933 matches found
CVE-2025-13348
An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to the "Security Update...
Linux Chmod
Runs chmod on the specified file with specified mode. Module Options msf use payload/linux/aarch64/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set options... msf payloadchmod run This module requires Metasploit:...
CVE-2023-49674
A missing permission check in Jenkins NeuVector Vulnerability Scanner Plugin 1.22 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified hostname and port using attacker-specified username and password...
CVE-2018-1000603
A exposure of sensitive information vulnerability exists in Jenkins Openstack Cloud Plugin 2.35 and earlier in BootSource.java, InstancesToRun.java, JCloudsCleanupThread.java, JCloudsCloud.java, JCloudsComputer.java, JCloudsPreCreationThread.java, JCloudsRetentionStrategy.java, JCloudsSlave.java,...
CVE-2022-27204
A cross-site request forgery vulnerability in Jenkins Extended Choice Parameter Plugin 346.vd87693c5a86c and earlier allows attackers to connect to an attacker-specified URL...
CVE-2019-16565
A cross-site request forgery vulnerability in Jenkins Team Concert Plugin 1.3.0 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2019-16551
A cross-site request forgery vulnerability in Jenkins Gerrit Trigger Plugin 2.30.1 and earlier allows attackers to connect to an attacker-specified HTTP URL or SSH server using attacker-specified credentials...
CVE-2019-16573
A cross-site request forgery vulnerability in Jenkins Alauda DevOps Pipeline Plugin 2.3.2 and earlier allows attackers to connect to an attacker-specified URL using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins...
CVE-2024-2216
A missing permission check in an HTTP endpoint in Jenkins docker-build-step Plugin 2.11 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified TCP or Unix socket URL, and to reconfigure the plugin using the provided connection test parameters, affecting futu...
PT-2026-2206
Name of the Vulnerable Software and Affected Versions Versions affected versions not specified Description An attacker with a network connection could detect credentials in clear text. Recommendations At the moment, there is no information about a newer version that contains a fix for this...
PT-2025-53860
Name of the Vulnerable Software and Affected Versions DVP-12SE11T affected versions not specified Description The issue is an out-of-bounds memory write affecting the DVP-12SE11T device. Exploitation may allow a remote attacker to disclose protected information and cause a denial of service. Some...
PT-2025-53162
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s MPTCP implementation. Specifically, a NULL pointer dereference can occur on fastopen early fallback. This happens when the system falls back to TCP...
PT-2025-52843
Name of the Vulnerable Software and Affected Versions NVIDIA Isaac Launchable affected versions not specified Description NVIDIA Isaac Launchable contains a flaw due to a hard-coded credential. Exploitation of this issue could allow an attacker to execute code, escalate privileges, cause a denial...
Linux Chmod
Runs chmod on the specified file with specified mode. Module Options msf use payload/linux/riscv64le/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set options... msf payloadchmod run This module requires Metasploit:...
Linux Chmod
Runs chmod on the specified file with specified mode. Module Options msf use payload/linux/riscv32le/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set options... msf payloadchmod run This module requires Metasploit:...
PT-2025-47166
Name of the Vulnerable Software and Affected Versions Digi On-Prem Manager affected versions not specified Description An injection flaw exists in the API feature of Digi On-Prem Manager. An attacker with valid API tokens can inject SQL code via crafted input. The API is not enabled by default. T...
Malicious code in specified_clam_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9dd51f83dc69d21de933f66be02456741c367c9999ddaac791d6ccc7f1caf55d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
EUVD-2025-102111
Malicious code in specifiedmothz3n npm...
EUVD-2025-102109
Malicious code in specifiedsquidz3n npm...
EUVD-2025-102108
Malicious code in specifiedswordtailz3n npm...