CVE-2023-53980

ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server...

CVE-2023-53980 ProjectSend r1605 Remote Code Execution via File Extension Manipulation

ProjectSend r1605 contains a remote code execution vulnerability that allows attackers to upload malicious files by manipulating file extensions. Attackers can upload shell scripts with disguised extensions through the upload.process.php endpoint to execute arbitrary commands on the server...

Remote Code Execution (RCE)

Apache DolphinScheduler is vulnerable to Remote Code Execution RCE. The vulnerability is due to insufficient validation of user input in alert scripts, which allows an attacker to execute arbitrary shell scripts on the server...

EUVD-2019-18527

Malware in sbrugna...

EUVD-2001-1016

Malware in sbrugna...

EUVD-2024-49097

Malicious code in bioql PyPI...

CVE-2025-34187

Ilevia EVE X1/X5 Server (versions ≤ 4.7.18.0.eden) is affected by multiple vulnerabilities. The primary CVE (CVE-2025-34187) stems from a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts; if these scripts are writable by web-facing users or reachable...

CVE-2024-43115

Improper Input Validation vulnerability in Apache DolphinScheduler. An authenticated user can execute any shell script server by alert script. This issue affects Apache DolphinScheduler: before 3.2.2. Users are recommended to upgrade to version 3.3.1, which fixes the issue...

Apache DolphinScheduler 安全漏洞

Apache DolphinScheduler is a modern data scheduling platform from the Apache USA Foundation. A code execution vulnerability exists in Apache DolphinScheduler versions prior to 3.2.2 due to improper input validation. An attacker can exploit this vulnerability to execute arbitrary shell scripts on...

CVE-2025-4604

The vulnerable code can bypass the Captcha check in Liferay Portal 7.4.3.80 through 7.4.3.132, and Liferay DXP 2024.Q1.1 through 2024.Q1.19, 2024.Q2.0 through 2024.Q2.13, 2024.Q3.0 through 2024.Q3.13, 2024.Q4.0 through 2024.Q4.7, 2025.Q1.0 through 2025.Q1.15 and 7.4 update 80 through update 92 an...

[SECURITY] Fedora 41 Update: gum-0.16.1-1.fc41

A tool for glamorous shell scripts. Leverage the power of Bubbles and Lip Glo ss in your scripts and aliases without writing any Go code!...

[SECURITY] Fedora 42 Update: gum-0.16.1-1.fc42

A tool for glamorous shell scripts. Leverage the power of Bubbles and Lip Glo ss in your scripts and aliases without writing any Go code!...

CVE-2019-9891

The function getoptsimple as described in Advanced Bash Scripting Guide ISBN 978-1435752184 allows privilege escalation and execution of commands when used in a shell script called, for example, via sudo...

CVE-2024-39332

Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server...

CVE-2024-39332

Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server...

CVE-2024-39332

Webswing 23.2.2 is affected. The vulnerability allows remote attackers to modify client-side JavaScript, enabling path traversal and likely remote code execution through modification of server shell scripts. Affected component: Webswing (version 23.2.2). Root cause: server-side handling that perm...

CVE-2024-39332

Webswing 23.2.2 allows remote attackers to modify client-side JavaScript code to achieve path traversal, likely leading to remote code execution via modification of shell scripts on the server...

CVE-2024-8330

6SHR system from Gether Technology does not properly validate uploaded file types, allowing remote attackers with regular privileges to upload web shell scripts and use them to execute arbitrary system commands on the server...

CVE-2024-8330

CVE-2024-8330 affects Gether Technology’s 6SHR System. Multiple connected sources (NVD, CVE listing, CNNVD, PT- security) confirm an improper validation of uploaded file types, enabling remote attackers with regular privileges to upload web shell scripts and execute arbitrary system commands on t...

Code Injection

org.apache.zeppelin/zeppelin is vulnerable to Code Injection. The vulnerability is due to improper handling of configuration overrides such as ZEPPELININTPCLASSPATHOVERRIDES, allowing attackers to execute shell scripts or inject malicious code though environment variables...