Lucene search
+L

102 matches found

Cvelist
Cvelist
added 2024/08/13 10:6 p.m.51 views

CVE-2024-28986 SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce...

9.8CVSS0.84628EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2024/08/13 12:0 a.m.20 views

CVE-2024-28986

SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. While it was reported as an unauthenticated vulnerability, SolarWinds has been unable to reproduce it...

9.8CVSS10AI score0.84628EPSS
In wildExploits0References3
CISA KEV Catalog
CISA KEV Catalog
added 2024/07/17 12:0 a.m.37 views

SolarWinds Serv-U Path Traversal Vulnerability

SolarWinds Serv-U contains a path traversal vulnerability that allows an attacker access to read sensitive files on the host machine...

8.6CVSS6.5AI score0.99614EPSS
In wildExploits8
OSV
OSV
added 2024/06/06 9:15 a.m.3 views

CVE-2024-28995

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine...

7.5CVSS5.8AI score0.99614EPSS
Exploits8References2
Cvelist
Cvelist
added 2024/06/06 9:1 a.m.45 views

CVE-2024-28995 SolarWinds Serv-U L Directory Transversal Vulnerability

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine...

8.6CVSS8.4AI score0.99614EPSS
Exploits8References1
CVE
CVE
added 2024/06/06 9:1 a.m.430 views

CVE-2024-28995

CVE-2024-28995 is a directory traversal vulnerability in SolarWinds Serv-U that allows unauthenticated attackers to read sensitive host files. The flaw affects Serv-U and can be triggered via crafted directory/file paths (e.g., using InternalDir/InternalFile payloads) to access local logs and sys...

8.6CVSS5.8AI score0.99614EPSS
In wildExploits8References2Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/06/06 12:0 a.m.26 views

CVE-2024-28995

SolarWinds Serv-U was susceptible to a directory transversal vulnerability that would allow access to read sensitive files on the host machine. Recent assessments: sfewer-r7 at June 13, 2024 9:17am UTC reported: Based upon our Rapid7 Analysis, I have rated the attacker value of this vulnerability...

8.6CVSS8AI score0.99614EPSS
In wildExploits8References3
Vulnrichment
Vulnrichment
added 2024/04/16 12:0 a.m.14 views

CVE-2024-1569 Uncontrolled Resource Consumption in parisneo/lollms-webui

parisneo/lollms-webui is vulnerable to a denial of service DoS attack due to uncontrolled resource consumption. Attackers can exploit the /opencodeinvscode and similar endpoints without authentication by sending repeated HTTP POST requests, leading to the opening of Visual Studio Code or the...

5.3CVSS5.6AI score0.00782EPSS
Exploits1References2
NVD
NVD
added 2024/04/10 11:15 p.m.18 views

CVE-2024-29902

Cosign provides code signing and transparency for containers and binaries. Prior to version 2.2.4, a remote image with a malicious attachment can cause denial of service of the host machine running Cosign. This can impact other services on the machine that rely on having memory available such as ...

5.9CVSS4.7AI score0.00658EPSS
Exploits0References5
OSV
OSV
added 2024/04/05 3:3 p.m.62 views

GHSA-4685-2X5R-65PJ Pebble service manager's file pull API allows access by any user

Impact Note: "Pebble" here refers to Canonical's service manager, not the Let's Encrypt ACME test server. The API behind pebble pull, used to read files from the workload container by Juju charms, allows access from any user, instead of just admin. In Juju Kubernetes sidecar charms, Pebble and th...

6.5CVSS6.4AI score0.00201EPSS
Exploits0References9
hivepro
hivepro
added 2024/03/11 9:51 a.m.44 views

Critical VMware Vulnerabilities Leading To Sandbox Escape

Summary: Critical vulnerabilities tracked as CVE-2024-22252, CVE-2024-22253, CVE-2024-22254, and CVE-2024-22255 have been addressed by Vmware. These vulnerabilities allow attackers to bypass virtual machines and execute commands on the host machine. Workstation, Fusion, Cloud Foundation, and VMwa...

4.6CVSS7.6AI score0.03542EPSS
Exploits0
OSV
OSV
added 2024/02/03 12:37 a.m.13 views

GHSA-MQ6V-W35G-3C97 Local File Inclusion vulnerability in zmarkdown

Impact A minor Local File Inclusion vulnerability has been found in zmarkdown, which allowed for images with a known path on the host machine to be included inside a LaTeX document. To prevent it, a new option has been created that allow to replace invalid paths with a default image instead of...

7AI score
Exploits0References2
OSV
OSV
added 2023/12/07 6:30 p.m.37 views

GHSA-C79F-PQGF-FHP3 Directory Traversal in Gladys Assistant

Gladys Assistant v4.27.0 and prior is vulnerable to Directory Traversal. The patch of CVE-2023-43256 was found to be incomplete, allowing authenticated attackers to extract sensitive files in the host machine...

6.5CVSS6.2AI score0.01018EPSS
Exploits0References5
NVD
NVD
added 2023/09/25 2:15 p.m.32 views

CVE-2023-43256

A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input...

6.5CVSS6.2AI score0.00672EPSS
Exploits0References3
Prion
Prion
added 2023/09/25 2:15 p.m.27 views

Path traversal

A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input...

4CVSS6.3AI score0.00672EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2023/09/25 12:0 a.m.15 views

CVE-2023-43256

A path traversal in Gladys Assistant v4.26.1 and below allows authenticated attackers to extract sensitive files in the host machine by exploiting a non-sanitized user input...

6.5CVSS6.8AI score0.00672EPSS
Exploits0References5
Prion
Prion
added 2023/09/11 7:15 p.m.20 views

Command injection

Zoho ManageEngine ADManager Plus before Build 7200 allows admin users to execute commands on the host machine...

5.8CVSS7.1AI score0.11634EPSS
Exploits1References1Affected Software1
Veracode
Veracode
added 2023/06/09 11:58 a.m.15 views

File System Sandbox Breakout

github.com/lima-vm/lima is vulnerable to a File System Sandbox Breakout. The vulnerability exists due to differential disk images used as the base image, which allows an attacker to aread files off the host machine...

2.7CVSS6.8AI score0.00268EPSS
Exploits0References3Affected Software1
NVD
NVD
added 2023/04/21 9:15 p.m.31 views

CVE-2023-30621

Gipsy is a multi-purpose discord bot which aim to be as modular and user-friendly as possible. In versions prior to 1.3 users can run command on the host machine with sudoer permission. The !ping command when provided with an IP or hostname used to run a bash ping without verification that the IP...

9.8CVSS9.9AI score0.01876EPSS
Exploits0References3
Prion
Prion
added 2023/04/21 9:15 p.m.18 views

Command injection

Gipsy is a multi-purpose discord bot which aim to be as modular and user-friendly as possible. In versions prior to 1.3 users can run command on the host machine with sudoer permission. The !ping command when provided with an IP or hostname used to run a bash ping without verification that the IP...

7.5CVSS9.7AI score0.01876EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder