Posts
180
Following
Hidden
Followers
61
AttackerKB bot (Unofficial)
New assessment for topic: CVE-2025-34152

Topic description: "An unauthenticated OS command injection vulnerability exists in the Shenzhen Aitemi M300 Wi-Fi Repeater (hardware model MT02) via the 'time' parameter of the '/protocol.csp?' endpoint ..."

"[CVE-2025-34152](https://nvd.nist.gov/vuln/detail/CVE-2025-34152) is a critical unauthenticated OS command injection vulnerability affecting the Shenzhen Aitemi M300 (MT02) Wi-Fi repeater ..."

Link: https://attackerkb.com/assessments/f9232c59-7c73-4a11-be35-41796596deb5
0
0
0
New assessment for topic: CVE-2024-5805

Topic description: "Improper Authentication vulnerability in Progress MOVEit Gateway (SFTP modules) allows Authentication Bypass.This issue affects MOVEit Gateway: 2024.0.0. ..."

"[CVE-2024-5805](https://community.progress.com/s/article/MOVEit-Gateway-Critical-Security-Alert-Bulletin-June-2024-CVE-2024-5805) is a critical SFTP authentication bypass vulnerability affecting Progress [MOVEit Gateway](https://community.progress.com/s/article/Gateway-Overview), an optional DMZ proxy designed to be used with the MOVEit Transfer file sharing software ..."

Link: https://attackerkb.com/assessments/ea949df7-483a-458b-917b-683e0f53521a
0
0
0
New assessment for topic: CVE-2025-57791

Topic description: "An issue was discovered in Commvault before 11.36.60 ..."

"[CVE-2025-57791](https://documentation.commvault.com/securityadvisories/CV_2025_08_1.html) is a highly impactful unauthenticated argument injection vulnerability affecting Commvault for Windows and Linux ..."

Link: https://attackerkb.com/assessments/3265b8b6-674f-438b-a33d-e092ac4bbfbc
0
0
0
New assessment for topic: CVE-2025-57788

Topic description: "An issue was discovered in Commvault before 11.36.60 ..."

"CVE-2025-57788 is [a medium-severity vulnerability in Commvault](https://documentation.commvault.com/securityadvisories/CV_2025_08_3.html) for Windows and Linux, affecting the web service ..."

Link: https://attackerkb.com/assessments/ab3c1929-9e46-4a88-8c8e-7e4e22474aba
0
0
0
New assessment for topic: CVE-2025-42957

Topic description: "SAP S/4HANA allows an attacker with user privileges to exploit a vulnerability in the function module exposed via RFC ..."

"A low-privileged SAP user who can invoke the vulnerable RFC function can inject arbitrary ABAP, bypassing critical auth checks and achieving administrative control over SAP S/4HANA; pivot to the underlying host is feasible. ..."

Link: https://attackerkb.com/assessments/9e4b5480-8085-4545-a60b-a224b42105c1
0
0
0
New assessment for topic: CVE-2023-29059

Topic description: "3CX DesktopApp through 18.12.416 has embedded malicious code, as exploited in the wild in March 2023 ..."

"CVE-2023-29059 is a supply chain attack that [targeted systems in the wild](https://www.rapid7.com/blog/post/2023/03/30/backdoored-3cxdesktopapp-installer-used-in-active-threat-campaign/) in March, 2023, via infected 3CX DesktopApp Electron application packages ..."

Link: https://attackerkb.com/assessments/4b37df41-d0ef-4199-bd3c-a19e6be4dbf7
0
0
0
New assessment for topic: CVE-2025-53693

Topic description: "Use of Externally-Controlled Input to Select Classes or Code ('Unsafe Reflection') vulnerability in Sitecore Sitecore Experience Manager (XM), Sitecore Experience Platform (XP) allows Cache Poisoning.This issue affects Sitecore Experience Manager (XM): from 9.0 through 9.3, from 10.0 through 10.4; Experience Platform (XP): from 9.0 through 9.3, from 10.0 through 10.4. ..."

"CVE-2025-53693 is an unauthenticated server-side cache poisoning vulnerability affecting Sitecore Experience Manager and Sitecore Experience Platform ..."

Link: https://attackerkb.com/assessments/3d97308e-ef14-4f17-a30b-84550e8c8f69
0
0
0
New assessment for topic: CVE-2025-50154

Topic description: "Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an unauthorized attacker to perform spoofing over a network. ..."

"CVE-2025-50154 is easy to exploit ..."

Link: https://attackerkb.com/assessments/29dae763-b740-4740-bd8f-c048380ccc59
0
0
0
New assessment for topic: CVE-2023-28459

Topic description: "pretalx 2.3.1 before 2.3.2 allows path traversal in HTML export (a non-default feature) ..."

"Pretalx is a web-based conference planning tool used to manage call for papers (CfP) submissions, select talks, communicate with speakers, and publish conference schedules ..."

Link: https://attackerkb.com/assessments/9366f871-5537-409f-ac6a-6b0013fd3bfb
0
0
0
New assessment for topic: CVE-2024-32019

Topic description: "Netdata is an open source observability tool ..."

"Netdata is an open-source observability tool that contains a designated tool to run a set of defined commands with elevated privileges ..."

