CVE-2025-54306

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. A remote code execution vulnerability exists in the network configuration functionality, stemming from insufficient input validation when processing network configuration parameters through administrative...

PT-2025-49043

Name of the Vulnerable Software and Affected Versions Thermo Fisher Torrent Suite Django application version 5.18.1 Description A remote code execution issue exists in the network configuration functionality due to inadequate input validation when handling network configuration parameters via...

EUVD-2025-201177

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. A remote code execution vulnerability exists in the network configuration functionality, stemming from insufficient input validation when processing network configuration parameters through administrative...

CVE-2025-54306

An issue was discovered in the Thermo Fisher Torrent Suite Django application 5.18.1. A remote code execution vulnerability exists in the network configuration functionality, stemming from insufficient input validation when processing network configuration parameters through administrative...

CVE-2025-54306

Summary: CVE-2025-54306 affects Thermo Fisher Torrent Suite Django application 5.18.1. A remote code execution vulnerability arises from insufficient input validation in the network configuration flow accessed via /admin/network. User-controlled data is written to environment variables by Bash sc...

📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Root Privilege Escalation

Ilevia EVE X1/X5 Server version 4.7.18.0.eden has a misconfiguration in the sudoers file that permits passwordless execution of specific Bash shell scripts via sudo, exposing a critical privilege escalation vulnerability. When such scripts are writable by a web-facing user www-data or accessible...

EUVD-2024-49244

Malicious code in bioql PyPI...

CVE-2025-34187

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...

CVE-2025-34187 Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...

CVE-2025-34187 Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...

CVE-2025-34187

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...

PT-2025-38077

Name of the Vulnerable Software and Affected Versions: Ilevia EVE X1/X5 Server versions prior to 4.7.18.0.eden Description: Ilevia EVE X1/X5 Server contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-faci...

📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell

Ilevia EVE X1/X5 Server version 4.7.18.0.eden reverse rootshell exploit. A misconfiguration in the sudoers file permits passwordless execution of specific Bash shell scripts via sudo, exposing a critical privilege escalation vulnerability. When such scripts are writable by a web-facing user...

CVE-2022-40929

XXL-JOB 2.2.0 has a Command execution vulnerability in background tasks. NOTE: this is disputed because the issues/4929 report is about an intended and supported use case running arbitrary Bash scripts on behalf of users...

CVE-2024-8531

CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root...

CVE-2024-8531

Summary: CVE-2024-8531 affects Schneider Electric EcoStruxure Data Center Expert. The flaw is improper verification of cryptographic signatures in upgrade bundles, allowing manipulation with arbitrary bash scripts that can be executed with root privileges (remote code execution). Affected product...

CVE-2024-8531

CWE-347: Improper Verification of Cryptographic Signature vulnerability exists that could compromise the Data Center Expert software when an upgrade bundle is manipulated to include arbitrary bash scripts that are executed as root...

DNS-Tunnel-Keylogger - Keylogging Server And Client That Uses DNS Tunneling/Exfiltration To Transmit Keystrokes

This post-exploitation keylogger will covertly exfiltrate keystrokes to a server. These tools excel at lightweight exfiltration and persistence, properties which will prevent detection. It uses DNS tunelling/exfiltration to bypass firewalls and avoid detection. Server Setup The server uses python...

Cybercriminals Hijacking Vulnerable SSH Servers in New Proxyjacking Campaign

An active financially motivated campaign is targeting vulnerable SSH servers to covertly ensnare them into a proxy network. "This is an active campaign in which the attacker leverages SSH for remote access, running malicious scripts that stealthily enlist victim servers into a peer-to-peer P2P...

wky-v4

This is a collection of bash scripts and configuration files for a Linux system. Here's a breakdown of the contents: Scripts: 1. setnginxphp.sh: Configures Nginx and PHP settings. 2. initcachedir.sh: Initializes a cache directory for the ipes application. 3. ipes.sh: Starts the ipes application. ...