cve,link,title,description,vendor,products,score,severity,epss,cisa,cisa_published,article,ransomware,exploited,exploited_date,poc,trended,trended_no_1,trended_no_1_date,published,trended_score
CVE-2021-22116,https://securityvulnerability.io/vulnerability/CVE-2021-22116,Denial of Service Vulnerability in RabbitMQ by Pivotal Software,"A vulnerability exists in RabbitMQ versions prior to 3.8.16 due to improper input validation within the AMQP 1.0 client connection endpoint. This flaw can be exploited by a malicious user who sends specially crafted AMQP messages to an affected RabbitMQ instance that has the AMQP 1.0 plugin enabled, potentially leading to a denial of service.",Vmware,RabbitMQ,7.5,HIGH,0.0011899999808520079,false,,false,false,false,,,false,false,,2021-06-08T11:23:58.000Z,0
CVE-2021-22117,https://securityvulnerability.io/vulnerability/CVE-2021-22117,Plugin Directory Permission Vulnerability in RabbitMQ on Windows,"Prior to version 3.8.16, RabbitMQ installers on Windows do not enforce stringent permissions on plugin directories. This oversight may enable attackers with local filesystem access to insert malicious plugins, potentially compromising the integrity and security of the RabbitMQ server.",Vmware,RabbitMQ,7.8,HIGH,0.0004400000034365803,false,,false,false,false,,,false,false,,2021-05-18T12:47:11.000Z,0
CVE-2020-5419,https://securityvulnerability.io/vulnerability/CVE-2020-5419,RabbitMQ arbitrary code execution using local binary planting,RabbitMQ versions 3.8.x prior to 3.8.7 are prone to a Windows-specific binary planting security vulnerability that allows for arbitrary code execution. An attacker with write privileges to the RabbitMQ installation directory and local access on Windows could carry out a local binary hijacking (planting) attack and execute arbitrary code.,Vmware Tanzu,RabbitMQ,6.7,MEDIUM,0.0004400000034365803,false,,false,false,false,,,false,false,,2020-08-31T15:15:00.000Z,0
CVE-2014-9649,https://securityvulnerability.io/vulnerability/CVE-2014-9649,,"Cross-site scripting (XSS) vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error message.",Vmware,RabbitMQ,,,0.0022899999748915434,false,,false,false,false,,,false,false,,2015-01-27T17:00:00.000Z,0
CVE-2014-9650,https://securityvulnerability.io/vulnerability/CVE-2014-9650,,CRLF injection vulnerability in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the download parameter to api/definitions.,Vmware,RabbitMQ,,,0.0036200000904500484,false,,false,false,false,,,false,false,,2015-01-27T17:00:00.000Z,0