Lucene search
K

11236 matches found

OSV
OSV
added 2023/07/07 1:42 p.m.37 views

GHSA-3Q76-JQ6M-573P Archive_Tar contains Potential RCE if filename starts with phar://

PEAR ArchiveTar version 1.4.3 and earlier contains a CWE-502, CWE-915 vulnerability in the ArchiveTar class. There are several file operations with $vheader'filename' as parameter such as fileexists, isfile, isdir, etc. When extract is called without a specific prefix path, we can trigger...

8.8CVSS8.8AI score0.18286EPSS
Exploits5References12
Huntr
Huntr
added 2023/07/07 12:59 a.m.91 views

Mongoose Prototype Pollution Vulnerability

If an attacker has some way to control an object on the Mongo server through one way or another, it is possible to cause prototype pollution on any Mongoose client. Notably, if a poorly implemented service allows a user to control the object in findByIdAndUpdate and similar functions, this bug...

7.5CVSS6.7AI score0.0101EPSS
Exploits1
CVE
CVE
added 2023/07/07 12:0 a.m.140 views

CVE-2023-37170

TOTOLINK A3300R (V17.0.0cu.557_B20221024) is affected by CVE-2023-37170: an unauthenticated remote code execution via the lang parameter in the setLanguageCfg function. The vulnerability is described in multiple sources as a code execution condition stemming from improper handling of input in the...

9.8CVSS9.9AI score0.01396EPSS
Exploits1References1Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/06 9:15 p.m.30 views

Apache Airflow CNCF Kubernetes Provider: KubernetesPodOperator RCE via connection configuration

Arbitrary code execution in Apache Airflow CNCF Kubernetes provider version 5.0.0 allows user to change xcom sidecar image and resources via Airflow connection. In order to exploit this weakness, a user would already need elevated permissions Op or Admin to change the connection object in this...

7.2CVSS7.4AI score0.01531EPSS
Exploits0References3Affected Software1
Metasploit
Metasploit
added 2023/07/06 7:51 p.m.458 views

Apache RocketMQ update config RCE

RocketMQ versions 5.1.0 and below are vulnerable to Arbitrary Code Injection. Broker component of RocketMQ is leaked on the extranet and lack permission verification. An attacker can exploit this vulnerability by using the update configuration function to execute commands as the system users that...

9.8CVSS9.8AI score0.96604EPSS
Exploits11
OSV
OSV
added 2023/07/06 7:24 p.m.20 views

GHSA-PJ5J-W7MW-W797 Apache Linkis Zip Slip issue

In Apache Linkis =1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2...

9.8CVSS9.4AI score0.01808EPSS
Exploits0References4
Github Security Blog
Github Security Blog
added 2023/07/06 7:24 p.m.36 views

HtmlUnit Code Injection vulnerability

Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage...

9.8CVSS7.5AI score0.02513EPSS
Exploits1References5Affected Software1
Github Security Blog
Github Security Blog
added 2023/07/06 7:24 p.m.23 views

Apache Linkis Zip Slip issue

In Apache Linkis =1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2...

9.8CVSS6.9AI score0.01808EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2023/07/06 7:24 p.m.30 views

GHSA-3XRR-7M6P-P7XH HtmlUnit Code Injection vulnerability

Versions of the package net.sourceforge.htmlunit:htmlunit from 0 and before 3.0.0 are vulnerable to Remote Code Execution RCE via XSTL, when browsing the attacker’s webpage...

9.8CVSS9.6AI score0.02513EPSS
Exploits1References5
Github Security Blog
Github Security Blog
added 2023/07/06 7:24 p.m.22 views

Apache Kylin vulnerable to remote code execution

Kylin's cube designer function has a command injection vulnerability when overwriting system parameters in the configuration overwrites menu. RCE can be implemented by closing the single quotation marks around the parameter value of “-- conf=” to inject any operating system command into the comma...

