Malicious code in test-hahahaha-rce (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware a60b5f6a059fbad46e0862b86aaea8203f5531a5d6691caef7ecdd1602146900 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2975 Malicious code in mirage-rce (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f9ba7e438828f3bcacd252bc54f00732b129fe6fc8f6a9909d964720ac1e6420 Setup.py contains a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-02-mirage-rce Reasons...

Exploit for CVE-2025-1302

CVE-2025-1302 ★ CVE-2025-1302 JSONPath-plus RCE PoC ★ https...

XWiki 5.3 < 15.10.11, 16.0.0 < 16.4.1 RCE Vulnerability (GHSA-rr6p-3pfg-562j) - Version Check

Xwiki is prone to a remote code execution RCE vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:xwiki:xwiki";...

CVE-2025-25507

There is a RCE vulnerability in Tenda AC6 15.03.05.16multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution...

CVE-2025-25507

There is a RCE vulnerability in Tenda AC6 15.03.05.16multi. In the formexeCommand function, the parameter cmdinput will cause remote command execution...

InvokeAI Remote Code Execution

InvokeAI has a critical vulnerability leading to remote code execution in the /api/v2/models/install API through unsafe model deserialization. The API allows users to specify a model URL, which is downloaded and loaded server-side using torch.load without proper validation. This functionality...

RCE (Remote Code Execution) org.apache.tomcat:tomcat-catalina Dependency in Crowd Data Center and Server

This Critical severity org.apache.tomcat:tomcat-catalina Dependency vulnerability was introduced in version 6.2.0 of Crowd Data Center and Server. This org.apache.tomcat:tomcat-catalina Dependency vulnerability, with a CVSS Score of 9.8 and a CVSS Vector of...

February Microsoft Patch Tuesday

February Microsoft Patch Tuesday. 89 CVEs, 33 added since January. Two with signs of exploitation in the wild: EoP - Windows Ancillary Function Driver for WinSock CVE-2025-21418 EoP - Windows Storage CVE-2025-21391 There are no vulnerabilities with public exploits, but there are 7 with private...

Unauthenticated RCE in NetAlertX

An attacker can update NetAlertX settings with no authentication, which results in RCE. Module Options msf use exploit/linux/http/netalertxrcecve202446506 msf exploitnetalertxrcecve202446506 show targets ...targets... msf exploitnetalertxrcecve202446506 set TARGET msf...

CVE-2022-31764

The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of...

CVE-2022-31764 Apache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC

The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of...

CVE-2020-15140

In Red Discord Bot before version 3.3.11, a RCE exploit has been discovered in the Trivia module: this exploit allows Discord users with specifically crafted usernames to inject code into the Trivia module's leaderboard command. By abusing this exploit, it's possible to perform destructive action...

SUSE-SU-2025:0058-1 Security update for tomcat

This update for tomcat fixes the following issues: Update to Tomcat 9.0.98 - Fixed CVEs: + CVE-2024-54677: DoS in examples web application bsc1234664 + CVE-2024-50379: RCE due to TOCTOU issue in JSP compilation bsc1234663 + CVE-2024-52317: Request/response mix-up with HTTP/2 bsc1233435 - Catalina...

CVE-2024-5452

A remote code execution RCE vulnerability exists in the lightning-ai/pytorch-lightning library version 2.2.1 due to improper handling of deserialized user input and mismanagement of dunder attributes by the deepdiff library. The library uses deepdiff.Delta objects to modify application state base...

CVE-2024-1538

The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 7.2.4. This is due to missing or incorrect nonce validation on the wpfilemanager page that includes files through the 'lang' parameter. This makes it possible for unauthenticate...

CVE-2024-27132

Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue leads to a client-side RCE when running an untrusted recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over template variables...

CVE-2024-27133

Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dataset. This issue leads to a client-side RCE when running the recipe in Jupyter Notebook. The vulnerability stems from lack of sanitization over dataset table fields...

CVE-2024-0400

SCM Software is a client and server application. An Authenticated System manager client can execute LINQ query in the SCM server, for customized filtering. An Authenticated malicious client can send a specially crafted code to skip the validation and execute arbitrary code RCE on the SCM Server...

Exploit for Deserialization of Untrusted Data in Themekraft Buddyforms

Exploit BuddyForms CVE-2023-26326 using Iconv CVE-2024-2961...