9 matches found
EUVD-2025-5451
Malicious code in bioql PyPI...
CVE-2025-0914
An improper access control issue in the VQL shell feature in Velociraptor Versions 0.73.4 allowed authenticated users to execute the execve plugin in deployments where this was explicitly forbidden by configuring the preventexecve flag in the configuration file. This setting is not usually...
SUSE CVE-2025-0914
An improper access control issue in the VQL shell feature in Velociraptor Versions 0.73.4 allowed authenticated users to execute the execve plugin in deployments where this was explicitly forbidden by configuring the preventexecve flag in the configuration file. This setting is not usually...
CVE-2025-0914
An improper access control issue in the VQL shell feature in Velociraptor Versions 0.73.4 allowed authenticated users to execute the execve plugin in deployments where this was explicitly forbidden by configuring the preventexecve flag in the configuration file. This setting is not usually...
CVE-2025-0914 Velociraptor Shell Plugin Prevent_execve Bypass
An improper access control issue in the VQL shell feature in Velociraptor Versions 0.73.4 allowed authenticated users to execute the execve plugin in deployments where this was explicitly forbidden by configuring the preventexecve flag in the configuration file. This setting is not usually...
CVE-2025-0914
Velociraptor is affected: Versions earlier than 0.73.4 suffer improper access control in the VQL shell that permits authenticated users to trigger the execve() plugin even when prevent_execve is configured to forbid it. The issue is fixed in release 0.73.4. Practical impact is limited to deployme...
CVE-2025-0914 Velociraptor Shell Plugin Prevent_execve Bypass
An improper access control issue in the VQL shell feature in Velociraptor Versions 0.73.4 allowed authenticated users to execute the execve plugin in deployments where this was explicitly forbidden by configuring the preventexecve flag in the configuration file. This setting is not usually...
Velociraptor 安全漏洞
Velociraptor is a Velocidex open source tool for collecting host-based state information using Velociraptor Query Language VQL queries. A security vulnerability exists in Velociraptor versions prior to 0.73.4 that stems from improper access control and allows execution of the execve plugin...
PT-2025-8961 · Unknown · Velociraptor
Name of the Vulnerable Software and Affected Versions: Velociraptor versions prior to 0.73.4 Description: The issue is related to improper access control in the VQL shell feature, allowing authenticated users to execute the execve plugin even when it is explicitly forbidden by the prevent execve...