CVE-2026-43892

AntSword (cross-platform website management toolkit) is affected by CVE-2026-43892 due to incomplete noxss() sanitization before version 2.1.16, enabling a 1-click remote code execution through jquery.terminal format code injection. The vulnerability is fixed in version 2.1.16. Impact is describe...

antSword 跨站脚本漏洞

AntSword is a cross-platform website management tool developed by the AntSwordProject. Versions of AntSword prior to 2.1.16 contained a cross-site scripting vulnerability. This vulnerability stemmed from incomplete noxss cleanup, allowing for injection through jQuery.terminal format code, which...

Web Server Exploits and Mimikatz Used in Attacks Targeting Asian Critical Infrastructure

High-value organizations located in South, Southeast, and East Asia have been targeted by a Chinese threat actor as part of a years-long campaign. The activity, which has targeted aviation, energy, government, law enforcement, pharmaceutical, technology, and telecommunications sectors, has been...

EUVD-2020-18156

Malware in sbrugna...

EUVD-2020-10683

Malware in sbrugna...

EUVD-2021-28277

Malicious code in bioql PyPI...

EUVD-2022-4193

Malicious code in bioql PyPI...

CVE-2021-41172

ASRedis is an AntSword plugin for Redis. The Redis Manage plugin for AntSword prior to version 0.5 is vulnerable to Self-XSS due to due to insufficient input validation and sanitization via redis server configuration. Self-XSS in the plugin configuration leads to code execution. This issue is...

CVE-2020-18766

A cross-site scripting XSS vulnerability AntSword v2.0.7 can remotely execute system commands...

CVE-2020-25470

AntSword 2.1.8.1 contains a cross-site scripting XSS vulnerability in the View Site funtion. When viewing an added site, an XSS payload can be injected in cookies view which can lead to remote code execution...

CVE-2019-13970

In antSword before 2.1.0, self-XSS in the database configuration leads to code execution via modules/database/asp/index.js, modules/database/custom/index.js, modules/database/index.js, or modules/database/php/index.js...

RedJuliett Cyber Espionage Campaign Hits 75 Taiwanese Organizations

A likely China-linked state-sponsored threat actor has been linked to a cyber espionage campaign targeting government, academic, technology, and diplomatic organizations in Taiwan between November 2023 and April 2024. Recorded Future's Insikt Group is tracking the activity under the name...

WARNING: New Unpatched Microsoft Exchange Zero-Day Under Active Exploitation

Security researchers are warning of previously undisclosed flaws in fully patched Microsoft Exchange servers being exploited by malicious actors in real-world attacks to achieve remote code execution on affected systems. The advisory comes from Vietnamese cybersecurity company GTSC, which...

GHSA-HQ75-GGC3-8H3Q AntSword RCE and XSS via code injection

In antSword before 2.1.0, self-XSS in the database configuration leads to code execution via modules/database/asp/index.js, modules/database/custom/index.js, modules/database/index.js, or modules/database/php/index.js...

AntSword RCE and XSS via code injection

In antSword before 2.1.0, self-XSS in the database configuration leads to code execution via modules/database/asp/index.js, modules/database/custom/index.js, modules/database/index.js, or modules/database/php/index.js...

Exploit for Code Injection in Vmware Spring_Framework

Spring Core RCE/CVE-2022-22965 Impacted versions: Spring fr...

CVE-2021-41172

ASRedis is an AntSword plugin for Redis. The Redis Manage plugin for AntSword prior to version 0.5 is vulnerable to Self-XSS due to due to insufficient input validation and sanitization via redis server configuration. Self-XSS in the plugin configuration leads to code execution. This issue is...

Input validation

ASRedis is an AntSword plugin for Redis. The Redis Manage plugin for AntSword prior to version 0.5 is vulnerable to Self-XSS due to due to insufficient input validation and sanitization via redis server configuration. Self-XSS in the plugin configuration leads to code execution. This issue is...

CVE-2021-41172

CVE-2021-41172 concerns AS_Redis, an AntSword Redis plugin. The Redis Manage plugin before v0.5 is vulnerable to Self-XSS caused by insufficient input validation/sanitization in the Redis server configuration, enabling code execution through plugin configuration. Mitigation: upgrade to version 0....

Pystinger - Bypass Firewall For Traffic Forwarding Using Webshell

Pystinger implements SOCK4 proxy and port mapping through webshell. It can be directly used by metasploit-framework, viper, cobalt strike for session online. Pystinger is developed in python, and currently supports three proxy scripts: php, jspx and aspx. Usage Suppose the domain name of the serv...