127 matches found
EUVD-2019-9468
Malware in sbrugna...
Exploit for Improper Input Validation in Microsoft
Moniker Link CVE-2024-21413 Exploit Demo This repository co...
EUVD-2024-29729
Malicious code in bioql PyPI...
EUVD-2025-27467
Malicious code in bioql PyPI...
scripts
This repository contains a collection of scripts written by AverageSecurityGuy for use in penetration testing engagements. The scripts are categorized into various folders, each containing a specific type of script, such as password brute forcing, cloud interaction, database testing, enumeration,...
CVE-2025-58762
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the pmsimageproxy endpoint to write arbitrary python scripts into the application filesystem. This leads to remote code execution when...
CVE-2025-58762 Tautulli vulnerable to Authenticated Remote Code Execution via write primitive and `Script` notification agent
Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative access can use the pmsimageproxy endpoint to write arbitrary python scripts into the application filesystem. This leads to remote code execution when...
Exploit for CVE-2024-9014
CVE-2024-9014 - pgAdmin 4 OAuth2 Authentication Bypass Exploit...
Exploit for Code Injection in Langflow
CVE-2025-3248: Langflow Unauthenticated Remote Code Execution...
Former Black Basta Members Use Microsoft Teams and Python Scripts in 2025 Attacks
Former members tied to the Black Basta ransomware operation have been observed sticking to their tried-and-tested approach of email bombing and Microsoft Teams phishing to establish persistent access to target networks. "Recently, attackers have introduced Python script execution alongside these...
CVE-2024-31871
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306...
Exploit for Out-of-bounds Write in Exim
CVE-2023-42115: Exploit and Payload Generator Scripts This r...
Google's AI Tool Big Sleep Finds Zero-Day Vulnerability in SQLite Database Engine
Google said it discovered a zero-day vulnerability in the SQLite open-source database engine using its large language model LLM assisted framework called Big Sleep formerly Project Naptime. The tech giant described the development as the "first real-world vulnerability" uncovered using the...
vulSystem
This repository appears to be a collection of tools and scripts for web scraping and data collection, likely used for research or analysis purposes. The tools are written in Python and utilize various libraries such as BeautifulSoup and requests. The repository contains several scripts, including...
CVE-2024-31871 IBM Security Verify Access Appliance improper certificate validation
IBM Security Verify Access Appliance 10.0.0 through 10.0.7 could allow a malicious actor to conduct a man in the middle attack when deploying Python scripts due to improper certificate validation. IBM X-Force ID: 287306...
ESPHome vulnerable to remote code execution via arbitrary file write
Summary Security misconfiguration in edit configuration file API in dashboard component of ESPHome version 2023.12.9 command line installation allows authenticated remote attackers to read and write arbitrary files under the configuration directory rendering remote code execution possible. Detail...
GHSA-8P25-3Q46-8Q2P ESPHome vulnerable to remote code execution via arbitrary file write
Summary Security misconfiguration in edit configuration file API in dashboard component of ESPHome version 2023.12.9 command line installation allows authenticated remote attackers to read and write arbitrary files under the configuration directory rendering remote code execution possible. Detail...
Cybersecurity Agencies Warn Ubiquiti EdgeRouter Users of APT28's MooBot Threat
In a new joint advisory, cybersecurity and intelligence agencies from the U.S. and other countries are urging users of Ubiquiti EdgeRouter to take protective measures, weeks after a botnet comprising infected routers was felled by law enforcement as part of an operation codenamed Dying Ember. The...
Exploit for Improper Authentication in Hikvision Ds-2Cd2032-I_Firmware
cve-2017-7921-Mass-Exploit Mass Config Download python3 dow...
New Malvertising Campaign Distributing Trojanized IT Tools via Google and Bing Search Ads
A new malvertising campaign has been observed leveraging ads on Google Search and Bing to target users seeking IT tools like AnyDesk, Cisco AnyConnect VPN, and WinSCP, and trick them into downloading trojanized installers with an aim to breach enterprise networks and likely carry out future...