Astra Linux - уязвимость в ansible

A flaw was discovered in several Ansible modules, where parameters containing credentials, such as “secrets,” were logged in plain text on managed nodes, and were also made visible on the controller node when run in verbose mode. These parameters were not protected by the “nolog” feature. An...

Linux Distros Unpatched Vulnerability : CVE-2026-25918

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive...

UBUNTU-CVE-2026-25918

unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...

CVE-2026-25918

The CVE concerns the unity-cli tool (specifically the sign-package command in the package @rage-against-the-pixel/unity-cli). Before version 1.8.2, when invoked with --verbose, the command logs sensitive credentials in plaintext by serializing CLI arguments (including --email and --password) with...

CVE-2026-25918

unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...

CVE-2026-25918 unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)

unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...

CVE-2026-25918 unity-cli Exposes Plaintext Credentials in Debug Logs (sign-package command)

unity-cli is a command line utility for the Unity Game Engine. Prior to 1.8.2 , the sign-package command in @rage-against-the-pixel/unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments including --email and --password are output via...

PT-2026-7170

Name of the Vulnerable Software and Affected Versions unity-cli versions prior to 1.8.2 Description The sign-package command in unity-cli logs sensitive credentials in plaintext when the --verbose flag is used. Command-line arguments, including --email and --password, are output via JSON.stringif...

📄 MinIO RELEASE.2023-03-20T20-16-18Z Vulnerability Scanner

This PHP script is a command-line vulnerability scanner designed to detect CVE-2023-28432 in MinIO servers. The vulnerability allows unauthenticated access to sensitive environment variables through the /minio/bootstrap/v1/verify endpoint...

Exploit for CVE-2025-14847

CYBERDUDEBIVASH MONGODB DETECTOR TOOL v2026.1 Detect expose...

EUVD-2019-2236

Malware in sbrugna...

EUVD-2008-4559

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2019-10224

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in 389-ds-base versions 1.4.x.x before 1.4.1.3. When executed in verbose mode, the dscreate and dsconf commands may display sensitive...

Exploit for CVE-2025-54589

CVE-2025-54589 – Copyparty Reflected XSS Author: Byte Rea...

libarchive: Buffer Overflow vulnerability in libarchive

A flaw was found in the libarchive package. Affected versions of libarchive do not check a strftime return value, which can lead to a denial of service or unspecified other impacts via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be...

CVE-2025-25724

listitemverbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custo...

Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security

wordpress-really-simple-security-authn-bypass-exploit This is...

Nomore403 - Tool To Bypass 403/40X Response Codes

nomore403 is an innovative tool designed to help cybersecurity professionals and enthusiasts bypass HTTP 40X errors encountered during web security assessments. Unlike other solutions, nomore403 automates various techniques to seamlessly navigate past these access restrictions, offering a broad...

Juniper SRX Firewalls&EX switches - PreAuth Remote Code Execution Exploit

Exploit Title: juniper-SRX-Firewalls&EX-switches PreAuth-RCE PoC Description: This code serves as both a vulnerability detector and a proof of concept for CVE-2023-36845. It executes the phpinfo function on the login page of the target device, allowing to inspect the PHP configuration. also this...

KnockKnock - Enumerate Valid Users Within Microsoft Teams And OneDrive With Clean Output

Designed to validate potential usernames by querying OneDrive and/or Microsoft Teams, which are passive methods. Additionally, it can output/create a list of legacy Skype users identified through Microsoft Teams enumeration. Finally, it also creates a nice clean list for future usage, all conduct...