CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

11233 matches found

Veracode•added 2023/10/27 3:56 p.m.•27 views

Remote Code Execution (RCE)

Azure.Identity is vulnerable to Remote Code Execution. The vulnerability is due to improper property sanitization, which allows an attacker to pass a specially crafted OS-level command to a specific SDK property which can result in Remote Code Execution. The vulnerability exists in the...

8.8CVSS7.5AI score0.02243EPSS

Exploits0References2Affected Software1

hivepro•added 2023/10/27 1:16 p.m.•61 views

Vmware vCenter Flaws Leading to RCE Attacks

Threat Level Vulnerability Report For a detailed threat advisory, download the pdf file here Summary Two vulnerabilities, CVE-2023-34048 and CVE-2023-34056, were identified in VMware vCenter Server, a server management software used for centralized management of virtual machines and ESXi hosts...

7.5CVSS7.8AI score0.99428EPSS

Exploits1

GithubExploit•added 2023/10/27 8:58 a.m.•1771 views

Exploit for Classic Buffer Overflow in Draytek Vigor3910_Firmware

CVE-2022-32548-RCE-POC DrayTek unauthenticated remote code exe...

10CVSS10AI score0.33795EPSS

Exploits2

Packet Storm•added 2023/10/27 12:0 a.m.•393 views

Splunk edit_user Capability Privilege Escalation

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Splunk "edituser" Capability Privilege Escalation', 'Description' = %q A low-privileged user who holds a role that has the "edituser" capability...

8.8CVSS7.1AI score0.73537EPSS

Exploits7

Tenable Nessus•added 2023/10/27 12:0 a.m.•63 views

NextGen Mirth Connect < 4.4.0 RCE (CVE-2023-37679)

According to its self-reported version, the instance of NextGen Mirth Connect running on the remote web server is 4.4.0. It is, therefore, affected by a remote code execution vulnerability that could allow a remote attacker to bypass authentication and execute arbitrary commands. Note that Nessus...

9.8CVSS9.7AI score0.97106EPSS

Exploits12References2

Metasploit•added 2023/10/26 7:50 p.m.•291 views

Splunk "edit_user" Capability Privilege Escalation

A low-privileged user who holds a role that has the "edituser" capability assigned to it can escalate their privileges to that of the admin user by providing a specially crafted web request. This is because the "edituser" capability does not honor the "grantableRoles" setting in the authorize.con...

8.8CVSS8.8AI score0.73537EPSS

Exploits7

NVD•added 2023/10/26 5:15 p.m.•32 views

CVE-2023-43208

NextGen Healthcare Mirth Connect before version 4.4.1 is vulnerable to unauthenticated remote code execution. Note that this vulnerability is caused by the incomplete patch of CVE-2023-37679...

9.8CVSS9.9AI score0.82708EPSS

Exploits21References3

NVD•added 2023/10/25 8:15 p.m.•18 views

CVE-2023-46417

TOTOLINK X6000R v9.4.0cu.652B20230116 was discovered to contain a remote command execution RCE vulnerability via the sub415498 function...

9.8CVSS9.7AI score0.01852EPSS

Exploits1References2

NVD•added 2023/10/25 8:15 p.m.•15 views

CVE-2023-46418

TOTOLINK X6000R v9.4.0cu.652B20230116 was discovered to contain a remote command execution RCE vulnerability via the sub412688 function...

9.8CVSS9.7AI score0.01852EPSS

Exploits1References2

NVD•added 2023/10/25 8:15 p.m.•23 views

CVE-2023-46416

TOTOLINK X6000R v9.4.0cu.652B20230116 was discovered to contain a remote command execution RCE vulnerability via the sub The 41A414 function...

9.8CVSS9.7AI score0.01852EPSS

Exploits1References2

NVD•added 2023/10/25 8:15 p.m.•14 views

CVE-2023-46414

TOTOLINK X6000R v9.4.0cu.652B20230116 was discovered to contain a remote command execution RCE vulnerability via the sub 41D494 function...

9.8CVSS9.7AI score0.01852EPSS

Exploits1References2

NVD•added 2023/10/25 8:15 p.m.•23 views

CVE-2023-46419

TOTOLINK X6000R v9.4.0cu.652B20230116 was discovered to contain a remote command execution RCE vulnerability via the sub415730 function...

9.8CVSS9.7AI score0.01852EPSS

Exploits1References2

NVD•added 2023/10/25 8:15 p.m.•19 views

CVE-2023-46422

TOTOLINK X6000R v9.4.0cu.652B20230116 was discovered to contain a remote command execution RCE vulnerability via the sub411994 function...

9.8CVSS9.7AI score0.01852EPSS

Exploits1References2

Prion•added 2023/10/25 8:15 p.m.•19 views

Command injection

TOTOLINK X6000R v9.4.0cu.652B20230116 was discovered to contain a remote command execution RCE vulnerability via the sub41590C function...

7.5CVSS9.7AI score0.01852EPSS

Exploits1References2Affected Software1

Prion•added 2023/10/25 8:15 p.m.•25 views

Command injection

TOTOLINK X6000R v9.4.0cu.652B20230116 was discovered to contain a remote command execution RCE vulnerability via the sub415498 function...

7.5CVSS9.7AI score0.01852EPSS

Exploits1References2Affected Software1

GithubExploit•added 2023/10/25 5:10 p.m.•454 views

Exploit for CVE-2023-38646

CVE-2023-38646 Python script to exploit CVE-2023-38646 Metabas...

9.8CVSS9.8AI score0.97924EPSS

Exploits36

The Hacker News•added 2023/10/25 10:11 a.m.•72 views

Act Now: VMware Releases Patch for Critical vCenter Server RCE Vulnerability

VMware has released security updates to address a critical flaw in the vCenter Server that could result in remote code execution on affected systems. The issue, tracked as CVE-2023-34048 CVSS score: 9.8, has been described as an out-of-bounds write vulnerability in the implementation of the DCE/R...

7.3AI score0.99428EPSS

Exploits1