Lucene search
K

151 matches found

Cvelist
Cvelist
added 2025/09/23 5:7 a.m.13 views

CVE-2025-26399 SolarWinds Web Help Desk Deserialization of Untrusted Data Privilege Escalation Vulnerability

SolarWinds Web Help Desk was found to be susceptible to an unauthenticated AjaxProxy deserialization remote code execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability is a patch bypass of CVE-2024-28988, which in turn is a patc...

9.8CVSS0.8833EPSS
Exploits1References2
CVE
CVE
added 2025/09/23 5:7 a.m.51 views

CVE-2025-26399

SolarWinds Web Help Desk (WHD) is affected by CVE-2025-26399, an unauthenticated AjaxProxy deserialization vulnerability that enables remote code execution. This is a patch bypass of CVE-2024-28988 (and 2024-28986). In-the-wild activity and security guidance from Microsoft indicate unauthenticate...

9.8CVSS8AI score0.8833EPSS
In wildExploits1References4Affected Software1
NVD
NVD
added 2025/08/20 4:15 p.m.7 views

CVE-2025-55732

Frappe is a full-stack web application framework. Prior to 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted requests, allowing malicious people to access sensitive information. This vulnerability is a bypass of the official patch released for CVE-2025-5289...

8.7CVSS0.00299EPSS
Exploits0References3
Cvelist
Cvelist
added 2025/08/20 3:22 p.m.9 views

CVE-2025-55732 Frappe has the possibility of SQL Injection due to improper validations

Frappe is a full-stack web application framework. Prior to 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted requests, allowing malicious people to access sensitive information. This vulnerability is a bypass of the official patch released for CVE-2025-5289...

8.7CVSS0.00299EPSS
Exploits0References3
OSV
OSV
added 2025/08/20 3:22 p.m.5 views

CVE-2025-55732 Frappe has the possibility of SQL Injection due to improper validations

Frappe is a full-stack web application framework. Prior to 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted requests, allowing malicious people to access sensitive information. This vulnerability is a bypass of the official patch released for CVE-2025-5289...

8.7CVSS7.4AI score0.00299EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2025/08/20 12:0 a.m.5 views

PT-2025-34075

Name of the Vulnerable Software and Affected Versions: Frappe versions prior to 15.74.2 Frappe versions prior to 14.96.15 Description: Frappe is a full-stack web application framework. Prior to versions 15.74.2 and 14.96.15, an attacker could implement SQL injection through specially crafted...

8.7CVSS7.2AI score0.00299EPSS
Exploits0References7
Exploit DB
Exploit DB
added 2025/08/18 12:0 a.m.284 views

Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure

Exploit Title: Microsoft Windows 10.0.19045 - NTLMv2 Hash Disclosure Date: 13/08/2025 Exploit Author: Ruben Enkaoua Author link: https://x.com/RubenLabs, https://github.com/rubenformation Original Blog: https://cymulate.com/blog/zero-click-one-ntlm-microsoft-security-patch-bypass-cve-2025-50154/...

6.5CVSS7.4AI score0.58974EPSS
Exploits21
Tenable Nessus
Tenable Nessus
added 2025/08/15 12:0 a.m.11 views

Linux Distros Unpatched Vulnerability : CVE-2025-38001

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: netsched: hfsc: Address reentrant enqueue adding class to eltree twice Savino says: We are...

5.5CVSS6.2AI score0.00369EPSS
Exploits3References3
GithubExploit
GithubExploit
added 2025/08/13 5:40 a.m.708 views

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft

NTLM/SMB Hardening & Threat Hunt Toolkit Author: w01f...

7.5CVSS10AI score0.58974EPSS
Exploits21
Rapid7 Blog
Rapid7 Blog
added 2025/07/21 4:42 p.m.11 views

CVE-2025-53770 - Zero-day exploitation in the wild of Microsoft SharePoint servers

Overview On Saturday July 19, 2025, Microsoft released an advisory for CVE-2025-53770, a critical Remote Code Execution RCE vulnerability affecting on-premise SharePoint servers. This vulnerability has been exploited in the wild as a zero-day by an unknown threat actor prior to the disclosure fro...

9.8CVSS9.4AI score0.99982EPSS
Exploits41
RedhatCVE
RedhatCVE
added 2025/06/05 9:18 p.m.33 views

CVE-2025-49002

DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in...

9.8CVSS6.7AI score0.41835EPSS
Exploits3References1
NVD
NVD
added 2025/06/03 9:15 p.m.25 views

CVE-2025-49002

DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in...

9.8CVSS0.41835EPSS
Exploits2References2
CVE
CVE
added 2025/06/03 8:37 p.m.124 views

CVE-2025-49002

DataEase (open source BI/visualization) contains a vulnerability in versions prior to 2.10.10 where a patch for CVE-2025-32966 can be bypassed due to case-insensitive handling, specifically when INIT and RUNSCRIPT are prohibited. The issue is fixed in v2.10.10. A GitHub exploit post (DataEase_Pos...

9.8CVSS7AI score0.41835EPSS
Exploits2References2Affected Software1
OSV
OSV
added 2025/06/03 8:37 p.m.4 views

CVE-2025-49002 Dataease H2 Database Remote Code Execution (RCE) Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Versions prior to version 2.10.10 have a flaw in the patch for CVE-2025-32966 that allow the patch to be bypassed through case insensitivity because INIT and RUNSCRIPT are prohibited. The vulnerability has been fixed in...

9.2CVSS6.5AI score0.41835EPSS
Exploits2References4
CVE
CVE
added 2025/06/03 8:31 p.m.64 views

CVE-2025-48999

DataEase (open source BI/data viz) contains a vulnerability tied to CVE-2025-46566 bypassed in versions before 2.10.10. In a malicious payload, getUrlType() returns hostName; since the judgment is false, the code path is not filtered and the payload can be concatenated at the replace location to ...

8.8CVSS7AI score0.06278EPSS
Exploits1References2Affected Software1
NVD
NVD
added 2025/06/03 7:15 p.m.12 views

CVE-2025-48998

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. ...

8.8CVSS0.00439EPSS
Exploits1References2
OSV
OSV
added 2025/06/03 6:27 p.m.6 views

CVE-2025-48998 Dataease MYSQL JDBC File Reading Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.6, a bypass of the patch for CVE-2025-27103 allows authenticated users to read and deserialize arbitrary files through the background JDBC connection. The vulnerability has been fixed in v2.10.10. ...

8.6CVSS6.5AI score0.00439EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/06/03 12:0 a.m.5 views

PT-2025-23669 · Dataease · Dataease

Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.10.10 Description: A bypass of the patch for a previous issue exists, allowing for the construction of a malicious JDBC statement. In a malicious payload, the getUrlType function retrieves the hostName. Since the...

8.8CVSS6.3AI score0.06278EPSS
Exploits1References8
Rapid7 Blog
Rapid7 Blog
added 2025/03/19 7:51 p.m.5 views

Critical Veeam Backup & Replication CVE-2025-23120

Update Friday, March 28, 2025:Security researchers at CODE WHITE GmbH have noted on social media that it is possible to bypass the patch for CVE-2025-23120. Rapid7 has not directly confirmed the patch bypass, but we are relatively confident in the validity of the finding. Customers should ensure...

9.9CVSS9.9AI score0.18335EPSS
Exploits1
Huntr
Huntr
added 2024/10/10 5:39 a.m.10 views

Patch bypass (Insufficient Patch) of CVE-2024-8736 leads to DoS

This report is not public...

7.5CVSS7.1AI score0.0059EPSS
Exploits2
Rows per page
Query Builder