TLSCheck 2.0: An Enhanced Memory Forensics Approach to Efficiently Detect TLS Callbacks

Memory analysis is a crucial technique in digital forensics that enables investigators to examine the runtime state of a system through physical memory dumps. While significant advances have been made in memory forensics, the detection and analysis of Thread Local Storage TLS callbacks remain...

CVE-2026-25752

FUXA is a web-based Process Visualization SCADA/HMI/Dashboard software. An authorization bypass vulnerability in FUXA allows an unauthenticated, remote attacker to modify device tags via WebSockets. Exploitation allows an unauthenticated, remote attacker to bypass role-based access controls and...

CVE-2021-27569

An issue was discovered in Emote Remote Mouse through 4.0.0.0. Attackers can maximize or minimize the window of a running process by sending the process name in a crafted packet. This information is sent in cleartext and is not protected by any authentication logic...

CVE-2018-25146

CVE-2018-25146 affects Microhard Systems IPn4G v1.1.0. Multiple connected docs confirm an undocumented vulnerability that allows authenticated attackers to list and manipulate running system processes by using a hidden feature to send arbitrary signals to kill background processes and system serv...

CVE-2025-67792

DriveLock is affected in versions 24.1 (before 24.1.6), 24.2 (before 24.2.7), and 25.1 (before 25.1.5). The issue allows local unprivileged users to manipulate a DriveLock process on Windows to execute arbitrary commands. Root cause details are not fully disclosed in the provided excerpts, but mu...

CVE-2025-59694

The Chassis Management Board in Entrust nShield Connect XC, nShield 5c, and nShield HSMi through 13.6.11, or 13.7, allows a physically proximate attacker to persistently modify firmware and influence the insecurely configured appliance boot process. To exploit this, the attacker must modify the...

EUVD-2021-19654

Malware in sbrugna...

EUVD-2019-13227

Malware in sbrugna...

EUVD-2017-6181

Malware in sbrugna...

CVE-2025-50503

A vulnerability in the password reset workflow of the Touch Lebanon Mobile App 2.20.2 allows an attacker to bypass the OTP reset password mechanism. By manipulating the reset process, an unauthorized user may be able to reset the password and gain access to the account without needing to provide ...

Docker Desktop < 4.41.0 Privilege Escalation

The version of Docker Desktop for Windows is prior to 4.41.0. It is therefore affected by a privilege escalation vulnerability. A vulnerability in the update process of Docker Desktop for Windows versions prior to 4.41.0 could allow a local, low-privileged attacker to escalate privileges to SYSTE...

CVE-2025-25244 Missing Authorization Check in SAP Business Warehouse (Process Chains)

SAP Business Warehouse Process Chains allows an attacker to manipulate the process execution due to missing authorization check. An attacker with display authorization for the process chain object could set one or all processes to be skipped. This means corresponding activities, such as data...

VectorKernel - PoCs For Kernelmode Rootkit Techniques Research

PoCs for Kernelmode rootkit techniques research or education. Currently focusing on Windows OS. All modules support 64bit OS only. NOTE Some modules use ExAllocatePool2 API to allocate kernel pool memory. ExAllocatePool2 API is not supported in OSes older than Windows 10 Version 2004. If you want...

CVE-2023-52271

The wsftprm.sys kernel driver 2.0.0.0 in Topaz Antifraud allows low-privileged attackers to kill any Protected Process Light process via an IOCTL which will be named at a later time...

Understanding Business Logic Abuse and Its Detection Challenges

Digital modernization and automation have been on a rapid trajectory for the last 5 years and were thrust forward at an even faster pace when the COVID-19 pandemic and subsequent lockdown period took hold in 2020. For businesses and consumers alike this acceleration of advanced technology...

CVE-2021-32933

MDT AutoSave (MDT Software) prior to v6.02.06 is affected by a command-injection vulnerability in the API that fails to validate input, enabling an attacker to pass a malicious file and manipulate the process creation command line to execute a malicious process. The issue is documented across mul...

CVE-2021-27570

CVE-2021-27570 affects Emote Remote Mouse (≤3.015). An attacker can remotely close any running process by sending the process name in a crafted packet. The affected communications are sent in cleartext and lack authentication, enabling network-based exploitation with low complexity and no privile...

Invoker - Penetration Testing Utility

Penetration testing utility. The goal is to use this tool when access to some Windows OS features through GUI is restricted. Some features require administrative privileges. Capabilities: invoke the Command Prompt and PowerShell, download a file, schedule a task, add a registry key, connect to a...

Soroush IM Desktop app 0.15 - Authentication Bypass Vulnerability

Exploit for linux platform in category local exploits Exploit Title: Soroush IM Desktop app 0.15 - Authentication Bypass Exploit Author: VortexNeoX64 Vendor Homepage: https://soroush-app.ir Software Link: https://soroush-app.ir/UploadedData/Soroush.exe Version: 0.15 BETA Tested on: Windows 10 180...

CVE-2017-11746

Tenshi 0.15 creates a tenshi.pid file after dropping privileges to a non-root account, which might allow local users to kill arbitrary processes by leveraging access to this non-root account for tenshi.pid modification before a root script executes a "kill cat /pathname/tenshi.pid" command...