MAL-2025-192386 Malicious code in telcoo (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c96937a82adce2ecc6628245fd858587131511b4145c04f577ec25d8fa846577 Running the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-12-evil-rce...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Next.js Exploit Tool 이 도구는 Next.js의 취약점CVE-20...

📄 Cacti 1.2.29 Remote Command Execution

Proof of concept exploit that demonstrates how authenticated users with access to Graph Templates in Cacti can abuse RRD invocation parameters to write arbitrary PHP files, then trigger execution leading to remote command execution. Version 1.2.29 is affected...

📄 Zimbra Collaboration Suite Postjournal 9.0.0 Remote Command Execution

A critical vulnerability exists in the Zimbra Collaboration Suite ZCS PostJournal service that allows attackers to execute arbitrary system commands without authentication. The vulnerability is triggered through SMTP injection using a malicious RCPT TO parameter. This exploit provides full remote...

Linksys E1200 Router Firmware <= 2.0.11.001 Multiple Vulnerabilities

Linksys E1200 routers are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

VulnCheck KEV: CVE-2023-52076

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the use...

MAL-2025-192362 Malicious code in evil-rce2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 63a6a4d1f5ad55b3b2b836b95a7153f322bb4ea2f718f665a51a4a94f32576d5 Running the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-12-evil-rce...

Malicious code in telco (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 55c8199592663c3f388cba22988800084bbc3a5696279eb22c53e837c1d8ac40 Running the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-12-evil-rce...

MAL-2025-192351 Malicious code in evil-rce (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 74a74a4133ed8082eba8452bb59a82dcf6975e1e8c4d6630a47088c17d6b6cca Running the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-12-evil-rce...

CVE-2025-64054

A reflected Cross Site Scripting XSS vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint...

CVE-2025-66576

Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution...

CVE-2025-66576 Remote Keyboard Desktop 1.0.1 - Remote Code Execution (RCE)

Remote Keyboard Desktop 1.0.1 enables remote attackers to execute system commands via the rundll32.exe exported function export, allowing unauthenticated code execution...

CVE-2024-58275 Easywall 0.3.1 - Authentication Bypass via Command Injection in /ports-save Endpoint

Easywall 0.3.1 allows authenticated remote command execution via a command injection vulnerability in the /ports-save endpoint that suffers from a parameter injection flaw. Attackers can inject shell metacharacters to execute arbitrary commands on the server...

Exploit for CVE-2025-55182

Here is your ready-to-copy-paste README.md — clean, professional...

Pentesting-Metasploitable2-SMB-Service

Metasploitable2 – SMB Vulnerability Exploitation 🚀 This proje...

PT-2025-49131

Easywall 0.3.1 allows authenticated remote command execution via a command injection vulnerability in the /ports-save endpoint that suffers from a parameter injection flaw. Attackers can inject shell metacharacters to execute arbitrary commands on the server...

CVE-2025-66208 Configuration-Dependent RCE (OS Command Injection) in richdocumentscode proxy

Collabora Online - Built-in CODE Server richdocumentscode provides a built-in server with all of the document editing features of Collabora Online. In versions prior to 25.04.702, Collabora Online has a Configuration-Dependent RCE OS Command Injection in richdocumentscode proxy. Users of Nextclou...

CVE-2025-34319

TOTOLINK N300RT devices with firmware older than V3.4.0-B20250430 are affected by an OS command injection in the Boa formWsc handling functionality (discovered in V2.1.8-B20201030.1539). The vulnerability allows an unauthenticated attacker to execute commands via the targetAPSsid request paramete...

BIT-ACTIVEMQ-2021-21345 XStream is vulnerable to a Remote Command Execution attack

XStream is a Java library to serialize objects to XML and back again. In XStream before version 1.4.16, there is a vulnerability which may allow a remote attacker who has sufficient rights to execute commands of the host only by manipulating the processed input stream. No user is affected, who...

AVTech DGM1104 安全漏洞

AVTech DGM1104 is a network video recorder from AVTech Corporation of Taiwan, China. A security vulnerability exists in the AVTech DGM1104 FullImg-1015-1004-1006-1003 version, which stems from a command injection in the Machine.cgi endpoint that could lead to the execution of arbitrary commands...