Exploit for Missing Authentication for Critical Function in Paloaltonetworks Pan-Os

CVE-2024-0012 and CVE-2024-9474 Authentication Bypass in the...

Microsoft Edge (Chromium-based) Spoofing Vulnerability (CNVD-2025-05242)

Microsoft Edge is a web browser from the American company Microsoft that comes with systems after Windows 10. Microsoft Edge Chromium-based suffers from a spoofing vulnerability that can be exploited by attackers to conduct spoofing attacks...

CVE-2024-3376

A vulnerability classified as critical has been found in SourceCodester Computer Laboratory Management System 1.0. This affects an unknown part of the file config.php. The manipulation of the argument url leads to execution after redirect. It is possible to initiate the attack remotely. The explo...

CVE-2025-25039

A vulnerability in the web-based management interface of HPE Aruba Networking ClearPass Policy Manager CPPM allows remote authenticated users to run arbitrary commands on the underlying host. A successful exploit could allow an attacker to execute arbitrary commands as a lower privileged user on...

Magma null pointer dereference vulnerability (CNVD-2025-15069)

Magma is an open source software platform from Magma Open Source. Provides network operators with an open, flexible and scalable mobile core network solution. Magma has a null pointer dereference vulnerability that can be exploited by an attacker to crash MME...

CVE-2025-0611

Object corruption in V8 in Google Chrome prior to 132.0.6834.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. Chromium security severity: High...

CVE-2025-0567 Epic Games Launcher Installer profapi.dll untrusted search path

A vulnerability classified as problematic was found in Epic Games Launcher up to 17.2.1. This vulnerability affects unknown code in the library profapi.dll of the component Installer. The manipulation leads to untrusted search path. Attacking locally is a requirement. The complexity of an attack ...

The Elevation of Privilege – Windows Common Log File System Driver (CVE-2024-49138) has become more critical

The Elevation of Privilege - Windows Common Log File System Driver CVE-2024-49138 has become more critical. Just as I wrote that nothing had been heard about this vulnerability for a month since it was first published in Microsoft's December Patch Tuesday, a public exploit for it appeared on...

Unspecified vulnerability in Huawei HarmonyOS and EMUI (CNVD-2025-02247)

Huawei HarmonyOS is an operating system from Huawei, a Chinese company. It provides a full-scene distributed operating system based on a microkernel.Huawei EMUI is an emotional operating system developed by Huawei based on Android Android. A security vulnerability exists in Huawei HarmonyOS and...

WordPress Chartify 2.9.5 Local File Inclusion

WordPress Chartify plugin versions 2.9.5 and below suffers from a local file inclusion vulnerability. CVE-2024-10571 Chartify – WordPress Chart Plugin = 2.9.5 - Unauthenticated Local File Inclusion via source Description The Chartify – WordPress Chart Plugin plugin for WordPress is vulnerable to...

CVE-2024-11423 Ultimate Gift Cards for WooCommerce <= 3.0.6 - Missing Authorization to Infinite Money Glitch

The Ultimate Gift Cards for WooCommerce – Create WooCommerce Gift Cards, Gift Vouchers, Redeem & Manage Digital Gift Coupons. Offer Gift Certificates, Schedule Gift Cards, and Use Advance Coupons With Personalized Templates plugin for WordPress is vulnerable to unauthorized modification of data d...

Netwave IP Camera Secret Disclosure Exploit

!/bin/bash Exploit Title: Netwave Google Dork: "Netwave security camera" "Live feed" Exploit Author: Jeremie Amsellem Version: No version specified by the vendor Tested on: Kali Linux Written by lp1 Run this exploit on a vulnerable Netwave Camera in order To dump the camera's network configuratio...

Google Android Denial of Service Vulnerability (CNVD-2025-03654)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a denial of service vulnerability caused by an out-of-bounds read in mverrcost in mcomp.c. The vulnerability is caused by an out-of-bounds read in mverrcost. An attacker can exploit this...

Google Android elevation of privilege vulnerability (CNVD-2025-03655)

Google Android is a Linux-based open source operating system from Google. Google Android suffers from an elevation of privilege vulnerability caused by an out-of-bounds write in String16 of String16.cpp. An attacker can exploit the vulnerability to escalate privileges...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

Check-Pointpoc Check-Point安全网关任意文件读取漏洞CVE-2024-24919 pytho...

CVE-2024-5955

Cross-site scripting vulnerability in Trellix ePolicy Orchestrator prior to ePO 5.10 Service Pack 1 Update 3 allows a remote authenticated attacker to craft requests causing arbitrary content to be injected into the response when accessing the epolicy Orchestrator...

Unspecified vulnerability in Huawei HarmonyOS (CNVD-2025-1587629)

Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. Huawei HarmonyOS has a security vulnerability that can be exploited by attackers to compromise confidentiality...

Unspecified Vulnerability in ABB ASPECT (CNVD-2024-49518)

ABB ASPECT is a scalable building energy management and control solution from ABB Switzerland. ABB ASPECT suffers from a security vulnerability that originates from the inclusion of a Use Default Credentials vulnerability in ASPECT on Linux. An attacker could exploit this vulnerability to gain...

Unspecified Vulnerability in FFmpeg (CNVD-2025-01687)

FFmpeg is a complete solution for recording, converting and streaming audio and video from the FFmpeg team. A security vulnerability exists in FFmpeg version n7.0, which can be exploited by attackers to potentially cause data contention...

Mozilla Firefox and Thunderbird Code Execution Vulnerability (CNVD-2025-00865)

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. A code execution vulnerability exists in Mozilla Firefox and Thunderbird due to a double release issue in secpkcs7decoderstartdecrypt when handling err...