Exploit for Out-of-bounds Write in Google Chrome
CVE-2023-4863/CVE-2023-41064 A POC for...
7.3AI Score
0.611EPSS
Zoho ManageEngine ADSelfService Plus versions below 6401 are vulnerable to the DOS attack due to the malicious LDAP...
5.3CVSS
7.3AI Score
Exploit for Cleartext Transmission of Sensitive Information in Keepass
KeePass 2.X Master Password Dumper...
7.4AI Score
MediaWiki is vulnerable to Denial Of Service (DoS). The vulnerability is due to a flaw in includes/specials/SpecialMovePage.php. If a user with the necessary rights to move the page opens Special:MovePage for a page with tens of thousands of subpages, then the page will exceed the maximum request.....
6.9AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Fortinet Fortiproxy
CVE-2024-21762 out-of-bounds write in Fortinet FortiOS ...
8.7AI Score
0.018EPSS
Exploit for Out-of-bounds Write in Fortinet Fortiproxy
CVE-2024-21762-Exploit-PoC-Fortinet-SSL-VPN-Check Chequea si...
9.6AI Score
0.018EPSS
Exploit for Deserialization of Untrusted Data in Apache Activemq
honeypot.rs Honeypot that scopes [CVE-2023-46604 (Apache...
7.3AI Score
Permanent device denial of service due to a huge amount of scheduled alarms
In multiple functions of SnoozeHelper.java, there is a possible persistent denial of service due to resource exhaustion. This could lead to local denial of service with no additional execution privileges needed. User interaction is not needed for...
6.9AI Score
0.0004EPSS
Malicious code in u-workflow.module.common.hour-of-week (npm)
-= Per source details. Do not edit below this line.=- Source: ghsa-malware (fa993331c82ce09532f10dfb1eb3586e1a3343188c93733712aad7f47cb49539) Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
7.2AI Score
Exploit for Deserialization of Untrusted Data in Microsoft
CVE-2022-41082-POC PoC for the CVE-2022-41082 NotProxyShell...
8.3AI Score
0.186EPSS
libfrr.so is vulnerable to Denial Of Service (DoS). The vulnerability is due to insufficient handling of NULL return values when calling functions in the get_edge() function within ospf_te.c in the OSPF daemon, resulting in a crash of the daemon and subsequent denial of...
7AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Apache Dubbo
更全面的Dubbo漏洞扫描工具见我的另一个项目:https://github.com/YYHYlh/Dubbo-Scan...
9.3AI Score
0.015EPSS
xwayland is vulnerable to an out-of-bounds memory access flaw. The vulnerability is due to improper handling of devices reattachment scenarios, specifically when a device frozen by a sync grab is reattached to a different master...
6.6AI Score
0.0004EPSS
DNP3 Link Layer Brute Force Addressing Disclosure
The DNP3 protocol is a multi-layer protocol that begins with a link layer connection. The DNP3 link layer address is required to establish a link layer connection. The DNP3 link layer address for the host was easily guessed, and a valid DNP3 link layer connection was established. If a link...
1.2AI Score
Exploit for Deserialization of Untrusted Data in Salesagility Suitecrm
CVE-2022-23940 PoC for...
0.9AI Score
0.003EPSS
Exploit for Deserialization of Untrusted Data in Apache Activemq
Resumen Técnico del Ataque: CVE-2023-46604 El script explota...
6.9AI Score
0.973EPSS
Exploit for Cleartext Transmission of Sensitive Information in Keepass
Keepass-Dumper This is my PoC implementation for...
6.5AI Score
Grafana Spoofing originalUrl of snapshots
To create a snapshot (and insert an arbitrary URL) the built-in role Viewer is sufficient. When a dashboard is shared as a local snapshot, the following three fields are offered in the web UI for a user to fill out: • Snapshotname • Expire • Timeout(seconds) After the user confirms creation of the....
3.9AI Score
0.001EPSS
Exploit for Out-of-bounds Write in Fortinet Fortiproxy
🇮🇱 #BringThemHome #NeverAgainIsNow 🇮🇱 **We demand...
8.2AI Score
0.018EPSS
Denial of Service in jsonparser
jsonparser before 1.1.1 allows attackers to cause a denial of service via a GET...
7AI Score
0.002EPSS
Exploit for Deserialization of Untrusted Data in Apache Activemq
CVE-2023-46604-RCE-Reverse-Shell-Apache-ActiveMQ This exploit...
9.7AI Score
0.973EPSS
Denial of service of Minder Server with attacker-controlled REST endpoint
The Minder REST ingester is vulnerable to a denial of service attack via an attacker-controlled REST endpoint that can crash the Minder server. The REST ingester allows users to interact with REST endpoints to fetch data for rule evaluation. When fetching data with the REST ingester, Minder sends.....
7AI Score
0.0004EPSS
gopkg.in/yaml.v3 Denial of Service
An issue in the Unmarshal function in Go-Yaml v3 can cause a program to panic when attempting to deserialize invalid...
7.3AI Score
0.001EPSS
ManageEngine ADSelfService Plus <6121 - Stored Cross-Site Scripting
ManageEngine ADSelfService Plus before 6121 contains a stored cross-site scripting vulnerability via the welcome name attribute to the Reset Password, Unlock Account, or User Must Change Password...
6AI Score
0.002EPSS
Exploit for Out-of-bounds Write in Google Chrome
CVE-2023-4863 ```bash # checkout webp git clone...
8.7AI Score
0.611EPSS
Exploit for Out-of-bounds Write in Microsoft
CVE-2022-37969 Windows Local Privilege Escalation PoC...
