CVE-2025-62877

CVE-2025-62877 affects SUSE Virtualization (Harvester) where the interactive installer on Harvester 1.5.x–1.6.x may expose the OS default SSH password when creating a new cluster or adding hosts. The issue does not occur when PXE boot with the Harvester configuration is used. Affected component i...

EUVD-2026-0816

Projects using the SUSE Virtualization Harvester environment may expose the OS default ssh login password if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is...

Jailbreaking Large Language Models through Iterative Tool-Disguised Attacks Via Reinforcement Learning

Large language models LLMs have demonstrated remarkable capabilities across diverse applications, however, they remain critically vulnerable to jailbreak attacks that elicit harmful responses violating human values and safety guidelines. Despite extensive research on defense mechanisms, existing...

CVE-2025-31964 HCL BigFix IVR is impacted by an improper service binding configuration

Improper service binding configuration in internal service components in HCL BigFix IVR version 4.2 allows a privileged attacker to impact service availability via exposure of administrative services bound to external network interfaces instead of the local authentication interface...

CVE-2025-31963

Summary (CVE-2025-31963) : In HCL BigFix IVR version 4.2, the local setup interface component suffers from improper authentication and missing CSRF protection. This allows a local attacker to perform unauthorized configuration changes through unauthenticated administrative configuration requests....

CVE-2025-31962

CVE-2025-31962 affects HCL BigFix IVR 4.2 Web UI authentication component. The root cause is insufficient session expiration, enabling an authenticated attacker to maintain prolonged access to protected API endpoints due to overly long session lifetimes. Documented impact is unauthorized access t...

Harvest May Expose OS Default SSH Login Password Via SUSE Virtualization Interactive Installer

Impact Projects using the SUSE Virtualization Harvester environment are vulnerable to this exploit if they are using the 1.5.x or 1.6.x interactive installer to either create a new cluster or add new hosts to an existing cluster. The environment is not affected if the PXE boot mechanism is utiliz...

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials via the interactive installer process. An attacker can gain unauthorized remote access to the host system by exploiting the default administrative credentials over SSH before the password is reset. This is...

Exploit for CVE-2024-25600

🧱 BrickBreaker !Pythonhttps://img.shields.io/badge/Pytho...

PT-2026-5655

Name of the Vulnerable Software and Affected Versions libxml2 versions affected versions not specified Description A memory leak exists in the interactive shell of the xmllint utility. When a user provides input containing only whitespace, the program does not release the allocated memory buffer,...

Exploit for CVE-2025-52691

CVE-2025-52691 PoC: SmarterMail Arbitrary File Upload RCE APT...

Malicious code in rt-interactive-card-collection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9858817ec5f5e5af9db5f5033c3626e4214faa07e1169e950573bbca309a975e The package rt-interactive-card-collection was found to contain malicious code. Source: ghsa-malware...

MAL-2025-192974 Malicious code in rt-interactive-card-collection (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 9858817ec5f5e5af9db5f5033c3626e4214faa07e1169e950573bbca309a975e The package rt-interactive-card-collection was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview rt-interactive-card-collection is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and thi...

CVE-2025-68597 WordPress Jobs for WordPress plugin <= 2.8.1 - Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in BlueGlass Interactive AG Jobs for WordPress job-postings allows Stored XSS.This issue affects Jobs for WordPress: from n/a through = 2.8.1...

React2Shell Vulnerability Actively Exploited to Deploy Linux Backdoors

The security vulnerability known as React2Shell is being exploited by threat actors to deliver malware families like KSwapDoor and ZnDoor, according to findings from Palo Alto Networks Unit 42 and NTT Security. "KSwapDoor is a professionally engineered remote access tool designed with stealth in...

XSS-FINDER

usage python xssscanner.py ╔═════════════════════════════════...

Cross Site Scripting (XSS)

NiceGUI is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to the ui.interactiveimage component rendering SVG content using Vue’s v-html directive without sanitization, which allows an attacker to inject malicious HTML or JavaScript via the SVG tag when the image component is...

Exploit for Deserialization of Untrusted Data in Facebook React

⚛️ React2Shell CVE-2025-55182 !Pythonhttps://img.shields...

CVE-2025-13751

A flaw was found in OpenVPN. This vulnerability allows a local denial of service via a local authenticated user connecting to the interactive service agent on Windows and triggering an error. Mitigation Mitigation for this issue is either not available or the currently available options do not me...