14 matches found
CVE-2026-32297 Angeet ES3 KVM unauthenticated arbitrary file write
The Angeet ES3 KVM allows a remote, unauthenticated attacker to write arbitrary files, including configuration files or system binaries. Modified configuration files or system binaries could allow an attacker to take complete control of a vulnerable system...
Vegeta_Vuln_lab
VegetaVulnlab Overview This lab focuses on core penetrati...
Malicious code in @alexadark/gatsby-theme-wordpress-blog (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 110819ca12a8190932562305cd8ee1c97b0e61434f5e12e238bc9eaa46350de5 The package @alexadark/gatsby-theme-wordpress-blog was found to contain malicious code. Source: ghsa-malware...
EUVD-2022-2979
Malicious code in bioql PyPI...
CVE-2024-37301
Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the...
Critical Commvault Flaw Allows Full System Takeover – Update NOW
Enterprises using Commvault Innovation Release are urged to patch immediately against CVE-2025-34028. This critical flaw allows attackers to…...
CVE-2024-3829 Arbitrary File Read and Write during Snapshot Recovery in qdrant/qdrant
qdrant/qdrant version 1.9.0-dev is vulnerable to arbitrary file read and write during the snapshot recovery process. Attackers can exploit this vulnerability by manipulating snapshot files to include symlinks, leading to arbitrary file read by adding a symlink that points to a desired file on the...
CVE-2022-1397
API Privilege Escalation in GitHub repository alextselegidis/easyappointments prior to 1.5.0. Full system takeover...
Vulnerabilities fixed in Oracle MySQL products
Oracle has fixed vulnerabilities in its MySQL products: - MySQL Server - MySQL Workbench - MySQL Enterprise Monitor - MySQL Cluster - MySQL Client - MySQL Connectors One of these vulnerabilities CVE-2019-5482 concerns an erng serious vulnerability in MySQL Server. This vulnerability allows an...
Critical Flaw in Cisco Elastic Services Controller Allows Full System Takeover
A critical vulnerability in the Cisco Elastic Services Controller could allow an unauthenticated, remote attacker to take full control of impacted systems – merely by sending a crafted request. Cisco Elastic Services Controller is a virtual network functions manager, which enables businesses to...
Arbitrary Code Execution Vulnerability in Multiple GIGABYTE Products (CNVD-2018-26457)
GIGABYTE APP Center and others are products of GIGABYTE Technology, a Chinese company. GIGABYTE APP Center is a software program for managing and updating GIGABYTE's product utility programs. AORUS GRAPHICS ENGINE is a software program for overclocking graphics cards. A security vulnerability...
DiskBoss Enterprise 8.2.14 Buffer Overflow
!/usr/bin/env python Exploit Title: DiskBoss Enterprise v8.2.14 Remote buffer overflow Date: 2017-07-30 Exploit Author: Ahmad Mahfouz Author Homepage: www.unixawy.com Vendor Homepage: http://www.diskboss.com/ Software Link: http://www.diskboss.com/setups/diskbossentsetupv8.2.14.exe Version: v8.2....
DiskBoss Enterprise 8.2.14 - Remote Buffer Overflow
DiskBoss Enterprise 8.2.14 - Remote Buffer Overflow !/usr/bin/env python Exploit Title: DiskBoss Enterprise v8.2.14 Remote buffer overflow Date: 2017-07-30 Exploit Author: Ahmad Mahfouz Author Homepage: www.unixawy.com Vendor Homepage: http://www.diskboss.com/ Software Link:...
A Decade Old Unix/Linux/BSD Root Privilege-Escalation Bug Discovered
Update: Find working Exploits and Proof-of-Concepts at the bottom of this article. Security researchers have discovered more than a decade-old vulnerability in several Unix-based operating systems — including Linux, OpenBSD, NetBSD, FreeBSD and Solaris — which can be exploited by attackers to...