cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2024-5262,https://securityvulnerability.io/vulnerability/CVE-2024-5262,Remote Access to Files and Directories through Anonymous Login Vulnerability in ProjectDiscovery Interactsh,"A vulnerability has been identified in the SMB server of ProjectDiscovery's Interactsh, which allows remote attackers to gain unauthorized read and write access to files and directories. This issue arises from the exposure of files within the directory and its subdirectories, enabling potential manipulation without proper authentication via anonymous login. Administrators using Interactsh should immediately review their configurations and apply necessary security measures to mitigate these risks.",Projectdiscovery,Interactsh,9.8,CRITICAL,0.0008399999933317304,false,,false,false,false,,,false,false,,2024-06-05T04:00:31.273Z,0
CVE-2023-36474,https://securityvulnerability.io/vulnerability/CVE-2023-36474,Interactsh server settings make users vulnerable to Subdomain Takeover,"Interactsh, an open-source tool for detecting out-of-band interactions, has a vulnerability that allows subdomain takeover for the specific subdomain 'app.' Prior to version 1.0.0, Interactsh servers utilized default CNAME entries pointing to GitHub pages, which could lead to arbitrary client-side code execution through cross-site scripting when users visit the vulnerable subdomain. This risk occurs if users fail to configure a web client while having a CNAME entry set up. The issue has been resolved in version 1.0.0, which makes CNAME configurations optional.",Projectdiscovery,Interactsh,8.2,HIGH,0.0009500000160187483,false,,false,false,false,,,false,false,,2023-06-28T22:15:00.000Z,0