Exploit for Unrestricted Upload of File with Dangerous Type in Sap Netweaver

CVE-2025-31324PoC Proof-of-Concept for CVE-2025-31324: Unauth...

GHSA-6P68-W45G-48J7 Traefik has a possible vulnerability with its path matchers

Impact There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backend using a matcher based on the path, if the URL contains a /../ in its path, it’s possible to target a backend,...

Apache Commons Text 1.10.0 - Remote Code Execution

Exploit Title: Apache Commons Text 1.10.0 - Remote Code Execution Text4Shell - POST-based Date: 2025-04-17 Exploit Author: Arjun Chaudhary Vendor Homepage: https://commons.apache.org/proper/commons-text/ Software Link:https://repo1.maven.org/maven2/org/apache/commons/commons-text/ Version: Apache...

Exploit for CVE-2025-2294

🚨 Kubio AI Page Builder = 2.5.1 - Unauthenticated Local File...

DocsGPT 0.12.0 - Remote Code Execution

Exploit Title: DocsGPT 0.12.0 - Remote Code Execution Date: 09/04/2025 Exploit Author: Shreyas Malhotra OSMSEC Vendor Homepage: https://github.com/arc53/docsgpt Software Link: https://github.com/arc53/DocsGPT/archive/refs/tags/0.12.0.zip Version: 0.8.1 through 0.12.0 Tested on: Debian Linux/Ubunt...

MAL-2025-3118 Malicious code in rzp-ionic3-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9cfbb00d339b881a5d6c275d13e76761973d000bf055e23329150e4105bafb62 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in rzp-ionic3-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9cfbb00d339b881a5d6c275d13e76761973d000bf055e23329150e4105bafb62 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-3124 Malicious code in twc-app-example-vue (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 274ea59bea6b31be4c1b08dce0b142ccdff5b3d9541c5edecd6cab49226d93cd Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in ehackify-example-test (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 60ffba72c4fb6005e35ffd9acb8fde18eaa73f3c647a76de85a153ed9b5f0a89 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-46988

Path Traversal vulnerability in ONLYOFFICE Document Server before v8.0.1 allows a remote attacker to copy arbitrary files by manipulating the fileExt parameter in the /example/editor endpoint, leading to unauthorized access to sensitive files and potential Denial of Service DoS...

CVE-2025-21895 perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list

In the Linux kernel, the following vulnerability has been resolved: perf/core: Order the PMU list to fix warning about unordered pmuctxlist Syskaller triggers a warning due to prevepc-pmu != nextepc-pmu in perfeventswaptaskctxdata. vmcore shows that two lists have the same perfeventpmucontext, bu...

CVE-2025-30427

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash...

Malicious code in arkose-labs-react-native-example (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in test-module-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 936d1f3885f80ebd88a5759f2792d177f66cd8be5c5c901d948d27d531f31b54 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

Tomcat CVE-2025-24813 playground ===============================...

Exploit for CVE-2025-30208

Blog Recommendations https://w8ay.fun/toc Recently, a po...

Malicious code in redux-debounce-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aca08bddcbc410d19f5cc85276c487b26f76e578993be572baf88e57b23ed48c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Application Accounts Manager 1.0 Cross Site Scripting

Application Accounts Manager version 1.0 suffers from a persistent cross site scripting vulnerability. Exploit Title: Stored XSS on application-accounts-manager 1.0 Date: 03.14.2025 Exploit Author: Ümit AYAZ Vendor Homepage: www.sourcecodester.com Software Link:...

CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

Exploit for Missing Authorization in Xlplugins Finale

CVE-2024-30485 Exploit 📌 Overview CVE-2024-30485 is a...