Lucene search
K

81 matches found

OSV
OSV
added 2022/04/12 5:15 p.m.9 views

CVE-2022-27139

An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploadin...

9.8CVSS9.7AI score
Exploits0References2
Prion
Prion
added 2022/04/12 5:15 p.m.17 views

Remote code execution

DISPUTED An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The...

7.5CVSS9.6AI score0.0379EPSS
Exploits1References2Affected Software1
Prion
Prion
added 2022/04/12 5:15 p.m.24 views

Design/Logic Flaw

An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional...

7.5CVSS9.5AI score0.03436EPSS
Exploits1References6Affected Software1
Cvelist
Cvelist
added 2022/04/12 4:29 p.m.21 views

CVE-2022-28397

An arbitrary file upload vulnerability in the file upload module of Ghost CMS v4.42.0 allows attackers to execute arbitrary code via a crafted file. NOTE: Vendor states as detailed in Ghost's security documentation, files can only be uploaded and published by trusted users, this is intentional...

9.8AI score0.03436EPSS
Exploits1References6
Vulnrichment
Vulnrichment
added 2022/04/12 4:28 p.m.16 views

CVE-2022-27139

An arbitrary file upload vulnerability in the file upload module of Ghost v4.39.0 allows attackers to execute arbitrary code via a crafted SVG file. NOTE: Vendor states that as outlined in Ghost's security documentation, upload of SVGs is only possible by trusted authenticated users. The uploadin...

8.2AI score0.0379EPSS
Exploits1References2
OSV
OSV
added 2022/03/24 12:4 a.m.38 views

GHSA-R9CR-HVJJ-496V Path traversal and improper access control allows leaking out-of-bound files from Argo CD repo-server

Impact All unpatched versions of Argo CD starting with v1.3.0 are vulnerable to a path traversal bug, compounded by an improper access control bug, allowing a malicious user with read-only repository access to leak sensitive files from Argo CD's repo-server. A malicious Argo CD user who has been...

7.7CVSS6.8AI score0.0086EPSS
Exploits0References3
Circl
Circl
added 2022/03/09 4:0 a.m.29 views

CVE-2022-23277

creationtimestamp| type| source ---|---|--- 2022-03-09 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=752 2022-06-29 11:03:01+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/6298 2022-08-19 16:31:57+00:00| seen|...

8.8CVSS8.3AI score0.40789EPSS
Exploits3References4
Kitploit
Kitploit
added 2021/12/12 11:30 a.m.53 views

CloudSpec - An Open Source Tool For Validating Your Resources In Your Cloud Providers Using A Logical Language

CloudSpec is an open source tool for validating your resources in your cloud providers using a logical language that everybody can understand. With its reasonably simple syntax, you can validate the configuration of your cloud resources, avoiding mistakes that can lead to availability or...

7.4AI score
Exploits0References1
Circl
Circl
added 2021/05/14 1:56 a.m.41 views

CVE-2021-26828

creationtimestamp| type| source ---|---|--- 2021-05-14 01:56:05+00:00| seen| https://t.me/pwnwikizhchannel/422 2022-07-04 22:17:17+00:00| published-proof-of-concept| https://t.me/CyberSecurityTechnologies/3610 2023-12-12 01:23:48+00:00| seen| https://t.me/arpsyndicate/1785 2025-01-06...

8.8CVSS7.5AI score0.39096EPSS
Exploits8References21
Circl
Circl
added 2021/02/15 4:46 p.m.9 views

CVE-2021-25299

creationtimestamp| type| source ---|---|--- 2021-02-15 16:46:42+00:00| seen| https://t.me/cibsecurity/23592 2023-04-27 09:58:59+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2021/CVE-2021-25299.yaml...

6.1CVSS7AI score0.96861EPSS
Exploits3References2
OSV
OSV
added 2020/04/12 5:15 p.m.7 views

CVE-2020-11710

An issue was discovered in docker-kong for Kong through 2.0.3. The admin API port may be accessible on interfaces other than 127.0.0.1. NOTE: The vendor argue that this CVE is not a vulnerability because it has an inaccurate bug scope and patch links. “1 Inaccurate Bug Scope - The issue scope was...

