EUVD-2018-21953

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through...

CVE-2018-25432 Arm Whois 3.11 Buffer Overflow via ASLR Bypass

Arm Whois 3.11 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by overwriting the structured exception handler. Attackers can craft a malicious input file with a 672-byte offset to overwrite the nSEH and SEH pointers, enabling code execution through...

Kubevirt 后置链接漏洞

Kubevirt is an open-source virtual machine manager developed by KubeVirt. Kubevirt has a post-installation vulnerability, which stems from improper verification of symbolic links. This vulnerability may allow authenticated OpenShift users to manipulate the console socket in a single namespace by...

CVE-2026-41886 locize Client SDK: Cross-origin DOM XSS & Handler Hijack Through Missing e.origin Validation in InContext Editor

locize is a localization platform that connects code and i18n setup. Prior to version 4.0.21, the locize client SDK registers a window.addEventListener"message", … handler that dispatches to registered internal handlers editKey, commitKey, commitKeys, isLocizeEnabled, requestInitialize, … without...

CVE-2026-41886

CVE-2026-41886 affects locize client SDK prior to 4.0.21. The issue is missing validation of event.origin in a window.addEventListener("message", …) handler, allowing an attacker-controlled postMessage to trigger internal handlers (editKey, commitKeys, isLocizeEnabled, etc.). Exploitation require...

CVE-2026-41886 locize Client SDK: Cross-origin DOM XSS & Handler Hijack Through Missing e.origin Validation in InContext Editor

locize is a localization platform that connects code and i18n setup. Prior to version 4.0.21, the locize client SDK registers a window.addEventListener"message", … handler that dispatches to registered internal handlers editKey, commitKey, commitKeys, isLocizeEnabled, requestInitialize, … without...

GHSA-W937-FG2H-XHQ2 locize Client SDK: Cross-origin DOM XSS & Handler Hijack Through Missing e.origin Validation in InContext Editor

Summary Versions of the locize client SDK the browser module that wires up the locize InContext translation editor prior to 4.0.21 register a window.addEventListener"message", … handler that dispatches to registered internal handlers editKey, commitKey, commitKeys, isLocizeEnabled,...

CVE-2026-34773

A flaw was found in Electron, a framework for building desktop applications. On Windows, the app.setAsDefaultProtocolClient function did not properly validate protocol names before writing to the system registry. This vulnerability could allow a local attacker, through an application that process...

GHSA-MWMH-MQ4G-G6GR Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows

Impact On Windows, app.setAsDefaultProtocolClientprotocol did not validate the protocol name before writing to the registry. Apps that pass untrusted input as the protocol name may allow an attacker to write to arbitrary subkeys under HKCU\Software\Classes, potentially hijacking existing protocol...

CVE-2010-20042

CVE-2010-20042 affects Xion Audio Player prior to version 1.0.126, which is vulnerable to a Unicode-based stack buffer overflow triggered by processing specially crafted .m3u playlists. The overflow overwrites the SEH chain, allowing an attacker to hijack execution flow and run arbitrary code. Im...

StayKit - Cobalt Strike Kit For Persistence

StayKit is an extension for Cobalt Strike persistence by leveraging the executeassembly function with the SharpStay .NET assembly. The aggressor script handles payload creation by reading the template files for a specific execution type. IMPORTANT: To use the script a user will only need to load...

Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)

Interactive Version: function SluiHijackBypass Param ParameterMandatory=$True String$command, ValidateSet64,86 int$arch = 64 Create registry structure New-Item "HKCU:\Software\Classes\exefile\shell\open\command" -Force Set-ItemProperty -Path "HKCU:\Software\Classes\exefile\shell\open\command" -Na...

Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell) Exploit

Exploit for windows platform in category local exploits Interactive Version: function SluiHijackBypass Param ParameterMandatory=$True String$command, ValidateSet64,86 int$arch = 64 Create registry structure New-Item "HKCU:\Software\Classes\exefile\shell\open\command" -Force Set-ItemProperty -Path...

Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)

Microsoft Windows - UAC Protection Bypass Via Slui File Handler Hijack PowerShell Interactive Version: function SluiHijackBypass Param ParameterMandatory=$True String$command, ValidateSet64,86 int$arch = 64 Create registry structure New-Item "HKCU:\Software\Classes\exefile\shell\open\command"...

Windows Escalate UAC Protection Bypass (Via COM Handler Hijack)

This module will bypass Windows UAC by creating COM handler registry entries in the HKCU hive. When certain high integrity processes are loaded, these registry entries are referenced resulting in the process loading user-controlled DLLs. These DLLs contain the payloads that result in elevated...

Linux/x86 Memory Sinkhole Proof Of Concept

; memory sinkhole proof of concept ; hijack ring -2 execution through the apic overlay attack. ; deployed in ring 0 ; the SMBASE register of the core under attack TARGETSMBASE equ 0x1f5ef800 ; the location of the attack GDT. ; this is determined by which register will be read out of the APIC ; fo...