8.3AI Score
0.001EPSS
9.7AI Score
Grafana Spoofing originalUrl of snapshots
To create a snapshot (and insert an arbitrary URL) the built-in role Viewer is sufficient. When a dashboard is shared as a local snapshot, the following three fields are offered in the web UI for a user to fill out: • Snapshotname • Expire • Timeout(seconds) After the user confirms creation of the....
6.6AI Score
0.001EPSS
8.2AI Score
0.003EPSS
Exploit for Vulnerability in Reportlab
CODE INJECTION VULNERABILITY IN REPORTLAB PYTHON LIBRARY...
8.5AI Score
0.001EPSS
Exploit for Cleartext Storage of Sensitive Information in Keepass
CVE-2023-24055 POC and Scanner for CVE-2023-24055 Use at...
6.2AI Score
0.001EPSS
Out-of-bounds write in ChakraCore
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1141, CVE-2019-1195,....
6AI Score
0.006EPSS
Regular Expression Denial Of Service (ReDoS)
micromatch is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability is due a regex expression with inefficient complexity within the micromatch.braces() method. An attacker can submit a large payload without a closing bracket, which results in Regular Expression Denial of...
6.7AI Score
0.0004EPSS
Exploit for Improper Preservation of Permissions in Mobyproject Moby
CVE-2021-41091 This exploit offers an in-depth look at the...
7.7AI Score
0.0005EPSS
Regular Expression Denial Of Service (ReDoS)
tecnickcom/tcpdf is vulnerable to Regular Expression Denial of Service (ReDoS). The vulnerability is due to a regular expression with inefficient complexity utilized when parsing a SVG file. This allows an attacker to cause a denial of service by crafting a malicious svg...
6.7AI Score
Exploit for Deserialization of Untrusted Data in Apache Activemq
ActiveMQ-Exploit English |...
7.3AI Score
K12201527: Overview of Quarterly Security Notifications
Security Advisory Description F5 discloses security vulnerabilities and security exposures for F5 products in Quarterly Security Notifications. Quarterly Security Notification dates are published in advance so customers can schedule necessary updates in advance of the public disclosure date. When.....
7.1AI Score
Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform, and Nextcloud Enterprise Server is the enterprise version of the file server software. In Nextcloud Server versions 25.0.x prior to 25.0.5 and versions 24.0.x prior to 24.0.10 as well as Nextcloud...
7.2AI Score
0.0004EPSS
Adobe ColdFusion - Deserialization of Untrusted Data
Adobe ColdFusion versions 2018u17 (and earlier), 2021u7 (and earlier) and 2023u1 (and earlier) are affected by a Deserialization of Untrusted Data vulnerability that could result in Arbitrary code execution. Exploitation of this issue does not require user...
9.7AI Score
0.97EPSS
New Attack Against Self-Driving Car AI
This is another attack that convinces the AI to ignore road signs: Due to the way CMOS cameras operate, rapidly changing light from fast flashing diodes can be used to vary the color. For example, the shade of red on a stop sign could look different on each line depending on the time between the...
7AI Score
Out-of-bounds write in Microsoft.ChakraCore
A remote code execution vulnerability exists in the way that the Chakra scripting engine handles objects in memory in Microsoft Edge, aka 'Chakra Scripting Engine Memory Corruption Vulnerability'. This CVE ID is unique from CVE-2019-1131, CVE-2019-1139, CVE-2019-1140, CVE-2019-1195, CVE-2019-1196,....
6AI Score
0.006EPSS
Use-of-uninitialized-value in aesEncryptBlock
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=67066 Crash type: Use-of-uninitialized-value Crash state: aesEncryptBlock EncryptStream::lookChar...
7.2AI Score
A vulnerability in the Cisco Adaptive Security Appliance (ASA) restore functionality that is available in Cisco ASA Software and Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system with...
6.7CVSS
7.9AI Score
0.0004EPSS
Denial Of Service (DoS) / Information Disclosure
io.airlift: aircompressor is vulnerable to Denial Of Service (DoS) / Information Disclosure. The vulnerability is due to improper memory bounds checking during data decompression, caused by the use of the sun.misc.Unsafe class without additional safeguards. This can lead to out-of-bounds memory...
7AI Score
0.0004EPSS
Exploit for Deserialization of Untrusted Data in Apache Dubbo
CVE-2023-23638 仅供学习研究 ZooKeeper 自备 测试环境为 Java 8, 其它版本尚未测试,...
7AI Score
sqlparse is vulnerable to Denial of Service (DoS). The vulnerability is due to a lack of recursion limits, which allows an attacker to pass a heavily nested list to the parse() method resulting in a...
6.9AI Score
0.0004EPSS
Libraries that implement HTTP/2 are vulnerable to Denial Of Service (DoS). The vulnerability could be exploited by attackers via sending a large number of HTTP/2 requests to a vulnerable server, then canceling them, causing the server to consume excessive resources and become unavailable to...
6.7AI Score
0.72EPSS
Time-of-check time-of-use race condition in github.com/containers/podman/v4
A Time-of-check Time-of-use (TOCTOU) flaw appears in this version of podman. This issue may allow a malicious user to replace a normal file in a volume with a symlink while exporting the volume, allowing for access to arbitrary files on the host file...
6.7AI Score
0.001EPSS
RIOT is a real-time multi-threading operating system that supports a range of devices that are typically 8-bit, 16-bit and 32-bit microcontrollers. Most codebases define assertion macros which compile to a no-op on non-debug builds. If assertions are the only line of defense against untrusted...
8.8CVSS
8.6AI Score
0.0004EPSS
Exploit for Out-of-bounds Write in Linux Linux Kernel
CVE-2021-22555 This repo hosts TUKRU's Linux Privilege...
7.7AI Score
0.002EPSS