38 matches found
EUVD-2022-44380
Malicious code in bioql PyPI...
EUVD-2022-43879
Malicious code in bioql PyPI...
EUVD-2022-43880
Malicious code in bioql PyPI...
EUVD-2025-4278
Malicious code in bioql PyPI...
Simulating Cyberattacks through a Breach Attack Simulation (BAS) Platform Empowered by Security Chaos Engineering (SCE)
In today digital landscape, organizations face constantly evolving cyber threats, making it essential to discover slippery attack vectors through novel techniques like Security Chaos Engineering SCE, which allows teams to test defenses and identify vulnerabilities effectively. This paper proposes...
CVE-2022-40606
MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605...
MITRE Caldera dynamic compilation command injection
Added: 02/28/2025 Background MITRE Caldera is a security platform for emulating adversaries. Problem The dynamic compilation functionality in the Manx and Sandcat agents is affected by an injection vulnerability which could allow remote command execution. Resolution Upgrade to Caldera 5.1.0 or...
MITRE Caldera dynamic compilation command injection
Added: 02/28/2025 Background MITRE Caldera is a security platform for emulating adversaries. Problem The dynamic compilation functionality in the Manx and Sandcat agents is affected by an injection vulnerability which could allow remote command execution. Resolution Upgrade to Caldera 5.1.0 or...
CVE-2025-27364
In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution RCE vulnerability was found in the dynamic agent implant compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web...
CVE-2025-27364
In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution RCE vulnerability was found in the dynamic agent implant compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web...
CVE-2025-27364
In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution RCE vulnerability was found in the dynamic agent implant compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is running on via a crafted web...
CVE-2025-27364
MITRE Caldera vulnerability CVE-2025-27364 affects Caldera server in versions up to 4.2.0 and 5.0.0 prior to the commit 35bc06e. It is a Remote Code Execution (RCE) in the server’s dynamic agent (implant) compilation feature, allowing a remote attacker to run arbitrary code on the Caldera host vi...
MITRE Caldera 安全漏洞
MITRE Caldera is a MITRE open source automated adversarial simulation platform. A security vulnerability exists in MITRE Caldera versions 4.2.0 and earlier and 5.0.0 and earlier, which stems from remote code execution in the Dynamic Proxy Compilation feature and allows an attacker to execute...
caldera -- Remote Code Execution
MITRE Caldera contributor report: In MITRE Caldera through 4.2.0 and 5.0.0 before 35bc06e, a Remote Code Execution RCE vulnerability was found in the dynamic agent implant compilation functionality of the server. This allows remote attackers to execute arbitrary code on the server that Caldera is...
Exploit for Improper Privilege Management in Mitre Caldera
CVE-2021-42562: Improper Access Control in MITRE Caldera Cald...
Exploit for Injection in Mitre Caldera
CVE-2021-42561: Command Injection via the Human Plugin in...
Exploit for Cross-site Scripting in Mitre Caldera
CVE-2021-42558: Multiple Cross-Site Scripting in MITRE Caldera...
CVE-2022-40606
MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605...
CVE-2022-40606
MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605...
Design/Logic Flaw
MITRE CALDERA before 4.1.0 allows XSS in the Operations tab and/or Debrief plugin via a crafted operation name, a different vulnerability than CVE-2022-40605...