CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

43 matches found

RedhatCVE•added 2026/04/01 5:3 p.m.•2 views

CVE-2026-34227

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to version 1.7.4, a single click on a malicious link gives an unauthenticated attacker immediate, silent control over every active C2 session or beacon, capable of exfiltrating all collected target data e.g. SS...

8.8CVSS5.8AI score0.00396EPSS

Exploits1References1

EUVD•added 2026/03/31 3:25 p.m.•2 views

EUVD-2026-17490

5.9CVSS5.8AI score0.00396EPSS

Exploits1References1

CVE•added 2026/03/31 3:25 p.m.•9 views

CVE-2026-34227

Sliver is an open-source C2 framework using a custom WireGuard netstack. Technical details in connected docs show a vulnerability in versions prior to 1.7.4 where a single click on a malicious link can grant an unauthenticated attacker immediate, silent control over active C2 sessions or beacons,...

8.8CVSS5.8AI score0.00396EPSS

Exploits1References1Affected Software1

CNNVD•added 2026/03/31 12:0 a.m.•5 views

Sliver 安全漏洞

Sliver is an open-source, cross-platform opponent simulation/red team framework developed by Bishop Fox. It can be used by organizations of various sizes for security testing. Versions of Sliver prior to 1.7.4 contained security vulnerabilities. These vulnerabilities allowed unauthenticated...

8.8CVSS5.8AI score0.00396EPSS

Exploits1References1

SUSE CVE•added 2026/03/25 12:25 a.m.•1 views

SUSE CVE-2026-29781

Sliver is a command and control framework that uses a custom Wireguard netstack. In versions from 1.7.3 and prior, a vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting...

6.5CVSS5.9AI score0.00504EPSS

Exploits1References3

CVE•added 2026/03/20 3:37 a.m.•4 views

CVE-2026-32941

Sliver C2 framework (git: github.com/bishopfox/sliver) is affected. Versions 1.7.3 and earlier expose a Remote OOM due to memory allocation based on an attacker-controlled 4‑byte length prefix in the mTLS and WireGuard C2 transports. The socketReadEnvelope and socketWGReadEnvelope code paths trus...

7.1CVSS5.8AI score0.00298EPSS

Exploits1References1Affected Software1

ATTACKERKB•added 2026/03/20 3:37 a.m.•2 views

CVE-2026-32941

Sliver is a command and control framework that uses a custom Wireguard netstack. Versions 1.7.3 and below contain a Remote OOM Out-of-Memory vulnerability in the Sliver C2 server's mTLS and WireGuard C2 transport layer. The socketReadEnvelope and socketWGReadEnvelope functions trust an...

7.1CVSS5.8AI score0.00298EPSS

Exploits1References2Affected Software1

OSV•added 2026/03/20 3:37 a.m.•2 views

CVE-2026-32941 Sliver Vulnerable to Authenticated OOM via Memory Exhaustion in mTLS/WireGuard Transports

7.1CVSS5.9AI score0.00298EPSS

Exploits1References3

NVD•added 2026/03/07 4:15 p.m.•4 views

CVE-2026-29781

6.5CVSS0.00504EPSS

Exploits1References1

Vulnrichment•added 2026/03/07 3:25 p.m.•4 views

CVE-2026-29781 Sliver: Authenticated Nil-Pointer Dereference in Handlers

5.3CVSS5.8AI score0.00504EPSS

Exploits1References1

ATTACKERKB•added 2026/03/07 3:25 p.m.•5 views

CVE-2026-29781

5.3CVSS5.8AI score0.00504EPSS

Exploits1References2Affected Software1

CNNVD•added 2026/03/07 12:0 a.m.•4 views

Sliver 代码问题漏洞

Sliver is an open-source, cross-platform opponent simulation/red team framework developed by Bishop Fox. It can be used by organizations of various sizes for security testing. Versions of Sliver prior to 1.7.3 have code vulnerabilities; these vulnerabilities stem from Protobuf deserialization log...

6.5CVSS7.3AI score0.00504EPSS

Exploits1References2

SUSE CVE•added 2026/03/04 12:27 a.m.•3 views

SUSE CVE-2026-25760

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.6.11, a path traversal in the website content subsystem lets an authenticated operator read arbitrary files on the Sliver server host. This is an authenticated path traversal / arbitrary file read issue, a...

6.5CVSS5.9AI score0.00485EPSS

Exploits1References3

RedhatCVE•added 2026/02/11 1:33 a.m.•3 views

CVE-2026-25791

Sliver is a command and control framework that uses a custom Wireguard netstack. Prior to 1.7.0, the DNS C2 listener accepts unauthenticated TOTP bootstrap messages and allocates server-side DNS sessions without validating OTP values, even when EnforceOTP is enabled. Because sessions are stored...

7.5CVSS5.7AI score0.00407EPSS

Exploits1References1

Cvelist•added 2026/02/09 8:34 p.m.•27 views

CVE-2026-25791 Sliver has a DNS C2 OTP Bypass Allows Unauthenticated Session Flooding and Denial of Service

7.5CVSS0.00407EPSS

Exploits1References2

ATTACKERKB•added 2026/02/09 8:34 p.m.•6 views

CVE-2026-25791

7.5CVSS5.7AI score0.00407EPSS

Exploits1References3Affected Software1

NVD•added 2026/02/06 10:16 p.m.•7 views

CVE-2026-25760

6.5CVSS0.00485EPSS

Exploits1References2

Cvelist•added 2026/02/06 9:32 p.m.•28 views

CVE-2026-25760 Website Path Traversal / Arbitrary File Read (Authenticated) in Sliver

6.5CVSS0.00485EPSS

Exploits1References2

CVE•added 2026/02/06 9:32 p.m.•13 views

CVE-2026-25760

CVE-2026-25760 (Sliver): A path traversal in Sliver’s website content subsystem allows an authenticated operator to read arbitrary files on the Sliver server host (credentials, configs, keys). Prior to 1.6.11, this is exploitable via manipulated content paths; fixed in 1.6.11. Affected components...

6.5CVSS5.6AI score0.00485EPSS

Exploits1References2Affected Software1

Vulnrichment•added 2026/02/06 9:32 p.m.•5 views

CVE-2026-25760 Website Path Traversal / Arbitrary File Read (Authenticated) in Sliver

6.5CVSS5.8AI score0.00485EPSS

Exploits1References2

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by