1943 matches found
Exploit for CVE-2025-55182
CVE-2025-55182 Next.js RCE Exploit 🚀 !Pythonhttps://img.sh...
Sift or Get off the PoC: Applying Information Retrieval to Vulnerability Research with SiftRank
Security research is fundamentally a problem of resource constraint and consequent prioritization. There is simply too much attack surface and too little time and energy to spend analyzing it all. The most effective security researchers are often those who are most skilled at intuitively deciding...
CVE-2025-66559 Taiko Alethia Pacaya inbox verification pointer corruption
Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox.verifyBatches packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678 advanced the local tid to whatever...
CVE-2025-66559
CVE-2025-66559 affects Taiko Alethia (2.3.1 and earlier) due to a bug in TaikoInbox._verifyBatches: the function advances the local tid to a transition that matches the current blockHash before batch verification completes. If the verification loop breaks (e.g., cooldown window not passed or tran...
CVE-2025-66559 Taiko Alethia Pacaya inbox verification pointer corruption
Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox.verifyBatches packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678 advanced the local tid to whatever...
CVE-2025-66559 Taiko Alethia Pacaya inbox verification pointer corruption
Taiko Alethia is an Ethereum-equivalent, permissionless, based rollup designed to scale Ethereum without compromising its fundamental properties. In 2.3.1 and earlier, TaikoInbox.verifyBatches packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678 advanced the local tid to whatever...
CVE-2025-14012
A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing a manipulation can lead to sql injection. The attack can be launched remotel...
CVE-2025-14012
A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing a manipulation can lead to sql injection. The attack can be launched remotel...
CVE-2025-14012
A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing a manipulation can lead to sql injection. The attack can be launched remotel...
CVE-2025-14012 JIZHICMS Batch Delete Comments deleteAll.html delete sql injection
A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing a manipulation can lead to sql injection. The attack can be launched remotel...
CVE-2025-14012
In JIZHICMS up to version 2.5.5, the Batch Delete Comments component exposes an SQL injection through the file /index.php/admins/Comment/deleteAll.html via the functions deleteAll, findAll, and delete. The issue is triggered by manipulated input and can be exploited remotely. Public exploit infor...
CVE-2025-14012 JIZHICMS Batch Delete Comments deleteAll.html delete sql injection
A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing a manipulation can lead to sql injection. The attack can be launched remotel...
Exploit for CVE-2025-66478
Next.js RSC RCE Scanner CVE-2025-66478 A command-line scann...
Exploit for CVE-2025-55182
Batch detecti...
JIZHICMS SQL注入漏洞
JIZHICMS Jizhi CMS is an open source content management system CMS from China Jizhi JIZHI. A SQL injection vulnerability exists in JIZHICMS 2.5.5 and earlier versions, which stems from incorrect operation of the component Batch Delete Comments in the file /index.php/admins/Comment/deleteAll.html,...
PT-2025-49105
A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing manipulation can lead to sql injection. The attack can be launched remotely...
PT-2025-49170
Name of the Vulnerable Software and Affected Versions Taiko Alethia versions prior to 2.3.1 Description Taiko Alethia, a permissionless rollup designed to scale Ethereum, contains an issue in the TaikoInbox. verifyBatches function packages/protocol/contracts/layer1/based/TaikoInbox.sol:627-678. T...
CVE-2025-13354 Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI <= 3.40.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Taxonomy Term Manipulation
The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.40.1. This is due to the plugin not properly verifying that a user is authorized to perform an action in the...
PT-2025-48807
Name of the Vulnerable Software and Affected Versions Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress versions through 3.40.1 Description The software is susceptible to authorization bypass due to improper verification of user authorization within the taxopres...
This Week in Spring - December 2nd, 2025
Hi, Spring fans! Welcome to another installment of This Week in Spring. By mistake, I inadvertently published older content in this installment, then tried to fix it and ended up re-publishing the same content. And, what's worse, I somehow ended up deleting the draft I had written for this...