Link: https://attackerkb.com/assessments/2d9e32c1-bf84-4cea-a07f-dca060dc86bf
0
0
0
New assessment for topic: CVE-2025-7775

Topic description: "Memory overflow vulnerability leading to Remote Code Execution and/or Denial of Service in NetScaler ADC and NetScaler Gateway when NetScaler is configured as Gateway (VPN virtual server, ICA Proxy, CVPN, RDP Proxy) or AAA virtual server ..."

"Based on the vendors CVSS rating of [9.2 Critical](https://www.first.org/cvss/calculator/4-0#CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:L/SI:L/SA:L), we know this is unauthenticated, however the complexity rating is given as high and the attack requirements is given as being present, (i.e ..."

Link: https://attackerkb.com/assessments/4e09b69a-f48c-4c6c-be6e-8fc1d783cd7b
0
0
0
New assessment for topic: CVE-2025-49619

Topic description: "Skyvern through 0.1.85 is vulnerable to server-side template injection (SSTI) in the Prompt field of workflow blocks such as the Navigation v2 Block ..."

"On June 7th, CVE-2025-49619 was published, alongside a [write-up](https://cristibtz.blog/posts/CVE-2025-49619/) ..."

Link: https://attackerkb.com/assessments/fcb4d7e0-b562-4515-9a78-4f40640308f2
0
0
0
New assessment for topic: CVE-2024-51981

Topic description: "An unauthenticated attacker may perform a blind server side request forgery (SSRF), due to a CLRF injection issue that can be leveraged to perform HTTP request smuggling ..."

"A Server Side Request Forgery (SSRF) vulnerability exists due to how the Brother firmware handles Web Services Eventing (WS-Eventing) subscriptions ..."

Link: https://attackerkb.com/assessments/fa5c2bf7-82ec-44cc-8808-d8647ae037d4
0
0
0
New assessment for topic: CVE-2025-1094

Topic description: "Improper neutralization of quoting syntax in PostgreSQL libpq functions PQescapeLiteral(), PQescapeIdentifier(), PQescapeString(), and PQescapeStringConn() allows a database input provider to achieve SQL injection in certain usage patterns ..."

"An attacker can inject unexpected UTF-8 characters, such as `\xC0` into a string that is correctly escaped via the PSQL escaping routines, such as `pg_escape_string` ..."

Link: https://attackerkb.com/assessments/74e38297-224a-4205-beb2-c5cef31d2ecf
0
0
0
New assessment for topic: CVE-2024-51977

Topic description: "An unauthenticated attacker who can access either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631), can leak several pieces of sensitive information from a vulnerable device ..."

"An unauthenticated attacker who can access either the HTTP service (Port 80), the HTTPS service (Port 443), or the IPP service (Port 631), can leak several pieces of information from a vulnerable device ..."

Link: https://attackerkb.com/assessments/d00cbb64-c04d-4317-9f35-c201a4aa5733
0
0
0
New assessment for topic: CVE-2024-51979

Topic description: "An authenticated attacker may trigger a stack based buffer overflow by performing a malformed request to either the HTTP service (TCP port 80), the HTTPS service (TCP port 443), or the IPP service (TCP port 631) ..."

"An authenticated stack-based buffer overflow exists in the printers HTTP server ..."

Link: https://attackerkb.com/assessments/aa600177-e69d-4eba-810a-f317d2ddb369
0
0
0
New assessment for topic: CVE-2024-51980

Topic description: "An unauthenticated attacker may perform a limited server side request forgery (SSRF), forcing the target device to open a TCP connection to an arbitrary port number on an arbitrary IP address ..."

"A Server Side Request Forgery (SSRF) vulnerability exists due to how the Brother firmware handles Web Services Addressing (WS-Addressing) during SOAP requests to the SOAP service over HTTP (TCP port 80) ..."

Link: https://attackerkb.com/assessments/686ad46c-d2c3-4116-b31e-010e695ba288
0
0
0
New assessment for topic: CVE-2024-51982

Topic description: "An unauthenticated attacker who can connect to TCP port 9100 can issue a Printer Job Language (PJL) command that will crash the target device ..."

"An unauthenticated attacker who can connect to TCP port 9100 can issue a Printer Job Language (PJL) command that will crash the target device ..."

Link: https://attackerkb.com/assessments/f29cd000-e191-42dd-ab80-271c3eef8c2d
0
0
0
New assessment for topic: CVE-2024-51983

Topic description: "An unauthenticated attacker who can connect to the Web Services feature (HTTP TCP port 80) can issue a WS-Scan SOAP request containing an unexpected JobToken value which will crash the target device ..."

"The device’s Web Services feature operates over HTTP (Port 80) and accepts an XML-based SOAP request ..."

Link: https://attackerkb.com/assessments/9b5204d1-0cb0-4d9c-a7ae-97199dd23d80
0
0
0
New assessment for topic: CVE-2024-51984

Topic description: "An authenticated attacker can reconfigure the target device to use an external service (such as LDAP or FTP) controlled by the attacker ..."

"An affected device allows for multiple external services to be configured for use by the device, such as LDAP, FTP, SFTP, and SharePoint ..."

Link: https://attackerkb.com/assessments/ded3c328-b080-4b18-b7f3-4df3838bdd18
0
0
0
Show older