Lucene search
K

31 matches found

Cvelist
Cvelist
added yesterday13 views

CVE-2026-50110 Use of Hard-coded Credentials in StoneFly Storage Concentrator

Storage Concentrator SC & SCVM contains hardcoded credentials for numerous internal services embedded within a configuration file. While the credentials are stored in an encoded format, the encoding can be reversed to plaintext. The exposed credentials span a broad range of internal services,...

9.3CVSS
Exploits0References3
CVE
CVE
added yesterday6 views

CVE-2026-50110

The CVE-2026-50110 entry concerns Storage Concentrator (SC & SCVM) that contains hardcoded credentials for numerous internal services embedded in a configuration file. The credentials are encoded but reversible to plaintext, exposing accounts for databases, licensing, replication, and third-party...

9.3CVSS5.8AI score
Exploits0References3
CVE
CVE
added yesterday7 views

CVE-2026-56413

CVE-2026-56413 affects StoneFly Storage Concentrator (SC & SCVM). The ms_service.pl component listening on TCP port 9000 is vulnerable to command injection. An unauthenticated remote attacker can send a specially crafted network packet that is processed without proper sanitization, enabling arbit...

10CVSS6.2AI score
Exploits0References3
Cvelist
Cvelist
added yesterday14 views

CVE-2026-56415 OS Command Injection in StoneFly Storage Concentrator

Storage Concentrator SC & SCVM contains a command injection vulnerability within the debug.pl script that is reachable without authentication. A remote attacker can submit a specially crafted HTTP request containing a malicious payload that is processed without adequate input sanitization,...

10CVSS
Exploits0References3
CVE
CVE
added yesterday8 views

CVE-2026-56415

The vulnerability CVE-2026-56415 affects the Storage Concentrator (SC & SCVM). The issue is a command injection in the debug.pl script that is reachable without authentication. A remote attacker can send a crafted HTTP request containing a malicious payload which is processed without proper input...

10CVSS6.2AI score
Exploits0References3
Cvelist
Cvelist
added yesterday15 views

CVE-2026-55721 SQL Injection in StoneFly Storage Concentrator

Storage Concentrator SC & SCVM is vulnerable to SQL injection through cookie values processed by the login.pl and debug.pl scripts. The cookie value is incorporated directly into database queries without adequate sanitization, allowing an unauthenticated remote attacker to manipulate those querie...

9.3CVSS
Exploits0References3
CVE
CVE
added yesterday10 views

CVE-2026-55721

The CVE-2026-55721 entry describes a SQL injection vulnerability in StoneFly Storage Concentrator (SC & SCVM). The issue arises when cookie values are processed by login.pl and debug.pl, with the cookie data directly embedded into database queries without proper sanitization. This allows an unaut...

9.3CVSS5.9AI score
Exploits0References3
Cvelist
Cvelist
added yesterday18 views

CVE-2026-50040 Cross-site Scripting in StoneFly Storage Concentrator

Storage Concentrator SC & SCVM is vulnerable to reflected cross-site scripting due to unsanitized content being echoed back in 404 error pages. An attacker can craft a malicious URL that, when visited by an authenticated user, causes arbitrary script content to execute within the victim's browser...

6.1CVSS
Exploits0References3
CVE
CVE
added yesterday7 views

CVE-2026-50040

CVE-2026-50040 affects StoneFly Storage Concentrator (SC & SCVM). The issue is a reflected XSS caused by unsanitized content echoed in 404 error pages, enabling an authenticated user to trigger arbitrary script execution in the application's context via a crafted URL. Potential impacts include se...

6.1CVSS5.8AI score
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-29805

Malicious code in bioql PyPI...

6.5CVSS6.6AI score0.00727EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/05/23 8:34 a.m.5 views

CVE-2024-30213

StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows remote authenticated users to achieve Command Injection via a Ping URL, leading to remote code execution...

8.8CVSS7.5AI score0.01321EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2025/05/23 7:45 a.m.7 views

CVE-2024-31947

StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system information...

6.5CVSS6.7AI score0.00727EPSS
Exploits0References1
The Hacker News
The Hacker News
added 2024/10/02 10:0 a.m.16 views

Andariel Hacking Group Shifts Focus to Financial Attacks on U.S. Organizations

Three different organizations in the U.S. were targeted in August 2024 by a North Korean state-sponsored threat actor called Andariel as part of a likely financially motivated attack. "While the attackers didn't succeed in deploying ransomware on the networks of any of the organizations affected,...

7.9AI score
Exploits0
The Hacker News
The Hacker News
added 2024/07/25 2:8 p.m.28 views

North Korean Hackers Shift from Cyber Espionage to Ransomware Attacks

A North Korea-linked threat actor known for its cyber espionage operations has gradually expanded into financially-motivated attacks that involve the deployment of ransomware, setting it apart from other nation-state hacking groups linked to the country. Google-owned Mandiant is tracking the...

7.1AI score
Exploits0
ICS
ICS
added 2024/07/25 12:0 p.m.125 views

North Korea Cyber Group Conducts Global Espionage Campaign to Advance Regime’s Military and Nuclear Programs

Summary The U.S. Federal Bureau of Investigation FBI and the following authoring partners are releasing this Cybersecurity Advisory to highlight cyber espionage activity associated with the Democratic People’s Republic of Korea DPRK’s Reconnaissance General Bureau RGB 3rd Bureau based in Pyongyan...

10CVSS10AI score0.99999EPSS
Exploits1066References114
NVD
NVD
added 2024/07/12 11:15 p.m.28 views

CVE-2024-31947

StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system information...

6.5CVSS0.00727EPSS
Exploits0References2
OSV
OSV
added 2024/07/12 11:15 p.m.5 views

CVE-2024-31947

StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system information...

6.5CVSS5.8AI score0.00727EPSS
Exploits0References2
NVD
NVD
added 2024/07/12 11:15 p.m.19 views

CVE-2024-30213

StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows remote authenticated users to achieve Command Injection via a Ping URL, leading to remote code execution...

8.8CVSS0.01321EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/07/12 12:0 a.m.4 views

PT-2024-24311 · Stonefly · Stonefly Storage Concentrator

Name of the Vulnerable Software and Affected Versions: StoneFly Storage Concentrator SC and SCVM versions prior to 8.0.4.26 Description: The issue allows directory traversal by authenticated users, potentially exposing sensitive system information. This can be achieved by using a crafted path...

6.5CVSS7AI score0.00727EPSS
Exploits0References7
CNNVD
CNNVD
added 2024/07/12 12:0 a.m.3 views

StoneFly Storage Concentrator Security Vulnerability

StoneFly Storage Concentrator is a storage concentrator virtual machine from StoneFly. A security vulnerability exists in StoneFly Storage Concentrator versions prior to 8.0.4.26 that stems from the presence of directory traversal, which could expose sensitive system information...

6.5CVSS6.6AI score0.00727EPSS
Exploits0References3
Rows per page
Query Builder