EUVD-2025-10681

Malicious code in bioql PyPI...

CVE-2025-53927 MaxKB sandbox bypass

MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because MaxKB only restricts the execution permissions of files in a specific directory. Therefore, an attacker can use the shutil.copy2 method in Python to copy the command they...

CVE-2019-13386

In CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege...

CVE-2025-32383

MaxKB Max Knowledge Base is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation RAG. A reverse shell vulnerability exists in the module of function library. The vulnerability allow privileged‌ users to create a reverse shell...

CVE-2025-32383

MaxKB Max Knowledge Base is an open source knowledge base question-answering system based on a large language model and retrieval-augmented generation RAG. A reverse shell vulnerability exists in the module of function library. The vulnerability allow privileged‌ users to create a reverse shell...

BlogEngine.NET 3.3.6 / 3.3.7 dirPath Directory Traversal / Remote Code Execution

Exploit Title: Directory Traversal + RCE on BlogEngine.NET Date: 17 Jun 2019 Exploit Author: Aaron Bishop Vendor Homepage: https://blogengine.io/ Version: v3.3.7 Tested on: 3.3.7, 3.3.6 CVE : 2019-10719 1. Description ============== BlogEngine.NET is vulnerable to an Directory Traversal on...