1658 matches found
EUVD-2023-1690
Malicious code in bioql PyPI...
EUVD-2024-54605
Malicious code in bioql PyPI...
EUVD-2025-20826
Malicious code in bioql PyPI...
EUVD-2024-23425
Malicious code in bioql PyPI...
EUVD-2022-6723
Malicious code in bioql PyPI...
Exploit for CVE-2025-54253
CVE-2025-54253 Adobe AEM OGNL Injection Simulated PoC Lab !...
Exploit for Command Injection in Microsoft
๐ฅ CVE-2025-53773 โ Remote Code Execution in GitHub Copilot ๐ฅ...
Exploit for Incorrect Authorization in Sudo_Project Sudo
sudo CVE-2025 Toolkit Unified scanner, benign proof-of-...
Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo
Sudo CVE-2025-32463 โ PoC !GitHub last commithttps://img.s...
CISA Adds 3 D-Link Vulnerabilities to KEV Catalog Amid Active Exploitation Evidence
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added three old security flaws impacting D-Link Wi-Fi cameras and video recorders to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation in the wild. The high-severity vulnerabilities,...
MS SWIFT Remote Code Execution via unsafe PyYAML deserialization
Description A Remote Code Execution RCE vulnerability exists in the modelscope/ms-swift project due to unsafe use of yaml.load in combination with vulnerable versions of the PyYAML library โค 5.3.1. The issue resides in the tests/run.py script, where a user-supplied YAML configuration file is...
CVE-2025-8194
A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module. Mitigation This flaw can...
Scattered Spider Launching Ransomware on Hijacked VMware Systems, Google
A new report from Google's GTIG reveals how UNC3944 0ktapus uses social engineering to compromise Active Directory, then exploits VMware vSphere for data theft and direct ransomware deployment. Understand their tactics and learn vital mitigation steps...
Exploit for CVE-2025-34085
๐ CVE-2025-34085 โ Simple File List WordPress Plugin RCE ๐...
Exploit for CVE-2025-22870
CVE-2025-22870 โ Proxy Bypass via IPv6 Zone Parsing in Go ๐...
Exploit for Code Injection in Craftcms Craft_Cms
๐งจ CVE-2025-32432 โ Craft CMS Pre-auth RCE ๐งจ ๐ต๏ธ Overview...
CVE-2025-50063
CVE-2025-50063 (Oracle Java SE Install component) is documented to affect Oracle Java SE 8u451. The vulnerability can be exploited by a low-privileged user with logon access to the infrastructure where Java SE runs, and successful exploitation requires user interaction. It can lead to takeover of...
Security Bulletin: IBM Jazz for Service Management is vulnerable to cross-site scripting via searchWord parameter.
Summary IBM Jazz for Service Management is vulnerable to cross-site scripting, allowing malicious scripts to be executed via the searchWord parameter on the static help page CVE-2024-52892. Vulnerability Details CVEID:CVE-2024-52892 DESCRIPTION: IBM Jazz for Service Management is vulnerable to...
docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token
GitHub Personal Access Token Exposure in docusaurus-plugin-content-gists Summary docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration options. The token, intended for...
GHSA-QF34-QPR4-5PPH docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token
GitHub Personal Access Token Exposure in docusaurus-plugin-content-gists Summary docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration options. The token, intended for...