Lucene search
K

46 matches found

The Hacker News
The Hacker News
added 2025/01/16 6:39 a.m.25 views

Researcher Uncovers Critical Flaws in Multiple Versions of Ivanti Endpoint Manager

Ivanti has rolled out security updates to address several security flaws impacting Avalanche, Application Control Engine, and Endpoint Manager EPM, including four critical bugs that could lead to information disclosure. All the four critical security flaws, rated 9.8 out of 10.0 on the CVSS scale...

9.9CVSS10AI score0.99762EPSS
Exploits4
Packet Storm
Packet Storm
added 2024/11/13 12:0 a.m.483 views

Palo Alto Expedition 1.2.91 Remote Code Execution

class MetasploitModule 'Palo Alto Expedition Remote Code Execution CVE-2024-5910 and CVE-2024-9464', 'Description' = %q Obtain remote code execution in Palo Alto Expedition version 1.2.91 and below. The first vulnerability, CVE-2024-5910, allows to reset the password of the admin user, and the...

9.8CVSS7.3AI score0.91783EPSS
Exploits14
GithubExploit
GithubExploit
added 2024/10/09 4:22 p.m.365 views

Exploit for SQL Injection in Paloaltonetworks Expedition

CVE-2024-9465: Palo Alto Expedition Unauthenticated SQL Inject...

9.2CVSS10AI score0.99597EPSS
Exploits3
GithubExploit
GithubExploit
added 2024/09/24 6:12 p.m.216 views

Exploit for Use of Hard-coded Credentials in Solarwinds Web_Help_Desk

CVE-2024-28987: SolarWinds Web Help Desk Hardcoded Credential...

9.1CVSS9.6AI score0.93299EPSS
Exploits5
Packet Storm
Packet Storm
added 2024/09/24 12:0 a.m.495 views

Traccar 5.12 Remote Code Execution

class MetasploitModule 'Traccar v5 Remote Code Execution CVE-2024-31214 and CVE-2024-24809', 'Description' = %q Remote Code Execution in Traccar v5.1 - v5.12. Remote code execution can be obtained by combining two vulnerabilities: A path traversal vulnerability CVE-2024-24809 and an unrestricted...

9.6CVSS7.1AI score0.54413EPSS
Exploits11
GithubExploit
GithubExploit
added 2024/09/16 3:33 p.m.315 views

Exploit for OS Command Injection in Ivanti Cloud_Services_Appliance

CVE-2024-8190: Ivanti Cloud Service Appliance Authenticated Co...

7.2CVSS8.9AI score0.88955EPSS
Exploits2
The Hacker News
The Hacker News
added 2024/09/14 4:12 a.m.35 views

Ivanti Warns of Active Exploitation of Newly Patched Cloud Appliance Vulnerability

Ivanti has revealed that a newly patched security flaw in its Cloud Service Appliance CSA has come under active exploitation in the wild. The high-severity vulnerability in question is CVE-2024-8190 CVSS score: 7.2, which allows remote code execution under certain circumstances. "An OS command...

10CVSS8AI score0.88955EPSS
Exploits4
The Hacker News
The Hacker News
added 2024/08/26 7:45 a.m.42 views

Critical Flaws in Traccar GPS System Expose Users to Remote Attacks

Two security vulnerabilities have been disclosed in the open-source Traccar GPS tracking system that could be potentially exploited by unauthenticated attackers to achieve remote code execution under certain circumstances. Both the vulnerabilities are path traversal flaws and could be weaponized ...

9.8CVSS8.7AI score0.54413EPSS
Exploits12
GithubExploit
GithubExploit
added 2024/05/20 2:34 p.m.402 views

Exploit for OS Command Injection in Fortinet Fortisiem

CVE-2024-23108: Fortinet FortiSIEM Unauthenticated 2nd Order C...

10CVSS8.1AI score0.78375EPSS
Exploits2
GithubExploit
GithubExploit
added 2024/05/17 12:7 p.m.293 views

Exploit for OS Command Injection in Fortinet Fortisiem

CVE-2023-34992: Fortinet FortiSIEM Unauthenticated Command Inj...

