PT-2026-8093

@VulmonFeeds CVE-2025-27941 is a vulnerability addressed in the NSFOCUS NIPS Network Intrusion Prevention System IPS Rule 5.6.11 upgrade package, which updates the engine to detect and mitigate it. 🔒 CyberSecurity...

PT-2026-8092

@VulmonFeeds 🚨 CVE-2025-27928 is a vulnerability associated with Link Power OA, specifically an arbitrary file upload flaw in the UpLoadFile/uploadLogo endpoint, as identified in NSFOCUS NIPS/IPS rule updates. CVE Vulnerability...

EUVD-2023-59773

Malicious code in bioql PyPI...

NSFOCUS SecGate3600 安全漏洞

NSFOCUS SecGate3600 is a new generation firewall security product from China Green Alliance NSFOCUS. A security vulnerability exists in NSFOCUS SecGate3600, which stems from insufficient authentication checking and may lead to sensitive information leakage...

Mirai-Inspired Gorilla Botnet Hits 0.3 Million Targets Across 100 Countries

A new Gorilla Botnet has launched massive DDoS attacks, targeting over 100 countries, according to cybersecurity firm NSFOCUS.…...

Exploit for Improper Access Control in Joomla Joomla\!

Joomla! options Arguments - url: Root URL base...

Experts Uncover DarkCasino: New Emerging APT Threat Exploiting WinRAR Flaw

A hacking group that leveraged a recently disclosed security flaw in the WinRAR software as a zero-day has now been categorized as an entirely new advanced persistent threat APT. Cybersecurity company NSFOCUS has described DarkCasino as an "economically motivated" actor that first came to light i...

Iranian APT Group OilRig Using New Menorah Malware for Covert Operations

Sophisticated cyber actors backed by Iran known as OilRig have been linked to a spear-phishing campaign that infects victims with a new strain of malware called Menorah. "The malware was designed for cyberespionage, capable of identifying the machine, reading and uploading files from the machine,...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 - WinRAR File Extension Spoofing Vulnerability...

Exploit for Improper Access Control in Joomla Joomla\!

Joomla! information disclosure - CVE-2023-23752 exploit Explo...

Exploit for Improper Access Control in Joomla Joomla\!

Joomla! information disclosure - CVE-2023-23752 exploit Joo...

Joomla! 4.2.7 Unauthenticated Information Disclosure

!/usr/bin/env ruby Exploit Title: Joomla! = 4.2.8 References: - https://nsfocusglobal.com/joomla-unauthorized-access-vulnerability-cve-2023-23752-notice/ - https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html -...

XStream can cause a Denial of Service

Impact The vulnerability may allow a remote attacker to allocate 100% CPU time on the target system depending on CPU type or parallel execution of such a payload resulting in a denial of service only by manipulating the processed input stream. No user is affected, who followed the recommendation ...

XStream is vulnerable to an Arbitrary Code Execution attack

Impact The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required...

A Server-Side Forgery Request can be activated unmarshalling with XStream to access data streams from an arbitrary URL referencing a resource in an intranet or the local host

Impact The vulnerability may allow a remote attacker to request data from internal resources that are not publicly available only by manipulating the processed input stream with a Java runtime version 14 to 8. No user is affected, who followed the recommendation to setup XStream's security...

WAFW00F v1.0.0 - Detect All The Web Application Firewall!

WAFW00F identifies and fingerprints Web Application Firewall WAF products. How does it work? To do its magic, WAFW00F does the following: Sends a normal HTTP request and analyses the response; this identifies a number of WAF solutions. If that is not successful, it sends a number of potentially...

RHEL 7 : Satellite 6.4 (RHSA-2018:2927)

"The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2018:2927 advisory. Red Hat Satellite is a systems management tool for Linux-based infrastructure. It allows for provisioning, remote management, and monitorin...

Important: Red Hat Security Advisory: Satellite 6.4 security, bug fix, and enhancement update

An update is now available for Red Hat Satellite 6.4 for RHEL 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...

Important: Red Hat Security Advisory: eap6-jboss-ec2-eap security update

An update for jboss-ec2-eap is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

Important: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 6.4.20 security update

An update is now available for Red Hat JBoss Enterprise Application Platform 6.4 for Red Hat Enterprise Linux 5. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, ...