CVE-2025-15559 Unauthenticated OS Command Injection in NesterSoft WorkTime

An unauthenticated attacker can inject OS commands when calling a server API endpoint in NesterSoft WorkTime. The server API call to generate and download the WorkTime client from the WorkTime server is vulnerable in the “guid” parameter. This allows an attacker to execute arbitrary commands on t...

CVE-2025-15255

A vulnerability was determined in Tenda W6-S 1.0.0.4510. This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing a manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has...

EUVD-2008-3670

Malware in sbrugna...

EUVD-2021-18760

Malware in sbrugna...

EUVD-2020-5802

Malware in sbrugna...

EUVD-2017-15113

Malware in sbrugna...

EUVD-2024-16196

Malicious code in bioql PyPI...

Malicious code in shiyong-javascript-goujian-web-he-yidong-arcgis-fuwuqi-yingyong (npm)

The package shiyong-javascript-goujian-web-he-yidong-arcgis-fuwuqi-yingyong was found to contain malicious code...

MAL-2025-46036 Malicious code in shiyong-javascript-goujian-web-he-yidong-arcgis-fuwuqi-yingyong (npm)

The package shiyong-javascript-goujian-web-he-yidong-arcgis-fuwuqi-yingyong was found to contain malicious code...

CVE-2013-2781

Use-after-free vulnerability in the server application in 3S CODESYS Gateway 2.3.9.27 allows remote attackers to cause a denial of service daemon crash or possibly execute arbitrary code via unspecified vectors...

CVE-2025-1734

CVE-2025-1734 affects PHP’s HTTP stream wrapper header parsing: headers missing a colon are treated as valid, potentially letting applications accept invalid headers. Affected branches include PHP 8.1.x before 8.1.32, 8.2.x before 8.2.28, 8.3.x before 8.3.19, and 8.4.x before 8.4.5. Mitigations/u...

CVE-2025-27500 Cross Site Scripting potential in Ziti Console

OpenZiti is a free and open source project focused on bringing zero trust to any application. An endpoint/api/upload on the admin panel can be accessed without any form of authentication. This endpoint accepts an HTTP POST to upload a file which is then stored on the node and is available via URL...

CVE-2024-36072

The CVE-2024-36072 entry covers Netwrix CoSoSys Endpoint Protector (versions up to and including 5.9.3) and CoSoSys Unify (up to and including 7.0.6). A remote code execution flaw is located in the logging component of the Endpoint Protector/Unify server, allowing an unauthenticated attacker to s...

Hanwha Vision IP Cameras Command Injection (CVE-2023-5747)

Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has releas...

CVE-2024-5278

gaizhenbiao/chuanhuchatgpt is vulnerable to an unrestricted file upload vulnerability due to insufficient validation of uploaded file types in its /upload endpoint. Specifically, the handlefileupload function does not sanitize or validate the file extension or content type of uploaded files,...

Likeshop Code Issue Vulnerability

Likeshop is a complete solution for social commerce strategy from Likeshop open source. A code issue vulnerability exists in Likeshop 2.5.7.20210311 and earlier versions, which stems from the parameter file in the file server/application/api/controller/File.php that can lead to unrestricted uploa...

CVE-2023-5747

Bashis, a Security Researcher at IPVM has found a flaw that allows for a remote code execution during the installation of Wave on the camera device. The Wave server application in camera device was vulnerable to command injection allowing an attacker to run arbitrary code. HanwhaVision has releas...

PT-2023-32301 · Hanwha Vision · Wave Server Application

Name of the Vulnerable Software and Affected Versions: Hanwha Vision Wave server application affected versions not specified Description: A flaw in the Wave server application allows for remote code execution during the installation of Wave on the camera device. The application is vulnerable to...

Webigniter 28.7.23 Shell Upload Vulnerability

Title: WEBIGniter-28.7.23 File Upload - RCE Author: nu11secur1ty Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/file-upload Description: The media function suffers from file upload vulnerability. The attacker can upload and he...

Evil QR - Proof-of-concept To Demonstrate Dynamic QR Swap Phishing Attacks In Practice

Toolkit demonstrating another approach of a QRLJacking attack, allowing to perform remote account takeover, through sign-in QR code phishing. It consists of a browser extension used by the attacker to extract the sign-in QR code and a server application, which retrieves the sign-in QR codes to...