CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

33 matches found

RedhatCVE•added 2026/01/31 3:21 p.m.•4 views

CVE-2025-6723

Chef InSpec versions up to 5.23 and before 7.0.107 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and exploit the insufficient access restrictions to assume the InSpec execution context, potentially...

5.8CVSS5.9AI score0.00007EPSS

Exploits0References1

NVD•added 2026/01/30 2:16 p.m.•2 views

CVE-2025-6723

5.8CVSS0.00007EPSS

Exploits0References1

Vulnrichment•added 2026/01/30 2:9 p.m.•3 views

CVE-2025-6723 Untrusted user data can lead to privilege escalation

5.8CVSS5.8AI score0.00007EPSS

Exploits0References1

Cvelist•added 2026/01/30 2:9 p.m.•26 views

CVE-2025-6723 Untrusted user data can lead to privilege escalation

5.8CVSS0.00007EPSS

Exploits0References1

EUVD•added 2026/01/30 2:9 p.m.•4 views

EUVD-2025-206578

Chef InSpec up to version 5.23 creates named pipes with overly permissive default Windows access controls. A local attacker may interfere with the pipe connection process and exploit the insufficient access restrictions to assume the InSpec execution context, potentially resulting in elevated...

5.8CVSS6AI score0.00007EPSS

Exploits0References1

CVE•added 2026/01/30 2:9 p.m.•8 views

CVE-2025-6723

CVE-2025-6723 : Red Hat and NVD entries describe that Chef InSpec up to version 5.23 creates named pipes with overly permissive default Windows access controls. A local attacker could interfere with the pipe connection process and exploit insufficient access restrictions to assume the InSpec exec...

5.8CVSS5.9AI score0.00007EPSS

Exploits0References1

ATTACKERKB•added 2026/01/30 2:9 p.m.•3 views

CVE-2025-6723

5.8CVSS5.8AI score0.00007EPSS

Exploits0References2

CNNVD•added 2026/01/30 12:0 a.m.•2 views

Chef InSpec authorization issue vulnerability

Chef InSpec is an open-source automation testing and compliance checking framework developed by Chef Inc. It aims to assist developers and operations teams in writing, running, and maintaining automated test scripts to verify the compliance and security of applications and infrastructure. Chef...

5.8CVSS5.8AI score0.00007EPSS

Exploits0References2

EUVD•added 2025/10/03 8:7 p.m.•1 views

EUVD-2023-44657

Malicious code in bioql PyPI...

9.9CVSS8.5AI score0.17272EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•3 views

EUVD-2023-47091

Malicious code in bioql PyPI...

8.8CVSS7.6AI score0.00192EPSS

Exploits0References3

RedhatCVE•added 2025/05/23 4:55 a.m.•5 views

CVE-2023-42658

Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile...

8.8CVSS6.9AI score0.00192EPSS

Exploits0

RedhatCVE•added 2025/05/23 4:43 a.m.•4 views

CVE-2023-40050

Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution...

9.9CVSS7.9AI score0.17272EPSS

Exploits0

NVD•added 2023/10/31 3:15 p.m.•7 views

CVE-2023-40050

Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution...

9.9CVSS9.9AI score0.17272EPSS

Exploits0References3

NVD•added 2023/10/31 3:15 p.m.•13 views

CVE-2023-42658

Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile...

8.8CVSS8.7AI score0.00192EPSS

Exploits0References3

OSV•added 2023/10/31 3:15 p.m.•3 views

CVE-2023-42658

Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile...

7.8CVSS6.8AI score0.00192EPSS

Exploits0References3

OSV•added 2023/10/31 3:15 p.m.•7 views

CVE-2023-40050

Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution...

8.8CVSS8.1AI score0.17272EPSS

Exploits0References3

Prion•added 2023/10/31 3:15 p.m.•8 views

Remote code execution

Upload profile either through API or user interface in Chef Automate prior to and including version 4.10.29 using InSpec check command with maliciously crafted profile allows remote code execution...

6.5CVSS9AI score0.17272EPSS

Exploits0References3Affected Software1

Prion•added 2023/10/31 3:15 p.m.•10 views

Command injection

Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile...

4.4CVSS7.6AI score0.00192EPSS

Exploits0References3Affected Software1

CVE•added 2023/10/31 2:8 p.m.•49 views

CVE-2023-42658

CVE-2023-42658 affects Chef InSpec. Vulnerable in versions prior to 4.56.58 and 5.22.29 , where maliciously crafted profiles can trigger local command execution via the archive, check, and export commands. Remediation: upgrade to 4.56.58+ or 5.22.29+. See PT-2023-28487 for details on affected com...

8.8CVSS7.9AI score0.00192EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2023/10/31 2:8 p.m.•10 views

CVE-2023-42658 InSpec Archive Command Vulnerable to Maliciously Crafted Profile

Archive command in Chef InSpec prior to 4.56.58 and 5.22.29 allow local command execution via maliciously crafted profile...

8.8CVSS6.9AI score0.00192EPSS

Exploits0References3

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by