CVE-2024-24566

Lobe Chat is a chatbot framework that supports speech synthesis, multimodal, and extensible Function Call plugin system. When the application is password-protected deployed with the ACCESSCODE option, it is possible to access plugins without proper authorization without password. This vulnerabili...

CVE-2025-31499

Jellyfin CVE-2025-31499 affects versions before 10.10.7. An FFmpeg argument-injection flaw exists in endpoints such as /Videos//stream and /Videos//stream. (and similar in AudioController), allowing unsanitized parameters to reach FFmpeg’s command line. This can enable arbitrary file writes and p...

Oracle MySQL 安全漏洞

Oracle MySQL Server is a relational database from Oracle Corporation. A security vulnerability exists in Oracle MySQL Server, which originates from a flaw in the PS component and can be exploited by an attacker to cause a complete denial of service...

CVE-2024-31457

gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. gin-vue-admin pseudoversion 0.0.0-20240407133540-7bc7c3051067, corresponding to version 2.6.1, has a code injection vulnerability in the backend. In the Plugin System - Plugi...

age Plugins

age is a file encryption tool, library, and format. It lets you encrypt files to “recipients” and decrypt them with “identities”. $ age-keygen -o key.txt Public key: age1ql3z7hjy54pw3hyww5ayyfg7zqgvc7w3j2elw8zmrj2kg5sfn9aqmcac8p $ tar cvz /data | age -r...

GO-2024-2702 Code injection vulnerability in github.com/flipped-aurora/gin-vue-admin/server

Gin-vue-admin has a code injection vulnerability in the backend. In the Plugin System - Plugin Template feature, an attacker can perform directory traversal by manipulating the 'plugName' parameter. They can create specific folders such as 'api', 'config', 'global', 'model', 'router', 'service',...

Path Traversal

gin-vue-admin is vulnerable to Path Traversal. The vulnerability is due to improper validation for PlugName field within a struct, which allows an attacker to perform directory traversal by manipulating the plugName parameter in the Plugin System - Plugin Template feature...

CVE-2024-31457

Gin-vue-admin (CVE-2024-31457) has a backend code-injection risk via a directory-traversal flaw in the Plugin Template feature. The AutoPlug flow accepts PlugName, and through crafted input (e.g., ../../../server/ and related PoC payloads) an attacker can create or modify folders like api, config...

CVE-2024-31457 gin-vue-admin background arbitrary code coverage vulnerability

gin-vue-admin is a backstage management system based on vue and gin, which separates the front and rear of the full stack. gin-vue-admin pseudoversion 0.0.0-20240407133540-7bc7c3051067, corresponding to version 2.6.1, has a code injection vulnerability in the backend. In the Plugin System - Plugi...

WordPress Plugin System Dashboard Security Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. WordPress is a blogging platform developed in the PHP language that supports personal blogs on PHP and MySQL servers.WordPress plugin is an application...

Rhadamanthys Malware: Swiss Army Knife of Information Stealers Emerges

The developers of the information stealer malware known as Rhadamanthys are actively iterating on its features, broadening its information-gathering capabilities and also incorporating a plugin system to make it more customizable. This approach not only transforms it into a threat capable of...

CVE-2022-29414

Multiple 13x Cross-Site Request Forgery CSRF vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin mass update settings, manage subscriptions add a new subscription, update subscription, delete Subscription...

[SECURITY] Fedora 34 Update: synfigstudio-1.4.0-3.fc34

Synfig Animation Studio is a powerful, industrial-strength vector-based 2D animation software, designed from the ground-up for producing feature-film quality animation with fewer people and resources. It is designed to be capable of producing feature-film quality animation. It eliminates the need...

Fedora: Security Advisory for eom (FEDORA-2021-df1fa3d3e0)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[SECURITY] Fedora 35 Update: synfigstudio-1.4.0-3.fc35

Synfig Animation Studio is a powerful, industrial-strength vector-based 2D animation software, designed from the ground-up for producing feature-film quality animation with fewer people and resources. It is designed to be capable of producing feature-film quality animation. It eliminates the need...

[SECURITY] Fedora 35 Update: eom-1.26.0-2.fc35

The Eye of MATE eom is the official image viewer for the MATE desktop. It can view single image files in a variety of formats, as well as large image collections. Eye of Mate is extensible through a plugin system...

emp3r0r

It is an offensive tool for Linux systems. The tool is called emp3r0r, a Linux post-exploitation framework made by a user named jm33-ng. It is designed to provide a better experience for remote administration on Linux systems, particularly for terminal-based interactions. The framework is written...

Bantam - A PHP Backdoor Management And Generation tool/C2 Featuring End To End Encrypted Payload Streaming Designed To Bypass WAF, IDS, SIEM Systems

An advanced PHP backdoor management tool, with a lightweight server footprint, multi-threaded communication, and an advanced payload generation and obfuscation tool. Features end to end encryption with request unique encryption keys, and payload streaming designed to bypass WAF, IDS, SIEM systems...

DcRat - A Simple Remote Tool Written In C#

DcRat is a simple remote tool written in C Introduction Features TCP connection with certificate verification, stable and security Server IP port can be archived through link Multi-Server,multi-port support Plugin system through Dll, which has strong expansibility Super tiny client size about 405...

Microsoft Azure Virtual Machine信息泄露漏洞（CVE-2021-27075）

CVE-2021-27075: Microsoft Azure Vulnerability Allows Privilege Escalation and Leak of Private Data Written by Paul Litvak - 11 May 2021 In this post I will explain how the Microsoft Azure Virtual Machine VM extension works and how we found a fatal vulnerability in the extension mechanism affectin...