Lucene search
K

4 matches found

CVE
CVE
added 2025/12/09 6:28 a.m.20 views

CVE-2025-13428

CVE-2025-13428 affects the SecOps SOAR server. The vulnerability arises from weak validation of uploaded Python package code in custom integrations, allowing an authenticated user with an IDE role to achieve Remote Code Execution (RCE) via a malicious setup.py during installation. Impact is serve...

8.6CVSS7AI score0.00287EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2025/05/22 4:52 a.m.6 views

CVE-2019-19084

In Octopus Deploy 3.3.0 through 2019.10.4, an authenticated user with PackagePush permission to upload packages could upload a maliciously crafted package, triggering an exception that exposes underlying operating system details...

4.3CVSS6.7AI score0.00689EPSS
Exploits0References1
Prion
Prion
added 2023/11/22 1:15 a.m.25 views

Code injection

It was discovered that a user with Fleet admin permissions could upload a malicious package. Due to using an older version of the js-yaml library, this package would be loaded in an insecure manner, allowing an attacker to execute commands on the Kibana server...

5.8CVSS7.5AI score0.01154EPSS
Exploits0References2Affected Software1
CNVD
CNVD
added 2020/08/04 12:0 a.m.3 views

Teltonika TRB245 Improper Input Validation Vulnerability

Teltonika TRB245 is a cellular network gateway product from Teltonika Lithuania. An improper input validation vulnerability exists in the firmware TRB2R00.02.04.01 of the Teltonika TRB245. A remote attacker can exploit this vulnerability to gain root privileges by uploading a malicious package fi...

7.5CVSS7.2AI score0.01052EPSS
Exploits1References1
Rows per page
Query Builder