48 matches found
HTTP Fetch
Fetch and execute a script to determine the host arch and execute a payload from an HTTP server. Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule include...
HTTPS Fetch
Fetch and execute a script to determine the host arch and execute a payload from an HTTPS server. Module Options This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule include...
CVE-2026-7045
A vulnerability was determined in baomidou dynamic-datasource 2.5.0. Affected by this vulnerability is the function DsSpelExpressionProcessordoDetermineDatasource of the file dynamic-datasource-spring/src/main/java/com/baomidou/dynamic/datasource/processor/DsSpelExpressionProcessor.java of the...
CVE-2025-67653
Advantech WebAccess/SCADA is vulnerable to directory traversal, which may allow an attacker to determine the existence of arbitrary files...
INTERN(al) MSRC variant hunting: From multi-tenant authorization to Model Context Protocol
When security researchers submit a vulnerability report to MSRC, the Vulnerabilities and Mitigations V&M team reviews it, reproduces the issue, and determines severity. The team reviews all submissions from internal and external security researchers...
efi: Don't map the entire mokvar table to determine its size
...
EUVD-2019-10708
Malware in sbrugna...
EUVD-2019-10709
Malware in sbrugna...
EUVD-2019-10710
Malware in sbrugna...
CVE-2025-8570
The BeyondCart Connector plugin for WordPress (versions 1.4.2 through 2.1.0) is affected by Privilege Escalation due to improper JWT secret management and authorization in the determine_current_user filter. This allows unauthenticated attackers to craft valid JWTs and impersonate any user (includ...
CVE-2025-8570 BeyondCart Connector <= 2.1.0 - Missing Configuration of JWT Secret to Unauthenticated Privilege Escalation via determine_current_user Filter
The BeyondCart Connector plugin for WordPress is vulnerable to Privilege Escalation due to improper JWT secret management and authorization within the determinecurrentuser filter in versions 1.4.2 through 2.1.0. This makes it possible for unauthenticated attackers to craft valid tokens and assume...
Malicious code in determine-remain-about (npm)
The package determine-remain-about was found to contain malicious code...
MAL-2025-43979 Malicious code in determine-remain-about (npm)
The package determine-remain-about was found to contain malicious code...
CVE-2025-9394
A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host...
Use After Free
Amendment This was deemed not a vulnerability. Overview Affected versions of this package are vulnerable to Use After Free via the DetermineDataType function in the PDF Dictionary Parser component. An attacker can execute arbitrary code or cause a denial of service by manipulating memory after it...
UBUNTU-CVE-2025-9394
A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host...
CVE-2025-9394 PoDoFo PDF Dictionary PdfTokenizer.cpp DetermineDataType use after free
A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host...
CVE-2025-9394 PoDoFo PDF Dictionary PdfTokenizer.cpp DetermineDataType use after free
A flaw has been found in PoDoFo 1.1.0-dev. This issue affects the function PdfTokenizer::DetermineDataType of the file src/podofo/main/PdfTokenizer.cpp of the component PDF Dictionary Parser. Executing manipulation can lead to use after free. It is possible to launch the attack on the local host...
PoDoFo 安全漏洞
PoDoFo is a free portable C++ library open-sourced by PoDoFo. A security vulnerability exists in PoDoFo version 1.1.0-dev, which originates from a post-release reuse of the PdfTokenizer::DetermineDataType function in the src/podofo/main/PdfTokenizer.cpp file...
CVE-2019-20154
An issue was discovered in Determine formerly Selectica Contract Lifecycle Management CLM v5.4. A cross-site scripting XSS vulnerability in multiple getchart.jsp parameters allows remote attackers to inject arbitrary web script or HTML...