EUVD-2026-21692

A Cross-site Scripting XSS vulnerability was identified in the fromdict method of the AppLollmsMessage class in parisneo/lollms prior to version 2.2.0. The vulnerability arises from the lack of sanitization or HTML encoding of the content field when deserializing user-provided data. This allows a...

HTTP Fetch, Windows x86 Bind Named Pipe Stager

Fetch and execute an x86 payload from an HTTP server. Listen for a pipe connection Windows x86 Module Options msf use payload/cmd/windows/http/x86/vncinject/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf payloadbindnamedpipe show options...

HTTP Fetch, Windows Command Shell, Hidden Bind TCP Inline

Fetch and execute an x86 payload from an HTTP server. Listen for a connection from certain IP and spawn a command shell. The shellcode will reply with a RST packet if the connections is not coming from the IP defined in AHOST. This way the port will appear as "closed" helping us to hide the...

HTTP Fetch, Windows Command Shell, Reverse TCP Stager

Fetch and execute an x86 payload from an HTTP server. Spawn a piped command shell staged. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/shell/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show...

HTTP Fetch, Reverse Ordinal TCP Stager (No NX or Win7)

Fetch and execute an x86 payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/windows/http/x86/patchupmeterpreter/reverseordtcp msf payloadreverseordtcp show actions ...actions... msf payloadreverseordtcp set ACTION msf payloadreverseordtcp show options...

HTTP Fetch, Windows shellcode stage, Windows x86 Bind Named Pipe Stager

Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Listen for a pipe connection Windows x86 Module Options msf use payload/cmd/windows/http/x86/custom/bindnamedpipe msf payloadbindnamedpipe show actions ...actions... msf payloadbindnamedpipe set ACTION msf...

HTTP Fetch, Windows shellcode stage, Hidden Bind TCP Stager

Fetch and execute an x86 payload from an HTTP server. Custom shellcode stage. Listen for a connection from a hidden port and spawn a command shell to the allowed host. Module Options msf use payload/cmd/windows/http/x86/custom/bindhiddentcp msf payloadbindhiddentcp show actions ...actions... msf...

EUVD-2025-24210

Malicious code in bioql PyPI...

CVE-2025-10244

A maliciously crafted HTML payload, when rendered by the Autodesk Fusion desktop application, can trigger a Stored Cross-site Scripting XSS vulnerability. A malicious actor may leverage this vulnerability to read local files or execute arbitrary code in the context of the current process...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

🤝 Show your support - give a ⭐️ if you liked the content | SHARE on Twitter | Follow me on --- 🐱‍💻 ✂️ 🤬 LOG4J Java exploit - WAF and patches bypass tricks 📝 Description CVE-2021-44228 works on: log4j: 2.0 Upper Lookup The UpperLookup converts the passed in argument to upper case. Presumably the...

📄 SharePoint Remote Code Execution

This payload is an HTTP request example of the SharePoint remote code execution vulnerability being exploited in the wild. POST /layouts/15/ToolPane.aspx?DisplayMode=Edit&a=/ToolPane.aspx HTTP/1.1 Host: x.x.x.x User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:120.0 Gecko/20100101...

OS Command Exec, Unix Command Shell, Reverse TCP SSL (via python)

Execute an OS command from PHP. Creates an interactive shell via python, uses SSL, encodes with base64 by design. Module Options msf use payload/php/unix/cmd/reversepythonssl msf payloadreversepythonssl show actions ...actions... msf payloadreversepythonssl set ACTION msf payloadreversepythonssl...

IBM Operational Decision Manager 跨站脚本漏洞

IBM Operational Decision Manager is a decision management solution from International Business Machines IBM used to help organizations better manage and enforce business rules and decisions. IBM Operational Decision Manager suffers from a cross-site scripting vulnerability that stems from the...

JFinalOA 安全漏洞

JFinalOA is an enterprise office system developed on the JFinal framework by rabbit individual developers. A security vulnerability exists in JFinalOA versions prior to v2025.01.01. An attacker exploiting this vulnerability could execute arbitrary web script or HTML via a specially crafted payloa...

Adobe Connect 跨站脚本漏洞

Adobe Connect is a software for creating meeting environments from the American company Audobee Adobe. Adobe Connect suffers from a cross-site scripting vulnerability that stems from the application's lack of effective filtering and escaping of user-supplied data, which can be exploited by an...

In Fluent Bit 2.1.8 through 2.2.1 a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly.

...

CVE-2023-49983

A cross-site scripting XSS vulnerability in the component /management/class of School Fees Management System v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the name parameter...

IBM CICS TX Advanced 跨站脚本漏洞

IBM CICS TX Advanced is a transaction processing monitoring system from International Business Machines IBM for running large-scale, high-transaction-volume applications in enterprise environments. A cross-site scripting vulnerability exists in IBM CICS TX Advanced version 10.1, which stems from...

Hotel Management System 跨站脚本漏洞

Hotel Management System is an MIS project based on a hotel management system. Hotel Management System v1.0 suffers from a cross-site scripting vulnerability that originates when the adults parameter in reservation.php is copied in plain text between tags in an HTML document, and any input is echo...

ZLMediaKiet Cross-Site Scripting Vulnerability

ZLMediaKiet is ZLMediaKiet open source a high-performance C++11-based operational-grade streaming media service framework . A security vulnerability exists in ZLMediaKiet versions v.4.0 and v.5.0, which stems from the presence of a cross-site scripting XSS vulnerability. An attacker can exploit t...