Exploit for Use After Free in Redis

CVE-2025-49844 RediShell AI-made Revshell PoC Untested comple...

CVE-2026-34156

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.28, NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODUL...

CVE-2026-34156 NocoBase Affected by Sandbox Escape to RCE via console._stdout Prototype Chain Traversal in Workflow Script Node

NocoBase is an AI-powered no-code/low-code platform for building business applications and enterprise solutions. Prior to version 2.0.28, NocoBase's Workflow Script Node executes user-supplied JavaScript inside a Node.js vm sandbox with a custom require allowlist controlled by WORKFLOWSCRIPTMODUL...

CVE-2026-25086

Under certain conditions, an attacker could bind to the same port used by WebCTRL. This could allow the attacker to craft and send malicious packets and impersonate the WebCTRL service without requiring code injection into the WebCTRL software...

EUVD-2026-13844

Under certain conditions, an attacker could bind to the same port used by WebCTRL. This could allow the attacker to craft and send malicious packets and impersonate the WebCTRL service without requiring code injection into the WebCTRL software...

CVE-2026-25086

Under certain conditions, an attacker could bind to the same port used by WebCTRL. This could allow the attacker to craft and send malicious packets and impersonate the WebCTRL service without requiring code injection into the WebCTRL software...

EUVD-2025-208413

GNU Binutils thru 2.45.1 readelf contains a denial-of-service vulnerability when processing a crafted binary with malformed DWARF .debugrnglists data. A logic flaw in the DWARF parsing path causes readelf to repeatedly print the same warning message without making forward progress, resulting in a...

AZL-79571 CVE-2025-69649 affecting package binutils 2.41-10

GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into displayrelocations, resulting in a segmentation fault SIGSEGV and...

CVE-2025-69652

GNU Binutils thru 2.46 readelf contains a vulnerability that leads to an abort SIGABRT when processing a crafted ELF binary with malformed DWARF abbrev or debug information. Due to incomplete state cleanup in processdebuginfo, an invalid debuginfop state may propagate into DWARF attribute parsing...

CVE-2025-69649

GNU Binutils thru 2.46 readelf contains a null pointer dereference vulnerability when processing a crafted ELF binary with malformed header fields. During relocation processing, an invalid or null section pointer may be passed into displayrelocations, resulting in a segmentation fault SIGSEGV and...

CVE-2026-24399

ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be processed and executed in the browser context. This allow...

EUVD-2026-4613

ChatterMate is a no-code AI chatbot agent framework. In versions 1.0.8 and below, the chatbot accepts and executes malicious HTML/JavaScript payloads when supplied as chat input. Specifically, an payload containing a javascript: URI can be processed and executed in the browser context. This allow...

EUVD-2025-200299

A vulnerability in Longwatch devices allows unauthenticated HTTP GET requests to execute arbitrary code via an exposed endpoint, due to the absence of code signing and execution controls. Exploitation results in SYSTEM-level privileges...

📄 CAREL Boss / Boss Mini 1.4.0 Path Traversal

Proof of concept for an older vulnerability in 2023 where CAREL Boss and Boss Mini version 1.4.0 suffer from a path traversal vulnerability. ============================================================================================================================================= | Title : Boss...

EUVD-2024-2925

Malicious code in bioql PyPI...

AI browsers could leave users penniless: A prompt injection warning

Artificial Intelligence AI browsers are gaining traction, which means we may need to start worrying about the potential dangers of something called "prompt injection." Large language models LLMs—like the ones that power AI chatbots including ChatGPT, Claude, and Gemini—are designed to follow...

CVE-2024-47818

Saltcorn is an extensible, open source, no-code database application builder. A logged-in user with any role can delete arbitrary files on the filesystem by calling the sync/cleansyncdir endpoint. The dirname POST parameter is not validated/sanitized and is used to construct the syncDir that is...

CVE-2024-24701

Cross-Site Request Forgery CSRF vulnerability in Native Grid LLC A no-code page builder for beautiful performance-based content.This issue affects A no-code page builder for beautiful performance-based content: from n/a through 2.1.20...

Remediate Risk Without the Roadblocks: Automate with Qualys Flow

Remediation and Workflow Automation, Redefined Still relying on manual steps in your cloud security? It’s outdated, and it’s risky. Manual processes lead to slower threat detection, human errors, increased operational costs, and compliance delays. This isn’t just inefficient—it’s a liability. Ent...

PayPal’s “no-code checkout” abused by scammers

We recently identified a new scam targeting PayPal customers with very convincing ads and pages. Crooks are abusing both Google and PayPal's infrastructure in order to trick victims calling for assistance to speak with fraudsters instead. Combining official-looking Google search ads with...