33 matches found
GHSA-XQ4X-622M-Q8FQ LobeHub has a Cross-Site Scripting issue that escalates to Remote Code Execution
Summary The vulnerability was automatically discovered by an ai agent and then manually verified. LobeChat's message rendering mechanism has a stored cross-site scripting XSS vulnerability. Combined with the Electron main process's exposed insecure IPC interface, attackers can construct malicious...
CVE-2025-51958
aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php...
CVE-2025-51958
aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php...
CVE-2025-51958
aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php...
PT-2026-5433
Name of the Vulnerable Software and Affected Versions DokuWiki aelsantex runcommand plugin version 2014-04-01 Description The aelsantex runcommand plugin for DokuWiki allows unauthenticated attackers to execute arbitrary system commands. This is possible through the postaction.php file located in...
CVE-2025-51958
aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php...
EUVD-2025-206573
aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php...
runcommand security vulnerability
Runcommand is a plugin developed by aelsantex for DokuWiki users. The version released on April 1, 2014, contains a security vulnerability. This vulnerability stems from a flaw in the lib/plugins/runcommand/postaction.php file, which could allow unauthenticated attackers to execute arbitrary syst...
CVE-2025-51958
aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php...
CVE-2025-51958
aelsantex runcommand 2014-04-01, a plugin for DokuWiki, allows unauthenticated attackers to execute arbitrary system commands via lib/plugins/runcommand/postaction.php...
CVE-2025-51958
CVE-2025-51958 affects the aelsantex runcommand plugin for DokuWiki, where an unauthenticated user can execute arbitrary system commands via lib/plugins/runcommand/postaction.php. The issue stems from the plugin allowing command execution without authentication, enabling an attacker to run comman...
NCR Command Center Agent Remote Code Execution
CMCAgent in NCR Command Center Agent 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021. The...
📄 NCR Command Center Agent 16.3 Remote Code Execution
CMCAgent in NCR Command Center Agent version 16.3 on Aloha POS/BOH servers permits the submission of a runCommand parameter within an XML document sent to port 8089 that enables the remote, unauthenticated execution of an arbitrary command as SYSTEM, as exploited in the wild in 2020 and/or 2021...
Malicious code in mcp-runcommand-server2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 36fb61d44529c380f204d5a210017989695ef39df6adfce7ccfb08e48a17b594 Package starts a reverse shell to a hardcoded location --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
MAL-2025-191648 Malicious code in mcp-runcommand-server2 (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 36fb61d44529c380f204d5a210017989695ef39df6adfce7ccfb08e48a17b594 Package starts a reverse shell to a hardcoded location --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
MAL-2025-191647 Malicious code in mcp-runcommand-server (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 17f8adb9e7e30e13f8656300881d4e04975f499c03c2f1dbea2e00fd86c357a5 Package starts a reverse shell to a hardcoded location --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
Malicious code in mcp-runcommand-server (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 17f8adb9e7e30e13f8656300881d4e04975f499c03c2f1dbea2e00fd86c357a5 Package starts a reverse shell to a hardcoded location --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...
EUVD-2025-27771
Malicious code in bioql PyPI...
EUVD-2025-29491
Malicious code in bioql PyPI...
Malicious code in @lanyer640/mcp-runcommand-server (npm)
The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 579dd9f67fcc75d122b101f5772fefa4c424495f6d36aac46c51baf3e0263ea7 Any computer that has this package installed or running should be considered...