Lucene search
K

7426 matches found

Rapid7 Blog
Rapid7 Blog
added 2025/04/04 1:0 p.m.14 views

Pentales: Red Team vs. N-Day (and How We Won)

During a recent Vector Command operation, I had the chance to sit down with one of our red teamers to hear firsthand how they identified and exploited an N-Day vulnerability in a customer’s environment. It’s a clear example of how continuous red teaming can uncover and validate real-world risks...

7.2AI score
Exploits0
RedhatCVE
RedhatCVE
added 2025/04/02 5:36 p.m.18 views

CVE-2025-31116

Mobile Security Framework MobSF is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in validhost uses socket.gethostbyname, which is vulnerable to SSRF abuse using DNS rebinding technique. This...

9.8CVSS7.1AI score0.00712EPSS
Exploits2References1
OSV
OSV
added 2025/04/01 4:15 p.m.15 views

AZL-60324 CVE-2025-21964 affecting package kernel for versions less than 5.15.180.1-1

In the Linux kernel, the following vulnerability has been resolved: cifs: Fix integer overflow while processing acregmax mount option User-provided mount parameter acregmax of type u32 is intended to have an upper limit, but before it is validated, the value is converted from seconds to jiffies...

5.5CVSS6.4AI score0.00178EPSS
Exploits0References1
NVD
NVD
added 2025/04/01 3:16 p.m.5 views

CVE-2025-30210

Bruno is an open source IDE for exploring and testing APIs. Prior to 1.39.1, the custom tool-tip components which internally use react-tooltip were setting the content in this case the Environment name as raw HTML which then gets injected into DOM on hover. This, combined with loose Content...

8.7CVSS0.00344EPSS
Exploits1References1
NVD
NVD
added 2025/04/01 3:16 p.m.7 views

CVE-2025-30354

Bruno is an open source IDE for exploring and testing APIs. A bug in the assertion runtime caused assert expressions to run in Developer Mode, even if Safe Mode was selected. The bug resulted in the sandbox settings to be ignored for the particular case where a single request is run/sent. This...

8.7CVSS0.00361EPSS
Exploits1References1
GithubExploit
GithubExploit
added 2025/04/01 2:23 p.m.561 views

Exploit for CVE-2025-0401

CVE-2025-0401 - Local Privilege Escalation via SUID Binary Abu...

6.9CVSS7.6AI score0.01239EPSS
Exploits1
The Hacker News
The Hacker News
added 2025/04/01 11:17 a.m.14 views

Nearly 24,000 IPs Target PAN-OS GlobalProtect in Coordinated Login Scan Campaign

Cybersecurity researchers are warning of a spike in suspicious login scanning activity targeting Palo Alto Networks PAN-OS GlobalProtect gateways, with nearly 24,000 unique IP addresses attempting to access these portals. "This pattern suggests a coordinated effort to probe network defenses and...

7.2AI score
Exploits0
vulnersOsv
vulnersOsv
added 2025/04/01 9:30 a.m.9 views

com.atomikos:transactions-spring-boot-integration-tests (>=5.0.9 <=6.0.1), com.atomikos:transactions-spring-boot3-integration-tests (>=6.0.0 <=6.0.1) +158 more potentially affected by CVE-2025-27427 via org.apache.activemq:artemis-server (>=2.0.0 <=2.3.0)

org.apache.activemq:artemis-server MAVEN version =2.0.0, =5.0.9, =6.0.0, =2.2.1, =2.2.1, =2.2.2, =2.2.1, =2018.9.23, =2018.12.15, =2018.9.23, =2018.9.23, =0.0.1, =0.0.2, =1.14.2, =2.0.0, =6u3 and more Source cves: CVE-2025-27427 Source advisory: OSV:GHSA-3W85-5P9G-H334...

4.3CVSS5.8AI score0.0058EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.3 views

PT-2025-15260 · General · Kraken Stress Testing Toolkit

Уязвимость инструмента нагрузочного тестирования SIEM-систем Kraken Stress Testing Toolkit связана с некорректным использованием механизмов защиты X-Content-Type-Options. Эксплуатация уязвимости может позволить нарушителю оказать воздействие на конфиденциальность, целостность и доступность...

7.2CVSS7.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.5 views

PT-2025-15259 · General · Kraken Stress Testing Toolkit

Уязвимость инструмента нагрузочного тестирования SIEM-систем Kraken Stress Testing Toolkit вызвана недостатками процедуры авторизации. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ к защищаемой информации...

4.6CVSS7.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.4 views

PT-2025-15261 · General · Kraken Stress Testing Toolkit

Уязвимость инструмента нагрузочного тестирования SIEM-систем Kraken Stress Testing Toolkit связана с неверным ограничением имени пути к каталогу. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, получить несанкционированный доступ к защищаемой информации...

6.8CVSS7.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.6 views

PT-2025-15257 · General · Kraken Stress Testing Toolkit

Уязвимость инструмента нагрузочного тестирования SIEM-систем Kraken Stress Testing Toolkit связана с некорректным ограничением визуализированных слоев пользовательского интерфейса. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, нарушить целостность защищаемой информаци...

5CVSS7.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.6 views

PT-2025-15262 · General · Kraken Stress Testing Toolkit

Уязвимость инструмента нагрузочного тестирования SIEM-систем Kraken Stress Testing Toolkit связана с неконтролируемым расходом ресурсов. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании...

7.8CVSS7.3AI score
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.6 views

PT-2025-15258 · General · Kraken Stress Testing Toolkit

Уязвимость инструмента нагрузочного тестирования SIEM-систем Kraken Stress Testing Toolkit связана с некорректным использованием механизмов защиты Content Security Policy CSP. Эксплуатация уязвимости может позволить нарушителю оказать воздействие на конфиденциальность, целостность и доступность...

7.2CVSS7.2AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.18 views

CBL Mariner 2.0 Security Update: php (CVE-2025-1219)

The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-1219 advisory. - In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when...

6.3CVSS6.3AI score0.00718EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.9 views

Azure Linux 3.0 Security Update: libdwarf (CVE-2024-2002)

The version of libdwarf installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-2002 advisory. - A double-free vulnerability was found in libdwarf. In a multiply-corrupted DWARF object, libdwarf May try t...

7.5CVSS7.2AI score0.01089EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2025/04/01 12:0 a.m.7 views

PT-2025-15263 · General · Kraken Stress Testing Toolkit

Уязвимость инструмента нагрузочного тестирования SIEM-систем Kraken Stress Testing Toolkit связана с чтением за границами буфера в памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании...

7.8CVSS7.3AI score
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.4 views

CBL Mariner 2.0 Security Update: libreswan (CVE-2023-30570)

The version of libreswan installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2023-30570 advisory. - pluto in Libreswan before 4.11 allows a denial of service responder SPI mishandling and daemon crash via...

7.5CVSS6.8AI score0.01175EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.18 views

CBL Mariner 2.0 Security Update: php (CVE-2025-1861)

The version of php installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-1861 advisory. - In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when...

9.8CVSS6.9AI score0.00821EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2025/04/01 12:0 a.m.14 views

Azure Linux 3.0 Security Update: php (CVE-2025-1219)

The version of php installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-1219 advisory. - In PHP from 8.1. before 8.1.32, from 8.2. before 8.2.28, from 8.3. before 8.3.19, from 8.4. before 8.4.5, when...

6.3CVSS6.3AI score0.00718EPSS
Exploits1References2
Rows per page
Query Builder