SUSE CVE-2025-68131

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...

PT-2026-20429

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A deadlock situation can occur in the Linux kernel related to tracing and System Call Interface SBI Extended Call ECALL functionality on RISC-V systems. Specifically, if functions within...

PT-2026-28661

Name of the Vulnerable Software and Affected Versions polkit affected versions not specified Description A flaw exists in polkit where a local user can trigger a denial of service. This occurs by providing a specially crafted, excessively long input to the polkit-agent-helper-1 setuid binary via...

CVE-2025-15255

A vulnerability was determined in Tenda W6-S 1.0.0.4510. This impacts an unknown function of the file /bin/httpd of the component R7websSsecurityHandler. Executing a manipulation of the argument Cookie can lead to stack-based buffer overflow. The attack may be launched remotely. The exploit has...

nightmare-exploit-roadmap

🧠 Nightmare Exploitation Roadmap This repository is not a r...

CVE-2025-68131

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...

CVE-2025-68131 CBORDecoder reuse can leak shareable values across decode calls

cbor2 provides encoding and decoding for the Concise Binary Object Representation CBOR serialization format. Starting in version 3.0.0 and prior to version 5.8.0, whhen a CBORDecoder instance is reused across multiple decode operations, values marked with the shareable tag 28 persist in memory an...

WordPress Binary MLM Woocommerce plugin <= 2.0 - Reflected Cross-Site Scripting via 'page' vulnerability

Reflected Cross-Site Scripting via 'page' vulnerability discovered by vgo0 in WordPress Plugin Binary MLM Woocommerce versions = 2.0...

WordPress Binary MLM Plan plugin <= 3.0 - Unauthenticated Limited Privilege Escalation vulnerability

Unauthenticated Limited Privilege Escalation vulnerability discovered by Jonas Benjamin Friedli in WordPress Plugin Binary MLM Plan versions = 3.0...

CVE-2022-50883

CVE-2022-50883 concerns the Linux kernel, where a bpf-related vulnerability allowed a decl_tag to be referenced in a function prototype argument. The issue surfaces when parsing BTF/func_proto during bpf_btf_load and related paths, as Syzkaller traced an offending decl_tag usage through btf_func_...

CVE-2022-50862 bpf: prevent decl_tag from being referenced in func_proto

In the Linux kernel, the following vulnerability has been resolved: bpf: prevent decltag from being referenced in funcproto Syzkaller was able to hit the following issue: ------------ cut here ------------ WARNING: CPU: 0 PID: 3609 at kernel/bpf/btf.c:1946 btftypeidsize+0x2d5/0x9d0...

VAPT-Task-3-PTES

VAPT Task-3 – Advanced Exploitation & PTES Report 👤 Author...

Apache Tika JAR Detection

Binary data apachetikajardetect.nbin...

Autodesk Shared Components Installed (Windows)

Binary data autodesksharedcomponentswininstalled.nbin...

Microsoft Azure Guest Agent Installed (Windows)

Binary data microsoftazureguestagentwininstalled.nbin...

EUVD-2025-205618

An issue was discovered in function dprintcompinner in file cp-demangle.c in BinUtils 2.26 allows attackers to cause a denial of service via crafted PE file...

UBUNTU-CVE-2025-66861

An issue was discovered in function dunqualifiedname in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file...

binary-exploitation-learning

No d...

CVE-2019-25257

CVE-2019-25257 affects LogicalDOC Enterprise 7.7.4. The vulnerability arises from insufficient validation of binary paths when modifying system settings, allowing authenticated users to manipulate configuration parameters (e.g., antivirus.command, ocr.Tesseract.path) to execute arbitrary OS comma...

CVE-2019-25257 LogicalDOC Enterprise 7.7.4 Authenticated Command Execution via Binary Path Manipulation

LogicalDOC Enterprise 7.7.4 contains multiple authenticated OS command execution vulnerabilities that allow attackers to manipulate binary paths when changing system settings. Attackers can exploit these vulnerabilities by modifying configuration parameters like antivirus.command,...