POCs

----- Summary - This is a POC for CVE-2026-34234 https://cve...

CVE-2026-34234 CtrlPanel: Unauthenticated RCE using installer script

CtrlPanel is open-source billing software for hosting providers. In versions 1.1.1 and prior, the web-based installer public/installer/index.php is vulnerable to unauthenticated Remote Code Execution RCE because it performs the install.lock check only after including and executing form handler...

CVE-2026-30461

Summary: CVE-2026-30461 affects Daylight Studio FuelCMS v1.5.2. An authenticated attacker can trigger remote code execution via the installer path: /controllers/Installer.php, abusing the add_git_submodule function. The underlying issue is insufficient access control for the installer submodule o...

CVE-2026-5331 OpenCart Extension Installer installer.php path traversal

A vulnerability was determined in OpenCart 4.1.0.3. This affects an unknown part of the file installer.php of the component Extension Installer Page. Executing a manipulation can lead to path traversal. The attack may be launched remotely. The exploit has been publicly disclosed and may be...

CVE-2026-28515

openDCIM version 23.04, through commit 4467e9c4, contains a missing authorization vulnerability in install.php and container-install.php. The installer and upgrade handler expose LDAP configuration functionality without enforcing application role checks. Any authenticated user can access this...

Notepad++ Hosting Breach Attributed to China-Linked Lotus Blossom Hacking Group

A China-linked threat actor known as Lotus Blossom has been attributed with medium confidence to the recently discovered compromise of the infrastructure hosting Notepad++. The attack enabled the state-sponsored hacking group to deliver a previously undocumented backdoor codenamed Chrysalis to...

EUVD-2020-28652

Malware in sbrugna...

EUVD-2020-27021

Malware in sbrugna...

EUVD-2018-13847

Malware in sbrugna...

EUVD-2024-24525

Malicious code in bioql PyPI...

CVE-2024-52555

In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script...

CVE-2024-52555

In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script...

CVE-2024-52555

In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script...

CVE-2024-52555

In JetBrains WebStorm before 2024.3 code execution in Untrusted Project mode was possible via type definitions installer script...

CVE-2024-52555

CVE-2024-52555 affects JetBrains WebStorm prior to 2024.3. Multiple connected sources confirm a code execution vulnerability in Untrusted Project mode via the type definitions installer script. The core issue is the installer script handling untrusted type definitions that can be loaded in Untrus...

CVE-2024-27301

Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang !/bin/zsh is being used...

CVE-2024-27301 Privilege Escalation Abusing installer in SupportApp

Support App is an opensource application specialized in managing Apple devices. It's possible to abuse a vulnerability inside the postinstall installer script to make the installer execute arbitrary code as root. The cause of the vulnerability is the fact that the shebang !/bin/zsh is being used...

Support App Security Vulnerability

Support App is an open source application designed to manage Apple devices. A security vulnerability exists in Support App prior to version 2.5.1 Rev 2, which originates from a security flaw in the installer script that allows the installer to execute arbitrary code as root...

CVE-2018-25095

The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server...

CVE-2018-25095

The Duplicator WordPress plugin before 1.3.0 does not properly escape values when its installer script replaces values in WordPress configuration files. If this installer script is left on the site after use, it could be use to run arbitrary code on the server...