Lucene search
K

170 matches found

UbuntuCve
UbuntuCve
added 2026/02/11 9:16 p.m.7 views

CVE-2026-25924

Kanboard is project management software focused on Kanban methodology. Prior to 1.2.50, a security control bypass vulnerability in Kanboard allows an authenticated administrator to achieve full Remote Code Execution RCE. Although the application correctly hides the plugin installation interface...

8.4CVSS6.2AI score0.00491EPSS
Exploits1References4
Packet Storm
Packet Storm
added 2026/02/03 12:0 a.m.167 views

📄 LimeSurvey 5.2.4 Remote Code Execution

Proof of concept exploit for LimeSurvey version 5.2.4 that loads a malicious PHP plugin and executes a reverse shell. ============================================================================================================================================= | Title : LimeSurvey 5.2.4 reverse...

9CVSS5.4AI score0.12579EPSS
Exploits3
Metasploit
Metasploit
added 2026/01/15 6:58 p.m.382 views

Notepad++ Plugin Persistence

This module create persistence by adding a malicious plugin to Notepad++, as it blindly loads and executes DLL from its plugin directory on startup, meaning that the payload will be executed every time Notepad++ is launched. Module Options msf use exploit/windows/persistence/notepadppplugin msf...

5.8AI score
Exploits0
RedhatCVE
RedhatCVE
added 2026/01/09 10:51 a.m.7 views

CVE-2022-42123

A Zip slip vulnerability in the Elasticsearch Connector in Liferay Portal 7.3.3 through 7.4.3.18, and Liferay DXP 7.3 before update 6, and 7.4 before update 19 allows attackers to create or overwrite existing files on the filesystem via the installation of a malicious Elasticsearch Sidecar plugin...

7.5CVSS6.8AI score0.00702EPSS
Exploits0References1
Packet Storm
Packet Storm
added 2025/12/15 12:0 a.m.234 views

📄 Figma Desktop Application 125.6.5 Remote Code Execution

Figma Desktop Application version 125.6.5 proof of concept remote code execution exploit that leverages the plugin manifest. ============================================================================================================================================= | Title : Figma Desktop...

8.4CVSS8.2AI score0.01058EPSS
Exploits3
Veracode
Veracode
added 2025/12/13 7:28 a.m.14 views

Use Of Hard-coded Cryptographic Key

AstrBot is vulnerable to the Use of Hard-coded Cryptographic Key. The vulnerability is due to the presence of a hard-coded signing key in the application, which allows an attacker to forge tokens and execute arbitrary commands by installing a malicious plugin...

7.3CVSS6AI score0.00281EPSS
Exploits2References5Affected Software1
Metasploit
Metasploit
added 2025/12/04 6:55 p.m.503 views

WordPress AI Engine Plugin MCP Unauthenticated Admin Creation to RCE

This module exploits an unauthenticated vulnerability in the WordPress AI Engine plugin versions use exploit/multi/http/wpaienginemcprce msf exploitwpaienginemcprce show targets ...targets... msf exploitwpaienginemcprce set TARGET msf exploitwpaienginemcprce show options ...show and set options...

9.8CVSS8.1AI score0.75063EPSS
Exploits5
Packet Storm News
Packet Storm News
added 2025/11/24 12:0 a.m.4 views

Notepad++ Plugin Persistence

This Metasploit module create persistence by adding a malicious plugin to Notepad++, as it blindly loads and executes DLL from its plugin directory on startup, meaning that the payload will be executed every time Notepad++ is launched...

6.9AI score
Exploits0
Snyk
Snyk
added 2025/11/14 9:52 p.m.2 views

Use of Hard-coded Credentials

Overview AstrBot is a 易上手的多平台 LLM 聊天机器人及开发框架 Affected versions of this package are vulnerable to Use of Hard-coded Credentials for signature verification. An attacker can gain unauthorized access and execute arbitrary commands by bypassing authentication using a hard-coded JWT signing key and...

9.8CVSS7.7AI score0.00281EPSS
Exploits2References2
OSV
OSV
added 2025/11/14 9:52 p.m.4 views

GHSA-4M32-CJV7-F425 AstrBot is vulnerable to RCE with hard-coded JWT signing keys

Summary AstrBot uses a hard-coded JWT signing key, allowing attackers to execute arbitrary commands by installing a malicious plugin. Details AstrBot uses a hard-coded JWT signing key, which allows attackers to bypass the authentication mechanism. Once bypassed, the attacker can install a Python...

9.8CVSS7.8AI score0.00281EPSS
Exploits2References6
Github Security Blog
Github Security Blog
added 2025/11/14 9:52 p.m.11 views

AstrBot is vulnerable to RCE with hard-coded JWT signing keys

Summary AstrBot uses a hard-coded JWT signing key, allowing attackers to execute arbitrary commands by installing a malicious plugin. Details AstrBot uses a hard-coded JWT signing key, which allows attackers to bypass the authentication mechanism. Once bypassed, the attacker can install a Python...

7.3CVSS7.9AI score0.00281EPSS
Exploits2References7Affected Software1
Positive Technologies
Positive Technologies
added 2025/11/14 12:0 a.m.5 views

PT-2025-47033

Name of the Vulnerable Software and Affected Versions AstrBot version 3.5.15 Description The software uses a hard-coded private key, "Advanced System for Text Response and Bot Operations Tool", to sign JSON Web Tokens JWT, which are compact, URL-safe means of representing claims to be transferred...

9.8CVSS6AI score0.00281EPSS
Exploits2References17
OSSF Malicious Packages
OSSF Malicious Packages
added 2025/11/13 3:23 a.m.4 views

Malicious code in prettier-plugin-markdown-aquarius-colors-antares (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93e02a281f78f15c659fc2bc0017a1f4fc72c6e3519a06df0c8b38338db6ed47 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

6.9AI score
Exploits0
EUVD
EUVD
added 2025/10/07 12:30 a.m.4 views

EUVD-2021-15885

Malware in sbrugna...

6.7CVSS6.6AI score0.01548EPSS
Exploits0References3
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2023-2892

Malicious code in bioql PyPI...

7.8CVSS7.5AI score0.00249EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-7363

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.00702EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2022-7342

Malicious code in bioql PyPI...

7.5CVSS7.4AI score0.00702EPSS
Exploits0References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-21034

Malicious code in bioql PyPI...

8.6CVSS6.6AI score0.01029EPSS
Exploits0References6
EUVD
EUVD
added 2025/10/03 8:7 p.m.5 views

EUVD-2023-56364

Malicious code in bioql PyPI...

9.8CVSS9.2AI score0.00334EPSS
Exploits0References1
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-1492

Malicious code in bioql PyPI...

8.8CVSS8.4AI score0.02017EPSS
Exploits1References7
Rows per page
Query Builder