CVE-2025-34511 Sitecore PowerShell Extension RCE via Unrestricted Upload

Sitecore PowerShell Extensions, an add-on to Sitecore Experience Manager XM and Experience Platform XP, through version 7.0 is vulnerable to an unrestricted file upload issue. A remote, authenticated attacker can upload arbitrary files to the server using crafted HTTP requests, resulting in remot...

EUVD-2025-18568

Sitecore PowerShell Extensions, an add-on to Sitecore Experience Manager XM and Experience Platform XP, through version 7.0 is vulnerable to an unrestricted file upload issue. A remote, authenticated attacker can upload arbitrary files to the server using crafted HTTP requests, resulting in remot...

CVE-2025-34511

CVE-2025-34511 affects Sitecore PowerShell Extensions (SPE) for Sitecore XM/XP. The vulnerability is an unrestricted file upload in SPE versions up to 7.0, allowing a remote, authenticated attacker to upload arbitrary files and achieve remote code execution. Connected exploit-related documents co...

Sitecore PowerShell Extensions 代码问题漏洞

Sitecore PowerShell Extensions is a Powershell extension from Sitecore, Denmark. A security vulnerability exists in Sitecore PowerShell Extensions 7.0 and prior versions that stems from an unrestricted file upload and could lead to remote code execution...

Rare Werewolf APT Uses Legitimate Software in Attacks on Hundreds of Russian Enterprises

The threat actor known as Rare Werewolf formerly Rare Wolf has been linked to a series of cyber attacks targeting Russia and the Commonwealth of Independent States CIS countries. "A distinctive feature of this threat is that the attackers favor using legitimate third-party software over developin...

Sleep with one eye open: how Librarian Ghouls steal data by night

Introduction Librarian Ghouls, also known as "Rare Werewolf" and "Rezet", is an APT group that targets entities in Russia and the CIS. Other security vendors are also monitoring this APT and releasing analyses of its campaigns. The group has remained active through May 2025, consistently targetin...

Fake DocuSign, Gitcode Sites Spread NetSupport RAT via Multi-Stage PowerShell Attack

Threat hunters are alerting to a new campaign that employs deceptive websites to trick unsuspecting users into executing malicious PowerShell scripts on their machines and infect them with the NetSupport RAT malware. The DomainTools Investigations DTI team said it identified "malicious multi-stag...

New EDDIESTEALER Malware Bypasses Chrome's App-Bound Encryption to Steal Browser Data

A new malware campaign is distributing a novel Rust-based information stealer dubbed EDDIESTEALER using the popular ClickFix social engineering tactic initiated via fake CAPTCHA verification pages. "This campaign leverages deceptive CAPTCHA verification pages that trick users into executing a...

📄 RustFly 2.0.0 Remote Code Execution

RustFly version 2.0.0 contains a critical vulnerability in its remote input processing layer that allows unauthenticated attackers to achieve remote code execution. RustFly v2.0.0- Remote Code Execution RCE Exploit Title: RustFly v2.0.0- Remote Code Execution RCE Date: 2025-05-29 Exploit Author:...

Scarcity signals: Are rare activities red flags?

By Darin Smith and John Arneson Cisco Talos reviewed six months of network connection telemetry logs spanning June 1, 2024 - Dec. 31, 2024, containing 3,220,829 log events and 742 unique base domains, to explore if domains that PowerShell rarely contacts are more likely to be malicious. Key...

CVE-2024-6055

Improper removal of sensitive information in data source export feature in Devolutions Remote Desktop Manager 2024.1.32.0 and earlier on Windows allows an attacker that obtains the exported settings to recover powershell credentials configured on the data source via stealing the configuration fil...

CVE-2024-50616

Ironman PowerShell Universal 5.x before 5.0.12 allows an authenticated attacker to elevate their privileges and view job information...

CVE-2023-39520

Cryptomator encrypts data being stored on cloud infrastructure. The MSI installer provided on the homepage for Cryptomator version 1.9.2 allows local privilege escalation for low privileged users, via the repair function. The problem occurs as the repair function of the MSI is spawning an SYSTEM...

CVE-2022-32973

An authenticated attacker could create an audit file that bypasses PowerShell cmdlet checks and executes commands with administrator privileges...

CVE-2022-45184

The Web Server in Ironman Software PowerShell Universal v3.x and v2.x allows for directory traversal outside of the configuration directory, which allows a remote attacker with administrator privilege to create, delete, update, and display files outside of the configuration directory via a crafte...

CVE-2022-45183

Escalation of privileges in the Web Server in Ironman Software PowerShell Universal 2.x and 3.x allows an attacker with a valid app token to retrieve other app tokens by ID via an HTTP web request. Patched Versions are 3.5.3, 3.4.7, and 2.12.6...

CVE-2021-42098

An incomplete permission check on entries in Devolutions Remote Desktop Manager before 2021.2.16 allows attackers to bypass permissions via batch custom PowerShell...

CVE-2020-9326

BeyondTrust Privilege Management for Windows and Mac aka PMWM; formerly Avecto Defendpoint 5.1 through 5.5 before 5.5 SR1 mishandles command-line arguments with PowerShell .ps1 file extensions present, leading to a DefendpointService.exe crash...

CVE-2020-29552

An issue was discovered in URVE Build 24.03.2020. By using the internal/pc/vpro.php?mac=0=0=0=0=0%3bpowershell+-c+" substring, it is possible to execute a Powershell command and redirect its output to a file under the web root...

CVE-2019-1373

A remote code execution vulnerability exists in Microsoft Exchange through the deserialization of metadata via PowerShell, aka 'Microsoft Exchange Remote Code Execution Vulnerability'...