poc-lab-pro

poc-lab-pro Recent CVE PoC & reproduction scripts. Focused on...

AI-Driven Exploitation is Destroying Vulnerability Management. Here’s How to Handle It.

AI-driven exploitation timelines are rapidly shrinking, and they are not going to stop shrinking. Vulnerabilities are being discovered, reproduced, and weaponized faster than ever in the history of enterprise security. As a result, the window between a vulnerability being disclosed and...

PT-2026-40437

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Insufficient sanitization of SQL queries in the sqloptimizer utility script allows SQL Injections on behalf of the root user if Slow Query logging is enabled...

Fedora 43 : cef (2026-ffdca48c25)

The remote Fedora 43 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-ffdca48c25 advisory. Update to 146.0.7680.177 + cef-146.0.11+g8e1262b High CVE-2026-5273: Use after free in CSS High CVE-2026-5272: Heap buffer overflow in GPU High...

Google Chrome < 146.0.7680.177 Multiple Vulnerabilities

The version of Google Chrome installed on the remote Windows host is prior to 146.0.7680.177. It is, therefore, affected by multiple vulnerabilities as referenced in the 202603stable-channel-update-for-desktop31 advisory. - Use after free in Compositing in Google Chrome prior to 146.0.7680.178...

LLMs are Getting a Lot Better and Faster at Finding and Exploiting Zero-Days

This is amazing: Opus 4.6 is notably better at finding high-severity vulnerabilities than previous models and a sign of how quickly things are moving. Security teams have been automating vulnerability discovery for years, investing heavily in fuzzing infrastructure and custom harnesses to find bu...

PT-2026-2346

Warning: Multiple High Severity Vulnerabilities in React-Router. CVE-2025-61686, CVE-2026-22029, CVE-2026-59057 & others. Attackers can read sensitive files or hijack sessions! Patch Patch Patch More info: https://t.co/jRGNAD4XZZ...

openSUSE Security Advisory (SUSE-SU-2025:4512-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

From cheats to exploits: Webrat spreading via GitHub

In early 2025, security researchers uncovered a new malware family named Webrat. Initially, the Trojan targeted regular users by disguising itself as cheats for popular games like Rust, Counter-Strike, and Roblox, or as cracked software. In September, the attackers decided to widen their net:...

Fedora: Security Advisory (FEDORA-2025-6e776254bf)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

PT-2025-43490

Name of the Vulnerable Software and Affected Versions MmsProvider.java affected versions not specified Description A path traversal error exists in multiple functions within MmsProvider.java, potentially allowing arbitrary file deletion affecting telephony, SMS, and MMS functionalities. This coul...

EUVD-2024-38577

Malicious code in bioql PyPI...

Security Advisory September 2025 for Ivanti EPM 2024 SU3 and EPM 2022 SU8

Security Advisory Ivanti Endpoint Manager CVE-2025-9712, CVE-2025-9872 Summary Ivanti has released updates for Ivanti Endpoint Manager EPM which addresses high severity vulnerabilities. We are not aware of any customers being exploited by these vulnerabilities at the time of disclosure...

CISA Adds 3 D-Link Vulnerabilities to KEV Catalog Amid Active Exploitation Evidence

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added three old security flaws impacting D-Link Wi-Fi cameras and video recorders to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation in the wild. The high-severity vulnerabilities,...

Security Advisory July 2025 for Ivanti EPM 2024 SU2 and EPM 2022 SU8

Security Advisory Ivanti EPM 2022 SU8 and EPM 2024 SU2 Multiple CVEs Summary Ivanti has released updates for Ivanti Endpoint Manager EPM which addresses three high severity vulnerabilities. The Security vulnerability affects the Core, Remote Consoles and Windows agents. We are not aware of any...

Ubuntu: Security Advisory (USN-7591-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

openSUSE Security Advisory (SUSE-SU-2025:01991-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Fedora: Security Advisory (FEDORA-2024-b85d941d78)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2024-40710

A series of related high-severity vulnerabilities, the most notable enabling remote code execution RCE as the service account and extraction of sensitive information savedcredentials and passwords. Exploiting these vulnerabilities requires a user who has been assigned a low-privileged role within...

openSUSE Security Advisory (SUSE-SU-2025:0156-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...