CVE-2025-61659

bash-git-prompt 2.6.1 through 2.7.1 insecurely uses the /tmp/git-index-private$$ file, which has a predictable name...

TestSSL 3.2.2

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in pure bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets...

CVE-2025-34187

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...

CVE-2025-34187 Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...

CVE-2025-34187 Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...

CVE-2025-34187

Ilevia EVE X1/X5 Server version ≤ 4.7.18.0.eden contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-facing users or accessible via command injection, attackers can replace them with malicious payloads...

PT-2025-38077

Name of the Vulnerable Software and Affected Versions: Ilevia EVE X1/X5 Server versions prior to 4.7.18.0.eden Description: Ilevia EVE X1/X5 Server contains a misconfiguration in the sudoers file that allows passwordless execution of certain Bash scripts. If these scripts are writable by web-faci...

Exploit for CVE-2024-28397

CVE-2024-28397 js2py Sandbox Escape Exploit A collection of e...

RootHelper

This is an offensive tool for Linux privilege escalation. The primary CVE ID is not explicitly mentioned, but the tool fetches scripts that aid in privilege escalation, suggesting that it targets vulnerabilities in Linux systems. The tool, called RootHelper, downloads and unzips scripts that...

Exploit for OS Command Injection in Gnu Bash

PoC exploit for CVE-2014-6271 Shellshock. The target product/service is Apache httpd, and the vulnerability class/vector is RCE Remote Code Execution via environment variable manipulation. The probable entry point is the CGI Common Gateway Interface handler. Notable dependencies/tooling include t...

shellshocker-pocs

This is a collection of Proof of Concepts PoCs and potential targets for the ShellShocker vulnerability. The PoCs are designed to exploit the vulnerability in various products and services, including XMPP ejabberd, Mailman, MySQL, NFS, Bind9, FTP, and others. The PoCs are primarily focused on...

libsixel-bash-completion-1.10.5-2.1 on GA media (moderate)

libsixel-bash-completion-1.10.5-2.1 on GA media Announcement ID: openSUSE-SU-2025:15526-1 Rating: moderate Cross-References: CVE-2025-9300 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

CVE-2025-58370

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in the command parsing logic where the Bash parameter expansion and indirect reference were not handled correctly. If the agent was configured to auto-approve execution of...

CVE-2025-58370

Roo Code (AI-powered coding agent) versions prior to 3.26.0 contain a vulnerability in the command parsing logic where Bash parameter expansion and indirect references are not handled correctly. If prompts allow auto-approval of commands, an attacker who can influence prompts could cause the agen...

CVE-2025-58370 Roo Code: Potential Remote Code Execution via Bash Parameter Expansion and Indirect Reference

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in the command parsing logic where the Bash parameter expansion and indirect reference were not handled correctly. If the agent was configured to auto-approve execution of...

CVE-2025-58370 Roo Code: Potential Remote Code Execution via Bash Parameter Expansion and Indirect Reference

Roo Code is an AI-powered autonomous coding agent that lives in users' editors. Versions below 3.26.0 contain a vulnerability in the command parsing logic where the Bash parameter expansion and indirect reference were not handled correctly. If the agent was configured to auto-approve execution of...

Metasploit Weekly Wrap-Up 09/05/2025

Persistence Improvements and Exploits This week, the Metasploit team and the community has made improvements to some persistence modules such as Bash, which improves how they function behind the scenes. They have also been tagged with MITRE ATT&CK techniques. A new exploit has also been added thi...

OPENSUSE-SU-2025:15526-1 libsixel-bash-completion-1.10.5-2.1 on GA media

These are all security issues fixed in the libsixel-bash-completion-1.10.5-2.1 package on the GA media of openSUSE Tumbleweed...

📄 Ilevia EVE X1/X5 Server 4.7.18.0.eden Reverse Rootshell

Ilevia EVE X1/X5 Server version 4.7.18.0.eden reverse rootshell exploit. A misconfiguration in the sudoers file permits passwordless execution of specific Bash shell scripts via sudo, exposing a critical privilege escalation vulnerability. When such scripts are writable by a web-facing user...

RCE-Foryou

RCE-Foryou Python tool for safely testing and exploiting RCE v...