EUVD-2021-2316

Malware in sbrugna...

EUVD-2023-36975

Malicious code in bioql PyPI...

CVE-2025-20366 Improper Access Control in Background Job Submission in Splunk Enterprise

In Splunk Enterprise versions below 9.4.4, 9.3.6, and 9.2.8, and Splunk Cloud Platform versions below 9.3.2411.111, 9.3.2408.119, and 9.2.2406.122, a low-privileged user that does not hold the admin or power Splunk roles could access sensitive search results if Splunk Enterprise runs an...

CVE-2025-20366

CVE-2025-20366 affects Splunk Enterprise and Splunk Cloud Platform. A low-privileged user (not admin/power roles) can access sensitive search results if an administrative search job runs in the background and the user guesses the job’s unique SID, potentially exposing confidential data. Affected ...

GitLab CE和EE 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab CE and EE versions 15.0 through 18.1.6 prior...

CVE-2024-52521

Nextcloud Server is a self hosted personal cloud system. MD5 hashes were used to check background jobs for their uniqueness. This increased the chances of a background job with arguments falsely being identified as already existing and not be queued for execution. By changing the Hash to SHA256 t...

The vulnerability of the Background Job Handler component of the software platform based on Git, which is used for collaborative code development on GitLab, allows a malicious actor to cause a system failure.

The vulnerability of the Background Job Handler component of the software platform based on Git, which is used for collaborative code development on GitLab, is related to insufficient memory allocation for operations. Exploiting this vulnerability can allow a malicious actor to cause a system...

CVE-2024-52521

Nextcloud Server is a self hosted personal cloud system. MD5 hashes were used to check background jobs for their uniqueness. This increased the chances of a background job with arguments falsely being identified as already existing and not be queued for execution. By changing the Hash to SHA256 t...

PT-2024-9166 · Nextcloud +2 · Nextcloud Server +2

Name of the Vulnerable Software and Affected Versions: Nextcloud Server versions prior to 28.0.10 Nextcloud Server versions prior to 29.0.7 Nextcloud Server versions prior to 30.0.0 Description: The issue is related to the use of a reversible one-way hash function in Nextcloud Server, which...

CVE-2023-37279

Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param days. The vulnerability is related to how the backend reads the days URL query parameter in the Faktory web...

CVE-2023-37279 Faktory Web Dashboard can lead to denial of service(DOS) via malicious user input

Faktory is a language-agnostic persistent background job server. Prior to version 1.8.0, the Faktory web dashboard can suffer from denial of service by a crafted malicious url query param days. The vulnerability is related to how the backend reads the days URL query parameter in the Faktory web...

Gitlab -- Multiple Vulnerabilities

Gitlab reports: Denial of Service via arbitrarily large Issue descriptions CSRF via file upload allows an attacker to take over a repository Sidekiq background job DoS by uploading malicious CI job artifact zips Sidekiq background job DoS by uploading a malicious Helm package...

Tetanus - Mythic C2 Agent Targeting Linux And Windows Hosts Written In Rust

Tetanus is a Windows and Linux C2 agent written in rust. Installation To install Tetanus, you will need Mythic set up on a machine. In the Mythic root directory, use mythic-cli to install the agent. payload start tetanus" sudo ./mythic-cli install github https://github.com/MythicAgents/tetanus su...

Discourse 安全漏洞

Discourse is an open source community discussion platform. The platform includes community, email, and chat room features. A security vulnerability exists in Discourse, which stems from a problem with the software's parsing of URL streams. A denial-of-service attack can be triggered by a user...

CVE-2021-41238

Hangfire is an open source system to perform background job processing in a .NET or .NET Core applications. No Windows Service or separate process required. Dashboard UI in Hangfire.Core uses authorization filters to protect it from showing sensitive data to unauthorized users. By default when no...

CVE-2021-41238

Hangfire.Core Dashboard UI in Hangfire (for .NET/.NET Core) was vulnerable when the default DashboardOptions.Authorization allowed remote requests due to missing authorization filters in version 1.7.25. The root cause was that LocalRequestsOnlyAuthorizationFilter was not applied by default, permi...

Desktop Linux Password Stealer / Privilege Escalation

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' require 'rex' require 'msf/core/exploit/exe' require 'base64' require 'metasm' class Metasploit4 'Desktop Linux Password Stealer and Privilege...

Windows Gather Hardware Enumeration

Enumerate PCI hardware information from the registry. Please note this script will run through registry subkeys such as: 'PCI', 'ACPI', 'ACPIHAL', 'FDC', 'HID', 'HTREE', 'IDE', 'ISAPNP', 'LEGACY'', LPTENUM', 'PCIIDE', 'SCSI', 'STORAGE', 'SW', and 'USB'; it will take time to finish. It is...