Google Go 安全漏洞

Google Go is a static strongly typed, compiled, concatenated, and garbage-collected programming language from Google. Google Go suffers from an information disclosure vulnerability that stems from an issue with the order in which messages across cryptographic level boundaries are processed during...

EUVD-2025-206407

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes...

CVE-2025-41726 Beckhoff: Arbitrary code execution within privileged processes

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes...

CVE-2025-41726

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes...

ALSA-2026:1412 Important: php:8.2 security update

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. Security Fixes: php: pgsql extension does not check for errors during escaping CVE-2025-1735 php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix CVE-2025-6491 php: PHP Hostname Nul...

Secure-Programming-and-Exploiting-Vulnerabilities

Secure-P...

macOS Mavericks 10.9 Local Privilege Escalation Tooling

This is not an exploit but rather a theoretical ROP chain construction framework for macOS Mavericks 10.9 that is inspired by older research...

POC-Generator-Burp_Suite_Extension

🎯 POC Generator - Burp Suite Extension From vulnerability...

CVE-2026-0785

ALGO 8180 IP Audio Alerter API Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw...

EUVD-2026-4257

phpMyFAQ is an open source FAQ web application. In versions 4.0.16 and below, multiple public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list endpoint calls Question::getAll with showAll=true by default, returning...

CVE-2025-52022

A vulnerability in the PHP backend of gemsloyalty.aptsys.com.sg thru 2025-05-28 allows unauthenticated remote attackers to trigger detailed error messages that disclose internal file paths, code snippets, and stack traces. This occurs when specially crafted HTTP GET/POST requests are sent to publ...

CVE-2026-22985

CVE-2026-22985 affects the Linux kernel idpf driver. The vulnerability causes a NULL pointer dereference when ethtool operations (e.g., rxhash) are invoked before the interface is up due to the RSS LUT not being initialized. The fix moves RSS LUT initialization from ndo_open to vport creation to ...

CVE-2026-22985

In the Linux kernel, the following vulnerability has been resolved: idpf: Fix RSS LUT NULL pointer crash on early ethtool operations The RSS LUT is not initialized until the interface comes up, causing the following NULL pointer crash when ethtool operations like rxhash on/off are performed befor...

CVE-2026-0785 ALGO 8180 IP Audio Alerter API Command Injection Remote Code Execution Vulnerability

ALGO 8180 IP Audio Alerter API Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw...

CVE-2025-52024

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services,...

CVE-2025-52024

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services,...

CVE-2025-52022

CVE-2025-52022 affects the PHP backend of gemsloyalty.aptsys.com.sg (through 2025-05-28). The root issue is Information Exposure Through an Error Message: unauthenticated remote attackers can trigger detailed error messages via public API endpoints that disclose internal file paths, code snippets...

Missing Authentication for Critical Function

Overview Affected versions of this package are vulnerable to Missing Authentication for Critical Function due to the lack of JWT authentication middleware and RBAC authorization checks in the routing configuration for /api/v1/jobs endpoint. An attacker can view, update, and delete jobs by sending...

GHSA-4XC5-WFWC-JW47 Typebot affected by Credential Theft via Client-Side Script Execution and API Authorization Bypass

Summary Client-side script execution in Typebot allows stealing all stored credentials from any user. When a victim previews a malicious typebot by clicking "Run", JavaScript executes in their browser and exfiltrates their OpenAI keys, Google Sheets tokens, and SMTP passwords. The...

CVE-2025-68510

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in ThemeGoods Photography photography allows PHP Local File Inclusion.This issue affects Photography: from n/a through 7.7.5...