CVE-2026-0864

When using the "configparser" module to write configuration files containing multi-line text values with carriage return characters \r the resulting file could be injected with unexpected keys and values if the attacker controls the written value...

CVE-2026-48096 OpenFGA: Cache-key delimiter injection in openfga/openfga shared-iterator and v2 iterator caches enables intra-store authorization-decision poisoning

OpenFGA is an authorization/permission engine built for developers. Prior to version 1.16.0, when iterator caching is enabled, two distinct check requests can produce the same cache key, leading to OpenFGA reusing an earlier cached result for a subsequent request. This issue has been patched in...

Post_Exploitation_Privilege_Escalation

⬆️ Week 05 — Post-Exploitation & Privilege Escalation Inter...

Post_Exploitation_Privilege_Escalation

⬆️ Week 05 — Post-Exploitation & Privilege Escalation Inter...

CVE-2026-42589

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded i...

Exploit for Improper Authentication in Cisco Catalyst_Sd-Wan_Manager

CVE-2026-20182 — Cisco Catalyst SD-WAN Controller / Manager Au...

Cisco Catalyst SD-WAN Controller vHub Authentication Bypass

This module exploits an authentication bypass vulnerability CVE-2026-20182 in the Cisco Catalyst SD-WAN Controller. The vdaemon DTLS control-plane service performs no certificate or credential verification for connecting peers that claim to be a vHub device type 2. The vbondprocchallengeack...

Exploit for Improper Authentication in Cisco Catalyst_Sd-Wan_Manager

CVE-2026-20182 Cisco Catalyst SD-WAN Controller / Manager Aut...

CVE-2026-42589 Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded i...

BIT-AUTHENTIK-2026-25227 authentik affected by Remote Code Execution via Context Key Injection in PropertyMapping Test Endpoint

authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using delegated permissions, a User that has the permission Can view Property Mapping or Can view Expression Policy is able to execute arbitrary code within the authentik server contain...

EUVD-2026-18945

Electron: Registry key path injection in app.setAsDefaultProtocolClient on Windows...

Cisco Catalyst SD-WAN Controller Authentication Bypass

This module exploits an authentication bypass vulnerability CVE-2026-20127 in the Cisco Catalyst SD-WAN Controller vSmart. The vdaemon DTLS control-plane service fails to properly validate the verifystatus byte in CHALLENGEACKACK msgtype=10 messages. The vbondprocchallengeackack handler reads an...

EUVD-2026-16888

Locutus has Prototype Pollution via proto Key Injection in unserialize...

CVE-2026-33142

OneUptime is a solution for monitoring and managing online services. Prior to version 10.0.34, the fix for CVE-2026-32306 ClickHouse SQL injection via aggregate query parameters added column name validation to the aggregateBy method but did not apply the same validation to three other query...

Authlib JWS JWK Header Injection: Signature Verification Bypass

Description Summary A JWK Header Injection vulnerability in authlib's JWS implementation allows an unauthenticated attacker to forge arbitrary JWT tokens that pass signature verification. When key=None is passed to any JWS deserialization function, the library extracts and uses the cryptographic...

Rapid7 Analysis: CVE-2026-20127

CVE-2026-20127: Cisco Catalyst SD-WAN Authentication Bypass Overview On 25th February 2026, Cisco published an advisory for CVE-2026-20127, a critical authentication bypass vulnerability in the vdaemon service of Cisco Catalyst SD-WAN formerly Viptela. The flaw allows an unauthenticated, remote...

CVE-2026-25227 authentik affected by Remote Code Execution via Context Key Injection in PropertyMapping Test Endpoint

authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using delegated permissions, a User that has the permission Can view Property Mapping or Can view Expression Policy is able to execute arbitrary code within the authentik server contain...

CVE-2026-25227 authentik affected by Remote Code Execution via Context Key Injection in PropertyMapping Test Endpoint

authentik is an open-source identity provider. From 2021.3.1 to before 2025.8.6, 2025.10.4, and 2025.12.4, when using delegated permissions, a User that has the permission Can view Property Mapping or Can view Expression Policy is able to execute arbitrary code within the authentik server contain...

CVE-2026-25227

CVE-2026-25227 affects the open‑source identity provider authentik. From 2021.3.1 up to before 2025.8.6, 2025.10.4, and 2025.12.4, a user with delegated permissions can execute arbitrary code inside the authentik server container via the test endpoint that previews property mappings/policies. The...

Exploit for CVE-2025-36911

WhisperPair Exploit Toolkit CVE-2025-36911 !Python 3.8+...