L-Soft LISTSERV 16.5 - Cross-Site Scripting

The REPORT after z but before a parameter in wa.exe in L-Soft LISTSERV 16.5 before 17 allows an attacker to conduct XSS attacks via a crafted URL. id: CVE-2023-27641 info: name: L-Soft LISTSERV 16.5 - Cross-Site Scripting author: ritikchaddha severity: medium description: | The REPORT after z but...

Sonatype Nexus Repository Manager <3.15.0 - Remote Code Execution

Sonatype Nexus Repository Manager before 3.15.0 is susceptible to remote code execution. id: CVE-2019-7238 info: name: Sonatype Nexus Repository Manager 3.15.0 - Remote Code Execution author: pikpikcu severity: critical description: Sonatype Nexus Repository Manager before 3.15.0 is susceptible t...

rConfig <=3.9.4 - SQL Injection

rConfig 3.9.4 and prior has unauthenticated snippets.inc.php SQL injection. Because nodes' passwords are stored in cleartext by default, this vulnerability leads to lateral movement, granting an attacker access to monitored network devices. id: CVE-2020-10549 info: name: rConfig 3.9.4 or apply th...

Joomla! Component OrgChart 1.0.0 - Local File Inclusion

A directory traversal vulnerability in the OrgChart comorgchart component 1.0.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1878 info: name: Joomla! Component OrgChart 1.0.0 - Local File Inclusion author:...

CVE-2010-3889

creationtimestamp| type| source ---|---|--- 2026-06-19 16:45:39+00:00| exploited| https://vulnerability.circl.lu/known-exploited-vulnerabilities-catalog/61bdff58-1d5c-4f34-80c6-4ceeea80b6d9 2026-06-23 14:04:10+00:00| exploited|...

Photon OS 4.0: Dotnet PHSA-2026-4.0-1036

An update of the dotnet package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-4.0-1036. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Linux Distros Unpatched Vulnerability : CVE-2026-12463

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inappropriate implementation in Views. CVE-2026-12463 Note that Nessus relies on the presence of the package as reported by the vendor. %NASLMINLEVEL 80900 C...

Jenkins - Remote Command Injection

Jenkins 2.153 and earlier and LTS 2.138.3 and earlier are susceptible to a remote command injection via stapler/core/src/main/java/org/kohsuke/stapler/MetaClass.java that allows attackers to invoke some methods on Java objects by accessing crafted URLs that were not intended to be invoked this wa...

⚡ Weekly Recap: Chrome 0-Day, UniFi Exploits, macOS Stealers, VPN Flaw and More

Stuff broke again. Not in a movie way. An old tool was left exposed. An abandoned package was abused. A deprecated feature was still running in prod. This week is the same lesson in a new form: phishing kits are easier to rent, AI names are useful bait, old login paths still fail, and forgotten...

OffSploit

OffSploit: Autonomous Exploit Adaptation & C2 Framework !Py...

Linux Distros Unpatched Vulnerability : CVE-2025-55645

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap buffer overflow in the gfcencsetpssh function isomedia/drmsample.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via supplying a...

Linux Distros Unpatched Vulnerability : CVE-2025-55641

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A NULL pointer dereference in the gfisomcopysampleinfo function isomedia/isomwrite.c of GPAC MP4Box v2.4 allows attackers to cause a Denial of Service DoS via...

rspwner

RSPWNER RSPWNER is a Rust-based AI-assisted CTF pwn assistant...

A Record-Breaking Patch Tuesday for June 2026

Microsoft today released software updates to plug nearly 200 security holes across its Windows operating systems and supported software, a record number of fixes for the company's monthly Patch Tuesday cycle. Nearly three dozen of those bugs earned Microsoft's most dire "critical" rating, and...

Microsoft Bing 安全漏洞

Microsoft Bing is a web search engine developed by Microsoft Corporation in the United States. There are security vulnerabilities in Microsoft Bing. Attackers exploit these vulnerabilities to carry out phishing attacks...

Smart_Contract_Researcher_POC

Smart Contract Security Research Portfolio hailthelord...

Hardening Agent Benchmarks with Adversarial Hacker-Fixer Loops

Agent benchmarks score submissions with outcome verifiers that are typically hand-written and brittle, leaving them open to reward hacking. We audit 1,968 tasks across five terminal-agent benchmarks and find 323 16% hackable by frontier models given only the task description. This corrupts both...

Kernel-Exploit-Dojo-127

Kernel-Exploit-Dojo-127 CTF kernel exploitation notes, PoCs,...

Kernel-Exploit-Dojo-425

Kernel-Exploit-Dojo-425 CTF kernel exploitation notes, PoCs,...

Kernel-Exploit-Dojo-243

Kernel-Exploit-Dojo-243 CTF kernel exploitation notes, PoCs,...