342 matches found
curl: Unsafe Global IFS Modification in OS400 Shell Script Enables Command Injection and Parsing Flaws (CWE-78/CWE-20)
In the curl source repository, the OS400 initialization script packages/OS400/make-incs.sh modifies the global shell variable IFS Internal Field Separator without local scoping or restoration. This pattern exposes users and CI/CD systems to unintended parsing, command injection, and logic errors ...
PT-2025-31872
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.3.80 through 7.4.3.132 Liferay DXP versions 2024.Q1.1 through 2024.Q1.19 Liferay DXP versions 2024.Q2.0 through 2024.Q2.13 Liferay DXP versions 2024.Q3.0 through 2024.Q3.13 Liferay DXP versions 2024.Q4.0 through...
Exploit for CVE-2022-25226
ThinVNC 1.0b1 - Authentication Bypass to Remote Code Execution...
Exploit for CVE-2025-53547
CVE-2025-53547 POC this is a poc for CVE-2025-53547 Chart.l...
CVE-2025-52483
Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the clone URL returned by GitHub is malicious or can be injected using upstream vulnerabilities a shell script injection can occur within the...
CLSA-2025-1751039108 Update of alt-php
New upstream 2025b version: - New zone for Aysén Region in Chile which moves from -04/-03 to -03. - Paraguay adopted permanent -03 starting spring 2024. - Improve pre-1991 data for the Philippines. - Etc/Unknown is now reserved. - Improve historical data for Mexico, Mongolia, and Portugal. - Syst...
CVE-2025-52483
Registrator is a GitHub app that automates creation of registration pull requests for julia packages to the General registry. Prior to version 1.9.5, if the clone URL returned by GitHub is malicious or can be injected using upstream vulnerabilities a shell script injection can occur within the...
CVE-2025-49013
WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue arises from unsafe usage of $ github.event.review.body and other user controlled variables directly inside shell script contexts in GitHub...
CVE-2025-49013 WilderForge vulnerable to code Injection via GitHub Actions Workflows
WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue arises from unsafe usage of $ github.event.review.body and other user controlled variables directly inside shell script contexts in GitHub...
CVE-2025-27997
An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:\ProgramData directory...
CVE-2021-20134
Quagga Services on D-Link DIR-2640 less than or equal to version 1.11B02 are affected by an absolute path traversal vulnerability that allows a remote, authenticated attacker to set an arbitrary file on the router's filesystem as the log file used by either Quagga service zebra or ripd. Subsequen...
CVE-2025-27997
An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:\ProgramData directory...
CVE-2025-27997
An issue in Blizzard Battle.net v2.40.0.15267 allows attackers to escalate privileges via placing a crafted shell script or executable into the C:\ProgramData directory...
Exploit for CVE-2025-1974
README Talk is cheap, just look at the code. Detailed can be...
Over 1,500 PostgreSQL Servers Compromised in Fileless Cryptocurrency Mining Campaign
Exposed PostgreSQL instances are the target of an ongoing campaign designed to gain unauthorized access and deploy cryptocurrency miners. Cloud security firm Wiz said the activity is a variant of an intrusion set that was first flagged by Aqua Security in August 2024 that involved the use of a...
Exploit for Deserialization of Untrusted Data in Apache Tomcat
Testing any tomcat version to see whether that version is vuln...
B&R Industrial Automation B&R APROL 安全漏洞
B&R Industrial Automation B&R APROL is a process control system from B&R Industrial Automation, Austria. A security vulnerability exists in B&R Industrial Automation B&R APROL versions prior to 4.4-00P5, which stems from incomplete filtering of special elements of SSH server scripts, which could...
PT-2025-4838 · Ambari · Ambari
Name of the Vulnerable Software and Affected Versions: Ambari affected versions not specified Description: A code injection vulnerability exists in the Ambari Alert Definition feature, allowing authenticated users to inject and execute arbitrary shell commands. The vulnerability arises when...
New RustyAttr Malware Targets macOS Through Extended Attribute Abuse
Threat actors have been found leveraging a new technique that abuses extended attributes for macOS files to smuggle a new malware called RustyAttr. The Singaporean cybersecurity company has attributed the novel activity with moderate confidence to the infamous North Korea-linked Lazarus Group,...
Notorious Hacker Group TeamTNT Launches New Cloud Attacks for Crypto Mining
The infamous cryptojacking group known as TeamTNT appears to be readying for a new large-scale campaign targeting cloud-native environments for mining cryptocurrencies and renting out breached servers to third-parties. "The group is currently targeting exposed Docker daemons to deploy Sliver...