Microsoft Locks Down IE Mode After Hackers Turned Legacy Feature Into Backdoor

Microsoft said it has revamped the Internet Explorer IE mode in its Edge browser after receiving "credible reports" in August 2025 that unknown threat actors were abusing the backward compatibility feature to gain unauthorized access to users' devices. "Threat actors were leveraging basic social...

EUVD-2017-16284

Malware in sbrugna...

EUVD-2022-1395

Malicious code in bioql PyPI...

EUVD-2025-15130

Malicious code in bioql PyPI...

Vulnlab

It is an offensive tool for learning and documentation. This rep...

vuln

Vuln A simple program for practicing buffer overflow attacks...

RiteCMS-2.0-RCE-PoC

RiteCMS 2.0 Remote Code Execution PoC This is a proof-of-conc...

Exploit for CVE-2025-32023

CVE-2025-32023 - Redis Remote Code Execution RCE 🚨 🧠 Ove...

Exploit for Missing Authentication for Critical Function in Oracle Weblogic_Server

CVE-2024-21006 PoC A CVE-2024-21006 é uma vulnerabilidade de...

CVE-2020-9081

There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. Vulnerability ID: HWPSIRT-2019-12144 This vulnerability has...

Exploit for CVE-2025-29927

CVE-2025-29927: Next.js Middleware Bypass Vulnerability PoC T...

Linux Distros Unpatched Vulnerability : CVE-2025-21700

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: sched: Disallow replacing of child qdisc from one parent to another Lion Ackermann was able to create a UAF which can be abused for privilege escalation wi...

acp2sev 7.2.2 Cross Site Scripting

acp2sev version 7.2.2 suffers from a persistent cross site scripting vulnerability. Exploit Title: Self Stored XSS - acp2sev7.2.2 Date: 02/2025 Exploit Author: Andrey Stoykov Version: 7.2.2 Tested on: Ubuntu 22.04 Blog: https://msecureltd.blogspot.com/2025/02/friday-fun-pentest-series-19-self.htm...

SSRF in sliver teamserver

Summary The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the operator instructed the implant to do so Reproduction steps Run server wget...

Exploit for Improper Privilege Management in Nagios Nagios_Xi

Vulnerability Report CVE Disovered by: Jarod Jaslow MAWK...

stored HTML-Injection in the FAQ-Proposal

Dear Ladies and Gentlemen, First of all, thank you for your time and effort in reading my Report. While doing the Penetration Test my Brother Josef Hassan [email protected] and I were able to identify another stored HTML-Injection Vulnerability in the FAQ-Proposal Form. The Process of the...

stored XSS through Question sending

Dear Ladies and Gentlemen, First of all, thank you for your time and effort in reading my Report. While doing the Penetration Test my Brother Ahmed Hassan [email protected] and I were able to identify another stored XSS Cross-Site-Scripting Injection Vulnerability. The Process of the...

Stored XSS - allows stealing Admin and Users Cookies

Dear Ladies and Gentlemen, First of all thank you for your time and effort in reading my Report. While doing the Penetration Test my Brother Ahmed Hassan [email protected] and I were able to identify a stored XSS Cross-Site-Scripting Vulnerability. The Process of the Vulnerability: Login ...

Send message in chat function with any username

Description In chat function, username is not validated. We can change username to any value we want which not match with logged in user. Exploitation steps: 1. Login with Phil1 account Patient account. 2. Send message via Burpsuite proxy 3. Modify username to any value you want I user "n00b" 4. ...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4Shell sample vulnerable application CVE-2021-44228 This...