Exploit for OS Command Injection in Frigate

⚠️ CVE-2026-25643 - Detect and Analyze Remote Code Execution...

OSV-2026-357 Heap-buffer-overflow in _cupsRasterAddError

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=489911024 Crash type: Heap-buffer-overflow WRITE 3 Crash state: cupsRasterAddError cupsRasterExecPS fuzzcups.c...

Malicious code in prateek-yadav23 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 e73aa57c13235ec4d3bcf7aa6139bb5a1bdbade9d72ae81a20c291766b9ac7ab Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

CVE-2026-2330

An unauthenticated attacker could access restricted filesystem areas on the device via the CROWN REST interface due to incomplete whitelist enforcement. Internal testing directories were not covered by the whitelist, making them accessible without authentication. A manipulated parameter file coul...

Malicious Package

Overview @isfe-common/testing-utils is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

SemFuzz: A Semantics-Aware Fuzzing Framework for Network Protocol Implementations

Network protocols are the foundation of modern communication, yet their implementations often contain semantic vulnerabilities stemming from inadequate understanding of specification semantics. Existing gray-box and black-box testing approaches lack semantic modeling of protocols, making it...

Exploit for CVE-2011-1473

CVE-2011-1473-POC CVE-20...

vulnhub-machines-writeups

vulnhub-machines-writeups Collec...

Challenges and Design Considerations for Finding CUDA Bugs through GPU-Native Fuzzing

Modern computing is shifting from homogeneous CPU-centric systems to heterogeneous systems with closely integrated CPUs and GPUs. While the CPU software stack has benefited from decades of memory safety hardening, the GPU software stack remains dangerously immature. This discrepancy presents a...

Exploit for Integer Underflow (Wrap or Wraparound) in Microsoft

CVE-2024-38063 Exploit Advanced exploitation tool with precis...

SUSE CVE-2026-3337

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...

How HiveForce Labs Finds Threats Before They Hit

There’s often a huge gap between knowing about a threat and knowing if you’re protected from it. A threat feed might tell you about a new attack campaign, but that information lives in a report. It doesn't tell you what would happen if that same attack hit your network. This is the difference...

Exploit for Use After Free in Google Chrome

⚠️ CVE-2026-2441-PoC - Test Chrome Vulnerability Safely !Do...

Malicious Package

Overview testing-package-xdsfdsfsc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

OSV-2026-338 Use-of-uninitialized-value in pjsip_auth_clt_init_req

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=488721002 Crash type: Use-of-uninitialized-value Crash state: pjsipauthcltinitreq fuzz-sip.c fuzz-sip.c...

Google Chrome 145.0.7632.117 WebGPU Tint Security Test

This is a proof of concept designed to test how the WebGPU Tint compiler handles an out-of-bounds memory access attempt in WGSL. The shader intentionally uses an invalid array index to simulate an out-of-bounds write operation. The purpose is to observe whether WebGPU validation, sandboxing, and...

📄 WeGIA 3.5.0 SQL Injection

Proof of concept remote SQL injection exploit for WeGIA versions 3.5.0 and below. Exploit Title: WeGIA 3.5.0 - SQL Injection Date: 2025-10-14 Exploit Author: Onur Demir OnurDemir-Dev Vendor Homepage: https://www.wegia.org Software Link: https://github.com/LabRedesCefetRJ/WeGIA/ Version: " echo...

WeGIA 3.5.0 - SQL Injection

Exploit Title: WeGIA 3.5.0 - SQL Injection Date: 2025-10-14 Exploit Author: Onur Demir OnurDemir-Dev Vendor Homepage: https://www.wegia.org Software Link: https://github.com/LabRedesCefetRJ/WeGIA/ Version: " echo "Example: $0 http://127.0.0.1/WeGIA/ "admin" "wegia" "version"" exit 1 fi...

EUVD-2026-9265

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...

Exploit for SQL Injection in Mjdm Majordomo

CVE-2026-27179 Proof of Concept Academic & Defensive Resea...