CVE-2026-40960

Luanti 5 before 5.15.2 sometimes allows unintended access to an insecure environment. If at least one mod is listed as secure.trustedmods or secure.httpmods, then a crafted mod can intercept the request for the insecure environment or HTTP API, and also receive access to it...

Luanti 安全漏洞

Luanti is an open-source voxel game engine developed by Luanti itself, supporting mods and game creation. Versions of Luanti prior to 5.5.2 contained security vulnerabilities. These vulnerabilities were caused by improper security environment configuration, which could allow custom modules to...

CVE-2025-1704

ComponentInstaller Modification in ComponentInstaller in Google ChromeOS 15823.23.0 on Chromebooks allows enrolled users with local access to unenroll devices and intercept device management requests via loading components from the unencrypted stateful partition...

Exploit for Improper Authentication in Elementor Website_Builder

CVE-2023-47504 POC Exploit for CVE-2023-47504. According to N...

Full account takeover

POC: Step 1: Use a normal user account Step 2: Change user password in edit profile function Step 3: Enter data fields that change normally Step 4: Use burp suite to intercept requests to update profile Step 5: Change id from 2 to id 1 and send request The result of logging in with the new userna...

Terramaster TOS Security Vulnerability

Terramaster TOS is a Linux-based operating system from Shenzhen, China-based Tumi Electronic Technology Terramaster dedicated to the erraMaster Cloud Storage NAS server. A security vulnerability exists in TerraMaster TOS version 4.2.06 and earlier versions, which can be exploited by an attacker t...

CVE-2020-8559

A flaw was found in the Kubernetes API server, where it allows an attacker to escalate their privileges from a compromised node. This flaw allows an attacker who can intercept requests on a compromised node, to redirect those requests, along with their credentials, to perform actions on other...

Unikrn: Weak Session ID Implementation - No Session change on Password change

Summary: Weak session id implementation Description: Unikrn does not change session id after password is changed. Reusing same session ids, after password is changed is highly risky. Example scenario: Hacker has successfully brute forced the password of a victim and has access to the account. The...

PHP File Sharing System v1.5.1 Multiple Vulnerabilities

Exploit for unknown platform in category web applications ======================================================= PHP File Sharing System v1.5.1 Multiple Vulnerabilities ======================================================= Title: PHP File Sharing System 1.5.1 Multiple Vulnerabilities Author:...