FlaskRCE

FlaskRCE PoC --- Technical Write‑Up Repository: https://g...

Rufus security vulnerabilities

Rufus is a reliable USB formatting tool developed by Pete Batard as an individual developer. Versions of Rufus 4.11 and earlier contained security vulnerabilities. These vulnerabilities stemmed from race conditions during the creation, validation, and execution of Fido PowerShell scripts, which...

PT-2026-4296

Name of the Vulnerable Software and Affected Versions Rufus versions 4.11 and below Description Rufus, a utility for formatting and creating bootable USB flash drives, contains a time-of-check to time-of-use TOCTOU race condition in the src/net.c file. This occurs during the creation, validation,...

Fake extension crashes browsers to trick users into infecting themselves

Researchers have found another method used in the spirit of ClickFix: CrashFix. ClickFix campaigns use convincing lures—historically “Human Verification” screens—to trick the user into pasting a command from the clipboard. After fake Windows update screens, video tutorials for Mac users, and many...

Evelyn Stealer Malware Abuses VS Code Extensions to Steal Developer Credentials and Crypto

Cybersecurity researchers have disclosed details of a malware campaign that's targeting software developers with a new information stealer called Evelyn Stealer by weaponizing the Microsoft Visual Studio Code VS Code extension ecosystem. "The malware is designed to exfiltrate sensitive informatio...

CVE-2021-47759

MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attackers to view SSH connection passwords through Windows PowerShell process listing. Attackers can run a PowerShell command to retrieve the full command line of MTPutty processes, exposing plaintext SSH...

CVE-2021-47759

CVE-2021-47759 (MTPutty 1.0.1.21) : A local information-disclosure vulnerability allows an attacker with local access to view SSH passwords by listing Windows PowerShell processes; the full command line of MTPutty processes is retrievable, exposing plaintext credentials. Documented impact is conf...

EUVD-2026-2776

MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attackers to view SSH connection passwords through Windows PowerShell process listing. Attackers can run a PowerShell command to retrieve the full command line of MTPutty processes, exposing plaintext SSH...

CVE-2021-47759

MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attackers to view SSH connection passwords through Windows PowerShell process listing. Attackers can run a PowerShell command to retrieve the full command line of MTPutty processes, exposing plaintext SSH...

TTY PLUS MTPuTTY security vulnerabilities

TTY PLUS MTPuTTY is a Shell management tool developed by TTY PLUS Corporation. Version 1.0.1.21 of TTY PLUS MTPuTTY contains a security vulnerability. This vulnerability stems from the Windows PowerShell process list potentially exposing SSH connection passwords, leading to the leakage of sensiti...

PT-2026-3035

MTPutty 1.0.1.21 contains a sensitive information disclosure vulnerability that allows local attackers to view SSH connection passwords through Windows PowerShell process listing. Attackers can run a PowerShell command to retrieve the full command line of MTPutty processes, exposing plaintext SSH...

WMI Event Subscription Interval Persistence

This module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that triggers the payload after the specified CALLBACKINTERVAL. If the persistence is not installed, it will keep triggering payloads to spawn. Additionally a custom command can be...

WMI Event Subscription Interval Persistence

This Metasploit module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that triggers the payload after the specified CALLBACKINTERVAL. If the persistence is not installed, it will keep triggering payloads to spawn. Additionally a custom comman...

WMI Event Subscription Event Log Persistence

This Metasploit module will create a permanent WMI event subscription to achieve file-less persistence using an event filter that will query the event log for an EVENTIDTRIGGER default: failed logon request id 4625 that also contains a specified USERNAMETRIGGER note: failed logon auditing must be...

CVE-2022-50934

Rejected reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue...

CVE-2022-50934

CVE-2022-50934 entry rejected; CNA withdrew; not a security issue.

CVE-2022-50934

...

New Malware Campaign Delivers Remcos RAT Through Multi-Stage Windows Attack

Cybersecurity researchers have disclosed details of a new campaign dubbed SHADOWREACTOR that employs an evasive multi-stage attack chain to deliver a commercially available remote administration tool called Remcos RAT and establish persistent, covert remote access. "The infection chain follows a...

PT-2026-2410

Name of the Vulnerable Software and Affected Versions Wing FTP Server versions 4.3.8 and below Description The software contains a remote code execution issue that allows attackers to execute arbitrary PowerShell commands. An attacker can leverage a crafted Lua script payload, base64-encoded with...

CVE-2023-49213

The API endpoints in Ironman PowerShell Universal 3.0.0 through 4.2.0 allow remote attackers to execute arbitrary commands via crafted HTTP requests if a param block is used, due to invalid sanitization of input strings. The fixed versions are 3.10.2, 4.1.10, and 4.2.1...