Lucene search
K

25 matches found

NVD
NVD
added 2026/07/07 5:16 p.m.10 views

CVE-2026-23698

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS0.00867EPSS
Exploits2References3
EUVD
EUVD
added 2026/07/07 4:10 p.m.5 views

EUVD-2026-42054

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS6.7AI score0.00867EPSS
Exploits2References3
ATTACKERKB
ATTACKERKB
added 2026/07/07 4:10 p.m.7 views

CVE-2026-23698

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS6.7AI score0.00867EPSS
Exploits2References4
Cvelist
Cvelist
added 2026/07/07 4:10 p.m.31 views

CVE-2026-23698 Vtiger CRM 8.4.0 Authenticated RCE via Module Import File Upload

Vtiger CRM through 8.4.0 contains an authenticated remote code execution vulnerability in the admin module import feature that allows administrator-level attackers to upload arbitrary PHP files by submitting a crafted zip archive through the ModuleManager import function, which extracts contents...

8.6CVSS0.00867EPSS
Exploits2References3
CVE
CVE
added 2026/07/07 4:10 p.m.13 views

CVE-2026-23698

Vtiger CRM up to 8.4.0 is affected by an authenticated remote code execution vulnerability in the admin ModuleManager import feature. A privileged administrator can upload a crafted ZIP archive which is extracted directly into the web root’s modules/ directory without proper file-type validation ...

8.6CVSS6.7AI score0.00867EPSS
Exploits2References3
OSV
OSV
added 2026/06/16 5:16 p.m.6 views

DEBIAN-CVE-2026-12003

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

5.3CVSS5.3AI score0.00136EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 3:18 p.m.9 views

EUVD-2026-37125

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

5.3CVSS5.4AI score0.00136EPSS
Exploits0References3
OSV
OSV
added 2026/05/05 7:27 p.m.5 views

GHSA-FR8X-3VFX-F45H gix and gitoxide: unvalidated submodule name traverses out of .git/modules and redirects state() / open() to another repository

Summary attachments: pocs.zip Submodule names coming from .gitmodules are exposed as unvalidated names and are later reused to derive the submodule git directory as: /modules/ Because the submodule name is joined directly as a filesystem path component, a name such as ../../../escaped-target.git...

8.7CVSS5.9AI score
Exploits0References2
Packet Storm News
Packet Storm News
added 2026/02/06 12:0 a.m.6 views

Zabbix Agent Binaries Path Abuse Scanner

This scanner performs automated static analysis of Zabbix Agent binaries to detect hardcoded OpenSSL configuration paths that may enable provider or engine abuse. It identifies embedded OPENSSLDIR, ENGINESDIR, and MODULESDIR values, extracts OpenSSL version information, and checks for dynamic...

7.3CVSS6.1AI score0.00325EPSS
Exploits2
Gitee
Gitee
added 2025/09/22 1:44 a.m.164 views

nightmare

This repository is an introduction to binary exploitation and reverse engineering course based on CTF challenges, called "Nightmare". It contains a large amount of content, with over 90 challenges, laid out in a linear fashion, and well-documented write-ups explaining how to go from being handed...

6.9AI score
Exploits0
NVD
NVD
added 2025/02/27 4:15 p.m.25 views

CVE-2025-1756

mongosh may be susceptible to local privilege escalation under certain conditions potentially enabling unauthorized actions on a user's system with elevated privilege, when a crafted file is stored in C:\nodemodules. This issue affects mongosh prior to 2.3.0...

7.8CVSS0.00138EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/02/27 12:0 a.m.10 views

PT-2025-8963 · Mongosh · Mongosh

Name of the Vulnerable Software and Affected Versions: mongosh versions prior to 2.3.0 Description: The issue concerns a local privilege escalation problem that could allow unauthorized actions on a user's system with elevated privileges. This occurs when a crafted file is stored in C: ode module...

7.8CVSS6.5AI score0.00138EPSS
Exploits0References11
NVD
NVD
added 2023/07/13 10:15 p.m.26 views

CVE-2023-37599

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory...

7.5CVSS0.03632EPSS
Exploits1References1
OSV
OSV
added 2023/07/13 10:15 p.m.3 views

CVE-2023-37599

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory...

7.5CVSS5.8AI score0.03632EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2023/07/13 10:15 p.m.3 views

CVE-2023-37599

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory...

7.5CVSS7.2AI score0.03632EPSS
Exploits1References2
Prion
Prion
added 2023/07/13 10:15 p.m.23 views

Design/Logic Flaw

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory...

5CVSS7.3AI score0.03632EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/07/13 12:0 a.m.27 views

CVE-2023-37599

An issue in issabel-pbx v.4.0.0-6 allows a remote attacker to obtain sensitive information via the modules directory...

7.5AI score0.03632EPSS
Exploits1References1
SUSE CVE
SUSE CVE
added 2023/02/15 6:10 a.m.8 views

SUSE CVE-2007-5641

Multiple PHP remote file inclusion vulnerabilities in PHP Project Management 0.8.10 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the fullpath parameter to 1 certinfo/index.php, 2 emails/index.php, 3 events/index.php, 4 fax/index.php, 5 files/index.php, 6...

6.8CVSS7.9AI score0.40255EPSS
Exploits1References3
Gitee
Gitee
added 2020/05/13 9:34 p.m.2 views

metasploit-framework

This is an instance of the Metasploit Framework repository, a widely used penetration testing tool. The Metasploit Framework is a comprehensive platform for testing and exploiting vulnerabilities in computer systems and applications. It is a collection of tools and scripts that can be used to...

7.2AI score
Exploits0
RedHat Linux
RedHat Linux
added 2014/04/22 5:39 p.m.38 views

Important: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6.3 Extended Update Support. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which...

7.8CVSS6.1AI score0.07045EPSS
Exploits0References2
Rows per page
Query Builder