CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

7059 matches found

Fedora•added 2024/11/09 12:58 a.m.•11 views

[SECURITY] Fedora 39 Update: iaito-5.9.6-1.fc39

iaito is a Qt and C++ GUI for radare2. It is the continuation of Cutter before the fork to keep radare2 as backend. Its goal is making an advanced, customizable and FOSS reverse-engineering platform while keeping the user experience at mind. The iaito is created by reverse engineers for reverse...

5.5CVSS7.3AI score0.00198EPSS

Exploits0

Fedora•added 2024/11/09 12:58 a.m.•10 views

[SECURITY] Fedora 39 Update: radare2-5.9.6-1.fc39

The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...

5.5CVSS7.5AI score0.00198EPSS

Exploits0

GithubExploit•added 2024/11/07 3:28 a.m.•502 views

Exploit for CVE-2023-6553

CVE-2023-6553 Exploit Development for CVE-2023-6553 on Backup...

9.8CVSS9.8AI score0.97846EPSS

Exploits14

CNNVD•added 2024/11/06 12:0 a.m.•2 views

F5 Nginx 授权问题漏洞

F5 Nginx is a lightweight web server/reverse proxy server and email IMAP/POP3 proxy server from F5 USA, distributed under the BSD-like protocol. An authorization issue vulnerability exists in F5 Nginx that stems from not checking random numbers at login...

5.4CVSS5.6AI score0.00339EPSS

Exploits0References3

OSV•added 2024/11/01 6:30 a.m.•5 views

GHSA-HXX2-7VCW-MQR3 Sinatra vulnerable to Reliance on Untrusted Inputs in a Security Decision

Versions of the package sinatra from 0.0.0 are vulnerable to Reliance on Untrusted Inputs in a Security Decision via the X-Forwarded-Host XFH header. When making a request to a method with redirect applied, it is possible to trigger an Open Redirect Attack by inserting an arbitrary address into...

5.4CVSS5.7AI score0.00476EPSS

Exploits0References9

OSV•added 2024/11/01 5:15 a.m.•9 views

CVE-2024-21510

5.4CVSS5.5AI score

Exploits0References4

Rapid7 Blog•added 2024/10/30 8:19 p.m.•34 views

Investigating a SharePoint Compromise: IR Tales from the Field

Executive summary Rapid7’s Incident Response team recently investigated a Microsoft Exchange service account with domain administrator privileges. Our investigation uncovered an attacker who accessed a server without authorization and moved laterally across the network, compromising the entire...

7.2CVSS8.4AI score0.55328EPSS

Exploits1

Talos Blog•added 2024/10/30 10:0 a.m.•11 views

Writing a BugSleep C2 server and detecting its traffic with Snort

In June 2024, security researchers published their analysis of a novel implant dubbed "MuddyRot"aka "BugSleep". This remote access tool RAT gives operators reverse shell and file input/output I/O capabilities on a victim's endpoint using a bespoke command and control C2 protocol. This blog will...

8.1AI score

Exploits0

0day.today•added 2024/10/30 12:0 a.m.•840 views

Xerox Printers Authenticated Remote Code Execution Vulnerability

Various Xerox printers, such as models EC80xx, AltaLink, VersaLink, and WorkCentre, suffer from an authenticated remote code execution vulnerability. ======================================================================= title: Authenticated Remote Code Execution product: Multiple Xerox printers...

7.2CVSS7.9AI score0.01214EPSS

Exploits2

OSV•added 2024/10/28 12:23 p.m.•14 views

GHSA-W7HQ-F2PJ-C53G pyLoad vulnerable to remote code execution by download to /.pyload/scripts using /flashgot API

Summary The folder /.pyload/scripts has scripts which are run when certain actions are completed, for e.g. a download is finished. By downloading a executable file to a folder in /scripts and performing the respective action, remote code execution can be achieved. A file can be downloaded to such...

9.4CVSS6.7AI score0.00679EPSS

Exploits1References5