EUVD-2025-23537

Malicious code in bioql PyPI...

EUVD-2021-28565

Malicious code in bioql PyPI...

EUVD-2024-47901

Malicious code in bioql PyPI...

EUVD-2022-33003

Malicious code in bioql PyPI...

EUVD-2025-14170

Malicious code in bioql PyPI...

EUVD-2023-28526

Malicious code in bioql PyPI...

CVE-2025-37127 Authenticated Replay Attack contains Cryptographic Vulnerability

A vulnerability in the cryptographic logic used by HPE Aruba Networking EdgeConnect SD-WAN Gateways could allow an authenticated remote attacker to gain shell access. Successful exploitation could allow an attacker to execute arbitrary commands on the underlying operating system, potentially...

AutoRDPwn

This is a post-exploitation framework called AutoRDPwn, written in PowerShell. It is designed to automate the Shadow attack on Microsoft Windows computers, which allows a remote attacker to view and control the victim's desktop without their consent. The framework has a user-friendly interface an...

Exploit for CVE-2007-2447

Internship Project 2 — Penetration Testing on Metasploitable2...

CVE-2025-9996

CWE-78: Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability exists that could cause the execution of any shell command when executing a netstat command using BLMon Console in an SSH session...

CVE-2025-52548

E3 Site Supervisor Control firmware version 2.31F01 contains a hidden API call in the application services that enables SSH and Shellinabox, which exist but are disabled by default. An attacker with admin access to the application services can utilize this API to enable remote access to the...

CVE-2013-10069 D-Link Devices Unauthenticated RCE

The web interface of multiple D-Link routers, including DIR-600 rev B ≤2.14b01 and DIR-300 rev B ≤2.13, contains an unauthenticated OS command injection vulnerability in command.php, which improperly handles the cmd POST parameter. A remote attacker can exploit this flaw without authentication to...

CVE-2013-10050

An OS command injection vulnerability exists in multiple D-Link routers confirmed on DIR-300 rev A v1.05 and DIR-615 rev D v4.13 via the authenticated toolsvct.xgi CGI endpoint. The web interface fails to properly sanitize user-supplied input in the pingIp parameter, allowing attackers with valid...

PT-2025-29911 · Maxkb · Maxkb

Name of the Vulnerable Software and Affected Versions: MaxKB versions prior to 2.0.0 Description: MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because the software only restricts the execution permissions of files in a...

📄 TinyWebGallery 2.7 Shell Upload

TinyWebGallery version 2.7 suffers from an authenticated remote shell upload vulnerability. Exploit Title: TinyWebGallery 2.7 - Authenticated Shell Upload Date: 2025-27-06 Exploit Author: tmrswrr Vendor Homepage: https://www.tinywebgallery.com Version: 2.7 Tested on:...

CVE-2025-26412

The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands...

Exploit for Stack-based Buffer Overflow in Ivanti Connect_Secure

PoC for CVE-2025-22457 A remote unauthenticated stack based b...

CVE-2024-38278

A vulnerability has been identified in RUGGEDCOM RMC8388 V5.X All versions V5.9.0, RUGGEDCOM RMC8388NC V5.X All versions V5.9.0, RUGGEDCOM RS416NCv2 V5.X All versions V5.9.0, RUGGEDCOM RS416PNCv2 V5.X All versions V5.9.0, RUGGEDCOM RS416Pv2 V5.X All versions V5.9.0, RUGGEDCOM RS416v2 V5.X All...

CVE-2024-6913

Execution with unnecessary privileges in PerkinElmer ProcessPlus allows an attacker to spawn a remote shell on the windows system.This issue affects ProcessPlus: through 1.11.6507.0...

CVE-2023-24508

Baicells Nova 227, Nova 233, and Nova 243 LTE TDD eNodeB and Nova 246 devices with firmware through RTS/RTD 3.6.6 are vulnerable to remote shell code exploitation via HTTP command injections. Commands are executed using pre-login execution and executed with root permissions. The following methods...