Exploit for CVE-2025-68613

n8n CVE-2025-68613 Internet Scanner A Tkinter-based GUI tool...

Exploit for CVE-2025-55182

一个简单的 CVE-2025-55182 & CVE-2025-66478 GUI漏洞利用工具 Vulnerability S...

CVE-2025-42890

SQL Anywhere Monitor Non-GUI baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause high impact on confidentiality integrity and availability of the system...

CVE-2025-42890

SQL Anywhere Monitor Non-GUI baked credentials into the code,exposing the resources or functionality to unintended users and providing attackers with the possibility of arbitrary code execution.This could cause high impact on confidentiality integrity and availability of the system...

CVE-2025-61789

Icinga DB Web provides a graphical interface for Icinga monitoring. Before 1.1.4 and 1.2.3, an authorized user with access to Icinga DB Web, can use a custom variable in a filter that is either protected by icingadb/protect/variables or hidden by icingadb/denylist/variables, to guess values...

AlmaLinux 10 : git (ALSA-2025:11533)

The remote AlmaLinux 10 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:11533 advisory. git: Git does not sanitize URLs when asking for credentials interactively CVE-2024-50349 git: Newline confusion in credential helpers can lead to...

RockyLinux 9 : git (RLSA-2025:11462)

The remote RockyLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2025:11462 advisory. git: Git does not sanitize URLs when asking for credentials interactively CVE-2024-50349 git: Newline confusion in credential helpers can lead to...

EUVD-2025-24211

Malicious code in bioql PyPI...

poc-scaner

Java POC Scanner A powerful graphical POC Proof of Concept...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via improper handling of caches. An attacker can obtain unauthorized access to sensor information by tricking a user into visiting a malicious website. This is only exploitable if the system is configured with certain...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free via improper handling of caches. An attacker can obtain unauthorized access to sensor information by tricking a user into visiting a malicious website. This is only exploitable if the system is configured with certain...

Uncaught Exception

Overview Affected versions of this package are vulnerable to Uncaught Exception. An attacker can cause an unexpected process crash by tricking a user into processing or loading malicious web content. Note: This is only exploitable if the affected system has specific packages installed and is bein...

JVN#95938761: UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation vulnerable to cross-site scripting

UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation contains the following vulnerability. Cross-site scripting CWE-79 CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N Base Score 5.1 CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N Base Score 6.1 CVE-2025-8153 Impact If a...

PT-2025-34115 · Cisco · Cisco Identity Services Engine

Name of the Vulnerable Software and Affected Versions: Cisco Identity Services Engine affected versions not specified Description: A vulnerability in the GUI of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker with administrative privileges to upload files to an...

Malicious Package

Overview wppostingduo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...

Malicious Package

Overview njongtoduo is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...

Malicious Package

Overview duoblogcomment is a malicious package. This package contains malicious code, and its content was removed from the official package manager. The package appears to be part of a larger campaign targeting user credentials. It, and several other variations, masquerade as automation tools for...

CVE-2025-42943

SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific Application Server ABAP to make changes in the code, and the victim needs to execute by using SAP...

CLSA-2025-1755008210 git: Fix of CVE-2025-46835

CVE-2025-46835: fix vulnerability where Git GUI can create and overwrite arbitrary writable files...

CVE-2025-42943

SAP GUI for Windows may allow the leak of NTML hashes when specific ABAP frontend services are called with UNC paths. For a successful attack, the attacker needs developer authorization in a specific Application Server ABAP to make changes in the code, and the victim needs to execute by using SAP...