EUVD-2021-0134

Malware in sbrugna...

EUVD-2025-27269

Malicious code in bioql PyPI...

CVE-2025-58365 XWiki Blog Application: Privilege Escalation (PR) from account through blog content

The XWiki blog application allows users of the XWiki platform to create and manage blog posts. Prior to version 9.14, the blog application in XWiki allowed remote code execution for any user who has edit right on any page. Normally, these are all logged-in users as they can edit their own user...

PT-2025-36622

Impact The blog application in XWiki allowed remote code execution for any user who has edit right on any page. Normally, these are all logged-in users as they can edit their own user profile. To exploit, it is sufficient to add an object of type Blog.BlogPostClass to any page and to add some...

📄 Mezzanine CMS 6.1.0 Cross Site Scripting

Mezzanine CMS version 6.10 suffers from a persistent cross site scripting vulnerability. Exploit Title: Mezzanine CMS 6.1.0 Stored Cross Site Scripting XSS via component /blog/blogpost/add Date: 23/07/2025 Exploit Author: Kevin Dicks Vendor Homepage: https://github.com/stephenmcd/mezzanine Softwa...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via the title field of the component admin/blog/blogpost/add. An attacker can execute arbitrary web scripts or HTML by maliciously formatted blog post. Details Cross-site scripting or XSS is a code vulnerability...

mezzanine 安全漏洞

mezzanine is a CMS framework for Django by stephenmcd individual developers. A security vulnerability exists in mezzanine version v6.1.0, which stems from insufficient input validation in the /blog/blogpost/add component and could lead to a cross-site scripting attack...

Gftrace - A Command Line Windows API Tracing Tool For Golang Binaries

A command line Windows API tracing tool for Golang binaries. Note: This tool is a PoC and a work-in-progress prototype so please treat it as such. Feedbacks are always welcome! How it works? Although Golang programs contains a lot of nuances regarding the way they are built and their behavior in...

WordPress BlogPost - BlogPost Widgets - Amazing Blog Layouts Plugin <= 1.1 is vulnerable to Cross Site Scripting (XSS)

Software BlogPost - BlogPost Widgets - Amazing Blog Layouts Type Plugin Vulnerable versions = 1.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Cross Site Scripting XSS CVE CVE-2023-33999 Patch priority High CVSS severity High 7.1 Developer Claim ownership PSID 694940615fc3 Credits Rafie...

Malicious Package

Overview calandraca is a malicious package. The package's name is based on existing repositories, namespaces, or components used by popular companies in an effort to trick employees into downloading it, also known as 'dependency confusion'. Therefore, you're only vulnerable if this package was...

RCE Vulnerability in Hikvision Cameras (CVE-2021-36260)

Hikvision has released updates to mitigate a command injection vulnerability—CVE-2021-36260—in Hikvision cameras that use a web server service. A remote attacker could exploit this vulnerability to take control of an affected device. CISA encourages users and administrators to review Hikvision’s...

CVE-2020-19002

Cross Site Scripting XSS in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the 'Description' field of the component 'admin/blog/blogpost/add/'. This issue is different than CVE-2018-16632...

CVE-2020-19002

Cross Site Scripting XSS in Mezzanine v4.3.1 allows remote attackers to execute arbitrary code via the 'Description' field of the component 'admin/blog/blogpost/add/'. This issue is different than CVE-2018-16632...

Mezzanine 跨站脚本漏洞

Github Mezzanine, a content management platform, is vulnerable to a cross-site scripting vulnerability that originates from a cross-site scripting XSS vulnerability in Mezzanine v4.3.1. The vulnerability can be exploited to execute arbitrary code via the "Description" field of...

SSHPry v2.0 - Spy and Control os SSH Connected client's TTY

This is a second release of SSHPry tool, with multiple features added. Control of target's TTY Built-In Keylogger Console-Level phishing Record & Replay previous sessions Demo Blogpost: http://www.korznikov.com/2017/09/sshpry-v2-spy-control-ssh-connected.html Twitter: @nopernik Howto ./sshpry2.py...

Exploit for CVE-2019-1458

CVE-2019-1458: Going from 'in the wild report' to POC Intr...

DecryptTeamViewer - Enumerate And Decrypt TeamViewer Credentials From Windows Registry

Uses CVE-2019-18988 to enumerate and decrypt TeamViewer credentials from Windows registry. Blogpost detailing the vulnerability: https://whynotsecurity.com/blog/teamviewer/ Usage .\DecryptTeamViewer.exe Download DecryptTeamViewer...

LG Supersign EZ CMS - Remote Code Execution Exploit

This module requires Metasploit: http://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'LG Supersign EZ CMS RCE', 'Description' = %q LG SuperSignEZ CMS, that many LG SuperSign TVs have builtin, is prone to remote code execution due to...

SVG nanosvg Library Memory Corruption / Denial Of Service

The SVG library nanosvg 0 suffers from a memory corruption bug that can lead to at least DoS. The bug exists in the nsvgparseColorRGB function, which can be reached by parsing a malicious SVG file through nsvgParseFromFile or nsvgParse. This should also affect libraries/packages that provide...

Security Updates for Node.js and io.js

Networking applications using Node.js or io.js contain a vulnerability in the V8 JavaScript engine. Exploitation of this vulnerability may allow a remote attacker to cause a denial-of-service condition. Available updates include: node.js-v0.12.6 io.js-v2.2.3 io.js-v1.8.3 Users and administrators...