CVE-2025-27554

ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server e.g., read secrets from the desktopify config.prod.json file, and consequently deploy updates to any app, via a postinstall script in...

Linux Distros Unpatched Vulnerability : CVE-2004-2771

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The expand function in fio.c in Heirloom mailx 12.5 and earlier and BSD mailx 8.1.2 and earlier allows remote attackers to execute arbitrary commands via shell...

InvokeAI 5.0 Code Injection

InvokeAI version 5.0 suffers from a remote code execution vulnerability. ============================================================================================================================================= | Title : InvokeAI v5.0 PHP Code Injection Vulnerability | | Author : indoushka | ...

Linux Distros Unpatched Vulnerability : CVE-2011-2717

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The DHCPv6 client dhcp6c as used in the dhcpv6 project through 2011-07-25 allows remote DHCP servers to execute arbitrary commands via shell metacharacters in a...

Linux Distros Unpatched Vulnerability : CVE-2007-2348

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mirror --script in lftp before 3.5.9 does not properly quote shell metacharacters, which might allow remote user-assisted attackers to execute shell commands vi...

CVE-2025-27554

ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server e.g., read secrets from the desktopify config.prod.json file, and consequently deploy updates to any app, via a postinstall script in...

ToDesktop 代码注入漏洞

ToDesktop is an application from ToDesktop, Inc. that converts a Web application code base into a cross-platform desktop application with native functionality. A security vulnerability exists in versions of ToDesktop prior to 2024-10-03, which stems from a postinstall script that allows a remote...

CVE-2025-27554

ToDesktop before 2024-10-03, as used by Cursor before 2024-10-03 and other applications, allows remote attackers to execute arbitrary commands on the build server e.g., read secrets from the desktopify config.prod.json file, and consequently deploy updates to any app, via a postinstall script in...

CVE-2025-27554

CVE-2025-27554 affects ToDesktop builds prior to 2024-10-03 where a postinstall script in package.json can be abused to execute arbitrary commands on the build server (e.g., reading secrets from the desktopify config.prod.json) and deploy updates to any app. Multiple sources note no exploitation ...

PT-2025-9155 · Cursor +1 · Cursor +1

Name of the Vulnerable Software and Affected Versions: ToDesktop versions prior to 2024-10-03 Description: The issue allows remote attackers to execute arbitrary commands on the build server, potentially reading secrets from the desktopify config.prod.json file and deploying updates to any app, v...

The SOC files: Chasing the web shell

Web shells have evolved far beyond their original purpose of basic remote command execution, and many now function more like lightweight exploitation frameworks. These tools often include features such as in-memory module execution and encrypted command-and-control C2 communication, giving...

Ivanti EPM 1.0 Code Execution

Ivanti EPM version 1.0 suffers from a code execution vulnerability. ============================================================================================================================================= | Title : Ivanti EPM v1.0 PHP Code Injection Vulnerability | | Author : indoushka | |...

Ollama 0.5.11 Code Execution

Ollama version 0.5.11 suffers from a code execution vulnerability. ============================================================================================================================================= | Title : Ollama 0.5.11 Code Injection Vulnerability | | Author : indoushka | | Tested o...

NetAlertX 24.9.12 Code Execution

NetAlertX version 24.9.12 suffers from a code execution vulnerability. ============================================================================================================================================= | Title : NetAlertX 24.9.12 PHP Code Injection Vulnerability | | Author : indoushka ...

MITRE Caldera dynamic compilation command injection

Added: 02/28/2025 Background MITRE Caldera is a security platform for emulating adversaries. Problem The dynamic compilation functionality in the Manx and Sandcat agents is affected by an injection vulnerability which could allow remote command execution. Resolution Upgrade to Caldera 5.1.0 or...

CVE-2025-27142

LocalSend is a free, open-source app that allows users to securely share files and messages with nearby devices over their local network without needing an internet connection. Prior to version 1.17.0, due to the missing sanitization of the path in the POST /api/localsend/v2/prepare-upload and th...

Exploit for Deserialization of Untrusted Data in Apache Activemq

CVE-2023-46604 01. Apache ActiveMQ & OpenWire - 1 Apac...

Tuoshi LT15D 安全漏洞

Tuoshi LT15D is a wireless router from China's Tuoshi Tuoshi. A security vulnerability exists in the Tuoshi LT15D that originates from the /goform/formJsonAjaxReq endpoint that does not clean up shell metacharacters, allowing an unauthenticated, remote attacker to execute arbitrary OS commands...

CVE-2025-27142

LocalSend is a free, open-source app that allows users to securely share files and messages with nearby devices over their local network without needing an internet connection. Prior to version 1.17.0, due to the missing sanitization of the path in the POST /api/localsend/v2/prepare-upload and th...

CVE-2025-27142 LocalSend path traversal vulnerability in the file upload endpoint allows nearby devices to execute arbitrary commands

LocalSend is a free, open-source app that allows users to securely share files and messages with nearby devices over their local network without needing an internet connection. Prior to version 1.17.0, due to the missing sanitization of the path in the POST /api/localsend/v2/prepare-upload and th...