Lucene search
K

10 matches found

NVD
NVD
added 6 days ago12 views

CVE-2026-57951

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...

7.1CVSS0.00246EPSS
Exploits0References5
Cvelist
Cvelist
added 6 days ago31 views

CVE-2026-57951 Mythic < 3.4.0.60 - Broken Permission Filter in payload_build_step Table

Mythic before 3.4.0.60 contains a broken hasura permission filter on the payloadbuildstep table with an always-satisfied or condition that bypasses operation-scoped access controls. Authenticated operators and spectators can query payloadbuildstep to read stepstdout, stepstderr, stepname, and...

7.1CVSS0.00246EPSS
Exploits0References4
CVE
CVE
added 6 days ago7 views

CVE-2026-57951

Summary: Mythic before 3.4.0.60 contains a broken hasura permission filter on the payload_build_step table with an always-satisfied OR condition that bypasses operation-scoped access controls. This allows authenticated operators and spectators to read fields (step_stdout, step_stderr, step_name, ...

7.1CVSS5.8AI score0.00246EPSS
Exploits0References5Affected Software1
Positive Technologies
Positive Technologies
added 6 days ago10 views

PT-2026-53669

Name of the Vulnerable Software and Affected Versions Mythic versions prior to 3.4.0.60 Description A broken Hasura permission filter exists on the payload build step table. This issue involves an always-satisfied or condition that bypasses operation-scoped access controls. Consequently,...

7.1CVSS6AI score0.00246EPSS
Exploits0References9
RedhatCVE
RedhatCVE
added 2026/06/05 6:49 p.m.6 views

CVE-2024-45257

A Command Injection issue in the payload build page in BYOB Build Your Own Botnet 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py...

7.3CVSS8.2AI score0.03891EPSS
Exploits3References1
EUVD
EUVD
added 2026/05/08 6:32 a.m.9 views

EUVD-2024-55569

A Command Injection issue in the payload build page in BYOB Build Your Own Botnet 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py...

7.3CVSS6.1AI score0.03891EPSS
Exploits3References4
ATTACKERKB
ATTACKERKB
added 2026/05/08 12:0 a.m.7 views

CVE-2024-45257

A Command Injection issue in the payload build page in BYOB Build Your Own Botnet 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py...

7.6AI score0.03891EPSS
Exploits3References5
Vulnrichment
Vulnrichment
added 2026/05/08 12:0 a.m.6 views

CVE-2024-45257

A Command Injection issue in the payload build page in BYOB Build Your Own Botnet 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py...

7.6AI score0.03891EPSS
Exploits3References3
Cvelist
Cvelist
added 2026/05/08 12:0 a.m.221 views

CVE-2024-45257

A Command Injection issue in the payload build page in BYOB Build Your Own Botnet 2.0 allows attackers to execute arbitrary commands on the server via a crafted build parameter. This occurs in freeze in core/generators.py...

0.03891EPSS
Exploits3References3
GithubExploit
GithubExploit
added 2018/12/12 2:41 a.m.5 views

Exploit for Use After Free in Adobe Flash_Player

CVE-2018-15982EXP Usage msfvenom -p windows/exec cm...

10CVSS7.3AI score0.81971EPSS
Exploits13
Rows per page
Query Builder