Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

36 matches found

Exploit DB
Exploit DBadded 2026/05/29 12:0 a.m.29 views

Microsoft - NTLMv2 Hash Capture

Titles: Microsoft - NTLMv2 Hash Capture Author: nu11secur1ty Date: 2026-05-27 Vendor: Microsoft Software: Windows Shell File Explorer Reference: https://nvd.nist.gov/vuln/detail/CVE-2026-32202 Description: A spoofing vulnerability in Windows Shell File Explorer allows an attacker to capture NTLMv...

4.3CVSS6AI score0.56822EPSS
Exploits3
EUVD
EUVDadded 2025/10/07 12:30 a.m.2 views

EUVD-2017-6447

Malware in sbrugna...

5.5CVSS5.6AI score0.00222EPSS
Exploits1References2
EUVD
EUVDadded 2025/10/03 8:7 p.m.4 views

EUVD-2023-2717

Malicious code in bioql PyPI...

8.6CVSS5.5AI score0.00179EPSS
Exploits0References5
EUVD
EUVDadded 2025/10/03 8:7 p.m.5 views

EUVD-2024-17008

Malicious code in bioql PyPI...

9.5CVSS6.5AI score0.01169EPSS
Exploits1References3
EUVD
EUVDadded 2025/10/03 8:7 p.m.5 views

EUVD-2024-17009

Malicious code in bioql PyPI...

9.5CVSS6.5AI score0.01023EPSS
Exploits0References3
RedhatCVE
RedhatCVEadded 2025/06/13 3:24 a.m.4 views

CVE-2024-1244

Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2...

9.5CVSS7.6AI score0.01023EPSS
Exploits0References1
RedhatCVE
RedhatCVEadded 2025/06/13 1:19 a.m.3 views

CVE-2024-1243

Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for...

9.5CVSS7.6AI score0.01169EPSS
Exploits1References1
NVD
NVDadded 2025/06/11 3:15 a.m.18 views

CVE-2024-1244

Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2...

9.5CVSS0.01023EPSS
Exploits0References2
AlpineLinux
AlpineLinuxadded 2025/06/11 2:59 a.m.2 views

CVE-2024-1244

Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2...

9.5CVSS8.4AI score0.01023EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2025/06/11 2:59 a.m.9 views

CVE-2024-1244 Remote code execution and local privilege escalation due to UNC access and NetNTLMv2 hash theft

Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2...

9.5CVSS8.3AI score0.01023EPSS
Exploits0References2
NVD
NVDadded 2025/06/11 2:15 a.m.31 views

CVE-2024-1243

Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for...

9.5CVSS0.01169EPSS
Exploits1References3
CVE
CVEadded 2025/06/11 1:15 a.m.60 views

CVE-2024-1243

The CVE-2024-1243 entry concerns Wazuh agent for Windows prior to 4.8.0. It states improper input validation can be exploited by an attacker who controls the Wazuh server or agent key to configure the agent to connect to a malicious UNC path, leading to leakage of the machine account NetNTLMv2 ha...

9.5CVSS8.2AI score0.01169EPSS
Exploits1References3Affected Software1
Cvelist
Cvelistadded 2025/06/11 1:15 a.m.20 views

CVE-2024-1243 Remote code execution and local privilege escalation in Wazuh Windows agent via NetNTLMv2 hash theft

Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for...

9.5CVSS0.01169EPSS
Exploits1References3
Vulnrichment
Vulnrichmentadded 2025/06/11 1:15 a.m.11 views

CVE-2024-1243 Remote code execution and local privilege escalation in Wazuh Windows agent via NetNTLMv2 hash theft

Improper input validation in the Wazuh agent for Windows prior to version 4.8.0 allows an attacker with control over the Wazuh server or agent key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2 hash, which can be relayed for...

9.5CVSS8.2AI score0.01169EPSS
Exploits1References3
Positive Technologies
Positive Technologiesadded 2025/06/11 12:0 a.m.3 views

PT-2025-25177 · Wazuh · Wazuh Agent For Windows

Name of the Vulnerable Software and Affected Versions: Wazuh agent for Windows versions prior to 4.8.0 Description: The issue is caused by improper input validation in the Wazuh agent for Windows, allowing an attacker with control over the Wazuh server or agent key to configure the agent to conne...

9.5CVSS7.4AI score0.01169EPSS
Exploits1References11
RedhatCVE
RedhatCVEadded 2025/05/23 5:14 a.m.7 views

CVE-2023-41339

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an sld= parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles,...

8.6CVSS6.9AI score0.00179EPSS
Exploits0References1
GithubExploit
GithubExploitadded 2025/03/27 9:49 a.m.268 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

CVE-2025-24071 This Python script is designed to demonstrate...

6.5CVSS7.5AI score0.74072EPSS
Exploits20
Packet Storm
Packet Stormadded 2024/08/31 12:0 a.m.325 views

CrushFTP Unauthenticated Arbitrary File Read

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'CrushFTP Unauthenticated Arbitrary File Read', 'Description' = %q This module leverages an unauthenticated server-side template injection...

10CVSS7AI score0.94426EPSS
Exploits22
Metasploit
Metasploitadded 2024/05/07 7:55 p.m.302 views

CrushFTP Unauthenticated Arbitrary File Read

This module leverages an unauthenticated server-side template injection vulnerability in CrushFTP use auxiliary/gather/crushftpfilereadcve20244040 msf auxiliarycrushftpfilereadcve20244040 show actions ...actions... msf auxiliarycrushftpfilereadcve20244040 set ACTION msf...

10CVSS8.7AI score0.94426EPSS
Exploits22
Prion
Prionadded 2023/10/25 6:17 p.m.19 views

Server side request forgery (ssrf)

GeoServer is an open source software server written in Java that allows users to share and edit geospatial data. The WMS specification defines an sld= parameter for GetMap, GetLegendGraphic and GetFeatureInfo operations for user supplied "dynamic styling". Enabling the use of dynamic styles,...

5CVSS5.4AI score0.00179EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder