EUVD-2025-23842

Malicious code in bioql PyPI...

EUVD-2023-52120

Malicious code in bioql PyPI...

EUVD-2025-6892

Malicious code in bioql PyPI...

CVE-2025-50286

A Remote Code Execution RCE vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access...

CVE-2025-50286

A Remote Code Execution RCE vulnerability in Grav CMS v1.7.48 allows an authenticated admin to upload a malicious plugin via the /admin/tools/direct-install interface. Once uploaded, the plugin is automatically extracted and loaded, allowing arbitrary PHP code execution and reverse shell access...

CVE-2021-31762

Webmin 1.973 is affected by Cross Site Request Forgery CSRF to create a privileged user through Webmin's add users feature, and then get a reverse shell through Webmin's running process feature...

BPFDoor’s Hidden Controller Used Against Asia, Middle East Targets

A controller linked to BPF backdoor can open a reverse shell, enabling deeper infiltration into compromised networks. Recent attacks have been observed targeting the telecommunications, finance, and retail sectors across South Korea, Hong Kong, Myanmar, Malaysia, and Egypt...

CVE-2024-8156

A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input github.head.ref is used insecurely, allowing an attacker to inject arbitrary commands. This vulnerability affects versions up to and including the latest version...

CVE-2024-8156 Command Injection in significant-gravitas/autogpt

A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input github.head.ref is used insecurely, allowing an attacker to inject arbitrary commands. This vulnerability affects versions up to and including the latest version...

Exploit for CVE-2023-38646

CVE-2023-38646-exploit "This vulnerability, designated as CVE-...

Backdoor in Android for No-Permissions Reverse Shell

Backdoor in Android for No-Permissions Reverse Shell Security expert Thomas Cannon working at viaForensics as the Director of R&D has demonstrated a custom-developed app that installs a backdoor in Android smartphones – without requiring any permissions or exploiting any security holes. Thomas...

EC-Council Academy Hacked by GaySec (Malaysian hackers)

EC-Council Academy Hacked byGaySec Malaysian hackers EC-Council Academy https://eccouncilacademy.org Hacked by GaySec Malaysian hackers. EC-Council Academy is a separate distinct company with no corporate connection between itself and EC-Council or EC-Council University. Some months before same...

PoPToP PPTP <= 1.1.4-b3 Remote Root Exploit

Exploit for linux platform in category remote exploits =========================================== PoPToP PPTP include include define uint8t char define uint16t WORD define uint32t DWORD char shellcode = "\x1a\x76\xa2\x41\x21\xf5\x1a\x43\xa2\x5a\x1a\x58\xd0\x1a\xce\x6b"...

PoPToP PPTP 1.1.4-b3 - Remote Command Execution

/ exploit for a recently discovered vulnerability in PoPToP PPTP server under Linux. Versions affected are all prior to 1.1.4-b3 and 1.1.3-20030409. The exploit is capable of bruteforcing the RET address to find our buffer in the stack. Upon a successfull run it brings up a reverse shell with...