408 matches found
Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo
Heavily influenced/copied/based on the format of a similar repo...
PT-2026-6421
Summary 1. A hardcoded secret key used for signing JWTs is checked into source code 2. ManyAPI routes do not check authentication Details I am using the publicly available docker image at ghcr.io/maziggy/bambuddy 1. Hardcoded JWT Secret Key...
CVE-2021-31821
When the Windows Tentacle docker image starts up it logs all the commands that it runs along with the arguments, which writes the Octopus Server API key in plaintext. This does not affect the Linux Docker image...
CVE-2020-10952
GitLab EE/CE 8.11 through 12.9.1 allows blocked users to pull/push docker images...
CVE-2024-41663
Canarytokens help track activity and actions on a network. A Cross-Site Scripting vulnerability was identified in the "Cloned Website" Canarytoken, whereby the Canarytoken's creator can attack themselves. The creator of a slow-redirect Canarytoken can insert Javascript into the destination URL of...
GHSA-GQFV-G4V7-M366 SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE
Summary Function importZipMd is vulnerable to ZipSlip which allows an authenticated user to overwrite files on the system. Details An authenticated user with access to the import functionality in notes is able to overwrite any file on the system, the vulnerable function is importZipMd, this can...
SiYuan: ZipSlip -> Arbitrary File Overwrite -> RCE
Summary Function importZipMd is vulnerable to ZipSlip which allows an authenticated user to overwrite files on the system. Details An authenticated user with access to the import functionality in notes is able to overwrite any file on the system, the vulnerable function is importZipMd, this can...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 React2Shell 핵심 패키지 📦 포함 파일 1. 취약한 Do...
Exploit for Use After Free in Redis
CVE-2025-49844 My personal proof-of-concept for CVE-2025-498...
LinkPro Linux Rootkit Uses eBPF to Hide and Activates via Magic TCP Packets
An investigation into the compromise of an Amazon Web Services AWS-hosted infrastructure has led to the discovery of a new GNU/Linux rootkit dubbed LinkPro , according to findings from Synacktiv. "This backdoor features functionalities relying on the installation of two eBPF extended Berkeley...
EUVD-2014-5173
Malware in sbrugna...
EUVD-2020-23140
Malware in sbrugna...
EUVD-2020-23139
Malware in sbrugna...
EUVD-2020-23138
Malware in sbrugna...
EUVD-2020-22879
Malware in sbrugna...
EUVD-2016-0780
Malware in sbrugna...
EUVD-2020-23134
Malware in sbrugna...
EUVD-2020-23135
Malware in sbrugna...
EUVD-2021-26295
Malware in sbrugna...
EUVD-2020-23141
Malware in sbrugna...