Exploit for CVE-2026-6960

CVE-2026-6960 — BookingPress Pro ≤ 5.6 | Unauthenticated Arbit...

Malicious code in token-usage-tracker (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

AI-Driven Adaptive Adversaries and the Erosion of Cryptographic Trust in Public Key Systems

This paper examines the erosion of Public Key Cryptography PKC security under adaptive adversarial optimisation driven by artificial intelligence. The problem addressed is the growing mismatch between algorithm-centric cryptographic security models and operational attack realities, where...

MAL-2026-4283 Malicious code in token-usage-tracker (npm)

Ten packages published by npm user asdxzxc at version 1.0.10 target developers working on AI and LLM tooling. Each package masquerades as a developer utility while executing a two-stage payload triggered via postinstall: package.json → lib/setup.js → lib/worker.js. Credential harvesting:...

Security Bulletin: IBM Cognos Analytics Mobile is affected by multiple security vulnerabilties

Summary IBM Cognos Analytics Mobile is affected by multiple security vulnerabilities. These have been addressed in IBM Cognos Analytics Mobile 1.1.26. Vulnerability Details CVEID:CVE-2026-26278 DESCRIPTION: fast-xml-parser allows users to validate XML, parse XML to JS object, or build XML from JS...

Exploit for Origin Validation Error in Langflow

CVE-2025-34291 — Langflow Origin Validation / CORS...

Exploit for OS Command Injection in Beyondtrust Privileged_Remote_Access

CVE-2026-1731 — BeyondTrust Remote Support & PRA Pre-auth RCE...

Exploit for Command Injection in Github Enterprise_Server

CVE-2026-3854 — GitHub Enterprise Server RCE via Push Option I...

Exploit for Incorrect Implementation of Authentication Algorithm in Google Android

CVE-2026-0073 — Android Debug Bridge ADB Auth Bypass RCE...

Exploit for Out-of-bounds Write in Paloaltonetworks Pan-Os

CVE-2026-0300 — Palo Alto Networks PAN-OS BOF RCE root...

Exploit for CVE-2026-9082

CVE-2026-9082 — Drupal PostgreSQL SQL Injection Mass Scanner & E...

Security Bulletin: Multiple vulnerabilities in Aspera applications.

Summary Multiple vulnerabilities were addressed in IBM Aspera High-Speed Transfer Endpoint 4.4.7 Fix Pack 2 and IBM Aspera High-Speed Transfer Server 4.4.7 Fix Pack 2 Vulnerability Details CVEID:CVE-2026-7876 DESCRIPTION: IBM Aspera High-Speed Transfer Server and IBM Aspera High-Speed Transfer...

Security Bulletin: IBM Rational® Application Developer for WebSphere® Software is vulnerable to a remote attack to take over Java SE

Summary IBM® SDK, Java™ Technology Edition, is used by IBM Rational® Application Developer for WebSphere® Software as the runtime and development kit. CVE-2025-50106 Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with netwo...

Exploit for CVE-2026-42945

NGINX Rift — CVE-2026-42945 RCE proof-of-concept for CVE-20...

Exploit for Unrestricted Upload of File with Dangerous Type in Wordpress

WordPress Crop Image RCE — CVE-2019-8942 / CVE-2019-8943 Pyth...

jwt-pwn

jwt-pwn A zero-dependency Python 3 toolkit for discovering an...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to IBM Java SDK

Summary There are multiple vulnerabilities in IBM Java SDK, Java Technology Edition used by IBM App Connect Enterprise and IBM Integration Bus for z/OS . Vulnerability Details CVEID:CVE-2026-22016 DESCRIPTION: Easily exploitable vulnerability allows unauthenticated attacker with network access vi...

CVE-2025-46371

Dell PowerFlex Manager, versions =4.6.2, contains a Use of a Broken or Risky Cryptographic Algorithm vulnerability in the ssh. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Protection mechanism bypass...

Security Bulletin: IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to Apache Log4j ( CVE-2026-34477, CVE-2026-34478, CVE-2026-34479 & CVE-2026-34480 )

Summary IBM App Connect Enterprise and IBM Integration Bus for z/OS are vulnerable to multiple vulnerabilities due to Apache Log4j. Vulnerability Details CVEID:CVE-2026-34477 DESCRIPTION: The fix for CVE-2025-68161 https://logging.apache.org/security.htmlCVE-2025-68161 was incomplete: it addresse...

K000161377: NGINX ngx_http_rewrite_module vulnerability CVE-2026-9256

Security Advisory Description NGINX Plus and NGINX Open Source have a vulnerability in the ngxhttprewritemodule module. This vulnerability exists when a rewrite directive uses a regex pattern with distinct, overlapping Perl-Compatible Regular Expression PCRE captures for example, ^/.$ and a...