GO-2024-3355 Remote Command Execution in file editing in gogs in gogs.io/gogs

Remote Command Execution in file editing in gogs in gogs.io/gogs...

Crater 代码问题漏洞

Crater is an open source web and mobile application from Crater Invoice Open Source. It is used to track expenses, make payments and create professional invoices and estimates. Crater has a code issue vulnerability. An attacker exploiting this vulnerability could remotely execute commands...

CVE-2024-55556

A CVE in Crater Invoice (InvoiceShelf/META: Laravel cookie-based session deserialization) enables unauthenticated remote code execution when an attacker obtains Laravel APP_KEY. Public docs describe that manipulating the laravel_session cookie, which contains serialized session data encrypted wit...

CVE-2024-55556

A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...

CVE-2024-55556

A vulnerability in Crater Invoice allows an unauthenticated attacker with knowledge of the APPKEY to achieve remote command execution on the server by manipulating the laravelsession cookie, exploiting arbitrary deserialization through the encrypted session data. The exploitation vector of this...

Invoice Ninja 代码问题漏洞

Invoice Ninja is Invoice Ninja open source a usable invoice, quote, project and time tracking application built using Laravel. A code issue vulnerability exists in Invoice Ninja versions prior to 5.10.43. An attacker exploiting this vulnerability could remotely execute commands...

Malicious code in zetessf (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 54b4e49ae22e5325a2ed8fe3e7a32f36e50fdf5fda9ea594cf72b24bd9c97788 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

PT-2025-1195 · Ibm · Ibm Concert

Name of the Vulnerable Software and Affected Versions: IBM Concert Software versions 1.0.0 through 1.0.3 Description: The issue is related to improper log neutralization, which could allow an authenticated user to inject malicious information or obtain information from log files. This is due to t...

CVE-2024-56137

MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation RAG. Prior to version 1.9.0, a remote command execution vulnerability exists in the module of function library. The vulnerabili...

CVE-2024-56137

CVE-2024-56137 affects MaxKB (open source knowledge-base Q&A with LLM and RAG). Prior to version 1.9.0, a remote command execution vulnerability exists in the function library module, allowing privileged users to execute OS commands within custom scripts. The issue has been fixed in v1.9.0. Curre...

CVE-2024-56137 MaxKB RCE vulnerability in function library

MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation RAG. Prior to version 1.9.0, a remote command execution vulnerability exists in the module of function library. The vulnerabili...

CVE-2024-56137 MaxKB RCE vulnerability in function library

MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation RAG. Prior to version 1.9.0, a remote command execution vulnerability exists in the module of function library. The vulnerabili...

CVE-2024-56137 MaxKB RCE vulnerability in function library

MaxKB, which stands for Max Knowledge Base, is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation RAG. Prior to version 1.9.0, a remote command execution vulnerability exists in the module of function library. The vulnerabili...

Remote Command Execution

Gogs is vulnerable to Remote Command Execution. The vulnerability is due to improper validation of symlink files, allowing a malicious user to commit and edit crafted symlink files in a repository to gain SSH access to the server...

PT-2025-3195 · Maxkb · Maxkb

Name of the Vulnerable Software and Affected Versions: MaxKB versions prior to 1.9.0 Description: MaxKB is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation. A remote command execution issue existed in the function library...

MaxKB 安全漏洞

MaxKB is a 1Panel-dev open source open source knowledge base question and answer system based on a large language model and RAG. A security vulnerability exists in MaxKB versions prior to 1.9.0, which stems from a remote command execution in the function library module that allows a privileged us...

CVE-2024-12856 Four-Faith Industrial Router adjust_sys_time OS Command Injection

The Four-Faith router models F3x24 and F3x36 are affected by an operating system OS command injection vulnerability. At least firmware version 2.0 allows authenticated and remote attackers to execute arbitrary OS commands over HTTP when modifying the system time via apply.cgi. Additionally, this...

FICORA and Kaiten Botnets Exploit Old D-Link Vulnerabilities for Global Attacks

Cybersecurity researchers are warning about a spike in malicious activity that involves roping vulnerable D-Link routers into two different botnets, a Mirai variant dubbed FICORA and a Kaiten aka Tsunami variant called CAPSAICIN. "These botnets are frequently spread through documented D-Link...

CVE-2024-12652

A Improper Control of Generation of Code 'Code Injection' vulnerability in groovy script function in SmartRobot′s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code...

CVE-2024-12652 Intumit SmartRobot′s Conversational AI Platform - Improper Control of Generation of Code ('Code Injection')

A Improper Control of Generation of Code 'Code Injection' vulnerability in groovy script function in SmartRobot′s Conversational AI Platform before v7.2.0 allows remote authenticated users to perform arbitrary system commands via Groovy code...