54845 matches found
📄 YOURLS 1.8.2 SQL Injection
Proof of concept for a remote SQL injection vulnerability in YOURLS version 1.8.2. ============================================================================================================================================= | Title : YOURLS 1.8.2 SQL Injection & System Compromise in Administrati...
Acquia Content Hub - Moderately critical - Cross-Site Request Forgery - SA-CONTRIB-2025-125
This module provides a centralized content distribution and syndication solution so thta customers can publish, reuse, and syndicate content across a network of Drupal websites. The module doesn't sufficiently protect export routes from cross-site request forgery CSRF attacks, potentially allowin...
HTTP Fetch, Linux Command Shell, Find Port Inline
Fetch and execute an PPC payload from an HTTP server. Spawn a shell on an established connection Module Options msf use payload/cmd/linux/http/ppc/shellfindport msf payloadshellfindport show actions ...actions... msf payloadshellfindport set ACTION msf payloadshellfindport show options ...show an...
HTTPS Fetch, Linux Command Shell, Find Port Inline
Fetch and execute an MIPSLE payload from an HTTPS server. Spawn a shell on an established connection Module Options msf use payload/cmd/linux/https/ppc/shellfindport msf payloadshellfindport show actions ...actions... msf payloadshellfindport set ACTION msf payloadshellfindport show options ...sh...
HTTPS Fetch, Linux Command Shell, Reverse TCP Inline
Fetch and execute an MIPSLE payload from an HTTPS server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/https/ppc/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp sh...
Unauthenticated RCE in React Server Components (React2Shell)
A critical unauthenticated Remote Code Execution RCE vulnerability exists in React Server Components RSC Flight protocol. The vulnerability allows attackers to achieve prototype pollution during deserialization of RSC payloads by sending specially crafted multipart requests with "proto",...
EUVD-2025-201848
Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availabilit...
EUVD-2025-202160
Use-after-free in the Audio/Video: GMP component. This vulnerability affects Firefox 146...
CVE-2025-62152
Missing Authorization vulnerability in ConveyThis ConveyThis conveythis-translate allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ConveyThis: from n/a through = 269.2...
CVE-2025-42880
Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availabilit...
UBUNTU-CVE-2025-40332
In the Linux kernel, the following vulnerability has been resolved: drm/amdkfd: Fix mmap write lock not release If mmap write lock is taken while draining retry fault, mmap write lock is not released because svmrangerestorepages calls mmapreadunlock then returns. This causes deadlock and system...
kernel: wifi: brcmfmac: fix use-after-free bug in brcmf_netdev_start_xmit()
A use after free exists in the wifi module of the linux kernel in the function brcmfnetdevstartxmit,thereby leading to damage to system availability and integrity...
CVE-2025-66325
Permission control vulnerability in the package management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2025-66323
Vulnerability of improper criterion security check in the card module. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2025-66326
Race condition vulnerability in the audio module. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2025-66327
Race condition vulnerability in the network module. Impact: Successful exploitation of this vulnerability may affect service confidentiality...
CVE-2025-66328
Multi-thread race condition vulnerability in the network management module. Impact: Successful exploitation of this vulnerability may affect availability...
CVE-2025-66324
Input verification vulnerability in the compression and decompression module. Impact: Successful exploitation of this vulnerability may affect app data integrity...
CVE-2025-40332
CVE-2025-40332: In the Linux kernel, drm/amdkfd mmap write lock could deadlock when draining a retry fault, because svm_range_restore_pages would unlock mmap_read_lock and return. The fix downgrades the mmap write lock to a read lock during draining retry faults, preventing deadlock and subsequen...
CVE-2025-42880 Code Injection vulnerability in SAP Solution Manager
Due to missing input sanitation, SAP Solution Manager allows an authenticated attacker to insert malicious code when calling a remote-enabled function module. This could provide the attacker with full control of the system hence leading to high impact on confidentiality, integrity and availabilit...