1654 matches found
EUVD-2023-45697
Malicious code in bioql PyPI...
EUVD-2023-1524
Malicious code in bioql PyPI...
Exploit for CVE-2025-54253
CVE-2025-54253 Adobe AEM OGNL Injection Simulated PoC Lab !...
Exploit for Command Injection in Microsoft
💥 CVE-2025-53773 — Remote Code Execution in GitHub Copilot 💥...
Exploit for Incorrect Authorization in Sudo_Project Sudo
sudo CVE-2025 Toolkit Unified scanner, benign proof-of-...
Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo
Sudo CVE-2025-32463 — PoC !GitHub last commithttps://img.s...
CISA Adds 3 D-Link Vulnerabilities to KEV Catalog Amid Active Exploitation Evidence
The U.S. Cybersecurity and Infrastructure Security Agency CISA on Tuesday added three old security flaws impacting D-Link Wi-Fi cameras and video recorders to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation in the wild. The high-severity vulnerabilities,...
MS SWIFT Remote Code Execution via unsafe PyYAML deserialization
Description A Remote Code Execution RCE vulnerability exists in the modelscope/ms-swift project due to unsafe use of yaml.load in combination with vulnerable versions of the PyYAML library ≤ 5.3.1. The issue resides in the tests/run.py script, where a user-supplied YAML configuration file is...
CVE-2025-8194
A flaw was found in the Python tarfile module. Processing a specially crafted tar archive, specifically an archive with negative offsets, can cause an infinite loop and deadlock. This issue results in a denial of service in the Python application using the tarfile module. Mitigation This flaw can...
Scattered Spider Launching Ransomware on Hijacked VMware Systems, Google
A new report from Google's GTIG reveals how UNC3944 0ktapus uses social engineering to compromise Active Directory, then exploits VMware vSphere for data theft and direct ransomware deployment. Understand their tactics and learn vital mitigation steps...
Exploit for CVE-2025-34085
📌 CVE-2025-34085 — Simple File List WordPress Plugin RCE 📌...
Exploit for CVE-2025-22870
CVE-2025-22870 – Proxy Bypass via IPv6 Zone Parsing in Go 🔐...
Exploit for Code Injection in Craftcms Craft_Cms
🧨 CVE-2025-32432 – Craft CMS Pre-auth RCE 🧨 🕵️ Overview...
CVE-2025-50063
CVE-2025-50063 (Oracle Java SE Install component) is documented to affect Oracle Java SE 8u451. The vulnerability can be exploited by a low-privileged user with logon access to the infrastructure where Java SE runs, and successful exploitation requires user interaction. It can lead to takeover of...
Security Bulletin: IBM Jazz for Service Management is vulnerable to cross-site scripting via searchWord parameter.
Summary IBM Jazz for Service Management is vulnerable to cross-site scripting, allowing malicious scripts to be executed via the searchWord parameter on the static help page CVE-2024-52892. Vulnerability Details CVEID:CVE-2024-52892 DESCRIPTION: IBM Jazz for Service Management is vulnerable to...
GHSA-QF34-QPR4-5PPH docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token
GitHub Personal Access Token Exposure in docusaurus-plugin-content-gists Summary docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration options. The token, intended for...
docusaurus-plugin-content-gists vulnerability exposes GitHub Personal Access Token
GitHub Personal Access Token Exposure in docusaurus-plugin-content-gists Summary docusaurus-plugin-content-gists versions prior to 4.0.0 are vulnerable to exposing GitHub Personal Access Tokens in production build artifacts when passed through plugin configuration options. The token, intended for...
Exploit for CVE-2025-32023
CVE-2025-32023 - Redis Remote Code Execution RCE 🚨 🧠 Ove...
CVE-2025-7381 Exposure of sensitive PHP information to an unauthorized control sphere in mautic/mautic images
ImpactThis is an information disclosure vulnerability originating from PHP's base image. This vulnerability exposes the PHP version through an X-Powered-By header, which attackers could exploit to fingerprint the server and identify potential weaknesses. WorkaroundsThe mitigation requires changin...
CVE-2025-7381
CVE-2025-7381 affects Mautic-related Docker images and the PHP base image: an information-disclosure flaw where the X-Powered-By header reveals the PHP version, enabling server fingerprinting. Root cause is PHP’s expose_php behavior; attack surface is the header exposure rather than code executio...