171 matches found
EUVD-2024-1492
Malicious code in bioql PyPI...
EUVD-2025-23842
Malicious code in bioql PyPI...
EUVD-2023-56364
Malicious code in bioql PyPI...
CVE-2025-9079
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...
Mattermost 安全漏洞
Mattermost is an open source collaboration platform from Mattermost, Inc. in the United States. A security vulnerability exists in Mattermost versions 10.8.3 and earlier, 10.8.x and earlier, 10.5.8 and earlier, 9.11.17 and earlier, 10.11.x and earlier, 10.10.1 and earlier, 10.10.x and 10.9.3 and...
CVE-2025-9079
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...
CVE-2025-9079 Admin RCE via prepackaged plugins by way of misconfigured imports directory
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...
PT-2025-38614
Name of the Vulnerable Software and Affected Versions Mattermost versions 10.8.x through 10.8.3 Mattermost versions 10.5.x through 10.5.8 Mattermost versions 9.11.x through 9.11.17 Mattermost versions 10.10.x through 10.10.1 Mattermost versions 10.9.x through 10.9.3 Mattermost versions prior to...
Obsidian Plugin Persistence
This module searches for Obsidian vaults for a user, and uploads a malicious community plugin to the vault. The vaults must be opened with community plugins enabled NOT restricted mode, but the plugin will be enabled automatically. Tested against Obsidian 1.7.7 on Kali, Ubuntu 22.04, and Windows...
Linux Distros Unpatched Vulnerability : CVE-2018-11319
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Syntastic aka vim-syntastic through 3.9.0 does not properly handle searches for configuration files it searches the current directory up to potentially the root...
CVE-2025-50286
A Remote Code Execution RCE vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access...
CVE-2025-50286
A Remote Code Execution RCE vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access...
CVE-2025-8616 Malicious browser plugins may cause Authentication replay attack vulnerability to bypass authentication in OpenText Advanced Authentication
A weakness identified in OpenText Advanced Authentication where a Malicious browser plugin can record and replay the user authentication process to bypass Authentication. This issue affects Advanced Authentication on or before 6.5.0...
CVE-2025-50286
A Remote Code Execution RCE vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access...
CVE-2025-50286
A Remote Code Execution RCE vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access...
CVE-2025-50286
A Remote Code Execution RCE vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access...
CVE-2025-50286
A Remote Code Execution RCE vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access...
CVE-2025-50286
Grav CMS v1.7.48 is affected by an authenticated RCE via the Admin Panel’s /admin/tools/direct-install feature. An authenticated administrator can upload a malicious plugin (e.g., ZIP with arbitrary PHP) that is extracted and loaded, enabling arbitrary PHP code execution and a reverse shell. The ...
CVE-2025-51459
File Upload vulnerability in agent.hub.controller.refreshplugins in eosphoros-ai DB-GPT 0.7.0 allows remote attackers to execute arbitrary code via a malicious plugin ZIP file uploaded to the /v1/personal/agent/upload endpoint, interacting with pluginhub.sanitizefilename and pluginsutil.scanplugi...
CVE-2025-51459
CVE-2025-51459 concerns DB-GPT 0.7.0 where a file-upload vulnerability in agent.hub.controller.refresh_plugins allows remote code execution via uploading a crafted plugin ZIP to /v1/personal/agent/upload. The root cause involves interaction with plugin_hub._sanitize_filename and plugins_util.scan...