122175 matches found
Exploit for Use After Free in Linux Linux_Kernel
GhostLock — OnePlus Kernel exploit targeting locked-bootloade...
Exploit for CVE-2026-63030
WordPress REST API Batch Route Confusion + SQL Injection → RCE...
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
log4shell-scanner A dependency-free, defensive scanner for...
Exploit for OS Command Injection in Hikvision Ds-2Cd2026G2-Iu\/Sl_Firmware
HIKRAVEN 🛡️ Advanced Hikvision Security Assessmen...
Exploit for OS Command Injection in Zoneminder
CVE-2023-26039 Description ZoneMinder is a free, open sou...
CVE-2026-48049
@hapi/inert provides static file and directory handlers for hapi.js. From 4.0.0 to 7.1.0, @hapi/inert serves static files from a directory configured with path in the directory or file handlers or relativeTo for h.file, with confinement enforced by the confine option, but the confinement check...
EUVD-2026-45341
@hapi/inert provides static file and directory handlers for hapi.js. From 4.0.0 to 7.1.0, @hapi/inert serves static files from a directory configured with path in the directory or file handlers or relativeTo for h.file, with confinement enforced by the confine option, but the confinement check...
CVE-2026-48049
@hapi/inert provides static file and directory handlers for hapi.js. From 4.0.0 to 7.1.0, @hapi/inert serves static files from a directory configured with path in the directory or file handlers or relativeTo for h.file, with confinement enforced by the confine option, but the confinement check...
CVE-2026-48049 @hapi/inert: Static-file confinement bypass via sibling-prefix path
@hapi/inert provides static file and directory handlers for hapi.js. From 4.0.0 to 7.1.0, @hapi/inert serves static files from a directory configured with path in the directory or file handlers or relativeTo for h.file, with confinement enforced by the confine option, but the confinement check...
CVE-2026-48049
The CVE-2026-48049 issue affects @hapi/inert (versions 4.0.0–7.1.0). A confinement bypass was caused by a flawed raw string-prefix path check, allowing an unauthenticated remote attacker to read files via traversal (e.g., /..%2fstatic-secret/secret.txt). The vulnerability is mitigated by upgradin...
PRoot-Distro has Path Traversal in proot-distro copy — Arbitrary Read, Write, and Persistent Code Execution Outside Container Rootfs
Path Traversal in proot-distro copy — Arbitrary Read, Write, and Persistent Code Execution Outside Container Rootfs Repository https://github.com/termux/proot-distro Maintainer: @sylirre Affected Component Package: proot-distro Affected command: copy Attack surface: Host-side Termux CLI — this is...
GHSA-MFR4-MQ8W-VMG6 PRoot-Distro has Path Traversal in proot-distro copy — Arbitrary Read, Write, and Persistent Code Execution Outside Container Rootfs
Path Traversal in proot-distro copy — Arbitrary Read, Write, and Persistent Code Execution Outside Container Rootfs Repository https://github.com/termux/proot-distro Maintainer: @sylirre Affected Component Package: proot-distro Affected command: copy Attack surface: Host-side Termux CLI — this is...
ExifReader HEIC/AVIF ISO-BMFF parser throws uncaught RangeError on truncated boxes
Summary ExifReader 4.40.0 can throw an uncaught RangeError: Offset is outside the bounds of the DataView while parsing crafted HEIC/AVIF files. The file only needs a valid leading ftyp box with a HEIC/AVIF major brand followed by a malformed ISO-BMFF box, such as an empty 8-byte free box or a...
GHSA-G77H-45RF-HCX4 ExifReader HEIC/AVIF ISO-BMFF parser throws uncaught RangeError on truncated boxes
Summary ExifReader 4.40.0 can throw an uncaught RangeError: Offset is outside the bounds of the DataView while parsing crafted HEIC/AVIF files. The file only needs a valid leading ftyp box with a HEIC/AVIF major brand followed by a malformed ISO-BMFF box, such as an empty 8-byte free box or a...
GHSA-937X-GPQR-72GG Flask-Reuploaded: Extension-denylist bypass via case-folding asymmetry in name-override path (incomplete-fix variant of CVE-2026-27641)
Header | Field | Value | |---|---| | Title | Extension-denylist bypass via case-folding asymmetry in name-override path incomplete-fix variant of CVE-2026-27641 | | Project | Flask-Reuploaded flaskuploads | | Affected | extension"shell.php" = "php" - extensionallowed"php" - DENY correct...
Flask-Reuploaded: Extension-denylist bypass via case-folding asymmetry in name-override path (incomplete-fix variant of CVE-2026-27641)
Header | Field | Value | |---|---| | Title | Extension-denylist bypass via case-folding asymmetry in name-override path incomplete-fix variant of CVE-2026-27641 | | Project | Flask-Reuploaded flaskuploads | | Affected | extension"shell.php" = "php" - extensionallowed"php" - DENY correct...
Exploit for Deserialization of Untrusted Data in Snakeyaml_Project Snakeyaml
Sean's Surf & Skate Co. — Seal Security Demo Maven / Java A...
Exploit for Deserialization of Untrusted Data in Snakeyaml_Project Snakeyaml
yaml-payload A SnakeYAML deserialization exploit payload for...
GHSA-2V2F-MVFG-PH56 meta-ads-mcp: X-Pipeboard-Token Header Auth Bypass Reuses Operator Meta Token
X-Pipeboard-Token Header Auth Bypass Reuses Operator Meta Token Summary AuthInjectionMiddleware in meta-ads-mcp rejects HTTP MCP requests only when both authtoken and pipeboardtoken are absent. Because extracttokenfromheaders does not recognise the X-Pipeboard-Token header, an attacker who sends...
meta-ads-mcp: X-Pipeboard-Token Header Auth Bypass Reuses Operator Meta Token
X-Pipeboard-Token Header Auth Bypass Reuses Operator Meta Token Summary AuthInjectionMiddleware in meta-ads-mcp rejects HTTP MCP requests only when both authtoken and pipeboardtoken are absent. Because extracttokenfromheaders does not recognise the X-Pipeboard-Token header, an attacker who sends...