Lucene search
K

20 matches found

Github Security Blog
Github Security Blog
added 2026/06/15 8:16 p.m.27 views

Starlette: SSRF and NTLM credential theft via UNC paths in StaticFiles on Windows

Summary When serving static files on Windows, StaticFiles resolves the requested path with os.path.realpath. If a UNC path such as \attacker.com\share reaches the resolver, realpath causes the process to open a connection to the remote host over SMB port 445. This is a server-side request forgery...

7.5CVSS5.5AI score0.00368EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/06/04 5:13 p.m.23 views

CVE-2026-25550

Seagull Software BarTender 2010, 2016, and 2019 expose an unauthenticated .NET Remoting service on TCP port 7375 (BtSystem.Service.exe). BarTenderSystem (BarTender 2016 ≤ R9) and DataServiceSingleton (BarTender 2019 ≤ R10) are registered as unauthenticated singleton endpoints configured with Bina...

9.8CVSS6.5AI score0.00729EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-26213

Malware in sbrugna...

6.5CVSS6.8AI score0.02288EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/07 12:30 a.m.3 views

EUVD-2021-26212

Malware in sbrugna...

6.5CVSS6.8AI score0.02288EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2021-31554

Malicious code in bioql PyPI...

4.3CVSS5.9AI score0.02072EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-42065

Malicious code in bioql PyPI...

5.5CVSS5.5AI score0.00326EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.3 views

EUVD-2021-31518

Malicious code in bioql PyPI...

4.3CVSS5.9AI score0.02072EPSS
Exploits0References1
CNVD
CNVD
added 2023/08/12 12:0 a.m.17 views

Adobe Acrobat Reader Input Validation Error Vulnerability (CNVD-2023-71749)

Adobe Acrobat Reader is a PDF viewer from the American company Audobee Adobe. The software is used to print, sign and annotate PDF. Adobe Acrobat Reader has an input validation error vulnerability that can be exploited by an attacker to obtain NTLMv2 credentials...

5.5CVSS6.6AI score0.00326EPSS
Exploits0References1
NVD
NVD
added 2023/08/10 2:15 p.m.16 views

CVE-2023-38245

Adobe Acrobat Reader versions 23.003.20244 and earlier and 20.005.30467 and earlier are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issue requires user interaction in that a...

5.5CVSS5.3AI score0.00326EPSS
Exploits0References1
CNVD
CNVD
added 2022/01/16 12:0 a.m.31 views

Adobe Acrobat Reader information leakage vulnerability

Adobe Acrobat is a set of PDF file editing and conversion tools from the U.S. Adobe Acrobat Reader DC ActiveX space is vulnerable to information disclosure, which stems from errors in the configuration of the network system or product during operation. An unauthenticated attacker could exploit th...

4.3CVSS3.5AI score0.02072EPSS
Exploits0References1
NVD
NVD
added 2022/01/14 8:15 p.m.18 views

CVE-2021-44739

Acrobat Reader DC ActiveX Control versions 21.007.20099 and earlier, 20.004.30017 and earlier and 17.011.30204 and earlier are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issu...

4.3CVSS0.02072EPSS
Exploits0References1
Prion
Prion
added 2022/01/14 8:15 p.m.13 views

Information disclosure

Acrobat Reader DC ActiveX Control versions 21.007.20099 and earlier, 20.004.30017 and earlier and 17.011.30204 and earlier are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of this issu...

4.3CVSS4.8AI score0.02072EPSS
Exploits0References1Affected Software4
Tenable Nessus
Tenable Nessus
added 2022/01/12 12:0 a.m.37 views

Adobe Reader < 17.011.30207 / 20.004.30020 / 21.011.20039 Multiple Vulnerabilities (APSB22-01) (macOS)

The version of Adobe Reader installed on the remote macOS host is a version prior to 17.011.30207, 20.004.30020, or 21.011.20039. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader DC version 21.007.20099 and earlier, 20.004.30017 and earlier and 17.011.30204 and earlier are...

9.3CVSS7.5AI score0.57304EPSS
Exploits1References29
Tenable Nessus
Tenable Nessus
added 2022/01/12 12:0 a.m.110 views

Adobe Reader < 17.011.30207 / 20.004.30020 / 21.011.20039 Multiple Vulnerabilities (APSB22-01)

The version of Adobe Reader installed on the remote Windows host is a version prior to 17.011.30207, 20.004.30020, or 21.011.20039. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader DC version 21.007.20099 and earlier, 20.004.30017 and earlier and 17.011.30204 and earlier a...

9.3CVSS7.5AI score0.57304EPSS
Exploits1References29
Tenable Nessus
Tenable Nessus
added 2022/01/12 12:0 a.m.34 views

Adobe Acrobat < 17.011.30207 / 20.004.30020 / 21.011.20039 Multiple Vulnerabilities (APSB22-01)

The version of Adobe Acrobat installed on the remote Windows host is a version prior to 17.011.30207, 20.004.30020, or 21.011.20039. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader DC version 21.007.20099 and earlier, 20.004.30017 and earlier and 17.011.30204 and earlier...

9.3CVSS7.5AI score0.57304EPSS
Exploits1References29
OSV
OSV
added 2021/09/29 4:15 p.m.2 views

CVE-2021-39855

Acrobat Reader DC ActiveX Control versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of thi...

6.5CVSS6.9AI score0.02288EPSS
Exploits0References1
NVD
NVD
added 2021/09/29 4:15 p.m.17 views

CVE-2021-39855

Acrobat Reader DC ActiveX Control versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of thi...

6.5CVSS0.02288EPSS
Exploits0References1
Prion
Prion
added 2021/09/29 4:15 p.m.13 views

Information disclosure

Acrobat Reader DC ActiveX Control versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of thi...

4.3CVSS6AI score0.02288EPSS
Exploits0References1Affected Software4
Prion
Prion
added 2021/09/29 4:15 p.m.20 views

Information disclosure

Acrobat Reader DC ActiveX Control versions 2021.005.20060 and earlier, 2020.004.30006 and earlier and 2017.011.30199 and earlier are affected by an Information Disclosure vulnerability. An unauthenticated attacker could leverage this vulnerability to obtain NTLMv2 credentials. Exploitation of thi...

4.3CVSS6AI score0.02288EPSS
Exploits0References1Affected Software4
CVE
CVE
added 2021/09/29 3:39 p.m.69 views

CVE-2021-39856

CVE-2021-39856 affects Adobe Acrobat Reader DC ActiveX Control. The vulnerability allows an unauthenticated attacker to obtain NTLMv2 credentials via an information-disclosure flaw in the ActiveX component, with exploitation requiring a user to visit a malicious attacker-controlled webpage. Affec...

6.5CVSS6.1AI score0.02288EPSS
Exploits0References1Affected Software2
Rows per page
Query Builder