90875 matches found
offensive-claude-604
Offensive Security Research Config for Claude Code !TIP...
offensive-claude-813
Offensive Security Research Config for Claude Code !TIP...
offensive-claude-982
Offensive Security Research Config for Claude Code !TIP...
CVE-2026-21017
Improper handling of insufficient privileges in SecTelephonyProvider prior to SMR Jun-2026 Release 1 allows local attackers to access privileged files...
CVE-2026-11345
An Improper Authentication vulnerability in the /api/Cdn/GetFile endpoint of linqi allows unauthenticated, remote attackers to bypass file access controls. The ValidateAnonFileAccess function incorrectly grants access if an 'AnonFile' query parameter containing exactly 256 characters is provided...
offensive-claude-490
Offensive Security Research Config for Claude Code !TIP...
Malicious code in spateo-release (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 21400e8510d0663de6c3a4454fe99d9200cb83ae8d1ecdc137c99f3668da4293 Versions 1.1.2 were compromised. Compromised packages start an obfuscated infostealer. The infostealer is a heavily obfuscated JavaScript code executed using B...
Exploit for Path Traversal in Open-Emr Openemr
CVE-2026-24849 OpenEMR Authenticated Arbitrary File Read Eth...
CVE-2026-9197
The Smart Slider 3 plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 3.5.1.36 via the replaceHTMLImage function. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on...
Vite - Path Traversal
Vite versions prior to 6.2.6, 6.1.5, 6.0.15, 5.4.18, and 4.5.13 contain a file exposure vulnerability caused by improper handling of request URLs with '' in the dev server running on Node or Bun, letting attackers access arbitrary files, exploit requires the server to be exposed to the network an...
VertaAI ModelDB - Path Traversal
The endpoint "/api/v1/artifact/getArtifact?artifactpath=" is vulnerable to path traversal. The main cause of this vulnerability is due to the lack of validation and sanitization of the artifactpath parameter. id: CVE-2023-6023 info: name: VertaAI ModelDB - Path Traversal author:...
Wavlink WL-WN530HG4 M30HG4.V5030.201217 - Information Disclosure
An access control issue in Wavlink WL-WN530HG4 M30HG4.V5030.201217 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. id: CVE-2022-48166 info: name: Wavlink WL-WN530HG4 M30HG4.V5030.201217 - Information Disclosure author: ritikchaddha...
JetBackup <= 2.0.9.7 - Sensitive Information Exposure via Directory Listing
JetBackup WordPress plugin = 2.0.9.9 does not use index files to prevent directory listing in certain configurations, letting malicious actors leak backup files, exploit requires access to the web server. id: CVE-2023-7165 info: name: JetBackup = 2.0.9.7 - Sensitive Information Exposure via...
XWiki - Information Disclosure
XWiki 16.7.0 to 16.10.11, 17.4.4, and 17.7.0 using XJetty contains an information disclosure vulnerability caused by exposed context allowing static access to files in webapp/ folder, letting attackers access sensitive files, exploit requires use of XJetty package. id: CVE-2025-55749 info: name:...
Joomla! Component iNetLanka Multiple Map 1.0 - Local File Inclusion
A directory traversal vulnerability in the iNetLanka Multiple Map commultimap component 1.0 for Joomla! allows remote attackers to read arbitrary files via a .. dot dot in the controller parameter to index.php. id: CVE-2010-1953 info: name: Joomla! Component iNetLanka Multiple Map 1.0 - Local Fil...
Joomla! Component Photo Battle 1.0.1 - Local File Inclusion
A directory traversal vulnerability in the Photo Battle comphotobattle component 1.0.1 for Joomla! allows remote attackers to read arbitrary files via the view parameter to index.php. id: CVE-2010-1461 info: name: Joomla! Component Photo Battle 1.0.1 - Local File Inclusion author: daffainfo...
Vite Dev Server - Information Exposure
Vite dev server could allow reading files from the Vite project root by bypassing server.fs.deny with double forward-slash paths //. This affects exposed dev servers only. id: CVE-2023-34092 info: name: Vite Dev Server - Information Exposure author: ritikchaddha severity: high description: | Vite...
Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion
Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. encoded dot dot or an absolute pathname in the nextfile parameter. id: CVE-2009-1558 info: name: Cisco Linksys WVC54GCA 1.00R22/1.00R...
Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion
A Local File inclusion vulnerability in test.php in spreadsheet-reader 0.5.11 allows remote attackers to include arbitrary files via the File parameter. id: CVE-2023-29887 info: name: Nuovo Spreadsheet Reader 0.5.11 - Local File Inclusion author: ctflearner severity: high description: | A Local...
XWiki Platform - Information Disclosure
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API. id: CVE-2025-55747 info: name: XWiki Platform - Information Disclosure author: Redmomn...