CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

32 matches found

RedhatCVE•added 2026/04/01 5:3 p.m.•2 views

CVE-2026-34227

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected target data e.g. SS...

8.8CVSS5.8AI score0.00029EPSS

Exploits1References1

EUVD•added 2026/03/31 3:25 p.m.•1 views

EUVD-2026-17490

5.9CVSS5.8AI score0.00029EPSS

Exploits1References1

Positive Technologies•added 2026/03/31 12:0 a.m.•3 views

PT-2026-29285

5.9CVSS5.8AI score0.00029EPSS

Exploits1References2

SUSE CVE•added 2026/03/25 12:25 a.m.•1 views

SUSE CVE-2026-29781

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting...

6.5CVSS5.9AI score0.00035EPSS

Exploits1References3

NVD•added 2026/02/06 10:16 p.m.•4 views

CVE-2026-25760

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated path traversal / arbitrary file read issue, a...

6.5CVSS0.00021EPSS

Exploits1References2

Vulnrichment•added 2026/02/06 9:32 p.m.•4 views

CVE-2026-25760 Website Path Traversal / Arbitrary File Read (Authenticated) in Sliver

6.5CVSS5.8AI score0.00021EPSS

Exploits1References2

Veracode•added 2025/12/23 10:2 a.m.•4 views

Improper Access Control

github.com/bishopfox/sliver is vulnerable to Improper Access Control. The vulnerability is due to the custom WireGuard netstack not restricting traffic between connected clients, which allows an attacker with leaked or recovered keypairs to communicate with other implants, access exposed port...

6.3CVSS5.5AI score0.00038EPSS

Exploits0References4Affected Software1

SUSE CVE•added 2025/11/09 12:33 a.m.•2 views

SUSE CVE-2025-27093

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does not limit traffic between Wireguard clients. This allows clients to communicate with each other unrestrictedly, potentially...

6.3CVSS7AI score0.00038EPSS

Exploits0References2

RedhatCVE•added 2025/10/29 8:11 p.m.•1 views

CVE-2025-27093

6.3CVSS6.9AI score0.00038EPSS

Exploits0References1

NVD•added 2025/10/28 8:15 p.m.•1 views

CVE-2025-27093

6.3CVSS0.00038EPSS

Exploits0References3

Cvelist•added 2025/10/28 7:29 p.m.•6 views

CVE-2025-27093 Sliver does not restricted traffic between Wireguard clients.

6.3CVSS0.00038EPSS

Exploits0References3

Vulnrichment•added 2025/10/28 7:29 p.m.•1 views

CVE-2025-27093 Sliver does not restricted traffic between Wireguard clients.

6.3CVSS6.5AI score0.00038EPSS

Exploits0References3

OSV•added 2025/10/28 7:29 p.m.•2 views

CVE-2025-27093 Sliver does not restricted traffic between Wireguard clients.

6.3CVSS6.9AI score0.00038EPSS

Exploits0References5

Snyk•added 2025/10/28 5:31 p.m.•1 views

Improper Restriction of Communication Channel to Intended Endpoints

Overview Affected versions of this package are vulnerable to Improper Restriction of Communication Channel to Intended Endpoints in the custom netstack implementation. An attacker can access internal services or execute unauthorized actions by recovering a Wireguard private key from a process dum...

6.3CVSS7AI score0.00038EPSS

Exploits0References2

OSV•added 2025/10/28 5:31 p.m.•3 views

GHSA-Q8J9-34QF-7VQ7 Silver has unrestricted traffic between Wireguard clients

Summary Sliver's custom Wireguard netstack doesn't limit traffic between Wireguard clients, this could lead to: 1. Leaked/recovered keypair from a beacon being used to attack operators. 2. Port forwardings usable from other implants. Details 1. Sliver treat operators' Wireguard config and...

6.3CVSS6.9AI score0.00038EPSS

Exploits0References6

Github Security Blog•added 2025/10/28 5:31 p.m.•5 views

Silver has unrestricted traffic between Wireguard clients

6.3CVSS6.9AI score0.00038EPSS

Exploits0References6Affected Software1

Positive Technologies•added 2025/10/28 12:0 a.m.•2 views

PT-2025-44202

Name of the Vulnerable Software and Affected Versions Sliver versions 1.5.43 and earlier, and version 1.6.0-dev Description Sliver is a command and control framework that utilizes a custom Wireguard netstack. In versions 1.5.43 and earlier, and in development version 1.6.0-dev, the netstack does...

6.3CVSS6.5AI score0.00038EPSS

Exploits0References18

EUVD•added 2025/10/07 12:30 a.m.•1 views

EUVD-2019-10521

Malware in sbrugna...

8.6CVSS8.2AI score0.01404EPSS

Exploits0References2

Tenable Nessus•added 2024/03/08 12:0 a.m.•18 views

Cisco NX-OS Buffer Copy without Checking Size of Input (CVE-2024-20267)

A vulnerability with the handling of MPLS traffic for Cisco NX-OS Software could allow an unauthenticated, remote attacker to cause the netstack process to unexpectedly restart, which could cause the device to stop processing network traffic or to reload. This vulnerability is due to lack of prop...

8.6CVSS7.8AI score0.00527EPSS

Exploits0References2

Tenable Nessus•added 2024/03/01 12:0 a.m.•17 views

Cisco NX-OS Software MPLS Encapsulated IPv6 DoS (cisco-sa-ipv6-mpls-dos-R9ycXkwM)

8.6CVSS7.8AI score0.00527EPSS

Exploits0References5

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by