CVE-2025-21895 perf/core: Order the PMU list to fix warning about unordered pmu_ctx_list

In the Linux kernel, the following vulnerability has been resolved: perf/core: Order the PMU list to fix warning about unordered pmuctxlist Syskaller triggers a warning due to prevepc-pmu != nextepc-pmu in perfeventswaptaskctxdata. vmcore shows that two lists have the same perfeventpmucontext, bu...

CVE-2025-30427

A use-after-free issue was addressed with improved memory management. This issue is fixed in Safari 18.4, iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, macOS Sequoia 15.4, tvOS 18.4, visionOS 2.4, watchOS 11.4. Processing maliciously crafted web content may lead to an unexpected Safari crash...

Malicious code in arkose-labs-react-native-example (npm)

--- -= Per source details. Do not edit below this line.=-...

Malicious code in test-module-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 936d1f3885f80ebd88a5759f2792d177f66cd8be5c5c901d948d27d531f31b54 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

Tomcat CVE-2025-24813 playground ===============================...

Exploit for CVE-2025-30208

Blog Recommendations https://w8ay.fun/toc Recently, a po...

Malicious code in redux-debounce-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aca08bddcbc410d19f5cc85276c487b26f76e578993be572baf88e57b23ed48c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Application Accounts Manager 1.0 Cross Site Scripting

Application Accounts Manager version 1.0 suffers from a persistent cross site scripting vulnerability. Exploit Title: Stored XSS on application-accounts-manager 1.0 Date: 03.14.2025 Exploit Author: Ümit AYAZ Vendor Homepage: www.sourcecodester.com Software Link:...

CVE-2025-22870

Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NOPROXY environment variable is set to ".example.com", a request to "::1%25.example.com:80 will incorrectly match and not be proxied...

Exploit for Missing Authorization in Xlplugins Finale

CVE-2024-30485 Exploit 📌 Overview CVE-2024-30485 is a...

Malicious code in ledger-node-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7407ff449f6702424fde06ca2cab289054c649439e98f9b863029a985e8cfcf7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2319 Malicious code in ledger-node-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7407ff449f6702424fde06ca2cab289054c649439e98f9b863029a985e8cfcf7 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2263 Malicious code in linear-file-upload-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware aef3f24b1e992b4ea2859eb439304d2d1ace859ae0cfd7581f2b0714bed88fab Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in example-nodejs-express (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cb2351b3777bfaea370237b22b5155a53e293162cb01bca791717b05107a4b7c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in psd2-registration-example-ts (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 25af145935a5862c0a59e1214fee5a5bac0c1a1a7dab55da992f29b8bfa68131 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in react-textfit-example (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cd133ed4ff9a23964d050578a197c7d8d9a45ba07d60f2d3b031b350bae49370 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-2257 Malicious code in example-nodejs-express (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware cb2351b3777bfaea370237b22b5155a53e293162cb01bca791717b05107a4b7c Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

War-FTPD 1.65 Denial of Service

War-FTPD version 1.65 proof of concept denial of service exploit that leverages a vulnerability originally discovered in 2024 by Fernando Mengali. ============================================================================================================================================= | Title ...

Apache NiFi 0.0.2 Remote Code Execution

Apache NiFi version 0.0.2 proof of concept remote code execution exploit that takes advantage of a flaw from 2023. ============================================================================================================================================= | Title : Apache NiFi 0.0.2 RCE...

MAL-2025-1583 Malicious code in example-javascript (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware f8f7b351d38960b71f0f51ada047da6ff08501cd8f58b679cbfd6e8c5cc7b032 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...