Skip to main content

Network

16 CVEs product

Monthly

CVE-2026-45291 HIGH PATCH This Week

Denial of service in CloudburstMC Network versions prior to 1.0.0.CR3-20260418.124334-32 allows remote unauthenticated attackers to close the parent Netty channel, rendering the network layer inoperable. Any publicly accessible application depending on the affected library is exposed, and no public exploit has been identified at time of analysis. The CVSS 7.5 score reflects a high-availability impact with no confidentiality or integrity loss.

Information Disclosure Network
NVD GitHub
CVSS 3.1
7.5
EPSS
0.1%
CVE-2026-45290 HIGH PATCH This Week

Denial of service in Cloudburst Network (cloudburstmc/network) versions prior to 1.0.0.CR3-20260417.085727-30 allows remote attackers to stall the underlying Netty event loop, rendering network processing inoperable for any publicly accessible application that depends on the library. The flaw scores CVSS 7.5 with a fully remote, low-complexity, unauthenticated availability impact, and no public exploit identified at time of analysis.

Denial Of Service Network
NVD GitHub
CVSS 3.1
7.5
EPSS
0.0%
CVE-2024-21488 npm CRITICAL POC PATCH Act Now

Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Network
NVD GitHub VulDB
CVSS 3.1
9.8
EPSS
3.2%
CVE-2022-24394 HIGH This Week

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “update_checkfile” value for the “filename” parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-24393 HIGH This Week

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “check_vertica_upgrade” value for the “cpIp” parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-24392 HIGH This Week

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “feed_comm_test” value for the “feed” parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
CVSS 3.1
8.8
EPSS
2.5%
CVE-2022-24391 HIGH This Week

Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Deception Network
NVD
CVSS 3.1
8.8
EPSS
0.9%
CVE-2022-24390 HIGH This Week

Vulnerability in rconfig “remote_text_file” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
CVSS 3.1
8.8
EPSS
1.2%
CVE-2022-24389 HIGH This Week

Vulnerability in rconfig “cert_utils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-24388 HIGH This Week

Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
CVSS 3.1
8.8
EPSS
1.4%
CVE-2022-0997 HIGH This Week

Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Deception Network
NVD
CVSS 3.1
7.8
EPSS
0.5%
CVE-2022-0486 HIGH This Week

Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Deception Network
NVD
CVSS 3.1
7.8
EPSS
0.4%
CVE-2021-35050 HIGH POC This Week

User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Deception Network
NVD
CVSS 3.1
7.5
EPSS
1.0%
CVE-2021-35049 HIGH POC This Week

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Command Injection Deception Network
NVD
CVSS 3.1
8.8
EPSS
4.6%
CVE-2021-35048 CRITICAL POC Act Now

Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Deception Network
NVD
CVSS 3.1
9.8
EPSS
1.3%
CVE-2021-35047 HIGH POC This Week

Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Deception Network
NVD
CVSS 3.1
8.8
EPSS
1.6%
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in CloudburstMC Network versions prior to 1.0.0.CR3-20260418.124334-32 allows remote unauthenticated attackers to close the parent Netty channel, rendering the network layer inoperable. Any publicly accessible application depending on the affected library is exposed, and no public exploit has been identified at time of analysis. The CVSS 7.5 score reflects a high-availability impact with no confidentiality or integrity loss.

Information Disclosure Network
NVD GitHub
EPSS 0% CVSS 7.5
HIGH PATCH This Week

Denial of service in Cloudburst Network (cloudburstmc/network) versions prior to 1.0.0.CR3-20260417.085727-30 allows remote attackers to stall the underlying Netty event loop, rendering network processing inoperable for any publicly accessible application that depends on the library. The flaw scores CVSS 7.5 with a fully remote, low-complexity, unauthenticated availability impact, and no public exploit identified at time of analysis.

Denial Of Service Network
NVD GitHub
EPSS 3% CVSS 9.8
CRITICAL POC PATCH Act Now

Versions of the package network before 0.7.0 are vulnerable to Arbitrary Command Injection due to use of the child_process exec function without input sanitization. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Command Injection Network
NVD GitHub VulDB
EPSS 2% CVSS 8.8
HIGH This Week

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “update_checkfile” value for the “filename” parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “check_vertica_upgrade” value for the “cpIp” parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
EPSS 3% CVSS 8.8
HIGH This Week

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface using the “feed_comm_test” value for the “feed” parameter. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Vulnerability in Fidelis Network and Deception CommandPost enables SQL injection through the web interface by an attacker with user level access. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Deception Network
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Vulnerability in rconfig “remote_text_file” enables an attacker with user level access to the CLI to inject user level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Vulnerability in rconfig “cert_utils” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
EPSS 1% CVSS 8.8
HIGH This Week

Vulnerability in rconfig “date” enables an attacker with user level access to the CLI to inject root level commands into Fidelis Network and Deception CommandPost, Collector, Sensor, and Sandbox. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Command Injection Deception Network
NVD
EPSS 1% CVSS 7.8
HIGH This Week

Improper file permissions in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify affected. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Deception Network
NVD
EPSS 0% CVSS 7.8
HIGH This Week

Improper file permissions in the CommandPost, Collector, Sensor, and Sandbox components of Fidelis Network and Deception enables an attacker with local, administrative access to the CLI to modify. Rated high severity (CVSS 7.8), this vulnerability is low attack complexity. No vendor patch available.

Privilege Escalation Deception Network
NVD
EPSS 1% CVSS 7.5
HIGH POC This Week

User credentials stored in a recoverable format within Fidelis Network and Deception CommandPost. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Information Disclosure Deception Network
NVD
EPSS 5% CVSS 8.8
HIGH POC This Week

Vulnerability in Fidelis Network and Deception CommandPost enables authenticated command injection through the web interface. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Command Injection Deception +1
NVD
EPSS 1% CVSS 9.8
CRITICAL POC Act Now

Vulnerability in Fidelis Network and Deception CommandPost enables unauthenticated SQL injection through the web interface. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

SQLi Deception Network
NVD
EPSS 2% CVSS 8.8
HIGH POC This Week

Vulnerability in the CommandPost, Collector, and Sensor components of Fidelis Network and Deception enables an attacker with user level access to the CLI to inject root level commands into the. Rated high severity (CVSS 8.8), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.

Command Injection Deception Network
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy