GHSA-HX52-CV84-JR5V Sliver is Vulnerable to Authenticated Nil-Pointer Dereference through its Handlers

Executive Summary A vulnerability exists in the Sliver C2 server's Protobuf unmarshalling logic due to a systemic lack of nil-pointer validation. By extracting valid implant credentials and omitting nested fields in a signed message, an authenticated actor can trigger an unhandled runtime panic...

NULL Pointer Dereference

Overview Affected versions of this package are vulnerable to NULL Pointer Dereference in the Canonicalize function when spec.message is empty. An attacker can cause a denial of service by sending malformed proposed entries of cose/v0.0.1 or dsse/v0.0.1 types that trigger panic on a thread...

EUVD-2025-50819

Bugsink is vulnerable to unauthenticated remote DoS via crafted Brotli input via CPU...

Allocation of Resources Without Limits or Throttling

Overview bugsink is a Self-hosted Error Tracking Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling in the Brotli Decompression process. An attacker can cause excessive CPU consumption by submitting a specially crafted Brotli-compressed...

CVE-2025-64509

Bugsink is a self-hosted error tracking tool. In versions prior to 2.0.6, a specially crafted Brotli-compressed envelope can cause Bugsink to spend excessive CPU time in decompression, leading to denial of service. This can be done if the DSN is known, which it is in many common setups JavaScript...

curl: SMTP CRLF Command Injection in CURLOPT_MAIL_FROM and CURLOPT_MAIL_RCPT

libcurl's SMTP implementation accepts CR \r and LF \n bytes in mailbox address inputs without validation. These control characters are inserted directly into SMTP commands, allowing attackers to inject arbitrary SMTP protocol commands. This enables envelope manipulation, adding unauthorized...

EUVD-2018-1031

Malware in sbrugna...

EUVD-2017-13006

Malware in sbrugna...

EUVD-2017-4035

Malware in sbrugna...

EUVD-2018-1190

Malware in sbrugna...

EUVD-2018-7326

Malware in sbrugna...

EUVD-2017-3864

Malware in sbrugna...

EUVD-2019-10334

Malware in sbrugna...

EUVD-2017-3865

Malware in sbrugna...

Exploit for Argument Injection in Phpmailer_Project Phpmailer

PHPMailer And that's it, you have your shell. There is another exploit, which ilustrates another use case. ./deface.sh localhost:8080 + CVE-2016-10033 exploit by opsxcq + Exploiting localhost:8080 + Target exploited, acessing shell at http://localhost:8080/backdoor.php + Checking if the backdoor...

CVE-2025-24904 libsignal-service-rs doesn't sanity check plaintext envelopes are not sanity-checked

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, plaintext content envelopes could be injected by a server or a malicious client, and m...

libsignal-service-rs 注入漏洞

libsignal-service-rs is a libsignal service open-sourced by Whisperfish for communicating with Signal servers. An injection vulnerability exists in libsignal-service-rs that stems from not properly validating the encryption state of the content envelope, allowing for plaintext injection...

Malicious code in dmn-editor-envelope (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cea2a6739abd5713f936e329c35aab9e44e6296aa0998b622c48217a3c1fbd50 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2024-8916 Malicious code in dmn-editor-envelope (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cea2a6739abd5713f936e329c35aab9e44e6296aa0998b622c48217a3c1fbd50 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2024-28063

Kiteworks Totemomail through 7.0.0 allows /responsiveUI/EnvelopeOpenServlet envelopeRecipient reflected XSS...