Injection in eCharge Salia PLCC
Affected devices beacon to eCharge cloud infrastructure asking if there are any command they should run. This communication is established over an insecure channel since peer verification is disabled everywhere. Therefore, remote unauthenticated users suitably positioned on the network between an...
CVE-2024-6248
Wyze Cam v3 Cloud Infrastructure Improper Authentication Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of Wyze Cam v3 IP cameras. Authentication is not required to exploit this vulnerability. The...