150877 matches found
Exploit for CVE-2026-53359
CVE-2026-53359 A 16-year-old bug in the Linux kernel lets a re...
Exploit for Use After Free in Linux Linux_Kernel
CVE-2026-43499 for popsicle This repository contains the CV...
Exploit for Improper Authentication in Google Android
BT-HID-PoC — CVE-2023-45866 Interactive Wizard DISCLAIMER...
stellaswap-v040-poc
PoC V-040 — Flash-vote Bribe Theft en StellaSwap Proof of...
Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below
CVE-2025-27591-PoC CVE-2025-27591 PoC — Below Local Privileg...
Exploit for Use After Free in Linux Linux_Kernel
Logitech G Cloud · CVE-2026-43499 Root Attempt Note: F...
EUVD-2025-210470
A null pointer dereference vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, affecting the ReadRevisionAttribute function used in multiple clusters Channel, Account Login, TargetNavigator, etc.. The function lacks proper validation of the delegate pointer before dereferencing. ...
Security Bulletin: Multiple Vulnerabilities in IBM API Connect
Summary Multiple vulnerabilities were addressed in IBM API Connect version v12.1.1.1 Vulnerability Details CVEID:CVE-2026-42342 DESCRIPTION: React Router is a router for React. In versions 7.0.0 through 7.14.x of react-router and versions 2.10.0 through 2.17.4 of @remix-run/server-runtime, certai...
CVE-2025-56363
A null pointer dereference vulnerability exists in the Matter SDK connectedhomeip before 1.4.0, affecting the ReadRevisionAttribute function used in multiple clusters Channel, Account Login, TargetNavigator, etc.. The function lacks proper validation of the delegate pointer before dereferencing. ...
CVE-2026-50130
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to 6.4.2, a user with code execution as the unprivileged pihole user can escalate to root by replacing /etc/pihole/logrotate. The replacement is laundered to root:root...
JLSEC-2026-709
wolfSSL 5.8.4 on RISC-V RV32I architectures lacks a constant-time software implementation for 64-bit multiplication. The compiler-inserted muldi3 subroutine executes in variable time based on operand values. This affects multiple SP math functions sp256mul9, sp256sqr9, etc., leading to a timing...
CVE-2026-50130
CVE-2026-50130 : Pi-hole on versions 6.0–6.4.2 is vulnerable to local privilege escalation from the unprivileged pihole user to root via replacement of /etc/pihole/logrotate. The attack works because the replacement is laundered to root:root by pihole-FTL-prestart.sh and then parsed as root by th...
CVE-2026-50130
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to 6.4.2, a user with code execution as the unprivileged pihole user can escalate to root by replacing /etc/pihole/logrotate. The replacement is laundered to root:root...
CVE-2026-50130 Pi-hole: Local privilege escalation from `pihole` user to root via `/etc/pihole/logrotate`
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to 6.4.2, a user with code execution as the unprivileged pihole user can escalate to root by replacing /etc/pihole/logrotate. The replacement is laundered to root:root...
EUVD-2026-44529
Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to 6.4.2, a user with code execution as the unprivileged pihole user can escalate to root by replacing /etc/pihole/logrotate. The replacement is laundered to root:root...
CVE-2026-49978
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Prior to 3.4.7, DOMPurify INPLACE sanitization could skip shadow contents attached to an element inside .content, allowing attacker-controlled markup such as event handlers, JavaScript URLs, or scripts to survive an...
CVE-2026-49458
DOMPurify is a DOM-only cross-site scripting sanitizer for HTML, MathML, and SVG. Prior to 3.4.6, DOMPurify.sanitizenode, INPLACE: true accepted same-origin foreign-realm DOM nodes while follow-on checks used parent-realm constructors, causing instanceof checks for forms, named node maps, documen...
GHSA-CM26-5974-52H8 nebula-mesh: Certificate revocation is never enforced at the mesh
Summary nebula-mesh revokes a host by adding its certificate fingerprint to a per-CA blocklist and shipping that list to every other agent on each poll. Slack's Nebula enforces certificate revocation ONLY through the pki.blocklist list in config.yml no CRL/OCSP. The project's own code states this...
nebula-mesh: Certificate revocation is never enforced at the mesh
Summary nebula-mesh revokes a host by adding its certificate fingerprint to a per-CA blocklist and shipping that list to every other agent on each poll. Slack's Nebula enforces certificate revocation ONLY through the pki.blocklist list in config.yml no CRL/OCSP. The project's own code states this...
GHSA-MF78-3RPF-R784 Anyquery: Local File Read (LFR) via Unrestricted SQLite Virtual Table Modules in Server Mode
Summary Anyquery's server mode lacks input sanitization and access control over its built-in SQLite virtual table modules e.g., csvreader, logreader. Unauthenticated attackers connecting to the MySQL-compatible server port can create virtual tables pointing to local files on the system e.g.,...