Exploit for Deserialization of Untrusted Data in Apache Parquet_Java

TRAI-001 CVE-2025-30065: Apache Parquet Remote Code Execution...

GHSA-7Q5R-7GVP-WC82 Zip Exploit Crashes Picklescan But Not PyTorch

Summary PickleScan is vulnerable to a ZIP archive manipulation attack that causes it to crash when attempting to extract and scan PyTorch model archives. By modifying the filename in the ZIP header while keeping the original filename in the directory listing, an attacker can make PickleScan raise...

Exploit for Unrestricted Upload of File with Dangerous Type in Git

CVE-2024-32002 RCE PoC Overview This repository contains...

PT-2025-9821

Name of the Vulnerable Software and Affected Versions Kibana versions 8.15.0 through 8.17.2 Description Prototype pollution in Kibana leads to arbitrary code execution via a crafted file upload and specifically crafted HTTP requests. In Kibana versions = 8.15.0 and 8.17.1, this is exploitable by...

Wazuh 4.4.0 Remote Code Execution

Wazuh version 4.4.0 proof of concept remote code execution exploit with a reverse shell. ============================================================================================================================================= | Title : Wazuh v4.4.0 PHP Code Injection Vulnerability | | Author...

HTTP Fetch, Reverse TCP Stager

Fetch and execute an MIPSLE payload from an HTTP server. Connect back to the attacker Module Options msf use payload/cmd/linux/http/mipsle/meterpreter/reversetcp msf payloadreversetcp show actions ...actions... msf payloadreversetcp set ACTION msf payloadreversetcp show options ...show and set...

CVE-2025-1240

WinZip 7Z File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of WinZip. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or op...

CVE-2020-8850

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foxit Reader 9.7.0.29455. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Security Vulnerabilities fixed in Firefox 135 — Mozilla

An attacker could have caused a use-after-free via crafted XSLT data, leading to a potentially exploitable crash. An attacker could have caused a use-after-free via the Custom Highlight API, leading to a potentially exploitable crash. The fullscreen notification is prematurely hidden when...

KLA79487 Multiple vulnerabilities in Mozilla Firefox ESR

Multiple vulnerabilities were found in Mozilla Firefox ESR. Malicious users can exploit these vulnerabilities to bypass security restrictions, execute arbitrary code, cause denial of service, obtain sensitive information. Below is a complete list of vulnerabilities: 1. Security vulnerability in c...

CVE-2024-53526

composio =0.5.40 is vulnerable to Command Execution in composioopenai, composioclaude, and composiojulep via the handletoolcalls function...

Exploit for Integer Overflow or Wraparound in Microsoft

CVE-2024-49112-PoC CVE-2024-49112 LDAP RCE PoC and Metasploit...

Exploit for Code Injection in Rejetto Http_File_Server

HFS2.3poc HFS2.3未经身份验证的远程代码执行CVE-2024-23692 python HFS2.3...

IrfanView DXF File Parsing Out-Of-Bounds Read Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of IrfanView. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of DXF files...

Siemens Tecnomatix Plant Simulation Memory Misreference Vulnerability

Siemens Tecnomatix Plant Simulation is an industrial control device from Siemens, Germany. Using the function of discrete event simulation for production volume analysis and optimization, and thus improve the manufacturing system performance. A memory misreference vulnerability exists in Siemens...

Mozilla Firefox post-release reuse vulnerability (CNVD-2024-40750)

Mozilla Firefox is an open source web browser from the Mozilla Foundation in the United States. Mozilla Firefox suffers from a post-release reuse vulnerability that can be exploited by an attacker to execute code in a content process...

Mozilla Thunderbird < 128.3.1

The version of Thunderbird installed on the remote Windows host is prior to 128.3.1. It is, therefore, affected by a vulnerability as referenced in the mfsa2024-52 advisory. - An attacker was able to achieve code execution in the content process by exploiting a use-after-free in Animation...

Google Chrome Autofill memory misreference vulnerability (CNVD-2024-38572)

Google Chrome is a web browser from Google, an American company. A memory misreference vulnerability exists in versions of Google Chrome prior to 128.0.6613.138, which stems from a messed up instruction responsible for freeing memory in Autofill. An attacker could exploit this vulnerability to...

Adobe Photoshop JP2 File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Adobe Photoshop. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of JP2...

Microsoft Azure Service Fabric servicefabricsdkstorage Uncontrolled Search Path Element Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Service Fabric for Microsoft Azure. Authentication is not required to exploit this vulnerability. The specific flaw exists within the installation of Service Fabric. When installed from the official...