firefox: thunderbird: expat: libexpat in Expat allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing

A memory amplification vulnerability in libexpat allows attackers to trigger excessive dynamic memory allocations by submitting specially crafted XML input. A small input 250 KiB can cause the parser to allocate hundreds of megabytes, leading to denial-of-service DoS through memory exhaustion...

Exploit for Path Traversal in Apache Http_Server

🚀 AutoReconAI – Intelligent Vulnerability Scanner & Exploit Re...

PT-2026-8094

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The reported issue has been marked as rejected by NIST in the official CVE List, indicating it is not a valid or recognized vulnerability. No search results fro...

Exploit for CVE-2025-12197

Security Research This repository contains my security resea...

EUVD-2025-8626

Malicious code in bioql PyPI...

EUVD-2023-25149

Malicious code in bioql PyPI...

Python DoS Vulnerability (Jul 2025) - Linux

Python is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:python:python";...

About Elevation of Privilege – Windows Common Log File System Driver (CVE-2025-32701, CVE-2025-32706) vulnerabilities

About Elevation of Privilege - Windows Common Log File System Driver CVE-2025-32701, CVE-2025-32706 vulnerabilities. When Microsoft disclosed these vulnerabilities in the May Patch Tuesday, attackers were already exploiting them in the wild. The Common Log File System CLFS is a general-purpose...

📄 Tomcat Partial PUT Java Deserialization

This Metasploit module exploits a Java deserialization vulnerability in Apache Tomcats session restoration functionality that can be exploited with a partial HTTP PUT request to place an attacker controlled deserialization payload in the tomcatrootdir/webapps/ROOT/ directory. For the exploit to...

CVE-2024-57968

creationtimestamp| type| source ---|---|--- 2025-02-03 19:16:04+00:00| seen| https://infosec.exchange/users/cve/statuses/113941555703677096 2025-02-03 20:16:45+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lhced4xduj2e 2025-02-03 20:37:54+00:00| seen|...

CVE-2024-55228

creationtimestamp| type| source ---|---|--- 2025-01-25 04:09:52+00:00| exploited| https://gist.github.com/Dqtdqt/a942bbce9a5fc851dce366902411c768 2025-01-27 16:36:35+00:00| seen| https://infosec.exchange/users/cve/statuses/113901292435622561 2025-01-27 17:16:06+00:00| seen|...

CISA: TRIPwire Fact Sheet

System About Files News Vote Help | Services API Advertise Contact | Account Join Login ---|---|---...

PT-2025-1977 · Go +2 · Github.Com/Ollama/Ollama +2

Name of the Vulnerable Software and Affected Versions: No specific software name or affected versions are mentioned in the provided descriptions. Description: A security issue has been discovered in a famous LLM product. The estimated number of potentially affected devices worldwide is not...

PT-2024-32897 · Unknown · Smadar Sps

Name of the Vulnerable Software and Affected Versions: Smadar SPS affected versions not specified Description: The issue is related to the use of a broken or risky cryptographic algorithm, as identified by CWE-327. This could potentially lead to security risks due to the weakness in the...

PT-2024-32442 · Huawei · Honor

Name of the Vulnerable Software and Affected Versions: Honor products affected versions not specified Description: The issue is related to an information leak vulnerability. Successful exploitation of this vulnerability could cause information to leak. There is no information provided about the...

Security Bulletin: IBM Disconnected Log Collector is vulnerable to using components with known vulnerabilities

Summary The product includes vulnerable components e.g., framework libraries that may be identified and exploited with automated tools. This update addresses these CVEs. Vulnerability Details CVEID:CVE-2020-15250 DESCRIPTION: JUnit4 could allow a local attacker to obtain sensitive information,...

PT-2024-34134 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned as affected. Description: The provided information does not contain details about a specific vulnerability. It appears to be a rejection notice for a CVE candidate number, indicating that the...

CVE-2024-31317

creationtimestamp| type| source ---|---|--- 2024-07-27 11:08:57+00:00| seen| MISP/b5cbc36d-3fcd-45dc-9fd3-57a1ee49d407 2024-08-23 13:29:53+00:00| published-proof-of-concept| https://t.me/Rootsec2/4212 2024-08-23 22:17:53+00:00| published-proof-of-concept|...

PT-2024-20855 · Mw45A Pt · Mw45A Pt

Name of the Vulnerable Software and Affected Versions: MW45A PT version 02.00 02 Description: A security issue was discovered in MW45A PT. The estimated number of potentially affected devices and details about real-world incidents are not specified. Technical details about exploitation are not...

CVE-2024-1061

creationtimestamp| type| source ---|---|--- 2024-01-30 10:31:49+00:00| seen| https://t.me/ctinow/175820 2024-02-05 21:16:38+00:00| seen| https://t.me/ctinow/179497 2024-02-22 01:21:21+00:00| seen| https://t.me/ctinow/190285 2024-10-19 16:41:40+00:00| published-proof-of-concept|...