Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

164 matches found

Positive Technologies
Positive Technologiesadded 2024/10/08 12:0 a.m.1 views

PT-2024-6974 · Microsoft · Windows Secure Kernel Mode +1

Name of the Vulnerable Software and Affected Versions: Windows Secure Kernel Mode affected versions not specified Description: The issue is related to a buffer overflow in memory, which can be exploited to elevate privileges. This can allow an attacker to affect the system. Recommendations: At th...

7.8CVSS6.8AI score0.00628EPSS
Exploits0References6
Github Security Blog
Github Security Blogadded 2024/09/18 3:47 p.m.125 views

Camaleon CMS vulnerable to remote code execution through code injection (GHSL-2024-185)

The actions defined inside of the MediaController class do not check whether a given path is inside a certain path e.g. inside the media folder. If an attacker performed an account takeover of an administrator account See: GHSL-2024-184 they could delete arbitrary files or folders on the server...

7.3AI score
Exploits0References4Affected Software1
Positive Technologies
Positive Technologiesadded 2024/07/09 12:0 a.m.2 views

PT-2024-4966 · Microsoft · Windows Imaging +1

Name of the Vulnerable Software and Affected Versions: Windows Imaging Component affected versions not specified Description: This vulnerability allows remote attackers to execute arbitrary code and affect the system. The issue is a buffer overflow in dynamically allocated memory within the Windo...

9CVSS7.4AI score0.11773EPSS
Exploits0References10
RedHat Linux
RedHat Linuxadded 2024/06/20 2:25 p.m.2 views

cosign: Malicious attachments can cause system-wide denial of service

A flaw was found in the Cosign package where a malicious attachment may trigger uncontrolled resource consumption by allocating too much memory. This flaw allows an attacker to craft a malicious attachment, resulting in a denial of service, possibly impacting other applications running on the sam...

5.9CVSS5.7AI score0.0021EPSS
Exploits0References5
NVD
NVDadded 2024/05/15 5:15 p.m.7 views

CVE-2023-5938

Multiple functions use archives without properly validating the filenames therein, rendering the application vulnerable to path traversal via 'zip slip' attacks. An administrator able to provide tampered archives to be processed by the affected versions of Arc may be able to have arbitrary files...

8.9CVSS8.1AI score0.00452EPSS
Exploits0References1
NVD
NVDadded 2024/05/14 11:15 p.m.12 views

CVE-2024-31474

There is an arbitrary file deletion vulnerability in the CLI service accessed by PAPI Aruba's Access Point management protocol. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to...

8.2CVSS8.2AI score0.01215EPSS
Exploits0References2
Positive Technologies
Positive Technologiesadded 2024/05/14 12:0 a.m.1 views

PT-2024-3585 · Microsoft · Windows Routing/Remote Access Service +1

Name of the Vulnerable Software and Affected Versions: Windows Routing and Remote Access Service RRAS affected versions not specified Description: The issue is related to errors of numerical truncation in the Windows RRAS service, allowing remote attackers to execute arbitrary code and affect the...

7.6CVSS7.6AI score0.01759EPSS
Exploits0References6
Positive Technologies
Positive Technologiesadded 2024/03/12 12:0 a.m.1 views

PT-2024-2245 · Microsoft · Windows Kernel +1

Name of the Vulnerable Software and Affected Versions: Windows Kernel affected versions not specified Description: The issue is related to insufficient protection of internal data in the Windows operating system kernel. It allows attackers to obtain sensitive information and potentially affect th...

5.5CVSS7.9AI score0.00565EPSS
Exploits0References7
Prion
Prionadded 2024/03/05 5:15 p.m.16 views

Path traversal

Deno is a JavaScript, TypeScript, and WebAssembly runtime with secure defaults. Insufficient validation of parameters in Deno.makeTemp APIs would allow for creation of files outside of the allowed directories. This may allow the user to overwrite important files on the system that may affect othe...

5CVSS7AI score0.00219EPSS
Exploits1References1
Positive Technologies
Positive Technologiesadded 2024/02/13 12:0 a.m.1 views

PT-2024-1956 · Microsoft · Windows Printing Service +1

Name of the Vulnerable Software and Affected Versions: Windows Printing Service affected versions not specified Description: The issue is related to errors in the representation of information by the user interface of the Windows printing service. Exploitation of this issue may allow a remote...

