46 matches found
CVE-2026-33482 AVideo has an OS Command Injection via $() Shell Substitution Bypass in sanitizeFFmpegCommand()
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the sanitizeFFmpegCommand function in plugin/API/standAlone/functions.php is designed to prevent OS command injection in ffmpeg commands by stripping dangerous shell metacharacters &&, ;, |, , . However, it fails ...
CVE-2026-33482
WWBN AVideo is an open source video platform. In versions up to and including 26.0, the sanitizeFFmpegCommand function in plugin/API/standAlone/functions.php is designed to prevent OS command injection in ffmpeg commands by stripping dangerous shell metacharacters &&, ;, |, , . However, it fails ...
AVideo has an OS Command Injection via $() Shell Substitution Bypass in sanitizeFFmpegCommand()
Summary The sanitizeFFmpegCommand function in plugin/API/standAlone/functions.php is designed to prevent OS command injection in ffmpeg commands by stripping dangerous shell metacharacters &&, ;, |, , . However, it fails to strip $ bash command substitution syntax. Since the sanitized command is...
WordPress WPvivid 0.9.123 Payload Generator / Scanner
This Python script is a proof of concept tool designed to generate a crafted payload targeting the WPvivid Backup Migration plugin mechanism in WordPress. The script encrypts a JSON object containing file data using AES-CBC with a null key and IV, formats it according to the plugin's expected...
Embedded Malicious Code
Overview react-native-international-phone-number is an International mobile phone input component with mask for React Native Affected versions of this package are vulnerable to Embedded Malicious Code. The publishing pipeline of this package was compromised and a malicious version was released on...
Malicious code in hxq-misc-utils-0379 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron 1e22088fbe314143f0c3eb971a645a125a9a32753184ceb5abd533ac7e60da69 This package includes an encrypted payload file that appears to be used to deliver code or resources to other packages. The payload changes betwe...
MAL-2026-1453 Malicious code in hxq-misc-utils-0379 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: oracle-using-macaron 1e22088fbe314143f0c3eb971a645a125a9a32753184ceb5abd533ac7e60da69 This package includes an encrypted payload file that appears to be used to deliver code or resources to other packages. The payload changes betwe...
Linux RC4 Encrypted Payload Generator
This evasion module packs Linux payloads using RC4 encryption and executes them from memory using memfdcreate for fileless execution. Linux kernel version support: 3.17+ Module Options msf use evasion/linux/x64/rc4packer msf evasionrc4packer show actions ...actions... msf evasionrc4packer set...
Exploit for Type Confusion in Apple Ipados
Coruna Exploit Kit - Deobfuscated CVE-2024-23222 HEAVILY B...
MAL-2026-593 Malicious code in pypi-package-explore (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 54257ec88b5f7a5bd69177f84a4c396ab208e727ba1c7b079056f1fab2705c37 Package presents an extremely deep obfuscation of a code that is imported during installation. The exact behavior is unknown, but it includes loading encrypted...
Exploit for Deserialization of Untrusted Data in Microsoft
WSUS-CVE-2025-59287-RCE CVE-2025-59287 is a critical CVSS...
CVE-2025-58163 FreeScout's deserialization of untrusted data can lead to Remote Code Execution
FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.185 and earlier contain a deserialization of untrusted data vulnerability that allows authenticated attackers with knowledge of the application's APPKEY to achieve remote code execution. The...
Decryption Failure
illuminate/encryption is vulnerable to a Decryption Failure. The vulnerability is due to improper handling of encrypted payloads in the Laravel Encrypter component, allowing attackers to craft an encrypted payload, which upon decryption returns false, possibly resulting in unintended behavior in ...
AZL-39927 CVE-2024-3652 affecting package libreswan for versions less than 4.14-2
The Libreswan Project was notified of an issue causing libreswan to restart when using IKEv1 without specifying an esp= line. When the peer requests AES-GMAC, libreswan's default proposal handler causes an assertion failure and crashes and restarts. IKEv2 connections are not affected...
Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload
Cybersecurity researchers have identified an updated version of a macOS information stealer called Atomic or AMOS, indicating that the threat actors behind the malware are actively enhancing its capabilities. "It looks like Atomic Stealer was updated around mid to late December 2023, where its...
Dragon Breath APT Group Using Double-Clean-App Technique to Target Gambling Industry
An advanced persistent threat APT actor known as Dragon Breath has been observed adding new layers of complexity to its attacks by adopting a novel DLL side-loading mechanism. "The attack is based on a classic side-loading attack, consisting of a clean application, a malicious loader, and an...
laZzzy - Shellcode Loader, Developed Using Different Open-Source Libraries, That Demonstrates Different Execution Techniques
laZzzy is a shellcode loader that demonstrates different execution techniques commonly employed by malware. laZzzy was developed using different open-source header-only libraries. Features Direct syscalls and native Nt functions not all functions but most Import Address Table IAT evasion Encrypte...
Rhonabwy 加密问题漏洞
Rhonabwy is a Javascript Object Signing and Encryption JOSE library from the Canadian personal developer Nicolas Mora. A cryptographic issue vulnerability exists in version 1.1.x of Rhonabwy prior to 0.9.99 to 1.1.7, which stems from not checking the length of the RSA private key before decryptin...
SolarMarker Malware Uses Novel Techniques to Persist on Hacked Systems
In a sign that threat actors continuously shift tactics and update their defensive measures, the operators of the SolarMarker information stealer and backdoor have been found leveraging stealthy Windows Registry tricks to establish long-term persistence on compromised systems. Cybersecurity firm...
CVE-2020-25493
Oclean Mobile Application 2.1.2 communicates with an external website using HTTP so it is possible to eavesdrop the network traffic. The content of HTTP payload is encrypted using XOR with a hardcoded key, which allows for the possibility to decode the traffic...