Lucene search
K

11233 matches found

Packet Storm
Packet Storm
added 2023/04/18 12:0 a.m.412 views

SecurePoint UTM 12.x Session ID Leak

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: SecurePoint UTM Vendor URL: https://www.securepoint.de/en/for-companies/firewall-vpn Type: Exposure of Sensitive Information to an Unauthorized Actor CWE-200 Date found: 2023-01-05 Date...

7.6AI score0.03888EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/04/18 12:0 a.m.366 views

SecurePoint UTM 12.x Memory Leak

RCE Security Advisory https://www.rcesecurity.com 1. ADVISORY INFORMATION ======================= Product: SecurePoint UTM Vendor URL: https://www.securepoint.de/en/for-companies/firewall-vpn Type: Use of Uninitialized Variable CWE-457 Date found: 2023-01-05 Date published: 2023-04-12 CVSSv3 Scor...

6.6AI score0.04074EPSS
Exploits4
Packet Storm
Packet Storm
added 2023/04/18 12:0 a.m.403 views

Mware Workspace ONE Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'VMware Workspace ONE Access VMSA-2022-0011 exploit chain', 'Description' = %q This module combines two vulnerabilities in order achieve remote co...

9.8CVSS8.4AI score0.50694EPSS
Exploits12
GithubExploit
GithubExploit
added 2023/04/14 3:41 p.m.4 views

Exploit for CVE-2023-28615

CVE-2023-29929: Remote "Instakill" DoS in Kemp LoadMaster via...

7.5CVSS9.9AI score0.00944EPSS
Exploits2
Wiz blog
Wiz blog
added 2023/04/13 7:20 p.m.73 views

Microsoft April 2023 Patch Tuesday Highlights: everything you need to know

Detect and mitigate CVE-2023-28252, EoP vulnerability exploited in the wild, and CVE-2023-21554, a critical RCE vulnerability. Organizations should patch urgently...

6.9AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2023/04/13 12:0 a.m.38 views

QNAP QTS / QuTS hero RCE (QSA-23-10)

The version of QNAP QTS / QuTS hero installed on the remote host is affected by a remote code execution vulneraability. If exploited, it allows remote authenticated users to execute arbitrary commands via susceptible QNAP devices. Note that Nessus has not tested for this issue but has instead...

7.2CVSS8.2AI score0.01226EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2023/04/13 12:0 a.m.18 views

SPIP CMS < 3.2.18 / 4.0.x < 4.0.10 / 4.1.x < 4.1.8 / 4.2.x < 4.2.1 Object Injection RCE

The SPIP CMS is vulnerable to an unauthenticated Remote Code Execution via form values in the public area because serialization is mishandled. No source data...

9.8CVSS10AI score0.99637EPSS
Exploits23References2
Atlassian
Atlassian
added 2023/04/12 9:24 a.m.141 views

Malicious file upload in Jira Server via anonymous sources

Affected versions of Atlassian Jira Server/DC allows an unauthenticated attacker to upload arbitrary files to Jira via file upload functionality in the fileupload url. However An attacker cannot control the filename or its location, which prevents the possibility of RCE. Files with name start...

7.2AI score
Exploits0
OpenVAS
OpenVAS
added 2023/04/12 12:0 a.m.19 views

Microsoft Office 2019 Multiple RCE Vulnerabilities (Apr 2023) - Mac OS X

This host is missing an important security update for Microsoft Office 2019 on Mac OS X according to Microsoft security update April 2023 SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

7.8CVSS7.7AI score0.03011EPSS
Exploits7References1
Cvelist
Cvelist
added 2023/04/12 12:0 a.m.27 views

CVE-2023-26420 ZDI-CAN-20227: Adobe Acrobat Reader DC AcroForm addField Use-After-Free Remote Code Execution Vulnerability

Adobe Acrobat Reader versions 23.001.20093 and earlier and 20.005.30441 and earlier are affected by a Use After Free vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a...

