54614 matches found
hunter-max-oss
hunter-max A bug-bounty research framework. Two pieces: 1...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the FilterDeadline process. An attacker can access internal network services and potentially exfiltrate sensitive information by submitting URLs with uppercase schemes that bypass the deny-list...
USN-8226-2 kmod update
USN-8226-1 added a mitigation to kmod to disable loading the algifaead module. This update adds the same mitigation to Ubuntu 14.04 LTS, Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, and Ubuntu 20.04 LTS. Original advisory details: It was discovered that the Linux kernel algifaead module contained a logic...
USN-8226-1: kmod update
It was discovered that the Linux kernel algifaead module contained a logic flaw allowing a local attacker to escalate privileges to root. This update to the kmod package disables loading the algifaead module as a measure to mitigate the issue until kernel updates are made available. See the...
USN-8226-1 kmod update
It was discovered that the Linux kernel algifaead module contained a logic flaw allowing a local attacker to escalate privileges to root. This update to the kmod package disables loading the algifaead module as a measure to mitigate the issue until kernel updates are made available. See the...
Exploit for CVE-2026-31431
CVE-2026-31431 - Script de Verificacao e Mitigacao Este repos...
Exploit for CVE-2026-31431
copy-fail-blocker BPF-LSM mitigation for CVE-2026-31431htt...
CVE-2025-14576
Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...
DEBIAN-CVE-2025-14576
Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...
UBUNTU-CVE-2025-14576
Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...
EUVD-2025-209594
Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...
CVE-2025-14576
CVE-2025-14576 affects Qt’s SVG module (VectorImage in Qt Quick). The root cause is insufficient validation of node IDs, enabling arbitrary QML/JavaScript code injection when loading malicious SVG files. The NVD entry notes local attack vector with no privileges required and passive user interact...
CVE-2025-14576
Insufficient validation of node IDs in Qt SVG module allows arbitrary QML/JavaScript code injection when loading malicious SVG files through the VectorImage component in Qt Quick. While QML execution is typically more restricted than native code execution, this could still lead to denial of...
Exploit for CVE-2026-31431
Copy Fail - CVE-2026-31431 Detector and Mitigator !Bashhtt...
Exploit for CVE-2026-31431
copy-fail-cve-2026-31431 Passive detection tooling and techni...
Exploit for CVE-2026-31431
CVE Checker for Copy Fail CVE-2026-31431 Authors: Chris Fol...
New Linux 'Copy Fail' Vulnerability Enables Root Access on Major Distributions
Cybersecurity researchers have disclosed details of a Linux local privilege escalation LPE flaw that could allow an unprivileged local user to obtain root. The high-severity vulnerability tracked as CVE-2026-31431 CVSS score: 7.8 has been codenamed Copy Fail by Xint.io and Theori. "An unprivilege...
CVE-2026-42799
CVE-2026-42799 describes an out-of-bounds read in the ASR Kestrel software (nr_fw modules), specifically affecting the file path Code/Nr/nr_fw/RA/src/NrPwrCtrl.C. The published records indicate this affects Kestrel versions prior to 2026/02/10. The issue is classified with a high impact on confid...
Exploit for CVE-2026-31431
CVE-2026-31431 Seccomp Mitigation A lightweight, reversible s...
SUSE CVE-2026-6357
pip prior to version 26.1 would run self-update check functionality after installing wheel files which required importing well-known Python modules names. These module imports were intentionally deferred to increase startup time of the pip CLI. The patch changes self-update functionality to run...