9.8CVSS7.4AI score0.84777EPSS
Exploits0References5Affected Software3
CVE
CVE
added 2023/07/06 6:39 p.m.186 views

CVE-2023-36460

CVE-2023-36460 affects Mastodon before the patches: 3.5.0–3.5.8, 4.0.0–4.0.4, and 4.1.0–4.1.2. A media processing flaw allows crafted media files to cause arbitrary files to be created or overwritten at any location the instance can access, enabling Denial of Service and arbitrary Remote Code Exe...

9.9CVSS9.7AI score0.37264EPSS
Exploits0References6Affected Software1
0day.today
0day.today
added 2023/07/06 12:0 a.m.185 views

Gila CMS 1.10.9 - Remote Code Execution (Authenticated) Exploit

Exploit Title: Gila CMS 1.10.9 - Remote Code Execution RCE Authenticated Exploit Author: Omer Shaik unknownexploit Vendor Homepage: https://gilacms.com/ Software Link: https://github.com/GilaCMS/gila/ Version: Gila 1.10.9 Tested on: Linux import requests from termcolor import colored from...

7.1AI score
Exploits0
OpenVAS
OpenVAS
added 2023/07/06 12:0 a.m.20 views

D-Link DIR-823G 'EXCU_SHELL' RCE Vulnerability - Active Check

D-Link DIR-823G Routers are prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

9.6AI score
Exploits0References1
CVE
CVE
added 2023/07/05 9:14 p.m.97 views

CVE-2023-36821

CVE-2023-36821 affects Uptime Kuma prior to 1.22.1. An authenticated user can install a malicious plugin via the plugin installation flow, where plugins are installed with npm in the plugin directory. The plugin validation relies on an official plugin list and does not disable npm scripts during ...

8.8CVSS8.9AI score0.01661EPSS
Exploits1References4Affected Software1
GithubExploit
GithubExploit
added 2023/07/05 2:41 p.m.687 views

Exploit for Deserialization of Untrusted Data in Spip

This PoC was wrote quickly, it's nothing special. This e...

9.8CVSS9.8AI score0.99637EPSS
Exploits23
hivepro
hivepro
added 2023/07/05 7:48 a.m.13 views

Attacks, Vulnerabilities and Actors 26 June to 2 July 2023

For a detailed threat digest, download the pdf file here Summary HiveForce Labs recently made several significant discoveries related to cybersecurity threats. Over the past week, the fact that there were a total of four attacks executed, taking advantage of three different vulnerabilities in...

7.6AI score
Exploits0
Trellix
Trellix
added 2023/07/05 12:0 a.m.112 views

The Bug Report - June 2023 Edition

The Bug Report – June 2023 Edition By Trellix · July 05, 2023 This story was also written by Jesse Chick. Can I have a word with the developers who greenlit these vulns? Why am I here? "To our newcomers, welcome! To our old hands, welcome back!" Iykyk. Every month, we chronicle the disruptive new...

10.7AI score0.99934EPSS
Exploits32
0day.today
0day.today
added 2023/07/04 12:0 a.m.232 views

POS Codekop v2.0 - Authenticated Remote Code Execution Vulnerability

Exploit Title: POS Codekop v2.0 - Authenticated Remote Code Execution RCE Exploit Author: yuyudhn Vendor Homepage: https://www.codekop.com/ Software Link: https://github.com/fauzan1892/pos-kasir-php Version: 2.0 Tested on: Linux CVE: CVE-2023-36348 Vulnerability description: The application does...

8.8CVSS7.1AI score0.06366EPSS
Exploits4
OSV
OSV
added 2023/07/03 10:15 a.m.13 views

CVE-2023-35797

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this to be exploited it...

9.8CVSS9.1AI score
Exploits0References3
Prion
Prion
added 2023/07/03 10:15 a.m.14 views

Input validation

Improper Input Validation vulnerability in Apache Software Foundation Apache Airflow Hive Provider. This issue affects Apache Airflow Apache Hive Provider: before 6.1.1. Before version 6.1.1 it was possible to bypass the security check to RCE via principal parameter. For this to be exploited it...

7.5CVSS9.2AI score0.02791EPSS
Exploits0References3Affected Software1
Rows per page
Query Builder