Skip to main content

Meshery

6 CVEs product

Monthly

CVE-2024-36535 CRITICAL Act Now

Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Meshery
NVD GitHub
CVSS 3.1
9.8
EPSS
0.5%
CVE-2024-35182 Go HIGH POC PATCH This Week

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Kubernetes Meshery
NVD GitHub
CVSS 3.1
8.1
EPSS
1.6%
CVE-2024-35181 Go HIGH POC PATCH This Week

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Kubernetes Meshery
NVD GitHub
CVSS 3.1
8.1
EPSS
1.6%
CVE-2024-29031 Go HIGH POC PATCH This Week

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Kubernetes Meshery
NVD GitHub
CVSS 3.1
7.5
EPSS
1.0%
CVE-2023-46575 Go CRITICAL PATCH Act Now

A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacker to retrieve sensitive information and execute arbitrary code through the “order” parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE SQLi Meshery
NVD GitHub
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-31856 CRITICAL POC PATCH THREAT Act Now

A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Meshery
NVD GitHub
CVSS 3.1
9.8
EPSS
75.4%
EPSS 0% CVSS 9.8
CRITICAL Act Now

Insecure permissions in meshery v0.7.51 allows attackers to access sensitive data and escalate privileges by obtaining the service account's token. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Authentication Bypass Information Disclosure Meshery
NVD GitHub
EPSS 2% CVSS 8.1
HIGH POC PATCH This Week

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Kubernetes Meshery
NVD GitHub
EPSS 2% CVSS 8.1
HIGH POC PATCH This Week

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. Rated high severity (CVSS 8.1), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available.

SQLi Kubernetes Meshery
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC PATCH This Week

Meshery is an open source, cloud native manager that enables the design and management of Kubernetes-based infrastructure and applications. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

SQLi Kubernetes Meshery
NVD GitHub
EPSS 1% CVSS 9.8
CRITICAL PATCH Act Now

A SQL injection vulnerability exists in Meshery prior to version v0.6.179, enabling a remote attacker to retrieve sensitive information and execute arbitrary code through the “order” parameter. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

RCE SQLi Meshery
NVD GitHub
EPSS 75% CVSS 9.8
CRITICAL POC PATCH THREAT Act Now

A SQL Injection vulnerability in the REST API in Layer5 Meshery 0.5.2 allows an attacker to execute arbitrary SQL commands via the /experimental/patternfiles endpoint (order parameter in. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

SQLi Meshery
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy