SerialWaffle

Description: An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. Link: Visit the GitHub Repository Language: Python Owner: Hexastrike Stars: 0 Forks: 0

Description: The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. Link: Visit the GitHub Repository Language: Batchfile Owner: aulauniversal Stars: 0 Forks: 0

Description: pfSense pfBlockerNG through 2.1.4_26 allows remote attackers to execute arbitrary OS commands as root via shell metacharacters in the HTTP Host header. NOTE: 3.x is unaffected. Link: Visit the GitHub Repository Language: Python Owner: Inplex-sys Stars: 0 Forks: 0

Description: Windows TCP/IP Remote Code Execution Vulnerability Link: Visit the GitHub Repository Language: Python Owner: jip-0-0-0-0-0 Stars: 1 Forks: 0

Description: An exploitable command injection vulnerability exists in the Config editor of the Exhibitor Web UI versions 1.0.9 to 1.7.1. Arbitrary shell commands surrounded by backticks or $() can be inserted into the editor and will be executed by the Exhibitor process when it launches ZooKeeper. An

Description: OpenSSH server (sshd) 9.1 introduced a double-free vulnerability during options.kex_algorithms handling. This is fixed in OpenSSH 9.2. The double free can be leveraged, by an unauthenticated remote attacker in the default configuration, to jump to any location in the sshd address space. One third-party report

Description: An authentication bypass vulnerability in the web component of Ivanti ICS 9.x, 22.x and Ivanti Policy Secure allows a remote attacker to access restricted resources by bypassing control checks. Link: Visit the GitHub Repository Language: Python Owner: rxwx Stars: 0 Forks: 0

Description: Windows Kernel-Mode Driver Elevation of Privilege Vulnerability Link: Visit the GitHub Repository Language: C Owner: Brentlyw Stars: 0 Forks: 0

Description: The Hunk Companion plugin for WordPress is vulnerable to unauthorized plugin installation/activation due to a missing capability check on the /wp-json/hc/v1/themehunk-import REST API endpoint in all versions up to, and including, 1.8.4. This makes it possible for unauthenticated attackers to install and activate

Description: Dell dbutil_2_3.sys driver contains an insufficient access control vulnerability which may lead to escalation of privileges, denial of service, or information disclosure. Local authenticated user access is required. Link: Visit the GitHub Repository Language: C++ Owner: IlanDudnik Stars: 0 Forks: 0