31226 matches found
CVE-2025-58381
A vulnerability in Brocade Fabric OS before 9.2.1c2 could allow an authenticated attacker with admin privileges using the shell commands “source, ping6, sleep, disown, wait to modify the path variables and move upwards in the directory structure or to traverse to different directories...
CVE-2026-0383
A vulnerability in Brocade Fabric OS could allow an authenticated, local attacker with privileges to access the Bash shell to access insecurely stored file contents including the history command...
USN-8011-1: Emacs vulnerabilities
It was discovered that Emacs could trigger unsafe Lisp macro expansion, when a user invoked elisp-completion-at-point on untrusted Emacs Lisp source code. An attacker could possibly use this issue to execute arbitrary code. CVE-2024-53920 It was discovered that Emacs did not properly sanitize inp...
Ofensive-security
This repository contains my Offensive Cyber Security / Penetrati...
CVE-2026-1791
Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Networks Operation and Maintenance Security Gateway on Linux allows Upload a Web Shell to a Web Server.This issue affects Operation and Maintenance Security Gateway: V5.5ST00001B113...
EUVD-2026-5355
Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Networks Operation and Maintenance Security Gateway on Linux allows Upload a Web Shell to a Web Server.This issue affects Operation and Maintenance Security Gateway: V5.5ST00001B113...
CVE-2026-1791 Arbitrary File Upload Vulnerability in Operation and Maintenance Security Gateway
Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Networks Operation and Maintenance Security Gateway on Linux allows Upload a Web Shell to a Web Server.This issue affects Operation and Maintenance Security Gateway: V5.5ST00001B113...
CVE-2026-1791
CVE-2026-1791 concerns Hillstone Networks products: Operation and Maintenance Security Gateway on Linux with vulnerable versions V5.5ST00001B113 and Hillstone Networks Security Gateway V5.5. The flaw is an unrestricted file upload of a dangerous file type, enabling an attacker to upload a web she...
CVE-2026-1791 Arbitrary File Upload Vulnerability in Operation and Maintenance Security Gateway
Unrestricted Upload of File with Dangerous Type vulnerability in Hillstone Networks Operation and Maintenance Security Gateway on Linux allows Upload a Web Shell to a Web Server.This issue affects Operation and Maintenance Security Gateway: V5.5ST00001B113...
GHSA-RF4G-89H5-CRCR melange affected by potential host command execution via license-check YAML mode patch pipeline
An attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds input-derived values series paths, patch filenames, and numeric parameters into shell scripts without proper quoting or...
melange affected by potential host command execution via license-check YAML mode patch pipeline
An attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds input-derived values series paths, patch filenames, and numeric parameters into shell scripts without proper quoting or...
PT-2026-6264
Name of the Vulnerable Software and Affected Versions n8n versions prior to 1.123.12 n8n versions prior to 2.4.0 Description n8n is a workflow automation platform. Before versions 1.123.12 and 2.4.0, workflows processing uploaded files and transferring them to remote servers via the SSH node lack...
PT-2026-6058
Name of the Vulnerable Software and Affected Versions Hillstone Networks Operation and Maintenance Security Gateway versions V5.5ST00001B113 Hillstone Networks Security Gateway version V5.5 Description The software contains a flaw related to unrestricted file uploads, potentially allowing an...
PT-2026-6271
Name of the Vulnerable Software and Affected Versions melange versions 0.10.0 through 0.40.2 Description melange enables users to construct APK packages utilizing declarative pipelines. A flaw exists in versions 0.10.0 up to, but not including, 0.40.3 where an attacker capable of manipulating...
PT-2026-6475
An attacker who can influence inputs to the patch pipeline could execute arbitrary shell commands on the build host. The patch pipeline in pkg/build/pipelines/patch.yaml embeds input-derived values series paths, patch filenames, and numeric parameters into shell scripts without proper quoting or...
Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Emacs vulnerabilities (USN-8011-1)
The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8011-1 advisory. It was discovered that Emacs could trigger unsafe Lisp macro expansion, when a user invoked elisp- completion-at-point on untrust...
OpenClaw < 2026.1.29 Multiple Vulnerabilities
The version of the OpenClaw AI assistant installed on the remote host is prior to 2026.1.29. It is, therefore, affected by multiple vulnerabilities: - A command injection vulnerability exists in OpenClaw's Docker sandbox execution mechanism due to unsafe handling of the PATH environment variable...
OctoPrint 1.11.2 - File Upload
Exploit Title: OctoPrint 1.11.2 - File Upload Date: 2025-09-28 Exploit Author: prabhatverma.addada Vendor Homepage: https://octoprint.org Software Link: https://github.com/OctoPrint/OctoPrint Affected Versions: = 1.11.2 Patched Versions: 1.11.3 CVE: CVE-2025-58180 CVSS per advisory: 7.5 Platform:...
APT28’s Stealthy Multi-Stage Campaign Leveraging CVE‑2026‑21509 and Cloud C2 Infrastructure
APT28’s Stealthy Multi-Stage Campaign Leveraging CVE‑2026‑21509 and Cloud C2 Infrastructure By Pham Duy Phuc and Alex Lanstein · February 4, 2026 Updated February 9, 2026: This analysis has been updated to clarify malware naming conventions. Introduction Russian state-sponsored threat group APT28...
melange 操作系统命令注入漏洞
Melange is a software developed by Chainguard for building APKs from source code. Versions of Melange from 0.10.0 to 0.40.3 had an operating system command injection vulnerability. This vulnerability stemmed from the patch pipeline incorrectly referencing or verifying input-derived values when...