Malicious code in flask-auth-sys (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a241889bfae20aee5395660063d13f337aa9733c14b02bf2edb004d6d36e1d41 On importing the module, the code attempts to span a reverse shell. In the current version, the remote domain does not exist --- Category: MALICIOUS - The...

Malicious code in flask-auth-system (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 debc87eb7af33e5146831c7e1b8ff69ccdebe2c9bbf353216c719b10ebe8431c On importing the module, the code attempts to span a reverse shell. In the current version, the remote domain does not exist --- Category: MALICIOUS - The...

MAL-2025-191731 Malicious code in flask-auth-system (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 debc87eb7af33e5146831c7e1b8ff69ccdebe2c9bbf353216c719b10ebe8431c On importing the module, the code attempts to span a reverse shell. In the current version, the remote domain does not exist --- Category: MALICIOUS - The...

MAL-2025-191730 Malicious code in flask-auth-sys (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 a241889bfae20aee5395660063d13f337aa9733c14b02bf2edb004d6d36e1d41 On importing the module, the code attempts to span a reverse shell. In the current version, the remote domain does not exist --- Category: MALICIOUS - The...

GHSA-3QJF-QH38-X73V Unauthenticated Miniflux user can bypass allowed networks check to obtain Prometheus metrics

Impact An unauthenticated user can retrieve Prometheus metrics from a publicly reachable Miniflux instance where the METRICSCOLLECTOR configuration option is enabled and METRICSALLOWEDNETWORKS is set to 127.0.0.1/8 the default. Patches PR 1745 fixes the problem. Available in Miniflux = 2.0.43...

Exploit for CVE-2025-1974

CVE-2025-1974: Kubernetes Ingress Nginx Controller 취약점 분석 및 Po...

Exploit for Out-of-bounds Write in Gibbonedu Gibbon

CVE-2023-45878 GibbonEdu Arbitrary File Write to Web Shell...

Exploit for Out-of-bounds Write in Gibbonedu Gibbon

CVE-2023-45878 to RCE !cve-2023-45878torcehttps://github...

Exploit for CVE-2025-1974

PoC exploit for CVE-2025-1974, an Ingress RCE vulnerability. The...

Malicious npm Package Modifies Local 'ethers' Library to Launch Reverse Shell Attacks

Cybersecurity researchers have discovered two malicious packages on the npm registry that are designed to infect another locally installed package, underscoring the continued evolution of software supply chain attacks targeting the open-source ecosystem. The packages in question are...

[SECURITY] Fedora 41 Update: golang-github-openprinting-ipp-usb-0.9.30-1.fc41

HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB protocol...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

It is an offensive tool for web application exploitation. The re...

MAL-2025-191818 Malicious code in prmduc193 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 766c3df26ad3e62a1923e1c6879348aba96deafb8bf62a1555c589b57cd91fc0 Importing the package starts a revshell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-03-prmduc193...

Malicious code in prmduc193 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 766c3df26ad3e62a1923e1c6879348aba96deafb8bf62a1555c589b57cd91fc0 Importing the package starts a revshell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-03-prmduc193...

Exploit for Out-of-bounds Write in Gibbonedu Gibbon

CVE-2023-45878-POC CVE-2023-45878 poc for gibbon LMS on xampp...

CVE-2024-8156

A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input github.head.ref is used insecurely, allowing an attacker to inject arbitrary commands. This vulnerability affects versions up to and including the latest version...

CVE-2024-8156

CVE-2024-8156 describes a command injection in the workflow-checker.yml of significant-gravitas/autogpt. The vulnerability arises from insecure use of untrusted input github.head.ref, allowing an attacker to inject arbitrary commands. Affected: significant-gravitas/autogpt, all versions up to the...

CVE-2024-8156 Command Injection in significant-gravitas/autogpt

A command injection vulnerability exists in the workflow-checker.yml workflow of significant-gravitas/autogpt. The untrusted user input github.head.ref is used insecurely, allowing an attacker to inject arbitrary commands. This vulnerability affects versions up to and including the latest version...

[SECURITY] Fedora 41 Update: radare2-5.9.8-7.fc41

The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...

[SECURITY] Fedora 42 Update: radare2-5.9.8-7.fc42

The radare2 is a reverse-engineering framework that is multi-architecture, multi-platform, and highly scriptable. Radare2 provides a hexadecimal editor, wrapped I/O, file system support, debugger support, diffing between two functions or binaries, and code analysis at opcode, basic block, and...