Linux Distros Unpatched Vulnerability : CVE-2018-14354

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Mutt before 1.10.1 and NeoMutt before 2018-07-16. They allow remote IMAP servers to execute arbitrary commands via backquote...

Linux Distros Unpatched Vulnerability : CVE-2017-8291

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Artifex Ghostscript through 2017-04-26 allows -dSAFER bypass and remote command execution via .rsdparams type confusion with a /OutputFile %pipe% substring in a...

Linux Distros Unpatched Vulnerability : CVE-2014-9462

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The validaterepo function in sshpeer in Mercurial before 3.2.4 allows remote attackers to execute arbitrary commands via a crafted repository name in a clone...

Linux Distros Unpatched Vulnerability : CVE-2016-10243

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - TeX Live allows remote attackers to execute arbitrary commands by leveraging inclusion of mpost in shellescapecommands in the texmf.cnf config file...

Linux Distros Unpatched Vulnerability : CVE-2017-14176

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bazaar through 2.7.0, when Subprocess SSH is used, allows remote attackers to execute arbitrary commands via a bzr+ssh URL with an initial dash character in the...

Malicious code in aws-features-signin-proxy-client (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7ce6c3acab744d13386f25fd9a0ea075cb42fcaf98c20bc4a279a88838fad81a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2025-27554

ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server e.g., read secrets from the desktopify config.prod.json file, and consequently deploy updates to any app, via a postinstall script in...

Linux Distros Unpatched Vulnerability : CVE-2007-2348

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands vi...

Linux Distros Unpatched Vulnerability : CVE-2004-2771

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell...

InvokeAI 5.0 Code Injection

InvokeAI version 5.0 suffers from a remote code execution vulnerability. ============================================================================================================================================= | Title : InvokeAI v5.0 PHP Code Injection Vulnerability | | Author : indoushka | ...

Linux Distros Unpatched Vulnerability : CVE-2011-2717

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The DHCPv6 client dhcp6c as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a...

CVE-2025-1829

A vulnerability was found in TOTOLINK X18 9.1.0cu.2024B20220329. It has been declared as critical. This vulnerability affects the function setMtknatCfg of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument mtkhnatEnable leads to os command injection. The attack can be initiated...

CVE-2025-1800

A vulnerability has been found in D-Link DAR-7000 3.2 and classified as critical. This vulnerability affects the function getipaddrdetails of the file /view/vpn/sxhvpn/sxhvpnlic.php of the component HTTP POST Request Handler. The manipulation of the argument ethname leads to command injection. Th...

CVE-2025-27554

ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server e.g., read secrets from the desktopify config.prod.json file, and consequently deploy updates to any app, via a postinstall script in...

ToDesktop 代码注入漏洞

ToDesktop is an application from ToDesktop, Inc. that converts a Web application code base into a cross-platform desktop application with native functionality. A security vulnerability exists in versions of ToDesktop prior to 2024-10-03, which stems from a postinstall script that allows a remote...

CVE-2025-27554

ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server e.g., read secrets from the desktopify config.prod.json file, and consequently deploy updates to any app, via a postinstall script in...

CVE-2025-27554

CVE-2025-27554 affects ToDesktop builds prior to 2024-10-03 where a postinstall script in package.json can be abused to execute arbitrary commands on the build server (e.g., reading secrets from the desktopify config.prod.json) and deploy updates to any app. Multiple sources note no exploitation ...

PT-2025-9155 · Cursor +1 · Cursor +1

Name of the Vulnerable Software and Affected Versions: ToDesktop versions prior to 2024-10-03 Description: The issue allows remote attackers to execute arbitrary commands on the build server, potentially reading secrets from the desktopify config.prod.json file and deploying updates to any app, v...

The SOC files: Chasing the web shell

Web shells have evolved far beyond their original purpose of basic remote command execution, and many now function more like lightweight exploitation frameworks. These tools often include features such as in-memory module execution and encrypted command-and-control C2 communication, giving...

Ivanti EPM 1.0 Code Execution

Ivanti EPM version 1.0 suffers from a code execution vulnerability. ============================================================================================================================================= | Title : Ivanti EPM v1.0 PHP Code Injection Vulnerability | | Author : indoushka | |...