Linux Distros Unpatched Vulnerability : CVE-2018-1113

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - setup before version 2.11.4-1.fc28 in Fedora and Red Hat Enterprise Linux added /sbin/nologin and /usr/sbin/nologin to /etc/shells. This violates security...

Linux Distros Unpatched Vulnerability : CVE-2016-4484

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The Debian initrd script for the cryptsetup package 2:1.7.3-2 and earlier allows physically proximate attackers to gain shell access via many log in attempts wi...

Exploit for OS Command Injection in Wago Compact_Controller_100_Firmware

wagoexploit.py - PoC Exploit for CVE-2023-1698 !WAGOhttp...

PT-2025-7536 · Cisco · Cisco Desk Phone 9800 Series +1

Name of the Vulnerable Software and Affected Versions: Cisco Video Phone 8875 and Cisco Desk Phone 9800 Series affected versions not specified Description: A vulnerability in the debug shell of the affected devices could allow an authenticated, local attacker to access sensitive information on th...

Wattsense Bridge 安全漏洞

Wattsense Bridge is an intuitive and powerful IoT gateway from Wattsense. A security vulnerability exists in Wattsense Bridge. An attacker exploiting this vulnerability could gain access to the root shell on the device...

CVE-2019-5162

An exploitable improper access control vulnerability exists in the iwwebs account settings functionality of the Moxa AWK-3131A firmware version 1.13. A specially crafted user name entry can cause the overwrite of an existing user account password, resulting in remote shell access to the device as...

CVE-2024-52408

Unrestricted Upload of File with Dangerous Type vulnerability in pushassist Push Notifications for WordPress by PushAssist push-notification-for-wp-by-pushassist allows Upload a Web Shell to a Web Server.This issue affects Push Notifications for WordPress by PushAssist: from n/a through = 3.0.8...

CVE-2024-56054

Unrestricted Upload of File with Dangerous Type vulnerability in VibeThemes WPLMS wplmsplugin allows Upload a Web Shell to a Web Server.This issue affects WPLMS: from n/a through 1.9.9.5.2...

CVE-2025-24650 WordPress Tourfic plugin <= 2.15.3 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Themefic Tourfic tourfic allows Upload a Web Shell to a Web Server.This issue affects Tourfic: from n/a through = 2.15.3...

Medium: perl-Module-ScanDeps

Issue Overview: Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local attacker could possibly execute arbitrary shell commands by opening a "pesky pipe" such as passing "commands|" as a filename or by passing arbitrary strings to eval...

CVE-2024-11147

ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root...

CVE-2024-11147 ECOVACS lawnmowers and vacuums deterministic root password

ECOVACS robot lawnmowers and vacuums use a deterministic root password generated based on model and serial number. An attacker with shell access can login as root...

CVE-2024-11147

CVE-2024-11147 affects ECOVACS robot lawnmowers and vacuums. A deterministic root password generated from the model and serial number allows an attacker with shell access to login as root. Provided documents identify the affected product scope and root-password mechanism, but do not specify patch...

PT-2025-1627 · Ecovacs · Ecovacs Robot Lawnmowers/Vacuums

Name of the Vulnerable Software and Affected Versions: ECOVACS robot lawnmowers and vacuums affected versions not specified Description: The issue concerns the use of a deterministic root password in ECOVACS robot lawnmowers and vacuums, which is generated based on the model and serial number. An...

MAL-2025-619 Malicious code in secure-toolbots (npm)

This package contains a multi-functional infostealer malware which establishes C2 via Discord, exfiltrating sensitive user data and files and providing remote shell access to an attacker. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware...

CVE-2024-26155

All versions of ETIC Telecom Remote Access Server RAS prior to 4.5.0 expose clear text credentials in the web portal. An attacker can access the ETIC RAS web portal and view the HTML code, which is configured to be hidden, thus allowing a connection to the ETIC RAS ssh server, which could enable ...

CVE-2025-22782 WordPress WR Price List Manager For Woocommerce plugin <= 1.0.8 - Remote Code Execution (RCE) vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Web Ready Now WR Price List Manager For Woocommerce wr-price-list-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects WR Price List Manager For Woocommerce: from n/a through = 1.0.8...

Code-Projects Online Car Rental System 安全漏洞

Code-Projects Online Car Rental System is an open source car rental system from Code-Projects. A security vulnerability exists in Code-Projects Online Car Rental System version 1.0, which stems from a file upload feature that does not validate file extensions or MIME types, allowing an attacker t...

MAL-2025-71 Malicious code in secure-toolkits (npm)

This package contains a multi-functional infostealer malware which establishes C2 via Discord, exfiltrating sensitive user data and files and providing remote shell access to an attacker. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware...

CVE-2024-56264 WordPress ACF City Selector plugin <= 1.14.0 - Arbitrary File Upload vulnerability

Unrestricted Upload of File with Dangerous Type vulnerability in Beee ACF City Selector allows Upload a Web Shell to a Web Server.This issue affects ACF City Selector: from n/a through 1.14.0...