MAL-2026-4685 Malicious code in tempo-components (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6790e6e83af71238b9773ae49568f5374d094d23d1a7247ef4560d645ef64024 The package contains a file poc.js that imports os, https, fs, and childprocess; collects host identifiers including os.hostname, os.platform, and th...

MAL-2026-4540 Malicious code in crypt0co-walet-poc (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b5510d98b1e380f6c130bf9b4428321d711ae88d8a4fcb66368a2f6fb4e7ff58 On require/import, index.js lines 6-12 serializes the full process.env to /tmp/pocimpact.json and runs whoami and ip addr via execSync to fingerprint...

📄 Espanso 2.3.0 Shell Extension Arbitrary Command Execution

The Shell extension in Espanso version 2.3.0 allows arbitrary command execution. An attacker who can modify the match configuration file can inject shell commands that execute when the user types the trigger. No restart required. Exploit Title: Espanso v2.3.0 - Shell Extension Arbitrary Command...

📄 Remote for Windows 2024.15 Local Privilege Escalation

Remote for Windows version 2024.15 suffers from a local privilege escalation vulnerability. Exploit Title: Remote for Windows 2024.15 - Local Privilege Escalation Date: 2025-05-19 Exploit Author: Chokri Hammedi Vendor Homepage: https://rs.ltd Software Link: https://rs.ltd/latest.php?os=win Versio...

GHSA-79H8-GXHQ-Q3JG Remote Code Execution in create_conda_env function in lollms

A remote code execution vulnerability exists in the createcondaenv function of the parisneo/lollms repository. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the envname and pythonversion...

Remote Code Execution in create_conda_env function in lollms

A remote code execution vulnerability exists in the createcondaenv function of the parisneo/lollms repository. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the envname and pythonversion...

CVE-2024-3121 Remote Code Execution in create_conda_env function in parisneo/lollms

A remote code execution vulnerability exists in the createcondaenv function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the envname and...

CVE-2024-3121 Remote Code Execution in create_conda_env function in parisneo/lollms

A remote code execution vulnerability exists in the createcondaenv function of the parisneo/lollms repository, version 5.9.0. The vulnerability arises from the use of shell=True in the subprocess.Popen function, which allows an attacker to inject arbitrary commands by manipulating the envname and...

eMerge50P 5000P 4.6.07 - Remote Code Execution Exploit

Exploit for hardware platform in category web applications Exploit Title: eMerge50P 5000P 4.6.07 - Remote Code Execution Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 4.6.07...