Malicious code in gm-kilo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4a35ea8669a2b02f60117ecc483176741399084b0fbebf11900d0a89505d9fb package.json declares an install lifecycle script that runs bin/gm-kilo.js install. At install time, the script executes bun x gm-plugkit@latest spoo...

MAL-2026-4574 Malicious code in gm-kilo (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b4a35ea8669a2b02f60117ecc483176741399084b0fbebf11900d0a89505d9fb package.json declares an install lifecycle script that runs bin/gm-kilo.js install. At install time, the script executes bun x gm-plugkit@latest spoo...

Authentication Bypass

keylime is vulnerable to Authentication Bypass. The vulnerability is due to insufficient validation during agent registration, where a malicious actor can register a new agent with a different TPM while reusing an existing agent’s UUID, allowing the attacker to overwrite the legitimate agent...

EUVD-2025-198980

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module TPM device but claiming an existing agent's unique identifier UUID. This action overwrites the legitimate agent's identity, enabling the...

PT-2025-47950

Name of the Vulnerable Software and Affected Versions keylime affected versions not specified Description A flaw exists in keylime that allows an attacker to register a new agent using a different Trusted Platform Module TPM device while claiming an existing agent’s unique identifier UUID. This...

EUVD-2012-0100

Malware in sbrugna...

EUVD-2025-4900

Malicious code in bioql PyPI...

CVE-2025-1057 Keylime: keylime registrar dos due to incompatible database entry handling

A flaw was found in Keylime, a remote attestation solution, where strict type checking introduced in version 7.12.0 prevents the registrar from reading database entries created by previous versions, for example, 7.11.0. Specifically, older versions store agent registration data as bytes, whereas...

Keylime registrar is vulnerable to Denial-of-Service attack when updated to version 7.12.0

Impact The Keylime registrar implemented more strict type checking on version 7.12.0. As a result, when updated to version 7.12.0, the registrar will not accept the format of the data previously stored in the database by versions = 7.8.0, raising an exception. This makes the Keylime registrar...

Exploit for CVE-2024-415770

CVE-2024-415770-SSRF-RCE Description This script is desig...

Exploit for Server-Side Request Forgery in Havocframework Havoc

CVE-2024-41570 | Havoc C2 SSRF with RCE | Automated Reverse Sh...

NorthStar C2 XSS to Agent RCE

NorthStar C2, prior to commit 7674a44 on March 11 2024, contains a vulnerability where the logs page is vulnerable to a stored xss. An unauthenticated user can simulate an agent registration to cause the XSS and take over a users session. With this access, it is then possible to run a new payload...

Citrix Provisioning Services Target Device Displays Incorrect Windows Time

Target Devices may display the incorrect time. The Device time differs from that of the domain controllers. The symptoms can vary but include: 1. The inability to login to the Target Device 2. The Device domain Trust Relationship breaks. 3. VDA registration continues to fail...

Exploit for CVE-2024-28741

NorthStar C2 agent RCE via stored XSS Agent RCE PoC for CVE-20...

NorthStar C2 Agent 1.0 Cross Site Scripting / Remote Command Execution

Exploit Title: NorthStar C2 agent RCE via stored XSS Date: 2024-03-11 Exploit Author: @chebuya Software Link: https://github.com/EnginDemirbilek/NorthStarC2 Version: v1.0 Tested on: Ubuntu 20.04 LTS CVE: CVE-2024-28741 Description: NorthStar C2 applies insufficient sanitization on agent...

Fedora 38 : keylime (2023-ed9922536e)

The remote Fedora 38 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2023-ed9922536e advisory. Backport upstream fixes - Fixes: CVE-2023-38200 - Fixes: CVE-2023-38201 Tenable has extracted the preceding description block directly from the Fedo...

Moderate: keylime security update

Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. Security Fixes: keylime: registrar is subject to a DoS against SSL connections CVE-2023-38200 Keylime: challenge-response protocol bypass during agent registration CVE-2023-38201 For more...

Authorization Bypass

Keylime is vulnerable to an attack which allows an attacker to Bypass the Challenge-Response Protocol during agent registration. The vulnerability occurs due to the registrar disclosing the correct "authtag" in the error message. This could allow an attacker to simply record the correct expected...

WEM: after upgrade , Agent does not register with the cloud infrastructure server

After running the configuration utility on the agent to migrate to the cloud WEM broker server it looses the connectivity. Checking theCitrix WEM Agent Host service debug logs show the below error Event - BaseBrokerClient1.GetConnectorAuthContext : Successfully acquired connector authentication...

CVE-2023-38201

A flaw was found in the Keylime registrar that could allow a bypass of the challenge-response protocol during agent registration. This issue may allow an attacker to impersonate an agent and hide the true status of a monitored machine if the fake agent is added to the verifier list by a legitimat...