CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

3307 matches found

Packet Storm•added 2022/03/07 12:0 a.m.•687 views

Apache APISIX Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'APISIX Admin API default access token RCE', 'Description' = %q Apache APISIX has a default, built-in API token edd1c9f034335f136f87ad84b625c8f1...

9.8CVSS0.94439EPSS

Exploits18

0day.today•added 2022/03/07 12:0 a.m.•920 views

Apache APISIX Remote Code Execution Exploit

Apache APISIX has a default, built-in API token that can be used to obtain full access of the admin API. Access to this API allows for remote LUA code execution through the script parameter added in the 2.x version. This module also leverages another vulnerability to bypass th e IP restriction...

9.8CVSS8.5AI score0.94439EPSS

Exploits18

ThreatPost•added 2022/03/03 5:18 p.m.•222 views

Phishing Campaign Targeted Those Aiding Ukraine Refugees

Cyberattackers used a compromised Ukrainian military email address to phish EU government employees who’ve been involved in managing the logistics of refugees fleeing Ukraine, according to a new report. Ukraine has been at the center of an unprecedented wave of cyberattacks in recent weeks and...

8.5AI score

Exploits0References8

The Hacker News•added 2022/03/02 2:47 p.m.•30 views

Hackers Try to Target European Officials to Get Info on Ukrainian Refugees, Supplies

Details of a new nation-state sponsored phishing campaign have been uncovered setting its sights on European governmental entities in what's seen as an attempt to obtain intelligence on refugee and supply movement in the region. Enterprise security company Proofpoint, which detected the malicious...

0.4AI score

Exploits0

NCSC•added 2022/02/22 12:0 a.m.•2 views

Vulnerability fixed in redis

A vulnerability has been fixed in the redis packages for Debian. The vulnerability allows a remote malicious person to execute execute arbitrary commands on the underlying system. This vulnerability affects only Debian packages for redis, due to a bug in the Debian specific configuration for the...

10CVSS6.8AI score0.94398EPSS

Exploits8

OpenVAS•added 2022/02/22 12:0 a.m.•19 views

Debian: Security Advisory (DSA-5081-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

10CVSS9.8AI score0.94398EPSS

Exploits8References6

Tenable Nessus•added 2022/02/21 12:0 a.m.•44 views

Debian DSA-5081-1 : redis - security update

The remote Debian 10 / 11 host has packages installed that are affected by a vulnerability as referenced in the dsa-5081 advisory. - It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a Debian-specific Lua sandbox escape, which could result in...

10CVSS9AI score0.94398EPSS

Exploits8References7

Veracode•added 2022/02/20 2:24 p.m.•80 views

Remote Code Execution

redis is vulnerable to remote code execution. A persistent key-value database is prone to a Debian-specific Lua sandbox escape due to a packaging issue allows an attacker to upload and execute malicious code on the targeted system...

10CVSS6.1AI score0.94398EPSS

Exploits8References7Affected Software1