9.8CVSS9.3AI score
Exploits0References4
CVE
CVE
added 2020/04/12 4:4 p.m.134 views

CVE-2020-11710

CVE-2020-11710 affects docker-kong/Kong up to version 2.0.3, where the Admin API port may be exposed on interfaces other than 127.0.0.1. The evidence in connected documents centers on a Kong admin API access issue via docker-kong templates, with a vendor note that the scope/patch references are d...

9.8CVSS9.2AI score0.33825EPSS
Exploits0References4Affected Software1
0day.today
0day.today
added 2019/10/15 12:0 a.m.69 views

Podman & Varlink 1.5.1 - Remote Code Execution Exploit

Exploit Title: Podman & Varlink 1.5.1 - Remote Code Execution Exploit Author: Jeremy Brown Date: 2019-10-15 Vendor Homepage: https://podman.io/ Software Link: dnf install podman or https://github.com/containers/libpod/releases Version: 1.5.1 Tested on: Fedora Server 30 !/usr/bin/python -- coding:...

7.4AI score
Exploits0
Friends Of PHP
Friends Of PHP
added 2018/12/29 8:39 p.m.40 views

XSS vulnerability with unsafe link protocols

An XSS vulnerability CVE-2018-20583 has been identified in the following versions of this library: 0.15.6 0.15.7 0.16.0 0.17.0 0.17.1 0.17.2 0.17.3 0.17.4 0.17.5 0.18.0 It allows unsafe URLs to be added to links. The issue has been fixed in version 0.18.1. All users should upgrade to version 0.18...

6.1CVSS6AI score0.01597EPSS
Exploits1Affected Software1
Information Security Automation
Information Security Automation
added 2018/11/05 7:22 a.m.551 views

Adding custom NASL plugins to Tenable Nessus

Making custom NASL scripts plugins for Nessus is a pretty complicated process. Basically, NASL Nessus Attack Scripting Language is an internal instrument of Tenable and it seem that they are not really interested in sharing it with the community. The only publicly available official documentation...

6.7AI score
Exploits0
Tenable Nessus
Tenable Nessus
added 2018/07/30 12:0 a.m.32 views

FreeBSD : GIMP - Heap Buffer Overflow Vulnerability (bfda2d80-0858-11e8-ad5c-0021ccb9e74d)

GNOME reports : CVE-2017-17786 Out of bounds read / heap overflow in tga importer / function bgr2rgb.part.1 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from the FreeBSD VuXML database : Copyright 2003-2018 Jacques Vidrine and contributors...

7.8CVSS6.3AI score0.01337EPSS
Exploits0References3
Malwarebytes
Malwarebytes
added 2018/07/17 3:0 p.m.52 views

5 ways to find and fix open source vulnerabilities

Guest post by Limor Wainstein A recent discovery of surreptitious execution of cryptomining code by a sandboxed app, riding piggyback on the open source software OSS ecosystem, raises pertinent questions about the security of open source code and its dependencies. Programmers often use OSS as a...

7.5AI score
Exploits0
Circl
Circl
added 2018/05/29 3:50 p.m.9 views

CVE-2014-5337

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/http/wpmobilepackinfodisclosure.rb 2025-02-06 03:13:41+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:09:30+00:00...

5CVSS4.8AI score0.16988EPSS
Exploits1References1
Circl
Circl
added 2018/05/29 3:50 p.m.12 views

CVE-1999-0554

creationtimestamp| type| source ---|---|--- 2018-05-29 15:50:33+00:00| seen| https://github.com/rapid7/metasploit-framework/blob/master/modules/auxiliary/scanner/nfs/nfsmount.rb 2025-02-06 03:13:37+00:00| seen| MISP/a1e796df-2ad8-4c8d-8b69-737a004e72dd 2025-02-23 04:08:01+00:00| seen|...

10CVSS7.3AI score0.11134EPSS
Exploits2References1
Circl
Circl
added 2017/12/13 4:0 a.m.12 views

CVE-2017-11907

creationtimestamp| type| source ---|---|--- 2017-12-13 04:00:00+00:00| seen| https://www.govcert.gov.hk/en/alertsdetail.php?id=248 2017-12-19 00:00:00+00:00| exploited| https://www.exploit-db.com/exploits/43370 2025-06-06 11:08:23+00:00| seen|...

7.6CVSS7.1AI score0.64164EPSS
Exploits4References4
Rows per page
Query Builder