CVE-2024-30850
published 2024-04-12CVE-2024-30850: tiagorlampert CHAOS vulnerable to command injections An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the…
high8.2
EXPLOIT
tiagorlampert CHAOS vulnerable to command injections
An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within client_service.go
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| github.com | tiagorlampert_chaos | >= 0 < 0.0.0-20220716132853-b47438d36e3a | 0.0.0-20220716132853-b47438d36e3a |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
Arbitrary code execution in github.com/tiagorlampert/CHAOS
osv·2024-05-09
CVE-2024-30850 Arbitrary code execution in github.com/tiagorlampert/CHAOS
Arbitrary code execution in github.com/tiagorlampert/CHAOS
A remote attacker can execute arbitrary commands via crafted HTTP requests.
OSV
tiagorlampert CHAOS vulnerable to arbitrary code execution
osv·2024-05-07
CVE-2024-30850 [CRITICAL] tiagorlampert CHAOS vulnerable to arbitrary code execution
tiagorlampert CHAOS vulnerable to arbitrary code execution
An issue in tiagorlampert CHAOS before 1b451cf62582295b7225caf5a7b506f0bad56f6b and 24c9e109b5be34df7b2bce8368eae669c481ed5e allows a remote attacker to execute arbitrary code via the unsafe concatenation of the `filename` argument into the `buildStr` string without any sanitization or filtering.
OSV
tiagorlampert CHAOS vulnerable to command injections
osv·2024-04-12
CVE-2024-30850 [HIGH] tiagorlampert CHAOS vulnerable to command injections
tiagorlampert CHAOS vulnerable to command injections
An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within client_service.go
GHSA
tiagorlampert CHAOS vulnerable to command injections
ghsa·2024-04-12
CVE-2024-30850 [HIGH] CWE-78 tiagorlampert CHAOS vulnerable to command injections
tiagorlampert CHAOS vulnerable to command injections
An issue in tiagorlampert CHAOS v5.0.1 allows a remote attacker to execute arbitrary code via the BuildClient function within client_service.go
No detection rules found.
Securelist
Exploits and vulnerabilities in Q2 2025
blogs_securelist·2025-08-27·CVSS 8.2
CVE-2025-32433 [HIGH] Exploits and vulnerabilities in Q2 2025
Table of Contents
Statistics on registered vulnerabilities
Exploitation statistics
Windows and Linux vulnerability exploitation
Most common published exploits
Vulnerability exploitation in APT attacks
C2 frameworks
Interesting vulnerabilities
CVE-2025-32433: vulnerability in the SSH server, part of the Erlang/OTP framework
CVE-2025-6218: directory traversal vulnerability in WinRAR
CVE-2025-3052: insecure data access vulnerability in NVRAM, allowing bypass of UEFI signature checks
CVE-2025-49113: insecure deserialization vulnerability in Roundcube Webmail
CVE-2025-1533: stack overflow vulnerability in the AsIO3.sys driver
Conclusion and advice
Authors
Alexander Kolesnikov
Vulnerability registrations in Q2 2025 proved to be quite dynamic. Vulnerabilities that were published i
Securelist
Vulnerability landscape analysis for Q2 2025
blogs_securelist·2025-08-27
Vulnerability landscape analysis for Q2 2025
Table of Contents
- Statistics on registered vulnerabilities
- Exploitation statistics
- Vulnerability exploitation in APT attacks
- C2 frameworks
- Interesting vulnerabilities
- Conclusion and advice
Authors
- Alexander Kolesnikov
Vulnerability registrations in Q2 2025 proved to be quite dynamic. Vulnerabilities that were published impact the security of nearly every computer subsystem: UEFI, drivers, operating systems, browsers, as well as user and web applications. Based on our analysis, threat actors continue to leverage vulnerabilities in real-world attacks as a means of gaining access to user systems, just like in previous periods.
This report also describes known vulnerabilities used with popular C2 frameworks during the first half of 2025.
## Statistics on registered vulnera
2024-04-12
Published