239 matches found
EUVD-2020-3945
Malware in sbrugna...
📄 GaatiTrack 1.0 SQL Injection
GaatiTrack version 1.0 suffers from multiple remote SQL injection vulnerabilities. Metasploit module included. Titles: GaatiTrack-1.0 Copyright©2025-Multiple-SQLi - Metasploit module Author: nu11secur1ty Date: 10/06/2025 Vendor: https://www.mayurik.com/ Software:...
EUVD-2022-41298
Malicious code in bioql PyPI...
EUVD-2024-54205
Malicious code in bioql PyPI...
EUVD-2023-55647
Malicious code in bioql PyPI...
EUVD-2023-33015
Malicious code in bioql PyPI...
EUVD-2022-0662
Malicious code in bioql PyPI...
📄 Rupee Invoice 1.0 SQL Injection
Rupee Invoice version 1.0 suffers from a remote SQL injection vulnerability. Titles: RUPEE-INVOICE-1.0-Multiple-SQLi Author: nu11secur1ty Date: 09/09/2025 Vendor: https://www.mayurik.com/ Software:...
CVE-2024-1244 Remote code execution and local privilege escalation due to UNC access and NetNTLMv2 hash theft
Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2...
CVE-2024-1244
Improper input validation in the OSSEC HIDS agent for Windows prior to version 3.8.0 allows an attacker in with control over the OSSEC server or in possession of the agent's key to configure the agent to connect to a malicious UNC path. This results in the leakage of the machine account NetNTLMv2...
CVE-2024-1243
The CVE-2024-1243 entry concerns Wazuh agent for Windows prior to 4.8.0. It states improper input validation can be exploited by an attacker who controls the Wazuh server or agent key to configure the agent to connect to a malicious UNC path, leading to leakage of the machine account NetNTLMv2 ha...
PT-2025-25178 · Ossec · Ossec Hids Agent For Windows
Name of the Vulnerable Software and Affected Versions: OSSEC HIDS agent for Windows versions prior to 3.8.0 Description: The issue is related to improper input validation, allowing an attacker with control over the OSSEC server or in possession of the agent's key to configure the agent to connect...
SUSE-SU-2025:01813-1 Security update for MozillaThunderbird
This update for MozillaThunderbird fixes the following issues: Update to Mozilla Thunderbird 128.10.2 MFSA 2025-40, bsc1243303: Security fixes: - CVE-2025-4918: Out-of-bounds access when resolving Promise objects bmo1966612 - CVE-2025-4919: Out-of-bounds access when optimizing linear sums...
CVE-2022-25166
An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters such as auth-user-pass. When this file is imported and the client attempts to validate the file path, it performs an open...
CVE-2020-11595
An issue was discovered in CIPPlanner CIPAce 9.1 Build 2019092801. An unauthenticated attacker can make an API request and obtain the upload folder path that includes the hostname in a UNC path...
CVE-2024-42733
An issue in Docmosis Tornado v.2.9.7 and before allows a remote attacker to execute arbitrary code via a crafted script to the UNC path input...
CVE-2024-42733
An issue in Docmosis Tornado v.2.9.7 and before allows a remote attacker to execute arbitrary code via a crafted script to the UNC path input...
CVE-2024-42733
An issue in Docmosis Tornado v.2.9.7 and before allows a remote attacker to execute arbitrary code via a crafted script to the UNC path input...
CVE-2024-42733
An issue in Docmosis Tornado v.2.9.7 and before allows a remote attacker to execute arbitrary code via a crafted script to the UNC path input...
PT-2025-49180
Name of the Vulnerable Software and Affected Versions Apache HTTP Server versions 2.4.30 through 2.4.65 Description An integer overflow occurs during failed ACME certificate renewal. After approximately 30 days of failures with default configurations, the backoff timer reaches zero. Subsequent...