cve,link,title,description,vendor,products,score,severity,epss,cisa,article,ransomware,exploited,poc,trended,trended_no_1,published,trended_score
CVE-2022-3874,https://securityvulnerability.io/vulnerability/CVE-2022-3874,Os command injection via ct_command and fcct_command,"A command injection vulnerability has been identified in Foreman, enabling an authenticated user with admin privileges to execute arbitrary commands through CoreOS and Fedora CoreOS templates. This issue can potentially compromise the underlying operating system, making it crucial for administrators to apply necessary updates and mitigate risks associated with this flaw.",Red Hat,"Foreman,Red Hat Satellite 6",8,HIGH,0.001019999966956675,false,false,false,false,,false,false,2023-09-22T13:56:54.314Z,0
CVE-2023-0118,https://securityvulnerability.io/vulnerability/CVE-2023-0118,Arbitrary code execution through templates,"An arbitrary code execution vulnerability has been identified in Foreman, allowing an admin user to bypass safe mode in templates. This potentially malicious action enables the execution of arbitrary code on the underlying operating system, creating severe risks for system integrity and security. It is crucial for administrators to address this issue promptly to safeguard their environments.",Red Hat,"foreman,Red Hat Satellite 6.13 for RHEL 8",9.1,CRITICAL,0.0016799999866634607,false,false,false,false,,false,false,2023-09-20T14:15:00.000Z,0
CVE-2023-0462,https://securityvulnerability.io/vulnerability/CVE-2023-0462,Arbitrary code execution through yaml global parameters,"An arbitrary code execution vulnerability exists in Foreman, potentially allowing an admin user to execute unauthorized commands on the operating system. This vulnerability can be exploited by manipulating global parameters with specially crafted YAML payloads, posing a significant risk to system integrity. Administrators are advised to apply the necessary security patches to mitigate this risk effectively.",Red Hat,"Foreman,Red Hat Satellite 6",8,HIGH,0.0011599999852478504,false,false,false,false,,false,false,2023-09-20T14:15:00.000Z,0
CVE-2023-0119,https://securityvulnerability.io/vulnerability/CVE-2023-0119,Stored cross-site scripting in host tab,"A stored Cross-site scripting vulnerability was found in foreman. The Comment section in the Hosts tab has incorrect filtering of user input data. As a result of the attack, an attacker with an existing account on the system can steal another user's session, make requests on behalf of the user, and obtain user credentials.",Red Hat,"foreman,Red Hat Satellite 6.13 for RHEL 8",5.4,MEDIUM,0.0011699999449774623,false,false,false,false,,false,false,2023-09-12T16:15:00.000Z,0