VulnCheck KEV: CVE-2023-52076

Atril Document Viewer is the default document reader of the MATE desktop environment for Linux. A path traversal and arbitrary file write vulnerability exists in versions of Atril prior to 1.26.2. This vulnerability is capable of writing arbitrary files anywhere on the filesystem to which the use...

📄 Zimbra Collaboration Suite Postjournal 9.0.0 Remote Command Execution

A critical vulnerability exists in the Zimbra Collaboration Suite ZCS PostJournal service that allows attackers to execute arbitrary system commands without authentication. The vulnerability is triggered through SMTP injection using a malicious RCPT TO parameter. This exploit provides full remote...

📄 Cacti 1.2.29 Remote Command Execution

Proof of concept exploit that demonstrates how authenticated users with access to Graph Templates in Cacti can abuse RRD invocation parameters to write arbitrary PHP files, then trigger execution leading to remote command execution. Version 1.2.29 is affected...

Linksys E1200 Router Firmware <= 2.0.11.001 Multiple Vulnerabilities

Linksys E1200 routers are prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CS-Cart-POC

CS-Cart RCE & LFI Exploit Developed by: Strikoder Tes...

Exploit for CVE-2025-9074

CVE-2025-9074 Exploit Tool A sophisticated exploitation frame...

MAL-2025-192361 Malicious code in datadog-checks-base (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 0c81f3e37fe2d626410665826364d682e76edf32642b1cf36d4b12b987a9b102 The package datadog-checks-base was found to contain malicious code. Source: ghsa-malware...

MAL-2025-192362 Malicious code in evil-rce2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 63a6a4d1f5ad55b3b2b836b95a7153f322bb4ea2f718f665a51a4a94f32576d5 Running the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-12-evil-rce...

Malicious code in telco (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 55c8199592663c3f388cba22988800084bbc3a5696279eb22c53e837c1d8ac40 Running the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-12-evil-rce...

MAL-2025-192353 Malicious code in fdir1 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7ba081e2ca3fffe519e73fc13330df7332fbaf118aa8f6c193b43e9b2ce8a5ce The package fdir1 was found to contain malicious code. Source: ossf-package-analysis 8f5aefdb4168145eaa4b092c9e5f4fbd482f9fbd1fc0328b3272f3e2067731e8...

Malicious code in ssf-desktop-api-openfin (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 367b2689b7d50c48e26747ef1edce3a36165d64fd361ad3fc19f1c52fce204f9 The package ssf-desktop-api-openfin was found to contain malicious code. Source: ossf-package-analysis...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Advanced Scanner A comprehensive command-line...

MAL-2025-192351 Malicious code in evil-rce (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 74a74a4133ed8082eba8452bb59a82dcf6975e1e8c4d6630a47088c17d6b6cca Running the module starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign: 2025-12-evil-rce...

Exploit for Deserialization of Untrusted Data in Facebook React

RSC Hunter rschunter RSC Hunter is a high-performance,...

CVE-2025-14108

A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safedir causes command injection. It is possible to initiate...

EUVD-2025-201423

A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint...

EUVD-2025-201427

An issue was discovered in Fanvil x210 V2 2.12.20 allowing unauthenticated attackers on the local network to execute arbitrary system commands...

CVE-2025-64053

A Buffer overflow vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint...

CVE-2025-64054

A reflected Cross Site Scripting XSS vulnerability on Fanvil x210 2.12.20 devices allows attackers to cause a denial of service or potentially execute arbitrary commands via crafted POST request to the /cgi-bin/webconfig?page=upload&action=submit endpoint...

Exploit for CVE-2025-55182

Verification shell nuclei -l urls...