Lucene search
+L

12 matches found

euvd
euvd
added 2025/10/03 8:7 p.m.7 views

EUVD-2023-45168

Malicious code in bioql PyPI...

8CVSS7.8AI score0.00372EPSS
Exploits0References2
euvd
euvd
added 2025/10/03 8:7 p.m.8 views

EUVD-2023-2186

Malicious code in bioql PyPI...

6.1CVSS6.4AI score0.00489EPSS
Exploits0References5
redhatcve
redhatcve
added 2025/05/23 5:42 a.m.4 views

CVE-2023-0871

XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity XXE injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution...

6.1CVSS6.7AI score0.00489EPSS
Exploits0References1
packetstorm
packetstorm
added 2024/03/21 12:0 a.m.601 views

OpenNMS Horizon 31.0.7 Remote Command Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'OpenNMS Horizon Authenticated RCE', 'Description' = %q This module exploits built-in functionality in OpenNMS Horizon in order to execute arbitra...

8.2CVSS7.4AI score0.02951EPSS
Exploits3
vulnrichment
vulnrichment
added 2023/08/23 6:22 p.m.15 views

CVE-2023-40612 Authenticated XXE Injection Via The File Editor

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLEFILESYSTEMEDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation...

5.3CVSS7.1AI score0.00372EPSS
Exploits0References2
osv
osv
added 2023/08/23 6:22 p.m.27 views

CVE-2023-40612 Authenticated XXE Injection Via The File Editor

In OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2, the file editor which is accessible to any user with ROLEFILESYSTEMEDITOR privileges is vulnerable to XXE injection attacks. The solution is to upgrade to Meridian 2023.1.5 or Horizon 32.0.2 or newer. Meridian and Horizon installation...

5.3CVSS7AI score0.00372EPSS
Exploits0References5
osv
osv
added 2023/08/14 6:32 p.m.33 views

GHSA-W5GQ-XRRP-3FXF OpenNMS privilege elevation vulnerability

The Horizon REST API includes a users endpoint in OpenNMS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizo...

8.2CVSS7.8AI score0.02951EPSS
Exploits3References5
github
github
added 2023/08/14 6:32 p.m.33 views

OpenNMS privilege elevation vulnerability

The Horizon REST API includes a users endpoint in OpenNMS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizo...

8.2CVSS6.8AI score0.02951EPSS
Exploits3References5Affected Software1
cvelist
cvelist
added 2023/08/14 5:21 p.m.48 views

CVE-2023-0872 ROLE_REST can be used to escalate to ROLE_ADMIN via /rest/users

The Horizon REST API includes a users endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to elevation of privilege. The solution is to upgrade to Meridian 2023.1.6, 2022.1.19, 2021.1.30, 2020.1.38 or Horizon 32.0.2 or newer. Meridian and Horizo...

8.2CVSS8.3AI score0.02951EPSS
Exploits3References2
osv
osv
added 2023/08/11 4:13 p.m.24 views

CVE-2023-0871 An XML External Entity injection vulnerability

XXE injection in /rtc/post/ endpoint in OpenMNS Horizon 31.0.8 and versions earlier than 32.0.2 on multiple platforms is vulnerable to XML external entity XXE injection, which can be used for instance to force Horizon to make arbitrary HTTP requests to internal and external services. The solution...

5.4CVSS6.5AI score0.00489EPSS
Exploits0References5
packetstorm
packetstorm
added 2021/04/15 12:0 a.m.430 views

Nagios XI Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Nagios XI Prior to 5.8.0 - Plugins Filename Authenticated Remote Code Exection', 'Description' = %q This module exploits a command injection...

9CVSS0.1AI score0.81915EPSS
Exploits7
packetstorm
packetstorm
added 2020/12/08 12:0 a.m.284 views

FlexDotnetCMS 1.5.8 Arbitrary ASP File Upload

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'FlexDotnetCMS Arbitrary ASP File Upload', 'Description' = %q This module exploits an arbitrary file upload vulnerability in FlexDotnetCMS v1.5.8...

6.5CVSS0.3AI score0.72872EPSS
Exploits3
Rows per page
Query Builder