MAL-2025-20235 Malicious code in fast-bash-tree-reject-omicron (npm)

The package fast-bash-tree-reject-omicron was found to contain malicious code...

MAL-2025-32038 Malicious code in reject-book-execute-bash-code (npm)

The package reject-book-execute-bash-code was found to contain malicious code...

Malicious code in air-deploy-air-stub-bash (npm)

The package air-deploy-air-stub-bash was found to contain malicious code...

MAL-2025-14183 Malicious code in air-deploy-air-stub-bash (npm)

The package air-deploy-air-stub-bash was found to contain malicious code...

MAL-2025-32475 Malicious code in route-air-private-static-bash (npm)

The package route-air-private-static-bash was found to contain malicious code...

CVE-2025-55192

HomeAssistant-Tapo-Control exposes a code injection vulnerability in its GitHub Actions workflow .github/workflows/issues.yml, prior to commit 2a3b80f. The workflow directly inserts user-controlled content from the issue body (github.event.issue.body) into a Bash conditional without proper saniti...

PT-2025-33340 · Unknown +2 · Homeassistant-Tapo-Control +3

Name of the Vulnerable Software and Affected Versions: HomeAssistant-Tapo-Control versions prior to commit 2a3b80f Description: HomeAssistant-Tapo-Control, a component offering control for Tapo cameras within Home Assistant, contained a code injection vulnerability in the GitHub Actions workflow...

CVE-2012-10040

Openfiler v2.x contains a command injection vulnerability in the system.html page. The device parameter is used to instantiate a NetworkCard object, whose constructor in network.inc calls exec with unsanitized input. An authenticated attacker can exploit this to execute arbitrary commands as the...

Linux Distros Unpatched Vulnerability : CVE-2019-9804

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In Firefox Developer Tools it is possible that pasting the result of the 'Copy as cURL' command into a command shell on macOS will cause the execution of...

Exploit for Code Injection in Xwiki

CVE-2025-24893 Bash POC script for RCE vulnerability in XWiki...

Exploit for CVE-2024-32019

CVE-2024-32019-poc Netdata ndsudo PoC Build the binary: ba...

Exploit for Improper Access Control in Webmin

Webmin-CVE-2022-0824-Enhanced-Exploit !IMPORTANT Enhan...

Exploit for Code Injection in Vmware Spring_Framework

!Spring4shell%20zero%20day%20vulnerabilityhttps://www.holmsec...

Exploit for OS Command Injection in Gnu Bash

Exploits Miscellaneous proof of concept exploit code written at Xiphos Research for testing purposes. Current Exploits index may be out of date phpMoAdmin Remote Code Execution CVE-2015-2208 LotusCMS Remote Code Execution OSVDB-75095 ElasticSearch Remote Code Execution CVE-2015-1427 ShellShock...

shellshocker-pocs

This repository contains a collection of Proof of Concepts PoCs and potential targets for the Shellshock vulnerability, also known as Bash Bug. The vulnerability affects the Bash shell and allows an attacker to execute arbitrary code by injecting malicious environment variables. The repository...

hacking-material-books

This repository is an offensive tool for Metasploit and Nmap scripting. It contains a collection of articles and resource files for Metasploit RC/ERB scripting, Nmap NSE scripting, and bash programming. The repository includes examples of how to use Metasploit RC/ERB scripting to automate tasks,...

Fedora 42 : nodejs-bash-language-server / nodejs-pnpm (2025-69a1acbbc0)

The remote Fedora 42 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-69a1acbbc0 advisory. Update pnpm to version 10.9.0 to fix CVE-2024-47829 and nodejs-bash-language-server to version 5.6.0 Tenable has extracted the preceding description block...

TestSSL 3.0.10

testssl.sh is a free command line tool which checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws, and much more. It is written in pure bash, makes only use of standard Unix utilities, openssl and last but not least bash sockets...

Exploit for CVE-2025-6019

CVE-2025-6019 Proof of Concept PoC This repository contains...

CVE-2025-49091

KDE Konsole before 25.04.2 allows remote code execution in a certain scenario. It supports loading URLs from the scheme handlers such as a ssh:// or telnet:// or rlogin:// URL. This can be executed regardless of whether the ssh, telnet, or rlogin binary is available. In this mode, there is a code...