PT-2026-41625

CVE-2025-70562 Full disclosure https://t.co/TDa8tFYvC3 Don't wait vulnerability scanning results: https://t.co/oh1APvMMnd...

PT-2026-41626

CVE-2025-70563 Full disclosure https://t.co/NYn5GJR8kA...

PT-2026-41624

CVE-2025-70561 Full disclosure https://t.co/wAYBU7dfkD...

esp_rfid_tool_v2_pwn

esprfidtoolv2pwn qscXploit is watching you... 👁️‍🗨️ I...

Apple iOS 17.2.1 Screen Time Passcode Retrieval / Mitigation Bypass

Document Title: =============== Apple iOS 17.2.1 - Screen Time Passcode Retrieval Mitigation Bypass Release Date: ============= 2024-09-24 Affected Products: ==================== Vendor: Apple Inc. Product: Apple iOS 17.2.1 possibly all 18.0 excluding 18.0 References: ==================== VIDEO...

Apple iOS 17.2.1 Screen Time Passcode Retrieval / Mitigation Bypass Vulnerabilities

A mitigation bypass / privilege escalation flaw has been discovered in Apple's iOS Screen Time functionality, granting one access to modify the restrictions. It allows a local attacker to acquire the Screen Time Passcode by bypassing the anti-bruteforce protections on the four-digit Passcode, and...

Microsoft Windows SRV.SYS SrvSmbQueryFsInformation Pool Overflow Denial of Service

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Microsoft Windows SRV.SYS SrvSmbQueryFsInformation Pool Overflow DoS', 'Description' = %q This module exploits a denial of service flaw in the...

Nuuo Central Management Server User Session Token Bruteforce

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'benchmark' class MetasploitModule 'Nuuo Central Management Server User Session Token Bruteforce', 'Description' = %q Nuuo Central Management Server below versio...

WebNMS Framework Server Credential Disclosure

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WebNMS Framework Server Credential Disclosure', 'Description' = %q This module abuses two vulnerabilities in WebNMS Framework Server 5.2 to extra...

Exploit for CVE-2024-27518

CVE-2024-27518 - SUPERAntiSpyware Professional X LPE PoC This...

SUPERAntiSpyware Professional X 10.0.1264 DLL Hijacking / Privilege Escalation

Title: SUPERAntiSpyware Professional X Version =10.0.1264 "version.dll" Local Privilege Escalation Date: 03.04.2024 Author: M. Akil Gündoğan Vendor Homepage: https://superantispyware.com/ Version: 10.0.1262 and lastest version 10.0.1264 Tested on: Windows 10 Professional x64 PoC Video:...

Path traversal

AudimexEE 15.0 was discovered to contain a full path disclosure vulnerability...

lespyrenees.net Cross Site Scripting vulnerability OBB-3534340

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CMS Made Simple <= 2.2.16 SQLi Vulnerability

CMS Made Simple is prone to an SQL injection SQLi vulnerability. SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Zillya Total Security 3.0.2367.0 - Local Privilege Escalation Vulnerability

Exploit Title: Zillya Total Security 3.0.2367.0 - Local Privilege Escalation Author: M. Akil Gündoğan Contact: https://twitter.com/akilgundogan Vendor Homepage: https://zillya.com/ Software Link: https://download.zillya.com/ZTS3.exe / https://download.zillya.com/ZIS3.exe Version: IS 3.0.2367.0 / ...

Zillya Total Security 3.0.2367.0 - Local Privilege Escalation

Exploit Title: Zillya Total Security 3.0.2367.0 - Local Privilege Escalation Date: 02.12.2022 Author: M. Akil Gündoğan Contact: https://twitter.com/akilgundogan Vendor Homepage: https://zillya.com/ Software Link: https://download.zillya.com/ZTS3.exe / https://download.zillya.com/ZIS3.exe Version:...

Regarding recent reported security vulnerabilities from Cisco Talos

Back in October 2022, the Qt Project Security team was contacted by someone at Cisco Talos to report an issue with integer and buffer overflow issues in QML which they considered a vulnerability in Qt 6.3. This has recently been made public by Cisco Talos here. This has also resulted in two CVEs ...

HackerOne: HackerOne Undisclosed Report Leak via PoC of Full Disclosure on Hacktivity

Sensitive report data, including report title, severity, program, and report ID, was leaked due to a mistake by a researcher and HackerOne. The leak occurred when HackerOne disclosed a report but did not redact the video proof of concept, which contained undisclosed reports reported by the...

3kltd.com.tr Cross Site Scripting vulnerability OBB-2541800

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

Dahua Authentication Bypass Vulnerability

STX Subject: Update: Dahua Authentication bypass CVE-2021-33044, CVE-2021-33045 Attack vector: Remote Authentication: Anonymous no credentials needed Researcher: bashis 2021 Limited Disclosure: September 6, 2021 Full Disclosure: October 6, 2021 PoC: https://github.com/mcw0/DahuaConsole -=Dahua=-...