EUVD-2025-16726

Malicious code in bioql PyPI...

PT-2025-32196 · Aomei · Aomei Backupper Workstation

Name of the Vulnerable Software and Affected Versions: AOMEI Backupper Workstation affected versions not specified Description: A local privilege escalation issue exists in AOMEI Backupper Workstation due to a link following flaw. This allows an attacker to gain elevated privileges on a compromis...

PT-2025-24328

A vulnerability was detected in MaxSite CMS up to 109. This vulnerability affects unknown code of the file application/maxsite/admin/plugins/auto post/uploads-require-maxsite.php of the component HTTP Header Handler. Performing manipulation of the argument X-Requested-FileName/X-Requested-FileUpD...

CVE-2025-5495

A vulnerability was found in Netgear WNR614 1.1.0.281.0.1WW. It has been classified as critical. This affects an unknown part of the component URL Handler. The manipulation with the input %00currentsetting.htm leads to improper authentication. It is possible to initiate the attack remotely. The...

CVE-2025-5495

Affected product: Netgear WNR614 router (version 1.1.0.28 1.0.1WW). Vulnerable component: URL Handler. Root cause: manipulation of the input %00currentsetting.htm appended to a URL leads to improper authentication. Impact: remote attacker could bypass authentication, compromising confidentiality,...

Ivanti EPMM Hit by Two Actively Exploited 0day Vulnerabilities

Ivanti EPMM users urgently need to patch against actively exploited 0day vulnerabilities CVE-2025-4427, CVE-2025-4428 that enable pre-authenticated remote…...

Linux kernel versions 6.8. Local Privilege Escalation 0day Exploit

...

Samsung Internet Browser SOP Bypass

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Samsung Internet Browser SOP Bypass', 'Description' = %q This module takes advantage of a Same-Origin Policy SOP bypass vulnerability in the...

containers-common bug fix and enhancement update

An update is available for containers-common. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The containers-common package contains common configuration files a...

Moderate: buildah bug fix update

The buildah package provides a tool for facilitating building OCI container images. Among other things, buildah enables you to: Create a working container, either from scratch or using an image as a starting point; Create an image, either from a working container or using the instructions in a...

APTs Exploiting WinRAR 0day Flaw Despite Patch Availability

By Deeba Ahmed All a user needs to do is visit the official WinRAR website and install the latest version to thwart the attack. This is a post from HackRead.com Read the original post: APTs Exploiting WinRAR 0day Flaw Despite Patch Availability...

Critical Cisco 0day Exploited – Do you have Blind Spots in your Risk Management?

In the dynamic realm of cybersecurity, the importance of exhaustive vulnerability management and robust risk assessment is paramount. While agent-based solutions have garnered favor among organizations bolstering their cyber protections, it prompts the question: "Is an agent-only strategy truly...

Fortigate 7.0.1 Stack Overflow

c@ubuntu:/LABS$ cat fp17.py !/usr/bin/env python3 fortigate 7.0.1 postauth stack overflow 0day more: https://code610.blogspot.com/2023/04/fuzzing-fortigate-7.html Pid: 00243, application: newcli, Firmware: FortiGate-VM64 v7.0.1,build0157b0157,210714 GA Release, Signal 6 received, Backtrace:...

AspEmail 5.6.0.2 Weak Permissions / Local Privilege Escalation Vulnerability

Exploit Title: AspEmail 5.6.0.2 - Local Privilege Escalation Vulnerability Category: Weak Services Permission - Binary Permission Vulnerability Date: 13/04/2023 Exploit Author: Zer0FauLT email protected Vendor Homepage: https://www.aspemail.com Software Link: https://www.aspemail.com/download.htm...

Roxy Fileman 1.4.5 - Arbitrary File Upload Vulnerability

Exploit Title: Roxy Fileman 1.4.5 - Arbitrary File Upload Exploit Author: Zer0FauLT email protected Vendor Homepage: roxyfileman.com Software Link: https://web.archive.org/web/20190317053437/http://roxyfileman.com/download.php?f=1.4.5-net Version: = 1.4.5 Tested on: Windows 10 and Windows Server...

Snitz Forum 1.0 SQL Injection

Exploit Title: Snitz Forum v1.0 - Blind SQL Injection Date: 13/03/2023 Exploit Author: Emiliano Febbi Vendor Homepage: https://forum.snitz.com/ Software Link: https://sourceforge.net/projects/sf2k/files/ Version: ALL VERSION Tested on: Windows 10 code . . / ///I . / // 0day PoC...

WIMAX SWC-5100W Firmware V(1.11.0.1 :1.9.9.4) - Authenticated RCE

Exploit Title: WIMAX SWC-5100W Firmware V1.11.0.1 :1.9.9.4 - Authenticated RCE Vulnerability Name: Ballin' Mada Date: 4/3/2023 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: http://www.seowonintech.co.kr/eng/main Version: Bootloader1.18.19.0 , HW 0.0.7.0, FW1.11.0.1 : 1.9.9.4 Tested...

NetIQ / Microfocus Performance Endpoint 5.1 Remote Root / SYSTEM

/ Exploit Title: NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit Date: Jun 2007 Exploit Author: mu-b Vendor Homepage: https://www.microfocus.com/en-us/cyberres/identity-access-management Version: All Tested on: Windows / Solaris x86/SPARC CVE : 0day endpoint-pown-uni.c...

NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit

/ Exploit Title: NetIQ/Microfocus Performance Endpoint v5.1 - remote root/SYSTEM exploit Date: Jun 2007 Exploit Author: mu-b Vendor Homepage: https://www.microfocus.com/en-us/cyberres/identity-access-management Version: All Tested on: Windows / Solaris x86/SPARC CVE : 0day endpoint-pown-uni.c...

Employee Performance Evaluation System v1.0 - File Inclusion and RCE

Exploit Title: Employee Performance Evaluation System v1.0 - File Inclusion and RCE Exploit Author: nu11secur1ty Date: 03.17.2023 Vendor: https://www.sourcecodester.com/user/257130/activity Software:...