348 matches found
Exploit for Deserialization of Untrusted Data in Facebook React
R2SAE - React2Shell Auto-Exploit A Firefox extension...
[SECURITY] Fedora 43 Update: kf6-kxmlgui-6.20.0-2.fc43
KDE Frameworks 6 Tier 3 solution for user-configurable main windows...
Amazon Linux 2023 : amazon-cloudwatch-agent (ALAS2023-2025-1275)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1275 advisory. net/url: insufficient validation of bracketed IPv6 hostnames The Parse function permitted values other than IPv6 addresses to be included in square brackets within the host component of a URL...
EUVD-2024-54360
Malicious code in bioql PyPI...
EUVD-2025-24816
Malicious code in bioql PyPI...
EUVD-2023-32613
Malicious code in bioql PyPI...
ICS-SimLab: A Containerized Approach for Simulating Industrial Control Systems for Cyber Security Research
Industrial Control Systems ICSs are complex interconnected systems used to manage process control within industrial environments, such as chemical processing plants and water treatment facilities. As the modern industrial environment moves towards Internet-facing services, ICSs face an increased...
Vanquish
It is an offensive tool for enumeration. The tool is called Vanquish, and it is designed to perform multiple active information gathering phases on a target system. It is built in Python and leverages various open-source enumeration tools on Kali Linux. The tool can be installed using the command...
Local Deep Research's API keys are stored in plain text
Affected Versions: 0.2.0 and = 1.0.0 Description: The library stored confidential information, including API keys, in a local SQLite database without encryption. This behavior was not clearly documented outside of the database architecture page. Users were not given the ability to configure the...
CVE-2025-7774
A security issue exists within the 5032 16pt Digital Configurable module’s web server. Intercepted session credentials can be used within a 3-minute timeout window, allowing unauthorized users to perform privileged actions...
CVE-2025-7774
A security issue exists within the 5032 16pt Digital Configurable module’s web server. Intercepted session credentials can be used within a 3-minute timeout window, allowing unauthorized users to perform privileged actions...
CVE-2025-7773
The CVE-2025-7773 entry relates to Rockwell Automation ArmorBlock 5000 I/O – Web Server, specifically the 5032 16pt Digital Configurable module. The root cause is a predictable session identifier: the web server’s session number increments at an interval correlated to the last two consecutive sig...
CVE-2025-7773 Rockwell Automation ArmorBlock 5000 I/O – Web Server Vulnerabilities
A security issue exists within the 5032 16pt Digital Configurable module’s web server. The web server’s session number increments at an interval that correlates to the last two consecutive sign in session interval, making it predictable...
CVE-2025-7774
CVE-2025-7774 affects the Rockwell Automation 5032 16pt Digital Configurable module, specifically its web server. The root issue is that intercepted session credentials can be reused within a short 3‑minute timeout window to perform privileged actions. This vulnerability arises from session handl...
PT-2025-33276 · Unknown · 5032 16Pt Digital Configurable Module
Name of the Vulnerable Software and Affected Versions: 5032 16pt Digital Configurable module affected versions not specified Description: A security issue exists within the web server of the 5032 16pt Digital Configurable module. Intercepted session credentials can be reused within a 3-minute...
RLSA-2025:7416 Important: gvisor-tap-vsock security update
A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding. Security Fixes: golang.org/x/crypto/ssh: Denial of Service in the Key Exchange of...
Exploit for Out-of-bounds Read in Citrix Netscaler_Application_Delivery_Controller
Citrix Bleed 2 PoC Scanner CVE-2025-5777 This script is a P...
CVE-2025-52999 jackson-core Has Potential for StackoverflowError if user parses an input file that contains very deeply nested data
jackson-core contains core low-level incremental "streaming" parser and generator abstractions used by Jackson Data Processor. In versions prior to 2.15.0, if a user parses an input file and it has deeply nested data, Jackson could end up throwing a StackoverflowError if the depth is particularly...
ALSA-2025:9150 Moderate: gvisor-tap-vsock security update
A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in...
ALSA-2025:9151 Moderate: gvisor-tap-vsock security update
A replacement for libslirp and VPNKit, written in pure Go. It is based on the network stack of gVisor. Compared to libslirp, gvisor-tap-vsock brings a configurable DNS server and dynamic port forwarding. Security Fixes: net/http: Request smuggling due to acceptance of invalid chunked data in...