Threat Intelligence
Secure Today. Defend Tomorrow.
Real-time threat feed from trusted sources. Updated continuously to keep you informed of the latest malicious activity.
ThinkPHP "noneCms" Remote Code Execution Vulnerability
ThinkPHP "noneCms" contains an unspecified vulnerability that allows for remote code execution through crafted use of the filter parameter.
Read More →ThinkPHP Remote Code Execution Vulnerability
ThinkPHP contains an unspecified vulnerability that allows for remote code execution via public//?s=index/\think\app/invokefunction&function=call_user_func_array&vars[0]=system&vars[1][]= followed by the command.
Read More →Trend Micro OfficeScan Directory Traversal Vulnerability
Trend Micro OfficeScan contains a directory traversal vulnerability by extracting files from a zip file to a specific folder on the OfficeScan server, leading to remote code execution.
Read More →Trend Micro Apex One and OfficeScan Remote Code Execution Vulnerability
Trend Micro Apex One and OfficeScan contain an unspecified vulnerability within a migration tool component that allows for remote code execution.
Read More →Trend Micro Multiple Products Content Validation Escape Vulnerability
Trend Micro Apex One, OfficeScan, and Worry-Free Business Security agents contain a content validation escape vulnerability that could allow an attacker to manipulate certain agent client components.
Read More →Trend Micro Multiple Products Improper Access Control Vulnerability
Trend Micro Apex One, OfficeScan, and Worry-Free Business Security on Microsoft Windows contain an improper access control vulnerability that may allow an attacker to manipulate a particular product folder to disable the security temporarily, abuse a specific Windows function, and attain privilege escalation.
Read More →Trend Micro Apex One and OfficeScan Authentication Bypass Vulnerability
Trend Micro Apex One and OfficeScan server contain a vulnerable EXE file that could allow a remote attacker to write data to a path on affected installations and bypass root login.
Read More →Trend Micro Multiple Products Improper Input Validation Vulnerability
Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows for privilege escalation.
Read More →Trend Micro Multiple Products Improper Input Validation Vulnerability
Trend Micro Apex One, Apex One as a Service, and Worry-Free Business Security contain an improper input validation vulnerability that allows a remote attacker to upload files.
Read More →TVT NVMS-1000 Directory Traversal Vulnerability
TVT devices utilizing NVMS-1000 software contain a directory traversal vulnerability via GET /.. requests.
Read More →Unraid Authentication Bypass Vulnerability
Unraid contains an authentication bypass vulnerability that allows attackers to gain access to the administrative interface. This CVE is chainable with CVE-2020-5847 for remote code execution.
Read More →Unraid Remote Code Execution Vulnerability
Unraid contains a vulnerability due to the insecure use of the extract PHP function that can be abused to execute remote code as root. This CVE is chainable with CVE-2020-5849 for initial access.
Read More →vBulletin PHP Module Remote Code Execution Vulnerability
The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via the widgetConfig[code] parameter in an ajax/render/widget_php routestring request.
Read More →vBulletin PHP Module Remote Code Execution Vulnerability
The PHP module within vBulletin contains an unspecified vulnerability that allows for remote code execution via crafted subWidgets data in an ajax/render/widget_tabbedcontainer_tab_panel request. This CVE ID resolves an incomplete patch for CVE-2019-16759.
Read More →VMware ESXi and Horizon DaaS OpenSLP Heap-Based Buffer Overflow Vulnerability
VMware ESXi and Horizon Desktop as a Service (DaaS) OpenSLP contains a heap-based buffer overflow vulnerability that allows an attacker with network access to port 427 to overwrite the heap of the OpenSLP service to perform remote code execution.
Read More →VMware ESXi OpenSLP Use-After-Free Vulnerability
VMware ESXi OpenSLP contains a use-after-free vulnerability that allows an attacker residing in the management network with access to port 427 to perform remote code execution.
Read More →VMware Multiple Products Privilege Escalation Vulnerability
VMware Fusion, Remote Console (VMRC) for Mac, and Horizon Client for Mac contain a privilege escalation vulnerability due to improper use of setuid binaries that allows attackers to escalate privileges to root.
Read More →VMware vCenter Server File Upload Vulnerability
VMware vCenter Server contains a file upload vulnerability in the Analytics service that allows a user with network access to port 443 to execute code.
Read More →VMware vCenter Server Information Disclosure Vulnerability
VMware vCenter Server contains an information disclosure vulnerability in the VMware Directory Service (vmdir) when the Platform Services Controller (PSC) does not correctly implement access controls. Successful exploitation allows an attacker with network access to port 389 to extract sensitive information.
Read More →VMware vCenter Server Remote Code Execution Vulnerability
VMware vCenter Server vSphere Client contains a remote code execution vulnerability in a vCenter Server plugin which allows an attacker with network access to port 443 to execute commands with unrestricted privileges on the underlying operating system.
Read More →Sources
- AlienVault OTX
- CISA KEV
- URLhaus
Stay Ahead of Threats
Secure Today. Defend Tomorrow.
Get daily threat intelligence and CVE digests delivered to your inbox.