Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

14829 matches found

FreeBSD
FreeBSDadded 2024/08/01 12:0 a.m.12 views

soft-serve -- Remote code execution vulnerability

soft-serve team reports: Arbitrary code execution by crafting git ssh requests It is possible for a user who can commit files to a repository hosted by Soft Serve to execute arbitrary code via environment manipulation and Git...

8.1CVSS8.4AI score0.00509EPSS
Exploits0References1
NVD
NVDadded 2024/07/31 9:15 p.m.28 views

CVE-2024-41258

An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...

5.3CVSS0.00197EPSS
Exploits0References1
OSV
OSVadded 2024/07/31 9:15 p.m.16 views

CVE-2024-41258

An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...

5.3CVSS6.2AI score
Exploits0References1
NVD
NVDadded 2024/07/31 9:15 p.m.17 views

CVE-2024-41254

An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...

5.3CVSS0.00193EPSS
Exploits0References1
OSV
OSVadded 2024/07/31 9:15 p.m.7 views

CVE-2024-41254

An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...

5.3CVSS6.2AI score
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/07/31 12:0 a.m.20 views

CVE-2024-41258

An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...

6.3AI score0.00197EPSS
Exploits0References1
Cvelist
Cvelistadded 2024/07/31 12:0 a.m.29 views

CVE-2024-41258

An issue was discovered in filestash v0.4. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...

0.00197EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/07/31 12:0 a.m.13 views

CVE-2024-41254

An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...

6.3AI score0.00193EPSS
Exploits0References1
CVE
CVEadded 2024/07/31 12:0 a.m.53 views

CVE-2024-41254

CVE-2024-41254 affects litestream v0.3.13. The root cause is the use of ssh.InsecureIgnoreHostKey(), which disables host key verification and can enable a man‑in‑the‑middle attack to exfiltrate sensitive information. Multiple connected sources (NVD, Veracode, CNNVD, OSV, CGA, Chainguard, Wolfi, C...

5.3CVSS6.4AI score0.00193EPSS
Exploits0References1Affected Software1
Cvelist
Cvelistadded 2024/07/31 12:0 a.m.26 views

CVE-2024-41254

An issue was discovered in litestream v0.3.13. The usage of the ssh.InsecureIgnoreHostKey disables host key verification, possibly allowing attackers to obtain sensitive information via a man-in-the-middle attack...

0.00193EPSS
Exploits0References1
RedHat Linux
RedHat Linuxadded 2024/07/30 8:50 a.m.22 views

Moderate: Red Hat Security Advisory: openssh security update

An update for openssh is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

7CVSS7.7AI score0.27935EPSS
Exploits1References2
GithubExploit
GithubExploitadded 2024/07/30 6:13 a.m.1004 views

Exploit for Race Condition in Openbsd Openssh

CVE-2024-6387 regreSSHion Proof of concept python script for...

8.1CVSS8.5AI score0.99506EPSS
Exploits68
Redos
Redosadded 2024/07/30 12:0 a.m.37 views

ROS-20240730-13

A vulnerability in the SSH protocol implementation is related to the ability to adjust packet sequence numbers during the connection negotiation process and remove an arbitrary number of SSH service messages. during the connection negotiation process and cause an arbitrary number of SSH service...

5.9CVSS7.5AI score0.94072EPSS
Exploits4
Japan Vulnerability Notes
Japan Vulnerability Notesadded 2024/07/29 8:51 a.m.2 views

Multiple vulnerabilities in FutureNet NXR series, VXR series and WXR series

Overview FutureNet NXR series, VXR series and WXR series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below. Initialization of a Resource with an Insecure Default CWE-1188 - CVE-2024-31070 Active Debug Code CWE-489 - CVE-2024-36475 OS Command Injection CWE-78 -...

10CVSS7.9AI score0.74513EPSS
Exploits2References10
NVD
NVDadded 2024/07/26 8:15 p.m.9 views

CVE-2024-38510

A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...

7.2CVSS0.01071EPSS
Exploits0References1
NVD
NVDadded 2024/07/26 8:15 p.m.10 views

CVE-2024-38508

A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request...

7.2CVSS0.01006EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/07/26 7:45 p.m.10 views

CVE-2024-38510

A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...

7.2CVSS7.6AI score0.01071EPSS
Exploits0References1
CVE
CVEadded 2024/07/26 7:45 p.m.55 views

CVE-2024-38510

CVE-2024-38510 is a privilege-escalation flaw in Lenovo XClarity Controller (XCC) where an authenticated XCC user with elevated privileges can trigger command injection via specially crafted file uploads to the SSH captive command shell interface. Affected product: Lenovo XCC (Lenovo XClarity Con...

7.2CVSS7.6AI score0.01071EPSS
Exploits0References1
Cvelist
Cvelistadded 2024/07/26 7:45 p.m.16 views

CVE-2024-38510

A privilege escalation vulnerability was discovered in the SSH captive command shell interface that could allow an authenticated XCC user with elevated privileges to perform command injection via specially crafted file uploads...

7.2CVSS0.01071EPSS
Exploits0References1
Vulnrichment
Vulnrichmentadded 2024/07/26 7:44 p.m.12 views

CVE-2024-38508

A privilege escalation vulnerability was discovered in the web interface or SSH captive command shell interface of XCC that could allow an authenticated XCC user with elevated privileges to perform command injection via a specially crafted request...

7.2CVSS7.6AI score0.01006EPSS
Exploits0References1
Rows per page
Query Builder