Commvault CommCell - Local File Inclusion

CommCell in Commvault before 14.68, 15.x before 15.58, 16.x before 16.44, 17.x before 17.29, and 18.x before 18.13 are vulnerable to local file inclusion because an attacker can view a log file can instead view a file outside of the log-files folder. id: CVE-2020-25780 info: name: Commvault...

Commvault - SSRF via /commandcenter/deployWebpackage.do

A path traversal vulnerability in Commvault Command Center Innovation Release allows an unauthenticated actor to upload ZIP files, which, when expanded by the target server, result in Remote Code Execution. This issue affects Command Center Innovation Release: 11.38. id: CVE-2025-34028 info: name...

Commvault Unauthenticated Password Disclosure (WT-2025-0047)

An issue was discovered in Commvault before 11.36.60. A vulnerability in a known login mechanism allows unauthenticated attackers to execute API calls without requiring user credentials. RBAC helps limit the exposure but does not eliminate risk. id: CVE-2025-57788 info: name: Commvault...

Commvault Initial Administrator Login Process Vulnerability

An issue was discovered in Commvault before 11.36.60.During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured. id:...

Commvault CommandCenter < 11.36.60 Unauthorized API Access

Commvault CommandCenter versions prior to 11.36.60 contain a vulnerability in a known login mechanism that allows unauthenticated attackers to execute API calls without requiring user credentials. No source data...

Commvault WebConsole 安全漏洞

Commvault WebConsole is a web-based management platform from Commvault USA. A security vulnerability exists in Commvault WebConsole that originates from storing user input directly in a web page, which could lead to a cross-site scripting attack...

📄 Commvault CLI 11.36.60 Remote Code Execution

Proof of concept exploit for the Commvault CLI version 11.36.60 remote code execution vulnerability. ============================================================================================================================================= | Title : Commvault CLI 11.36.60 RCE PHP Implementatio...

EUVD-2015-7184

Malware in sbrugna...

EUVD-2021-21644

Malware in sbrugna...

EUVD-2021-21642

Malware in sbrugna...

EUVD-2021-21641

Malware in sbrugna...

EUVD-2021-21640

Malware in sbrugna...

EUVD-2024-54819

Malicious code in bioql PyPI...

EUVD-2025-22723

Malicious code in bioql PyPI...

EUVD-2024-54818

Malicious code in bioql PyPI...

EUVD-2025-25257

Malicious code in bioql PyPI...

Metasploit Weekly Wrap-Up 09/19/2025

Consistently Persistent The Metasploit Framework has around 26 different modules which can be used to establish persistence on a target. Persistence modules help operators ensure they can maintain a consistent foothold within an environment once a target has been compromised and are quite helpful...

Commvault Command-Line Argument Injection to Traversal Remote Code Execution

This module exploits an unauthenticated remote code execution exploit chain for Commvault, tracked as CVE-2025-57790 and CVE-2025-57791. A command-line injection permits unauthenticated access to the 'localadmin' account, which then facilitates code execution via expression language injection...

📄 Commvault CLI Argument Injection / Traversal / Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution exploit chain for Commvault, tracked as CVE-2025-57790 and CVE-2025-57791. A command-line injection permits unauthenticated access to the localadmin account, which then facilitates code execution via expression language...

Commvault Installed (Linux)

Binary data commvaultnixinstalled.nbin...