45044 matches found
Exploit for CVE-2025-55182
Here is your ready-to-copy-paste README.md — clean, professional...
Pentesting-Metasploitable2-SMB-Service
Metasploitable2 – SMB Vulnerability Exploitation 🚀 This proje...
SUSE CVE-2025-66399
Cacti is an open source performance and fault management framework. Prior to 1.2.29, there is an input-validation flaw in the SNMP device configuration functionality. An authenticated Cacti user can supply crafted SNMP community strings containing control characters including newlines that are...
CVE-2025-65842
The Aquarius HelperTool 1.0.003 privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights...
CVE-2025-57200
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the testmail function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...
CVE-2025-57201
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the SMB server function. This vulnerability allows attackers to execute arbitrary commands via a crafted input...
Malicious code in elf-stats-festive-sparkler-275 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector f3adaeddf56adca42174e060e74d72cba7c7afff543772ffc7037f6329fe0359 The package elf-stats-festive-sparkler-275 was found to contain malicious code. Source: ghsa-malware...
PT-2025-49131
Easywall 0.3.1 allows authenticated remote command execution via a command injection vulnerability in the /ports-save endpoint that suffers from a parameter injection flaw. Attackers can inject shell metacharacters to execute arbitrary commands on the server...
Easywall 参数注入漏洞
Easywall is a jpylypiw open source firewall software. A parameter injection vulnerability exists in Easywall version 0.3.1, which stems from a command injection in the /ports-save endpoint that could lead to the execution of arbitrary commands...
CVE-2025-54306
Summary: CVE-2025-54306 affects Thermo Fisher Torrent Suite Django application 5.18.1. A remote code execution vulnerability arises from insufficient input validation in the network configuration flow accessed via /admin/network. User-controlled data is written to environment variables by Bash sc...
Linux Distros Unpatched Vulnerability : CVE-2025-58098
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exec cmd=...
CVE-2025-66208 Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy
Collabora Online - Built-in CODE Server richdocumentscode provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE OS Command Injection in richdocumentscode proxy. Users of Nextclou...
CVE-2025-65842
The Aquarius HelperTool 1.0.003 privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights...
CVE-2025-65842
The Aquarius HelperTool 1.0.003 privileged XPC service on macOS contains multiple flaws that allow local privilege escalation. The service accepts XPC connections from any local process without validating the client's identity, and its authorization logic incorrectly calls AuthorizationCopyRights...
MAL-2025-192244 Malicious code in hast-util-to-mdast9 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fabf8dc58c17b065c6576e16228fa6dbe32f4944b01419821880c59edb28d012 The package hast-util-to-mdast9 was found to contain malicious code. Source: ghsa-malware...
Malicious code in hast-util-to-mdast9 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector fabf8dc58c17b065c6576e16228fa6dbe32f4944b01419821880c59edb28d012 The package hast-util-to-mdast9 was found to contain malicious code. Source: ghsa-malware...
CVE-2025-34319
TOTOLINK N300RT devices with firmware older than V3.4.0-B20250430 are affected by an OS command injection in the Boa formWsc handling functionality (discovered in V2.1.8-B20201030.1539). The vulnerability allows an unauthenticated attacker to execute commands via the targetAPSsid request paramete...
CVE-2025-57199
AVTECH SECURITY Corporation DGM1104 FullImg-1015-1004-1006-1003 was discovered to contain an authenticated command injection vulnerability in the NetFailDetectD binary. This vulnerability allows attackers to execute arbitrary commands via a crafted input...
Malicious code in elf-stats-mulled-bauble-252 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b496322bb576fe2d9c78c8c2982cbbea3a84587c945d2f580c242e2256b0ef69 The package elf-stats-mulled-bauble-252 was found to contain malicious code. Source: ossf-package-analysis...
MAL-2025-191986 Malicious code in elf-stats-mulled-bauble-252 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b496322bb576fe2d9c78c8c2982cbbea3a84587c945d2f580c242e2256b0ef69 The package elf-stats-mulled-bauble-252 was found to contain malicious code. Source: ossf-package-analysis...