CVE-2025-1388

Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells...

CVE-2025-1388 Learning Digital Orca HCM - Arbitrary File Upload

Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells...

CVE-2025-1388 Learning Digital Orca HCM - Arbitrary File Upload

Orca HCM from LEARNING DIGITAL has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and run web shells...

CVE-2025-1388

CVE-2025-1388 concerns Orca HCM from Learning Digital, with an Arbitrary File Upload vulnerability that allows remote attackers with regular privileges to upload and run web shells. Descriptions across sources reiterate the same flaw and impact (high severity per CVSS 3.1: AV:N/AC:L/PR:L/UI:N/S:U...

PT-2025-6912

Name of the Vulnerable Software and Affected Versions: Orca HCM from LEARNING DIGITAL affected versions not specified Description: The issue allows remote attackers with regular privileges to upload and run web shells due to an Arbitrary File Upload vulnerability. Recommendations: At the moment,...

XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells

Threat actors have been observed exploiting multiple security flaws in various software products, including Progress Telerik UI for ASP.NET AJAX and Advantive VeraCore, to drop reverse shells and web shells, and maintain persistent remote access to compromised systems. The zero-day exploitation o...

PT-2025-5229 · Innovative Solutions · Innovative Solutions User Files

Name of the Vulnerable Software and Affected Versions: Innovative Solutions user files versions n/a through 2.4.2 Description: The issue allows an unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can potentially allow attackers to upload...

PT-2025-3215 · Webdeclic · Webdeclic Wpmastertoolkit

Name of the Vulnerable Software and Affected Versions: Webdeclic WPMasterToolKit versions 1.13.1 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can lead to unauthorized upload of malicio...

PT-2025-3229 · Unknown · Acf City Selector

Name of the Vulnerable Software and Affected Versions: ACF City Selector versions 1.14.0 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can be exploited by uploading malicious files...

PT-2024-36681 · Wplms · Wplms

Name of the Vulnerable Software and Affected Versions: WPLMS versions 1.9.9 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can be exploited by uploading malicious files,...

PT-2024-35316 · Unknown · Fediverse Embeds

Name of the Vulnerable Software and Affected Versions: Fediverse Embeds versions n/a through 1.5.3 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can lead to the compromise of the web server...

About Elevation of Privilege – PAN-OS (CVE-2024-9474) vulnerability

About Elevation of Privilege - PAN-OS CVE-2024-9474 vulnerability. An attacker with PAN-OS administrator access to the management web interface can perform actions on the Palo Alto device with root privileges. Linux commands can be injected via unvalidated input in script. The need for...

Exploit for Code Injection in Geoserver

CVE-2024-36401-WoodpeckerPlugin Introduction CVE-2024-36...

PT-2024-35214 · Bdthemes · Bdthemes Instant Image Generator

Name of the Vulnerable Software and Affected Versions: BdThemes Instant Image Generator versions 1.5.4 and earlier Description: The issue allows an attacker to upload a web shell to a web server due to an Unrestricted Upload of File with Dangerous Type vulnerability. This enables attackers to...

PT-2024-35210 · Unknown · Devexhub Gallery

Name of the Vulnerable Software and Affected Versions: Devexhub Gallery versions n/a through 2.0.1 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling an attacker to upload a web shell to a web server. This can lead to potential exploitation and...

K000148482: Sudo vulnerability CVE-2019-19234

Security Advisory Description In Sudo through 1.8.29, the fact that a user has been blocked e.g., by using the ! character in the shadow file instead of a password hash is not considered, allowing an attacker who has access to a Runas ALL sudoer account to impersonate any blocked user. NOTE: The...

IcePeony and Transparent Tribe Target Indian Entities with Cloud-Based Tools

High-profile entities in India have become the target of malicious campaigns orchestrated by the Pakistan-based Transparent Tribe threat actor and a previously unknown China-nexus cyber espionage group dubbed IcePeony. The intrusions linked to Transparent Tribe involve the use of a malware called...

CVE-2024-50529

Unrestricted Upload of File with Dangerous Type vulnerability in Rudra Innnovative Software Training – Courses allows Upload a Web Shell to a Web Server.This issue affects Training – Courses: from n/a through 2.0.1...

PT-2024-34309 · Unknown · Rsvpmaker For Toastmasters

Name of the Vulnerable Software and Affected Versions: RSVPMaker for Toastmasters versions prior to 6.2.4 Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This poses a risk of web server compromise...

PT-2024-34273 · Widgilabs · Widgilabs Plugin Propagator

Name of the Vulnerable Software and Affected Versions: WidgiLabs Plugin Propagator versions 0.1 and earlier Description: The issue allows for the unrestricted upload of files with dangerous types, enabling the upload of a web shell to a web server. This can be exploited to gain unauthorized acces...