9.8CVSS10AI score0.65509EPSS
Exploits1
OSV
OSV
added 2024/05/15 5:33 p.m.29 views

GHSA-42Q7-95J7-W62M Mautic is vulnerable to XSS vulnerability

Impact This is a cross-site scripting vulnerability which affects every version of Mautic and could allow an attacker unauthorised administrator level access to Mautic. This vulnerability was reported by Naveen Sunkavally at Horizon3.ai. Patches Upgrade to 3.2.4 or 2.16.5. Link to patch for 2.x...

9.6CVSS8.8AI score0.02694EPSS
Exploits1References7
GithubExploit
GithubExploit
added 2024/03/18 8:50 p.m.655 views

Exploit for SQL Injection in Fortinet Forticlient_Enterprise_Management_Server

CVE-2023-48788 Fortinet FortiClient EMS SQL Injection Vulnerab...

9.8CVSS10AI score0.97591EPSS
Exploits4
GithubExploit
GithubExploit
added 2024/03/15 12:3 p.m.463 views

Exploit for Deserialization of Untrusted Data in Nextgen Mirth_Connect

CVE-2023-43208 - Mirth Connect Remote Code Execution RCE Exp...

9.8CVSS10AI score0.97106EPSS
Exploits22
The Hacker News
The Hacker News
added 2024/03/14 4:21 a.m.102 views

Fortinet Warns of Severe SQLi Vulnerability in FortiClientEMS Software

Fortinet has warned of a critical security flaw impacting its FortiClientEMS software that could allow attackers to achieve code execution on affected systems. "An improper neutralization of special elements used in an SQL Command 'SQL Injection' vulnerability CWE-89 in FortiClientEMS may allow a...

9.8CVSS9.8AI score0.97591EPSS
Exploits4
The Hacker News
The Hacker News
added 2024/03/11 6:28 a.m.52 views

Proof-of-Concept Exploit Released for Progress Software OpenEdge Vulnerability

Technical specifics and a proof-of-concept PoC exploit have been made available for a recently disclosed critical security flaw in Progress Software OpenEdge Authentication Gateway and AdminServer, which could be potentially exploited to bypass authentication protections. Tracked as CVE-2024-1403...

10CVSS8.2AI score0.03272EPSS
Exploits1
GithubExploit
GithubExploit
added 2024/03/06 3:27 p.m.493 views

Exploit for Authentication Bypass by Primary Weakness in Progress Openedge

CVE-2024-1403 Progress OpenEdge Authentication Bypass An explo...

10CVSS9.7AI score0.03272EPSS
Exploits1
GithubExploit
GithubExploit
added 2024/02/01 3:17 a.m.182 views

Exploit for Path Traversal in Jenkins

Jenkins CVE-2024-23897 PoC A proof-of-concept PoC for CVE-2...

9.8CVSS9.2AI score0.99999EPSS
Exploits46
0day.today
0day.today
added 2024/01/31 12:0 a.m.537 views

Mirth Connect 4.4.0 Remote Command Execution Exploit

A vulnerability exists within Mirth Connect due to its mishandling of deserialized data. This vulnerability can be leveraged by an attacker using a crafted HTTP request to execute OS commands within the context of the target application. The original vulnerability was identified by IHTeam and...

9.8CVSS7.3AI score0.97106EPSS
Exploits22
Metasploit
Metasploit
added 2024/01/30 7:51 p.m.584 views

Mirth Connect Deserialization RCE

A vulnerability exists within Mirth Connect due to its mishandling of deserialized data. This vulnerability can be leveraged by an attacker using a crafted HTTP request to execute OS commands within the context of the target application. The original vulnerability was identified by IHTeam and...

9.8CVSS9.5AI score0.97106EPSS
Exploits22
The Hacker News
The Hacker News
added 2024/01/24 5:32 a.m.75 views

Patch Your GoAnywhere MFT Immediately - Critical Flaw Lets Anyone Be Admin

A critical security flaw has been disclosed in Fortra's GoAnywhere Managed File Transfer MFT software that could be abused to create a new administrator user. Tracked as CVE-2024-0204, the issue carries a CVSS score of 9.8 out of 10. "Authentication bypass in Fortra's GoAnywhere MFT prior to 7.4....

9.8CVSS7.5AI score0.99999EPSS
Exploits20
Rows per page
Query Builder