7.8CVSS9.2AI score0.01257EPSS
Exploits0References9
Positive Technologies
Positive Technologiesadded 2024/02/13 12:0 a.m.2 views

PT-2024-1726 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to errors in security settings, allowing an attacker to bypass security restrictions. This can potentially enable an attacker to affect the system. Recommendations: At...

5.5CVSS9.2AI score0.00116EPSS
Exploits0References8
Vulnrichment
Vulnrichmentadded 2024/01/16 9:41 p.m.1 views

CVE-2024-20961

...

6.5CVSS6.9AI score0.0047EPSS
Exploits0References2
Vulnrichment
Vulnrichmentadded 2024/01/09 12:57 a.m.2 views

CVE-2024-21735 Improper Authorization check in SAP LT Replication Server

SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. This could allow an attacker with high privileges to perform unintended actions, resulting in escalation of privileges, which has High impac...

7.3CVSS7.4AI score0.00147EPSS
Exploits0References2
OSV
OSVadded 2023/11/14 11:15 p.m.1 views

CVE-2023-45619

There is an arbitrary file deletion vulnerability in the RSSI service accessed by PAPI Aruba's access point management protocol. Successful exploitation of this vulnerability results in the ability to delete arbitrary files on the underlying operating system, which could lead to the ability to...

8.2CVSS5.9AI score
Exploits0References1
Positive Technologies
Positive Technologiesadded 2023/10/10 12:0 a.m.1 views

PT-2023-6059 · Microsoft · Windows Power Management Service +1

Name of the Vulnerable Software and Affected Versions: Windows Power Management Service affected versions not specified Description: The issue is related to a lack of protection for service data in the Windows Power Management Service, which can be exploited to disclose protected information. Thi...

5.5CVSS9AI score0.00102EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2023/10/10 12:0 a.m.2 views

PT-2023-6043 · Microsoft · Windows

Name of the Vulnerable Software and Affected Versions: Windows affected versions not specified Description: The issue is related to insufficient access control in the Windows operating system kernel, allowing an attacker to potentially elevate their privileges. This could affect the system, but...

7.8CVSS9.2AI score0.00086EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2023/08/08 12:0 a.m.1 views

PT-2023-4374 · Microsoft · Windows Kernel +1

Name of the Vulnerable Software and Affected Versions: Windows Kernel affected versions not specified Description: The issue is related to insufficient access control in the Windows operating system kernel, which can be exploited to elevate privileges. This allows an attacker to affect the system...

7.8CVSS7.9AI score0.02447EPSS
Exploits0References10
Positive Technologies
Positive Technologiesadded 2023/08/08 12:0 a.m.1 views

PT-2023-5570 · Microsoft · Windows Kernel +1

Name of the Vulnerable Software and Affected Versions: Windows Kernel affected versions not specified Description: The issue is related to insufficient access control in the Windows operating system kernel, which can be exploited to elevate privileges. This allows an attacker to affect the system...

7.8CVSS8AI score0.00219EPSS
Exploits0References10
Positive Technologies
Positive Technologiesadded 2023/07/11 12:0 a.m.1 views

PT-2023-3844 · Microsoft · Windows Failover Cluster +1

Name of the Vulnerable Software and Affected Versions: Windows Failover Cluster affected versions not specified Description: The issue is related to information disclosure in the Failover Cluster component of Windows operating systems. It allows a remote attacker to gain unauthorized access to...

7.7CVSS9AI score0.00438EPSS
Exploits0References7
Kaspersky
Kasperskyadded 2023/05/10 12:0 a.m.28 views

KLA50475 OSI vulnerability in Apache Tomcat

An information disclosure vulnerability was found in Apache Tomcat. Malicious users can exploit this vulnerability to obtain sensitive information. Original advisories Fixed in Apache Tomcat 9.0.75 Related products Apache-Tomcat CVE list CVE-2023-34981 critical Solution Update to the latest versi...

7.5CVSS7.3AI score0.00275EPSS
Exploits0References3
Rows per page
Query Builder