MeshCentral-RogueAgent

MeshCentral RogueAgent A proof-of-concept exploit chain for a...

Exploit for OS Command Injection in Paessler Prtg_Network_Monitor

CVE-2018-9276 — PRTG Network Monitor ⚠️ Disclaimer: This...

Exploit for CVE-2026-11417

CVE-2026-11417-AWS-CDK-RCE Techn...

Critical Splunk Enterprise Flaw Lets Attackers Run Code Without Authentication

Splunk has released security updates to address a critical security flaw in Splunk Enterprise that could be exploited to conduct unauthenticated file operations and even remote code execution. The vulnerability, tracked as CVE-2026-20253 , is rated 9.8 on the CVSS scoring system. "In Splunk...

Exploit for CVE-2026-6279

Description This Python script is an exploit tool for CVE-2026-6...

Exploit for Improper Access Control in Getgrav Grav-Plugin-Admin

CVE-2021-21425 - GravCMS Unauthenticated RCE Unauthenticated...

Exploit for CVE-2026-48017

CVE-2026-48017 — Remote Code Execution in DbGate via function...

MAL-2026-5730 Malicious code in class-synth (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1aa63407d7400b4819d0739dedad0a32d9ae29b18509693c2e8763cf30275271 class-synth is advertised as a small class/style/date utility library, but its main entry dist/index.js contains a hidden top-level async IIFE init...

Malicious code in node-denv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b0701ad772209918c78eb4d038cce43946517f3558cbec1988c121c115a641d node-denv presents itself as a pino-compatible logging middleware index.js exports module.exports.pino = middleware and mimics pino's option shape...

MAL-2026-5734 Malicious code in node-denv (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b0701ad772209918c78eb4d038cce43946517f3558cbec1988c121c115a641d node-denv presents itself as a pino-compatible logging middleware index.js exports module.exports.pino = middleware and mimics pino's option shape...

Exploit for CVE-2026-22356

CVE-2026-22356 CVE-2026-22356: Jetpack CRM Path Traversal Vuln...

CVE-2026-42850

A flaw was found in Kitty, a cross-platform GPU based terminal. A remote attacker could exploit this vulnerability by sending a specially crafted escape code to a victim who is connected to the attacker via a program like netcat. This escape code triggers an unescaped error that is then executed ...

SUSE CVE-2026-12007

Use after free in Core in Google Chrome on Windows prior to 149.0.7827.115 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: Critical...

SUSE CVE-2026-45447

Issue summary: A specially crafted PKCS7 or S/MIME signed message could trigger a use-after-free during PKCS7 signature verification. Impact summary: A use-after-free may result in process crashes, heap corruption, or potentially remote code execution. When processing a PKCS7 or S/MIME signed...

RLSA-2026:25216 Important: valkey security update

Valkey is an advanced key-value store. It is often referred to as a data structure server since keys can contain strings, hashes, lists, sets and sorted sets. You can run atomic operations on these types, like appending to a string; incrementing the value in a hash; pushing to a list; computing s...

samba security update

An update is available for samba. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Samba is an open-source implementation of the Server Message Block SMB protocol...

redis:7 security update

An update is available for redis, module.redis. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Redis is an advanced key-value store. It is often referred to as ...

RLSA-2026:25219 Important: redis:7 security update

Redis is an advanced key-value store. It is often referred to as a data-structure server since keys can contain strings, hashes, lists, sets, and sorted sets. For performance, Redis works with an in-memory data set. You can persist it either by dumping the data set to disk every once in a while, ...

MGASA-2026-0200 Updated proftpd packages fix security vulnerabilities

CVE-2026-42167 modsql in ProFTPD before 1.3.9a allows remote attackers to execute arbitrary code via a username, in scenarios where there is logging of USER requests with an expansion such as %U, and the SQL backend allows commands e.g., COPY TO PROGRAM. CVE-2026-44331 a SQL injection vulnerabili...

MGASA-2026-0201 Updated cups packages fix security vulnerabilities

CVE-2026-27447, Authorization bypass via case-insensitive group-member lookup. CVE-2026-39314, Integer underflow in ppdCreateFromIPP causes root cupsd crash via negative job-password-supported CVE-2026-39316, Use-after-free in cupsdDeleteTemporaryPrinters via dangling subscription pointer...