CVE-2024-55556

A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...

CVE-2024-55556

A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...

GO-2024-3355 Remote Command Execution in file editing in gogs in gogs.io/gogs

Remote Command Execution in file editing in gogs in gogs.io/gogs...

Crater 代码问题漏洞

Crater is an open source web and mobile application from Crater Invoice Open Source. It is used to track expenses, make payments and create professional invoices and estimates. Crater has a code issue vulnerability. An attacker exploiting this vulnerability could remotely execute commands...

Invoice Ninja 代码问题漏洞

Invoice Ninja is Invoice Ninja open source a usable invoice, quote, project and time tracking application built using Laravel. A code issue vulnerability exists in Invoice Ninja versions prior to 5.10.43. An attacker exploiting this vulnerability could remotely execute commands...

CVE-2024-55556

A CVE in Crater Invoice (InvoiceShelf/META: Laravel cookie-based session deserialization) enables unauthenticated remote code execution when an attacker obtains Laravel APP_KEY. Public docs describe that manipulating the laravel_session cookie, which contains serialized session data encrypted wit...

CVE-2024-55556

A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...

CVE-2024-55556

A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...

Malicious code in zetessf (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54b4e49ae22e5325a2ed8fe3e7a32f36e50fdf5fda9ea594cf72b24bd9c97788 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2025-1195 · Ibm · Ibm Concert

Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.0.3 Description: The issue is related to improper log neutralization, which could allow an authenticated user to inject malicious information or obtain information from log files. This is due to t...

CVE-2024-13129

A vulnerability was found in Roxy-WI up to 8.1.3. It has been declared as critical. Affected by this vulnerability is the function actionservice of the file app/modules/roxywi/roxy.py. The manipulation of the argument action/service leads to os command injection. The attack can be launched...

PT-2025-2015 · Roxy-Wi · Roxy-Wi

Name of the Vulnerable Software and Affected Versions: Roxy-WI versions up to 8.1.3 Description: A critical issue has been found in Roxy-WI, affecting the action service function of the file app/modules/roxywi/roxy.py. The manipulation of the action/service argument leads to os command injection...

CVE-2024-56137

MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation RAG. Prior to version 1.9.0, a remote command execution vulnerability exists in the module of function library. The vulnerabili...

CVE-2024-56137 MaxKB RCE vulnerability in function library

MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation RAG. Prior to version 1.9.0, a remote command execution vulnerability exists in the module of function library. The vulnerabili...

CVE-2024-56137 MaxKB RCE vulnerability in function library

MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation RAG. Prior to version 1.9.0, a remote command execution vulnerability exists in the module of function library. The vulnerabili...

CVE-2024-56137 MaxKB RCE vulnerability in function library

MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation RAG. Prior to version 1.9.0, a remote command execution vulnerability exists in the module of function library. The vulnerabili...

CVE-2024-56137

CVE-2024-56137 affects MaxKB (open source knowledge-base Q&A with LLM and RAG). Prior to version 1.9.0, a remote command execution vulnerability exists in the function library module, allowing privileged users to execute OS commands within custom scripts. The issue has been fixed in v1.9.0. Curre...

Remote Command Execution

Gogs is vulnerable to Remote Command Execution. The vulnerability is due to improper validation of symlink files, allowing a malicious user to commit and edit crafted symlink files in a repository to gain SSH access to the server...

MaxKB 安全漏洞

MaxKB is a 1Panel-dev open source open source knowledge base question and answer system based on a large language model and RAG. A security vulnerability exists in MaxKB versions prior to 1.9.0, which stems from a remote command execution in the function library module that allows a privileged us...

PT-2025-3195 · Maxkb · Maxkb

Name of the Vulnerable Software and Affected Versions: MaxKB versions prior to 1.9.0 Description: MaxKB is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation. A remote command execution issue existed in the function library...