CVE Search Engine - Security Vulnerabilities and Exploits Search Tool

show all

28 matches found

NVD•added 2025/10/30 10:15 p.m.•6 views

CVE-2023-7317

Nagios XI versions prior to 2024R1 contain a missing access control vulnerability via the Web SSH Terminal. A remote, low-privileged attacker could access or interact with the terminal interface without sufficient authorization, potentially allowing unauthorized command execution or disclosure of...

9.4CVSS0.0043EPSS

Exploits0References3

OSV•added 2025/10/30 10:15 p.m.•1 views

CVE-2023-7317

8.8CVSS5.9AI score0.0043EPSS

Exploits0References3

CVE•added 2025/10/30 9:47 p.m.•7 views

CVE-2023-7317

CVE-2023-7317 affects Nagios XI prior to 2024R1 due to a missing access control in the Web SSH Terminal. A remote, low-privilege attacker could access/interact with the terminal without sufficient authorization, potentially leading to unauthorized command execution or disclosure of sensitive info...

9.4CVSS6.3AI score0.0043EPSS

Exploits0References3Affected Software1

Vulnrichment•added 2025/10/30 9:47 p.m.•2 views

CVE-2023-7317 Nagios XI < 2024R1 Web SSH Terminal Missing Access Control

9.4CVSS6.3AI score0.0043EPSS

Exploits0References3

Cvelist•added 2025/10/30 9:47 p.m.•4 views

CVE-2023-7317 Nagios XI < 2024R1 Web SSH Terminal Missing Access Control

9.4CVSS0.0043EPSS

Exploits0References3

EUVD•added 2025/10/03 8:7 p.m.•2 views

EUVD-2024-3209

Malicious code in bioql PyPI...

8.6CVSS9.3AI score0.00901EPSS

Exploits0References6

RedhatCVE•added 2025/05/23 6:30 a.m.•5 views

CVE-2024-52010

Zoraxy is a general purpose HTTP reverse proxy and forwarding tool. A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH...

8.6CVSS7.8AI score0.00901EPSS

Exploits0References1

OSV•added 2025/03/13 1:15 p.m.•2 views

CVE-2025-2277

Exposure of password in web-based SSH authentication component in Devolutions Server 2024.3.13 and earlier allows a user to unadvertently leak his SSH password due to missing password masking...

7.5CVSS5.8AI score

Exploits0References1

Tenable Nessus•added 2024/11/21 12:0 a.m.•12 views

D-Link Routers Incorrect Use Of Privileged APIs (CVE-2024-11068)

The D-Link DSL6740C modem has an Incorrect Use of Privileged APIs vulnerability, allowing unauthenticated remote attackers to modify any userâs password by leveraging the API, thereby granting access to Web, SSH, and Telnet services using that userâs account. Note that Nessus has not tested f...

9.8CVSS5.5AI score0.01188EPSS

Exploits0References2

OSV•added 2024/11/19 5:20 p.m.•12 views

GO-2024-3267 Zoraxy has an authenticated command injection in the Web SSH feature in github.com/tobychui/zoraxy

Zoraxy has an authenticated command injection in the Web SSH feature in github.com/tobychui/zoraxy. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

8.6CVSS9.3AI score0.00901EPSS

Exploits0References4

OSV•added 2024/11/12 9:28 p.m.•10 views

GHSA-7HPF-G48V-HW3J Zoraxy has an authenticated command injection in the Web SSH feature

Summary A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Details Zoraxy has a Web SSH terminal feature that allows authenticated users to connect to SSH servers from their browsers. In...

8.6CVSS9.8AI score0.00901EPSS

Exploits0References6

Github Security Blog•added 2024/11/12 9:28 p.m.•25 views

Zoraxy has an authenticated command injection in the Web SSH feature

8.6CVSS8.8AI score0.00901EPSS

Exploits0References6Affected Software1

NVD•added 2024/11/12 5:15 p.m.•16 views

CVE-2024-52010

8.6CVSS0.00901EPSS

Exploits0References3

CVE•added 2024/11/12 4:6 p.m.•55 views

CVE-2024-52010

CVE-2024-52010 concerns Zoraxy, a general-purpose HTTP reverse proxy/forwarding tool, with a vulnerability in the Web SSH feature. In HandleCreateProxySession , the request to create an SSH session handles a user-supplied username that can be injected into the sshCommand ; the username is not val...

8.6CVSS7.6AI score0.00901EPSS

Exploits0References3

Cvelist•added 2024/11/12 4:6 p.m.•19 views

CVE-2024-52010 Zoraxy has an authenticated command injection in the Web SSH feature

8.6CVSS0.00901EPSS

Exploits0References3

OSV•added 2024/11/12 4:6 p.m.•20 views

CVE-2024-52010 Zoraxy has an authenticated command injection in the Web SSH feature

8.6CVSS9.7AI score0.00901EPSS

Exploits0References5

Vulnrichment•added 2024/11/12 4:6 p.m.•17 views

CVE-2024-52010 Zoraxy has an authenticated command injection in the Web SSH feature

8.6CVSS8.2AI score0.00901EPSS

Exploits0References3

Positive Technologies•added 2024/11/12 12:0 a.m.•2 views

PT-2024-35095 · Zoraxy · Zoraxy

Name of the Vulnerable Software and Affected Versions: Zoraxy versions 2.6.1 through 3.1.2 Description: A command injection vulnerability in the Web SSH feature allows an authenticated attacker to execute arbitrary commands as root on the host. Zoraxy has a Web SSH terminal feature that allows...

9.8CVSS8.6AI score0.81794EPSS

Exploits3References25

NVD•added 2023/10/27 9:15 p.m.•10 views

CVE-2023-35794

An issue was discovered in Cassia Access Controller 2.1.1.2303271039. The Web SSH terminal endpoint spawned console can be accessed without authentication. Specifically, there is no session cookie validation on the Access Controller; instead, there is only Basic Authentication to the SSH console...

8.8CVSS8.7AI score0.00313EPSS

Exploits1References3

Prion•added 2023/10/27 9:15 p.m.•14 views

Design/Logic Flaw

6.5CVSS8.6AI score0.00313EPSS

Exploits1References3Affected Software1

Rows per page

Query Builder

Family

Bulletin Type

Min CVSS Score

Date

Order by