PT-2026-25311

🟠 CVE-2025-13777 - High Authentication bypass by capture-replay vulnerability in ABB AWIN GW100 rev.2, ABB AWIN GW120.This issue affects AWIN GW100 rev.2: 2.0-0, 2.0-1; AWIN GW120: 1.2-0, 1.2-1. https://t.co/k9L0CuzZX4 https://t.co/FbKYQV3svl...

ABB AWIN GW100和ABB AWIN GW120 安全漏洞

ABB AWIN GW100 and ABB AWIN GW120 are communication gateway devices produced by the Swiss company ABB. There are security vulnerabilities in versions of ABB AWIN GW100 rev.2 2.0-1 and earlier, as well as ABB AWIN GW120 1.2-1 and earlier. These vulnerabilities stem from the ability to capture and...

Exploits-and-code-snippets

Exploits-and-code-snipp...

Exploits-and-code-snippets

Exploits-and-code-snipp...

Exploits-and-code-snippets

Exploits-and-code-snipp...

Exploit for CVE-2026-27540

CVE-2026-27540-WordPress-Explo...

Exploit for CVE-2026-27944

CVE-2026-27944 - Nginx-UI Unauthenticated Backup Download !...

freerdp: FreeRDP: Denial of Service via use after free in ecam_channel_write

A denial of service flaw has been found in FreeRDP. A capture thread sends sample responses using a freed channel callback after a device channel close, leading to a use after free in ecamchannelwrite...

CVE-2026-30789

Use of Password Hash With Insufficient Computational Effort, Improper Restriction of Excessive Authentication Attempts vulnerability in rustdesk-client RustDesk Client rustdesk-client on Windows, MacOS, Linux, iOS, Android Client login, peer authentication modules allows Password Brute Forcing. T...

PT-2026-23455

Name of the Vulnerable Software and Affected Versions RustDesk Client versions through 1.4.5 Description A flaw exists in RustDesk Client that allows for authentication bypass through capture-replay attacks and the use of a password hash with insufficient computational effort. This impacts the...

📄 Wireshark USB HID Protocol Dissector Memory Exhaustion

CVE-2026-3201 is a denial of service vulnerability affecting the USB HID protocol dissector in Wireshark versions 4.6.0 through 4.6.3 and 4.4.0 through 4.4.13. The vulnerability is triggered when Wireshark parses a specially crafted USB HID Report Descriptor containing an excessively large...

SUSE-SU-2026:0763-1 Security update for freerdp

This update for freerdp fixes the following issues: - CVE-2026-24491: heap-use-after-free in videotimer bsc1257981. - CVE-2026-24675: heap-use-after-free in urbselectinterface bsc1257982. - CVE-2026-24676: heap-use-after-free in audioformatcompatible bsc1257983. - CVE-2026-24677:...

Exploit for SQL Injection in Salephpscripts Web_Directory_Free

SECTF2026 — "You Play the CTF. We Play Defense" Event: XP...

MAL-2026-1090 Malicious code in isb (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 93750cbddba7897fde1d31836971e11082ad2076012c7caf708980de45827840 Starting the module initiates an infostealer with a Telegram bot and RAT-like functionality and hardcoded credentials. The code automatically adds itself to...

Inside a fake Google security check that becomes a browser RAT

A website styled to resemble a Google Account security page is distributing what may be one of the most fully featured browser-based surveillance toolkits we have observed in the wild. Disguised as a routine security checkup, it walks victims through a four-step flow that grants the attacker push...

Wireshark Analyzer 4.6.4

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. Thi...

CVE-2026-27593

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 6.3.3 and 5.73.10, an attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf. The attacker must know the email address of a valid...

CVE-2026-3203

A flaw was found in the RF4CE Profile dissector in Wireshark. This issue occurs when malformed packets are decoded from a pcap file or the network, causing a buffer over-read, resulting in a denial of service. Mitigation If the RF4CE Profile protocol dissector is not being used, it can be disable...

CVE-2026-27593

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 6.3.3 and 5.73.10, an attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf. The attacker must know the email address of a valid...

CVE-2026-27593 Statamic is vulnerable to account takeover via password reset link injection

Statmatic is a Laravel and Git powered content management system CMS. Prior to versions 6.3.3 and 5.73.10, an attacker may leverage a vulnerability in the password reset feature to capture a user's token and reset the password on their behalf. The attacker must know the email address of a valid...