7.8CVSS7.9AI score0.0271EPSS
Exploits0References1
Rapid7 Blog
Rapid7 Blog
added 2023/04/11 10:49 p.m.185 views

Patch Tuesday - April 2023

Microsoft is offering fixes for 114 vulnerabilities for April 2023 Patch Tuesday. This month’s haul includes a single zero-day vulnerability, as well as seven critical Remote Code Execution RCE vulnerabilities. There is a strong focus on fixes for Windows OS this month. Zero-day vulnerability: CL...

9CVSS10.1AI score0.95454EPSS
Exploits42
Github Security Blog
Github Security Blog
added 2023/04/11 10:2 p.m.54 views

.NET Remote Code Execution vulnerability

Microsoft Security Advisory CVE-2023-28260: .NET Remote Code Execution Vulnerability Executive summary Microsoft is releasing this security advisory to provide information about a vulnerability in .NET 7.0 and .NET 6.0. This advisory also provides guidance on what developers can do to update thei...

7.8CVSS8.2AI score0.01531EPSS
Exploits0References5Affected Software4
CVE
CVE
added 2023/04/11 7:13 p.m.393 views

CVE-2023-28231

CVE-2023-28231 is a Windows DHCP Server Service remote code execution vulnerability. The DHCP service can be abused by an authenticated attacker who sends a specially crafted RPC call over a restricted network, potentially achieving code execution with high impact (C/H/I/A) per CVSS 3.1. Public s...

8.8CVSS9.1AI score0.36874EPSS
Exploits0References1Affected Software5
Cvelist
Cvelist
added 2023/04/11 7:13 p.m.28 views

CVE-2023-24926 Microsoft PostScript and PCL6 Class Printer Driver Remote Code Execution Vulnerability

...

8.8CVSS9.4AI score0.0164EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2023/04/11 7:13 p.m.15 views

CVE-2023-24893 Visual Studio Code Remote Code Execution Vulnerability

...

7.8CVSS6.8AI score0.01103EPSS
Exploits0References1
CVE
CVE
added 2023/04/11 7:13 p.m.235 views

CVE-2023-24893

CVE-2023-24893 affects Visual Studio Code; versions prior to 1.77.2 are vulnerable to remote code execution. An attacker could bypass authentication and execute arbitrary commands. Remediation: update VS Code to 1.77.2 or later per Nessus plugin details. Other sources corroborate RCE vectors for ...

7.8CVSS7.9AI score0.01103EPSS
Exploits0References1Affected Software1
Github Security Blog
Github Security Blog
added 2023/04/11 6:30 a.m.28 views

safe-eval vulnerable to Sandbox Bypass due to improper input sanitization

All versions of the package safe-eval are vulnerable to Sandbox Bypass due to improper input sanitization. The vulnerability is derived from prototype pollution exploitation. Exploiting this vulnerability might result in remote code execution RCE. Vulnerable functions: defineGetter, stack,...

10CVSS9.5AI score0.02101EPSS
Exploits1References10Affected Software1
CVE
CVE
added 2023/04/11 5:0 a.m.65 views

CVE-2023-26122

The CVE-2023-26122 entry concerns the package safe-eval and describes a Sandbox Bypass caused by improper input sanitization that enables prototype pollution. Affected component/function surface includes defineGetter , stack(), toLocaleString(), propertyIsEnumerable.call(), and valueOf(). The vul...

10CVSS9.7AI score0.02101EPSS
Exploits1References8Affected Software1
CVE
CVE
added 2023/04/11 12:0 a.m.638 views

CVE-2023-29492

Summary (CVE-2023-29492) NoviSurvey before version 8.9.43676 is affected by an insecure deserialization vulnerability. The flaw allows remote attackers to execute arbitrary code on the server in the context of the service account, without accessing stored survey or response data. Concrete details...

9.8CVSS9AI score0.0269EPSS
In wildExploits0References2Affected Software1
OSV
OSV
added 2023/04/10 8:15 a.m.10 views

CVE-2023-27603

In Apache Linkis =1.3.1, due to the Manager module engineConn material upload does not check the zip path, This is a Zip Slip issue, which will lead to a potential RCE vulnerability. We recommend users upgrade the version of Linkis to version 1.3.2...

9.8CVSS9.7AI score
Exploits0References2
Rows per page
Query Builder