Lucene search
K

2289 matches found

RedhatCVE
RedhatCVE
added 2025/09/18 10:28 p.m.12 views

CVE-2025-37128

A vulnerability in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to terminate arbitrary running processes. Successful exploitation could allow an attacker to disrupt system operations, potentially resulting in an unstable system state...

6.8CVSS6.9AI score0.00294EPSS
Exploits0References1
VulnCheck KEV
VulnCheck KEV
added 2025/09/17 12:0 a.m.19 views

VulnCheck KEV: CVE-2024-51324

An issue in the BdApiUtil driver of Baidu Antivirus v5.2.3.116083 allows attackers to terminate arbitrary process via executing a BYOVD Bring Your Own Vulnerable Driver attack...

3.8CVSS5.9AI score0.0047EPSS
In wildExploits1References5
NVD
NVD
added 2025/09/16 11:15 p.m.6 views

CVE-2025-37128

A vulnerability in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to terminate arbitrary running processes. Successful exploitation could allow an attacker to disrupt system operations, potentially resulting in an unstable system state...

6.8CVSS0.00294EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/16 10:22 p.m.4 views

CVE-2025-37128 Authenticated Arbitrary Process Termination allows potential System Disruption in ECOS

A vulnerability in the web API of HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to terminate arbitrary running processes. Successful exploitation could allow an attacker to disrupt system operations, potentially resulting in an unstable system state...

6.8CVSS6.5AI score0.00294EPSS
Exploits0References1
CVE
CVE
added 2025/09/16 10:22 p.m.16 views

CVE-2025-37128

CVE-2025-37128 affects HPE Aruba Networking EdgeConnect SD-WAN Gateways web API. The vulnerability could allow an authenticated remote attacker to terminate arbitrary running processes, potentially disrupting system operations and causing an unstable state. Reports in multiple sources note fixes/...

6.8CVSS6.5AI score0.00294EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/15 12:31 p.m.5 views

Chaos Mesh's Chaos Controller Manager is Missing Authentication for Critical Function

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service...

7.5CVSS7.2AI score0.00987EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2025/09/15 12:31 p.m.8 views

Chaos Controller Manager is vulnerable to OS command injection

The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster...

9.8CVSS8.5AI score0.02814EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2025/09/15 12:31 p.m.4 views

GHSA-2GG8-85M5-8R2P Chaos Mesh's Chaos Controller Manager is Missing Authentication for Critical Function

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service...

7.5CVSS7.2AI score0.00987EPSS
Exploits1References5
OSV
OSV
added 2025/09/15 12:15 p.m.4 views

CVE-2025-59358

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service...

7.5CVSS7.2AI score
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/09/15 11:40 a.m.2 views

CVE-2025-59360 OS command injection in Chaos Mesh via the killProcesses mutation

The killProcesses mutation in Chaos Controller Manager is vulnerable to OS command injection. In conjunction with CVE-2025-59358, this allows unauthenticated in-cluster attackers to perform remote code execution across the cluster...

9.8CVSS7.7AI score0.02814EPSS
Exploits1References2
CVE
CVE
added 2025/09/15 11:40 a.m.23 views

CVE-2025-59360

CVE-2025-59360 concerns Chaos Mesh’s Chaos Controller Manager. The killProcesses mutation (and related mutations like cleanIptables/cleanTcs) is reported vulnerable to OS command injection, enabling unauthenticated in-cluster attackers to perform remote code execution across the Kubernetes cluste...

9.8CVSS8.1AI score0.02814EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2025/09/15 11:34 a.m.11 views

CVE-2025-59358 Denial of Service via Unauthorized Access to Chaos Mesh debugging server

The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster, which provides an API to kill arbitrary processes in any Kubernetes pod, leading to cluster-wide denial of service...

7.5CVSS0.00987EPSS
Exploits1References2
CVE
CVE
added 2025/09/15 11:34 a.m.24 views

CVE-2025-59358

The CVE-2025-59358 entry is linked to Chaos Mesh: the Chaos Controller Manager exposes a GraphQL debugging server without authentication, reachable across the Kubernetes cluster. This misconfiguration permits an attacker to access an API capable of killing arbitrary processes in any pod, leading ...

7.5CVSS6.7AI score0.00987EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2025/09/15 12:0 a.m.11 views

PT-2025-37473

Name of the Vulnerable Software and Affected Versions Chaos Mesh versions prior to 2.7.3 Description The Chaos Controller Manager in Chaos Mesh exposes a GraphQL debugging server without authentication to the entire Kubernetes cluster. This server provides an API that allows attackers to kill...

9.9CVSS7.4AI score0.10543EPSS
Exploits21References66
RedhatCVE
RedhatCVE
added 2025/09/11 12:16 a.m.9 views

CVE-2025-52915

K7RKScan.sys 23.0.0.10, part of the K7 Security Anti-Malware suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabli...

7.2CVSS6.6AI score0.00504EPSS
Exploits1References1
Tenable Nessus
Tenable Nessus
added 2025/09/10 12:0 a.m.4 views

Linux Distros Unpatched Vulnerability : CVE-2021-46787

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The AMS module has a vulnerability of improper permission control.Successful exploitation of this vulnerability may cause non-system application processes to...

7.5CVSS7.2AI score0.00688EPSS
Exploits0References2
NVD
NVD
added 2025/09/09 4:15 p.m.5 views

CVE-2025-52915

K7RKScan.sys 23.0.0.10, part of the K7 Security Anti-Malware suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabli...

7.2CVSS0.00504EPSS
Exploits1References2
CVE
CVE
added 2025/09/09 12:0 a.m.52 views

CVE-2025-52915

CVE-2025-52915 affects K7RKScan.sys 23.0.0.10 (K7 Security Anti-Malware). The vulnerability arises from insufficient caller validation in the driver’s IOCTL handler, allowing an admin-privileged user to send crafted IOCTLs to terminate processes protected by a third-party implementation, in kerne...

7.2CVSS6.1AI score0.00504EPSS
Exploits1References2
RedhatCVE
RedhatCVE
added 2025/09/06 1:34 a.m.4 views

CVE-2025-58358

Markdownify is a Model Context Protocol server for converting almost anything to Markdown. Versions below 0.0.2 contain a command injection vulnerability, caused by the unsanitized use of input parameters within a call to childprocess.exec, enabling an attacker to inject arbitrary system commands...

7.5CVSS8.7AI score0.0099EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2025/09/04 3:44 a.m.3 views

atop through 2.11.0 allows local users to cause a denial of service (e.g., assertion failure and application exit) or possibly have unspecified other impact by running certain types of unprivileged processes while a different user runs atop.

...

2.9CVSS5.4AI score0.00192EPSS
Exploits0
Rows per page
Query Builder