Lucene search
K

30 matches found

Nuclei
Nuclei
added 2026/06/16 7:13 a.m.68 views

ServiceNow - Incomplete Input Validation

ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addresse...

9.8CVSS8.8AI score0.99628EPSS
Exploits4References4
RedhatCVE
RedhatCVE
added 2025/02/05 12:2 a.m.7 views

CVE-2024-4879

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted...

9.8CVSS9.5AI score0.99976EPSS
Exploits8References1
GithubExploit
GithubExploit
added 2024/07/16 4:3 a.m.276 views

Exploit for Improper Validation of Specified Type of Input in Servicenow

CVE-2024-4879-ServiceNow ServiceNow is a platform for busi...

9.8CVSS9.8AI score0.99976EPSS
Exploits8
NVD
NVD
added 2024/07/10 5:15 p.m.38 views

CVE-2024-4879

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted...

9.8CVSS0.99976EPSS
Exploits8References4
NVD
NVD
added 2024/07/10 5:15 p.m.25 views

CVE-2024-5178

ServiceNow has addressed a sensitive file read vulnerability that was identified in the Washington DC, Vancouver, and Utah Now Platform releases. This vulnerability could allow an administrative user to gain unauthorized access to sensitive files on the web application server. The vulnerability i...

6.9CVSS0.33593EPSS
Exploits2References2
NVD
NVD
added 2024/07/10 5:15 p.m.42 views

CVE-2024-5217

ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addresse...

9.8CVSS0.99628EPSS
Exploits4References4
Cvelist
Cvelist
added 2024/07/10 4:28 p.m.36 views

CVE-2024-5217 Incomplete Input Validation in GlideExpression Script

ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addresse...

9.8CVSS0.99628EPSS
Exploits4References3
CVE
CVE
added 2024/07/10 4:28 p.m.270 views

CVE-2024-5217

ServiceNow CVE-2024-5217 is an input-validation vulnerability in Now Platform’s GlideExpression script: an unauthenticated user can exploit an incomplete disallowed-input list to achieve remote code execution. The issue affects Washington DC, Vancouver, and earlier releases, with patches/hot fixe...

9.8CVSS6.9AI score0.99628EPSS
In wildExploits4References4Affected Software1
Cvelist
Cvelist
added 2024/07/10 4:23 p.m.47 views

CVE-2024-5178 Incomplete Input Validation in SecurelyAccess API

ServiceNow has addressed a sensitive file read vulnerability that was identified in the Washington DC, Vancouver, and Utah Now Platform releases. This vulnerability could allow an administrative user to gain unauthorized access to sensitive files on the web application server. The vulnerability i...

6.9CVSS0.33593EPSS
Exploits2References2
CVE
CVE
added 2024/07/10 4:23 p.m.123 views

CVE-2024-5178

CVE-2024-5178 affects ServiceNow Now Platform, where an administrative user could read sensitive files on the web application server. The vulnerability was identified in the Washington DC, Vancouver, and Utah releases and is addressed by patches and hot fixes released during the June 2024 patchin...

6.9CVSS5.6AI score0.33593EPSS
Exploits2References2
Vulnrichment
Vulnrichment
added 2024/07/10 4:16 p.m.59 views

CVE-2024-4879 Jelly Template Injection Vulnerability in ServiceNow UI Macros

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted...

9.8CVSS7.3AI score0.99976EPSS
Exploits8References3
CVE
CVE
added 2024/07/10 4:16 p.m.313 views

CVE-2024-4879

CVE-2024-4879 affects ServiceNow Now Platform (Vancouver/Washington DC/Utah releases). It is an input-validation/template-injection flaw enabling unauthenticated remote code execution with network access and no user interaction, per multiple sources. The issue has high-severity CVSS values (aroun...

9.8CVSS6.9AI score0.99976EPSS
In wildExploits8References4Affected Software1
ATTACKERKB
ATTACKERKB
added 2024/07/10 12:0 a.m.21 views

CVE-2024-4879

ServiceNow has addressed an input validation vulnerability that was identified in Vancouver and Washington DC Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. ServiceNow applied an update to hosted...

9.8CVSS9.8AI score0.99976EPSS
In wildExploits8References4
ATTACKERKB
ATTACKERKB
added 2024/07/10 12:0 a.m.16 views

CVE-2024-5217

ServiceNow has addressed an input validation vulnerability that was identified in the Washington DC, Vancouver, and earlier Now Platform releases. This vulnerability could enable an unauthenticated user to remotely execute code within the context of the Now Platform. The vulnerability is addresse...

9.8CVSS10AI score0.99976EPSS
In wildExploits8References4
Openbugbounty
Openbugbounty
added 2024/03/25 10:57 p.m.8 views

washington.dc.networkofcare.org Cross Site Scripting vulnerability OBB-3885750

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/03/22 2:31 a.m.4 views

washington.dc.networkofcare.org Cross Site Scripting vulnerability OBB-3883435

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Talos Blog
Talos Blog
added 2023/03/16 6:0 p.m.69 views

Threat Source newsletter (March 16, 2023) — A deep dive into Talos' work in Ukraine

Welcome to this weeks edition of the Threat Source newsletter. Were written a ton about Cisco Talos support of Ukraine and our friends and allies there. Now, we encourage you to watch and listen to the folks who have been working hands-on there. The latest episode of ThreatWise TV from Hazel Burt...

9.6AI score0.97408EPSS
Exploits18
Malwarebytes
Malwarebytes
added 2022/08/18 7:0 p.m.57 views

Attackers waited until holidays to hit US government

The government industry in the United States dealt with heavy hitting breaches against local, federal, and state government networks, primarily during the first quarter of 2021. Our telemetry revealed a small spike in a generic backdoor detection, known as Backdoor.Agent, during March of 2021,...

4.6CVSS0.1AI score0.57474EPSS
Exploits17
Openbugbounty
Openbugbounty
added 2022/05/11 2:38 a.m.7 views

washington.dc.networkofcare.org Cross Site Scripting vulnerability OBB-2614487

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Exploits0
Wired Threat Level
Wired Threat Level
added 2021/02/02 12:0 p.m.44 views

2034, Part II: Blackout in Washington, DC

“So much was happening and yet they had no news. Everything had been compromised.”...

1.3AI score
Exploits0
Rows per page
Query Builder