Lucene search
K

11234 matches found

CVE
CVE
added 2023/03/23 11:26 a.m.260 views

CVE-2023-28676

CVE-2023-28676 describes a cross-site request forgery (CSRF) vulnerability in the Jenkins Convert To Pipeline Plugin, version 1.0 and earlier. The flaw allows an attacker to create a Pipeline based on a Freestyle project, which can potentially lead to remote code execution (RCE). Public reference...

8.8CVSS9.3AI score0.0064EPSS
Exploits1References1Affected Software1
Packet Storm
Packet Storm
added 2023/03/23 12:0 a.m.367 views

Monitorr 1.7.6m / 1.7.7d Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Monitorr unauthenticated Remote Code Execution RCE', 'Description' = %q This module exploits an arbitrary file upload vulnerability and achieving...

9.8CVSS9.4AI score0.85785EPSS
Exploits8
Exploit DB
Exploit DB
added 2023/03/23 12:0 a.m.174 views

Bitbucket v7.0.0 - RCE

Exploit Title: Bitbucket v7.0.0 - RCE Date: 09-23-2022 Exploit Author: khal4n1 Vendor Homepage: https://github.com/khal4n1 Tested on: Kali and ubuntu LTS 22.04 CVE : cve-2022-36804 The following exploit is used to exploit a vulnerability present Atlassian Bitbucket Server and Data Center 7.0.0...

8.8CVSS9AI score0.99174EPSS
Exploits24
OSV
OSV
added 2023/03/22 10:15 p.m.17 views

CVE-2023-27060

LightCMS v1.3.7 was discovered to contain a remote code execution RCE vulnerability via the image:make function...

9.8CVSS8.6AI score
Exploits0References2
NVD
NVD
added 2023/03/22 10:15 p.m.17 views

CVE-2023-27060

LightCMS v1.3.7 was discovered to contain a remote code execution RCE vulnerability via the image:make function...

9.8CVSS9.9AI score0.01302EPSS
Exploits1References2
Github Security Blog
Github Security Blog
added 2023/03/22 6:36 p.m.33 views

Pimcore Remote Code Execution vulnerability in Search function

Impact Attacker can get full DB and maybe RCE knowing the WEBROOT path Patches Update to version 10.5.19 or apply this patch manually https://github.com/pimcore/pimcore/commit/367b74488808d71ec3f66f4ca9e8df5217c2c8d2.patch Workarounds Apply patch...

8.8CVSS8.4AI score0.65115EPSS
Exploits1References6Affected Software1
CVE
CVE
added 2023/03/22 12:0 a.m.58 views

CVE-2023-27060

LightCMS v1.3.7 contains a remote code execution (RCE) vulnerability exploitable via the image:make function. Affected software: LightCMS 1.3.7. Root cause: ability to trigger arbitrary code execution through image:make. Impact: high/critical risk (per CVSS 3.1 metrics in the CVE entry). Remediat...

9.8CVSS9.8AI score0.01302EPSS
Exploits1References2Affected Software1
Tenable Nessus
Tenable Nessus
added 2023/03/22 12:0 a.m.43 views

Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM : GitPython vulnerability (USN-5968-1)

The remote Ubuntu 16.04 ESM / 18.04 ESM / 20.04 ESM / 22.04 ESM host has packages installed that are affected by a vulnerability as referenced in the USN-5968-1 advisory. It was discovered that GitPython did not properly sanitize user inputs for remote URLs in the clone command. By injecting a...

9.8CVSS8.6AI score0.05378EPSS
Exploits1References2
NVD
NVD
added 2023/03/20 4:15 p.m.42 views

CVE-2023-0340

The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. R...

8.8CVSS8.7AI score0.01047EPSS
Exploits1References1
Prion
Prion
added 2023/03/20 4:15 p.m.12 views

Design/Logic Flaw

The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. R...

6.5CVSS8.6AI score0.01047EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2023/03/20 3:52 p.m.8 views

CVE-2023-0340 Custom Content Shortcode <= 4.0.2 - Contributor+ LFI

The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. R...

8.7AI score0.01047EPSS
Exploits1References1
CVE
CVE
added 2023/03/20 3:52 p.m.58 views

CVE-2023-0340

The CVE-2023-0340 issue affects the Custom Content Shortcode WordPress plugin (

8.8CVSS8.7AI score0.01047EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/03/20 3:52 p.m.52 views

CVE-2023-0340 Custom Content Shortcode <= 4.0.2 - Contributor+ LFI

The Custom Content Shortcode WordPress plugin through 4.0.2 does not validate one of its shortcode attribute, which could allow users with a contributor role and above to include arbitrary files via a traversal attack. This could also allow them to read non PHP files and retrieve their content. R...

8.8AI score0.01047EPSS
Exploits1References1
Rapid7 Blog
Rapid7 Blog
added 2023/03/17 7:33 p.m.69 views

Metasploit Weekly Wrap-Up

FortiNAC EITW Content Added Whilst we did have a few cool new modules added this week, one particularly interesting one was a Fortinet FortiNAC vulnerability, CVE-2022-39952, that was added in by team member Jack Heysel. This module exploits an unauthenticated RCE in Fortinet FortiNAC versions...

7.2CVSS0.2AI score0.99815EPSS
Exploits18
NVD
NVD
added 2023/03/16 3:15 p.m.21 views

CVE-2023-27037

Qibosoft QiboCMS v7 was discovered to contain a remote code execution RCE vulnerability via the GetTitle function at labelsetrs.php...

8.8CVSS9.1AI score0.01488EPSS
Exploits1References1
CVE
CVE
added 2023/03/16 12:0 a.m.68 views

CVE-2023-27037

Qibosoft QiboCMS v7 is affected by a remote code execution (RCE) vulnerability in the Get_Title function of label_set_rs.php. The CVE entry CVE-2023-27037 documents impact on QiboCMS v7 and indicates high-severity risk (CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U/C/H/I/H). Several connected sources corrobo...

8.8CVSS9AI score0.01488EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2023/03/16 12:0 a.m.19 views

CVE-2023-27037

Qibosoft QiboCMS v7 was discovered to contain a remote code execution RCE vulnerability via the GetTitle function at labelsetrs.php...

9.3AI score0.01488EPSS
Exploits1References1
Cvelist
Cvelist
added 2023/03/16 12:0 a.m.18 views

CVE-2023-27040

Simple Image Gallery v1.0 was discovered to contain a remote code execution RCE vulnerability via the username parameter...

10AI score0.01982EPSS
Exploits1References1
Packet Storm
Packet Storm
added 2023/03/16 12:0 a.m.334 views

Bitbucket Environment Variable Remote Command Injection

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Bitbucket Environment Variable RCE', 'Description' = %q For various versions of Bitbucket, there is an authenticated command injection...

9.8CVSS0.8AI score0.98035EPSS
Exploits3
CVE
CVE
added 2023/03/16 12:0 a.m.52 views

CVE-2023-27040

CVE-2023-27040 affects Simple Image Gallery v1.0, with a remote code execution (RCE) vulnerability exploitable via the username parameter. Connected sources confirm the issue leads to high-impact outcomes (CONFIDENTIALITY, INTEGRITY, AVAILABILITY all at HIGH) and indicate network-level access wit...

9.8CVSS9.8AI score0.01982EPSS
Exploits1References1Affected Software1
Rows per page
Query Builder