Malicious code in run-script-command-celeste-eris (npm)

The package run-script-command-celeste-eris was found to contain malicious code...

MAL-2025-23437 Malicious code in isostasy-sirius-eventhoriz-run-script (npm)

The package isostasy-sirius-eventhoriz-run-script was found to contain malicious code...

MAL-2025-37229 Malicious code in troposphere-run-script-geochronology-neutrino (npm)

The package troposphere-run-script-geochronology-neutrino was found to contain malicious code...

MAL-2025-32563 Malicious code in run-script-meissa-charon-sedna (npm)

The package run-script-meissa-charon-sedna was found to contain malicious code...

Deserialization of Untrusted Data

Overview ms-swift is a Swift: Scalable lightWeight Infrastructure for Fine-Tuning Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the yaml.load function in tests/run.py when handling user-supplied YAML configuration files. An attacker can execute arbitrar...

WEM External task not working when "run script " selected

External task configured using below option for "run script" In the WEM logs we could see below error 12:14:13 PM Warning - VuemExternalTaskExecutor.ExecuteExternalTask : External Task - Create User Cache Folder Id:3 - Unable to validate target file existence... 12:14:13 PM Exception -...

SUSE CVE-2024-50636

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution RCE...

CVE-2024-50636

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution RCE...

PT-2024-34371 · Schrödinger · Pymol

Name of the Vulnerable Software and Affected Versions: PyMOL version 2.5.0 Description: The issue arises from the "Run Script" function in PyMOL, which allows the execution of arbitrary Python code embedded within .PYM files. This enables attackers to craft malicious .PYM files containing Python...

CVE-2024-50636

PyMOL 2.5.0 is vulnerable in its Run Script function, which can execute arbitrary Python code embedded in .PY files, enabling Remote Command Execution (RCE) when a malicious .PY file with a reverse-shell payload is processed. The root cause is PyMOL treating .PYM files as Python scripts without p...

CVE-2024-50636

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution RCE...

CVE-2024-50636

PyMOL 2.5.0 contains a vulnerability in its "Run Script" function, which allows the execution of arbitrary Python code embedded within .PYM files. Attackers can craft a malicious .PYM file containing a Python reverse shell payload and exploit the function to achieve Remote Command Execution RCE...

PT-2023-32964 · Unknown +3 · Isolated-Vm +3

Name of the Vulnerable Software and Affected Versions: vm2 versions up to 3.9.19 Directus versions prior to 10.6.0 Description: The issue allows attackers to bypass Promise handler sanitization in vm2, enabling them to escape the sandbox and execute arbitrary code. This specifically affects the...

SUSE CVE-2023-26123

Versions of the package raysan5/raylib before 4.5.0 are vulnerable to Cross-site Scripting XSS such that the SetClipboardText API does not properly escape the ' character, allowing attacker-controlled input to break out of the string and execute arbitrary JavaScript via emscriptenrunscript...

Cross site scripting

Versions of the package raysan5/raylib before 4.5.0 are vulnerable to Cross-site Scripting XSS such that the SetClipboardText API does not properly escape the ' character, allowing attacker-controlled input to break out of the string and execute arbitrary JavaScript via emscriptenrunscript...

raylib 跨站脚本漏洞

raylib is an easy-to-use library for raysan5 personal developers to enjoy video game programming. A security vulnerability exists in raysan5 raylib versions prior to 4.5.0, which stems from a failure of the SetClipboardText API to properly escape characters, which can be exploited by an attacker ...

HCL Technologies HCL BigFix Platform 授权问题漏洞

HCL Technologies HCL BigFix Platform is a suite of endpoint security management platforms from HCL Technologies, USA. The platform supports automated discovery, management and remediation of endpoint security issues. HCL Technologies HCL BigFix Platform has a security vulnerability that stems fro...

Ec-cube 跨站脚本漏洞

Ec-cube is an open source e-commerce system of the Japanese company Ec-cube . Ec-cube suffers from a cross-site scripting vulnerability that can be exploited by an attacker to trick a victim into following a specially crafted link and executing arbitrary HTML and script code in the user's browser...

Hackers Infecting Apple App Developers With Trojanized Xcode Projects

Cybersecurity researchers on Thursday disclosed a new attack wherein threat actors are leveraging Xcode as an attack vector to compromise Apple platform developers with a backdoor, adding to a growing trend that involves targeting developers and researchers with malicious attacks. Dubbed...

CVE-2019-8901

This issue was addressed by verifying host keys when connecting to a previously-known SSH server. This issue is fixed in iOS 13.1 and iPadOS 13.1. An attacker in a privileged network position may be able to intercept SSH traffic from the “Run script over SSH” action...