SUSE CVE-2023-45664

stbimage is a single file MIT licensed library for processing images. A crafted image file can trigger stbiloadgifmainoutofmem attempt to double-free the out variable. This happens in stbiloadgifmain because when the layers stride value is zero the behavior is implementation defined, but common...

exploit-lab

Threadbare — Exploit-Development Training Lab Introduction...

Unsynchronized Access to Shared Data in a Multithreaded Context

Overview Magick.NET-Q8-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package are...

Unsynchronized Access to Shared Data in a Multithreaded Context

Overview Magick.NET-Q16-OpenMP-x64 is a Magick.NET allows you can use ImageMagick without having to install ImageMagick on your server or desktop. More information about specific builds see the official docs https://github.com/dlemstra/Magick.NET/tree/main/docs Affected versions of this package a...

Astra Linux - уязвимость в libstb

stbimage is a single-file library licensed under MIT that is used for processing images. A properly crafted image file can trigger an attempt by stbiloadgifmainoutofmem to double-free the out variable. This occurs in stbiloadgifmain, because when the layers stride value is zero, the behavior is...

JLSEC-2026-408

A denial of service vulnerability exists in curl v8.1.0 in the way libcurl provides several different backends for resolving host names, selected at build time. If it is built to use the synchronous resolver, it allows name resolves to time-out slow operations using alarm and siglongjmp. When doi...

Lulzbuster 2.0.0

Lulzbuster is a multithreaded, very fast and smart HTTPS directory and file bruteforcer written in C on top of libcurl. Given a target URL and a wordlist, it enumerates valid paths by firing concurrent HTTP requests and reporting back the responses that look like real hits i.e. status codes the...

DNS Spider Multithreaded Bruteforcer 1.5

DNS Spider is a multi-threaded bruteforcer of subdomains that leverages a wordlist and/or character permutation...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: padata: A possible “divide-by-0” panic has been fixed in padatamthelper. We are encountering a “divide-by-0” panic in padata.c during bootup. 10.017908 Oops: Divide error: 0000 1 PREEMPT SMP NOPTI 10.017908 CPU: 26 PID: 2627 Comm...

Xseta-WP-Exploit

Xseta-WP-Exploit Xseta - WordPr...

Exploit for Command Injection in Paloaltonetworks Pan-Os

CVE-2024-3400 Author: wa6n3r | GitHubhttps://github...

pyLoad has a Session Cookie Security Downgrade via Untrusted X-Forwarded-Proto Header Spoofing (Global State Race Condition)

Summary The setsessioncookiesecure beforerequest handler in src/pyload/webui/app/init.py reads the X-Forwarded-Proto header from any HTTP request without validating that the request originates from a trusted proxy, then mutates the global Flask configuration SESSIONCOOKIESECURE on every request...

Lodash 4.17.12 Prototype Pollution Scanner

This tool is a multi-threaded CLI scanner designed to detect potential Prototype Pollution vulnerabilities in web applications using Lodash. It targets endpoints that may improperly handle user-supplied JSON input and perform unsafe object merging operations e.g., via defaultsDeep. The scanner...

Web-Application-Vulnerability-Scanner

WebVulnScan A beginner-to-intermediate web application vuln...

CVE-2026-25674

An issue in Django versions 6.0 before 6.0.3, 5.2 before 5.2.12, and 4.2 before 4.2.29 causes a race condition in file-system storage and file-based cache backends. Concurrent requests can cause created file-system objects to have incorrect permissions due to a thread’s temporary umask change aff...

Use After Free

Overview Affected versions of this package are vulnerable to Use After Free in the RecordBatchFileReader::PreBufferMetadata API call . An attacker can cause memory corruption or application crashes by providing a specially crafted IPC file with variadic buffers and exploiting multi-threaded IO...

CVE-2025-67433

Open TFTP Server MultiThreaded v1.7 is affected by a heap buffer overflow in the processRequest function, leading to a Denial of Service when handling a crafted DATA packet. The description confirms the vulnerability and impact; details on affected versions beyond v1.7, exploit steps, scope, or a...

CVE-2025-67433

A heap buffer overflow in the processRequest function of Open TFTP Server MultiThreaded v1.7 allows attackers to cause a Denial of Service DoS via a crafted DATA packet...

CVE-2025-67433

A heap buffer overflow in the processRequest function of Open TFTP Server MultiThreaded v1.7 allows attackers to cause a Denial of Service DoS via a crafted DATA packet...

CVE-2025-47359 Use After Free in Secure Processor

Memory Corruption when multiple threads simultaneously access a memory free API...