XML-RPC npm Library Turns Malicious, Steals Data, Deploys Crypto Miner

Cybersecurity researchers have discovered a software supply chain attack that has remained active for over a year on the npm package registry by starting off as an innocuous library and later adding malicious code to steal sensitive data and mine cryptocurrency on infected systems. The package,...

GO-2024-3291 Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion in github.com/treeverse/lakefs

Re-creating a deleted user in lakeFS will re-enable previous user credentials that existed prior to its deletion in github.com/treeverse/lakefs...

Exploit for Use of Hard-coded Credentials in Mariazevedo88 Travels-Java-Api

PoC Authentication Bypass MFA Really Simple Security WordPress...

Exploit for OS Command Injection in Paloaltonetworks Pan-Os

CVE-2024-9474 PoC for Palo Alto PAN-OS vuln...

CVE-2024-52583 WesHacks code includes links to Leostop tracking spyware infested files

The WesHacks GitHub repository provides the official Hackathon competition website source code for the Muweilah Wesgreen Hackathon. The page schedule.html before 17 November 2024 or commit 93dfb83 contains links to Leostop, a site that hosts a malicious injected JavaScript file that occurs when...

MLflow < 2.9.2 Path Traversal Vulnerability

Path Traversal: '..\filename' in GitHub repository mlflow/mlflow prior to 2.9.2. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. %NASLMINLEVEL 80900 Tenable, Inc. include'compat.inc'; if description scriptid210769;...

Exploit for CVE-2024-51132

CVE-2024-51132-POC Vulnerability Type XXE - XML Externa...

GO-2024-3207 Permissive Regular Expression in tacquito in github.com/facebookincubator/tacquito

Permissive Regular Expression in tacquito in github.com/facebookincubator/tacquito...

CVE-2024-47814

creationtimestamp| type| source ---|---|--- 2024-10-08 01:10:08+00:00| seen| https://t.me/cvedetector/7296 2025-07-09 21:28:20+00:00| seen| https://gist.github.com/jamincollins/eeeaa5b5a021f181d02cd557edf76515...

CVE-2024-9291

A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. Affected is an unknown function of the file /ueditor/upload?configPath=ueditor/config.json&action=uploadfile of the component XML File Handler. The manipulation of the...

CVE-2024-9291 kalvinGit kvf-admin XML File cross site scripting

A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. Affected is an unknown function of the file /ueditor/upload?configPath=ueditor/config.json&action=uploadfile of the component XML File Handler. The manipulation of the...

CVE-2024-9291

CVE-2024-9291 concerns kalvinGit kvf-admin (XML File Handler). The vulnerability affects the file "/ueditor/upload?configPath=ueditor/config.json&action=uploadfile" where manipulation of the upfile argument enables cross-site scripting. It can be exploited remotely, and the exploit has been discl...

CVE-2024-9291 kalvinGit kvf-admin XML File cross site scripting

A vulnerability classified as problematic has been found in kalvinGit kvf-admin up to f12a94dc1ebb7d1c51ee978a85e4c7ed75c620ff. Affected is an unknown function of the file /ueditor/upload?configPath=ueditor/config.json&action=uploadfile of the component XML File Handler. The manipulation of the...

GO-2024-3130 CoreDNS vulnerable to TuDoor Attacks in github.com/coredns/coredns

CoreDNS vulnerable to TuDoor Attacks in github.com/coredns/coredns...

Mozilla: User API Key leakage in Github commit leads to unauthorized access to sql.telemetry.mozilla.org

A Mozilla employee's API token for https://sql.telemetry.mozilla.org was leaked in one of the Github repos. The token provided access to the service dashboard which contained confidential data. The API token was rotated and removed from the service...

GO-2024-3119 Path traversal vulnerability in stripe-cli in github.com/stripe/stripe-cli

Path traversal vulnerability in stripe-cli in github.com/stripe/stripe-cli...

CVE-2024-8413 Cross Site Scripting (XSS) in Raspcontrol

Cross Site Scripting XSS vulnerability through the action parameter in index.php. Affected product codebase https://github.com/Bioshox/Raspcontrol and forks such as https://github.com/harmon25/raspcontrol . An attacker could exploit this vulnerability by sending a specially crafted JavaScript...

Windows IIS HTTP Protocol Stack Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows IIS HTTP Protocol Stack DOS', 'Description' = %q This module exploits CVE-2021-31166, a UAF bug in http.sys when parsing specially crafte...

CVE-2024-42852

creationtimestamp| type| source ---|---|--- 2024-08-23 21:19:09+00:00| seen| https://t.me/cvedetector/4036 2025-07-16 13:29:15+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2024/CVE-2024-42852.yaml 2025-07-17 21:02:26+00:00| seen|...

GO-2022-1161 AList vulnerable to Improper Preservation of Permissions in github.com/alist-org/alist

AList vulnerable to Improper Preservation of Permissions in github.com/alist-org/alist...