EUVD-2024-23278

Malicious code in bioql PyPI...

Metasploit Wrap-Up 09/12/25

New LightHouse Studio RCE module This week we've added a new module that exploits an unauthenticated template injection vulnerability CVE-2025-34300 in Sawtooth Software’s Lighthouse Studio, allowing arbitrary Perl execution via survey templates in versions prior to 9.16.14. This module has the...

Linux Distros Unpatched Vulnerability : CVE-2023-48298

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ClickHouse is an open-source column-oriented database management system that allows generating analytical data reports in real-time. This vulnerability is an...

Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Network Address Translation DNS Inspection Denial of Service Vulnerability

A vulnerability in the function that performs IPv4 and IPv6 Network Address Translation NAT DNS inspection for Cisco Secure Firewall Adaptive Security Appliance ASA Software and Cisco Secure Firewall Threat Defense FTD Software could allow an unauthenticated, remote attacker to cause the device t...

Exploit for Reliance on File Name or Extension of Externally-Supplied File in Spip

PoC exploit for CVE-2024-8517, an unauthenticated Remote Code Ex...

Exploit for Unrestricted Upload of File with Dangerous Type in Iqonic Wpbookit

🚨 CVE-2025-6058 — WordPress WPBookit ≤ 1.0.4 Unauthenticated Fil...

Exploit for Stack-based Buffer Overflow in Tenda Fh451_Firmware

CVE-2025-7795 – Tenda Router Buffer Overflow Exploit Auth...

openjdk: Glyph out-of-memory access and crash (Oracle CPU 2025-07)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: 2D. Supported versions that are affected are Oracle Java SE: 8u451, 8u451-perf, 11.0.27, 17.0.15, 21.0.7, 24.0.1; Oracle GraalVM for JDK: 17.0.15, 21.0.7 and 24.0.1;...

Exploit for CVE-2025-34077

CVE-2025-34077 — WordPress Pie Register ≤ 3.7.1.4 - Admin Priv...

CVE-2025-34083

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of CVE-2020-36849...

CVE-2025-4828

The Support Board plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the sbfiledelete function in all versions up to, and including, 3.8.0. This makes it possible for attackers to delete arbitrary files on the server, which can easily lead to...

WordPress WooBeWoo Product Filter Pro plugin < 2.9.6 - SQL Injection vulnerability

SQL Injection vulnerability discovered by Trương Hữu Phúc truonghuuphuc in WordPress Plugin WooBeWoo Product Filter Pro versions 2.9.6...

CVE-2024-20297

A vulnerability in the AnyConnect firewall for Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass a configured access control list ACL and allow traffic that should have been denied to flow throu...

CVE-2021-4419

The WP-Backgrounds Lite plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions up to, and including, 2.3. This is due to missing or incorrect nonce validation on the inosavedata function. This makes it possible for unauthenticated attackers to save meta data via a forged...

Exploit for CVE-2025-47646

CVE-2025-47646 PoC Unauthenticated Privilege Escalation explo...

📄 RemotePC Remote Code Execution

RemotePC suffers from an unauthenticated remote code execution vulnerability. The release for this on github offers no version information. Exploit Title: RemotePC - Unauthenticated RCE Date: 2025-04-14 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://github.com/akoc95/RemotePC Version: latest...

📄 RosarioSIS SQL Injection

RosarioSIS versions prior to 7.6.1 suffer from a remote unauthenticated SQL injection vulnerability. Exploit Title: RosarioSIS $votesarray && if ! empty $votesarray && PortalPollsVote $pollid, $votesarray votes'; CREATE TABLE aaat text --=1...

MagnusSolution magnusbilling 7.3.0 - Command Injection

Exploit Title: MagnusSolution magnusbilling 7.3.0 - Command Injection Date: 2024-10-26 Exploit Author: CodeSecLab Vendor Homepage: https://github.com/magnussolution/magnusbilling7 Software Link: https://github.com/magnussolution/magnusbilling7 Version: 7.3.0 Tested on: Centos CVE : CVE-2023-30258...

WordPress Bricks Builder 1.9.6 Remote Code Execution

WordPress Bricks Builder plugin versions 1.9.6 and below unauthenticated remote code execution exploit...

CVE-2024-8984

A Denial of Service DoS vulnerability exists in berriai/litellm version v1.44.5. This vulnerability can be exploited by appending characters, such as dashes -, to the end of a multipart boundary in an HTTP request. The server continuously processes each character, leading to excessive resource...