CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

853 matches found

SaltStack Salt <3002.5 - Auth Bypass

SaltStack Salt before 3002.5 does not honor eauth credentials for the wheelasync client, allowing attackers to remotely run any wheel modules on the master. id: CVE-2021-25281 info: name: SaltStack Salt 3002.5 - Auth Bypass author: madrobot severity: critical description: SaltStack Salt before...

9.8CVSS7.3AI score0.93846EPSS

Exploits5References5

Nuclei•added 6 days ago•26 views

SaltStack <=3002 - Shell Injection

SaltStack Salt through 3002 allows an unauthenticated user with network access to the Salt API to use shell injections to run code on the Salt-API using the SSH client. id: CVE-2020-16846 info: name: SaltStack =3003 to mitigate this vulnerability. reference: -...

9.8CVSS7.3AI score0.94387EPSS

Exploits5References5

VulnCheck KEV•added 2026/01/14 12:0 a.m.•13 views

VulnCheck KEV: CVE-2021-25281

An issue was discovered in through SaltStack Salt before 3002.5. salt-api does not honor eauth credentials for the wheelasync client. Thus, an attacker can remotely run any wheel modules on the master...

9.8CVSS5.8AI score0.93846EPSS

In wildExploits5References2

RedhatCVE•added 2026/01/09 11:27 a.m.•2 views

CVE-2021-33226

Buffer Overflow vulnerability in Saltstack v.3003 and before allows attacker to execute arbitrary code via the func variable in salt/salt/modules/status.py file. NOTE: this is disputed by third parties because an attacker cannot influence the eval input...

9.8CVSS7.7AI score0.04007EPSS

Exploits1References1

CNNVD•added 2025/11/20 12:0 a.m.•1 views

SaltStack Salt 安全漏洞

SaltStack Salt is a set of open-source tools developed by SaltStack Corporation for managing infrastructure. This tool offers features such as configuration management and remote execution. There is a security vulnerability in SaltStack Salt, which stems from a degradation of the authentication...

7.5CVSS5.9AI score0.00018EPSS

Exploits0References3