EUVD-2015-0292

Malware in sbrugna...

RockyLinux 10 : opentelemetry-collector (RLSA-2025:7479)

The remote RockyLinux 10 host has a package installed that is affected by multiple vulnerabilities as referenced in the RLSA-2025:7479 advisory. go-jose: Go JOSE's Parsing Vulnerable to Denial of Service CVE-2025-27144 golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in...

EUVD-2024-16505

Malicious code in bioql PyPI...

EUVD-2022-51508

Malicious code in bioql PyPI...

EUVD-2023-56305

Malicious code in bioql PyPI...

EUVD-2022-2197

Malicious code in bioql PyPI...

EUVD-2024-48458

Malicious code in bioql PyPI...

EUVD-2023-46856

Malicious code in bioql PyPI...

EUVD-2023-3115

Malicious code in bioql PyPI...

EUVD-2024-46974

Malicious code in bioql PyPI...

EUVD-2022-2350

Malicious code in bioql PyPI...

EUVD-2025-16774

Malicious code in bioql PyPI...

Improper Neutralization of Special Elements used in an Expression Language Statement ('Expression Language Injection')

Overview Affected versions of this package are vulnerable to Improper Neutralization of Special Elements used in an Expression Language Statement 'Expression Language Injection' via the QLExpressEngine process. An attacker can execute arbitrary code by submitting crafted expressions that trigger...

PT-2025-39688

🔴 Hutool, Expression Language Injection, CVE-2025-51674 Critical https://t.co/MxqQOP8akw...

📄 Commvault CLI Argument Injection / Traversal / Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution exploit chain for Commvault, tracked as CVE-2025-57790 and CVE-2025-57791. A command-line injection permits unauthenticated access to the localadmin account, which then facilitates code execution via expression language...

Security Bulletin: Arbitrary Code Execution via JaninoEventEvaluator in Logback-Core (Versions 0.1–1.3.14, 1.4.0–1.5.12) through Malicious Configuration or Environment Variable Injection affects watsonx.data

Summary ACE vulnerability in JaninoEventEvaluator by QOS.CH logback-core upto including version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 in Java applications allows attacker to execute arbitrary code by compromising an existing logback configuration file or by injecting an environment variable before...

Expression Language Injection

Overview Affected versions of this package are vulnerable to Expression Language Injection in the GatewayEvaluationContext method, which allows property modification that in turn enables code execution. Only Webflux applications are vulnerable, not WebMVC applications. Additionally, the following...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Ivanti Endpoint_Manager_Mobile

CVE-2025-4428 & CVE-2025-4427 CVE-2025-4428 is a post-auth re...

Security Bulletin: Multiple vulnerabilities that affects BigReplicate (CVE-2024-51504, CVE-2024-38821, CVE-2023-20863)

Summary zookeeper-3.9.2.jar, spring-aop-5.3.26.jar, spring-security-web-5.8.11.jar dependency packages are being used by IBM BigReplicate . This bulletin describes the upgrades necessary to address the vulnerability. Vulnerability Details CVEID:CVE-2024-51504 DESCRIPTION: When using...

📄 Ivanti Endpoint Manager Mobile 12.5.0.0 Authentication Bypass

Ivanti Endpoint Manager Mobile version 12.5.0.0 authentication bypass proof of concept exploit. !/usr/bin/env python3 Exploit Title: Ivanti Endpoint Manager Mobile 12.5.0.0 - Authentication Bypass Google Dork: inurl:/mifs "Ivanti" OR "EPM" OR "Endpoint Manager" Date: 2025-01-21 Exploit Author: Yo...