Exploit for Deserialization of Untrusted Data in Clear Clearml

CVE-2024-24590 Deserialization of untrusted data can occur in...

Exploit for Path Traversal in Hsclabs Mailinspector

CVE-2024-34470 PoC and Bulk Scanner Overview This is a pr...

Malvertising Campaign Leads to Execution of Oyster Backdoor

The following analysts contributed to this blog: Thomas Elkins, Daniel Thiede, Josh Lockwood, Tyler McGraw, and Sasha Kovalev. Executive Summary Rapid7 has observed a recent malvertising campaign that lures users into downloading malicious installers for popular software such as Google Chrome and...

Remote Code Execution

langflow is vulnerable to Remote Code Execution. The vulnerability is due to untrusted users being able to reach the POST /api/v1/customcomponent endpoint and provide a Python script, allowing an attacker to execute arbitrary code...

Langflow remote code execution vulnerability

Langflow allows remote code execution if untrusted users are able to reach the "POST /api/v1/customcomponent" endpoint and provide a Python script...

GHSA-QG33-X2C5-6P44 Langflow remote code execution vulnerability

Langflow allows remote code execution if untrusted users are able to reach the "POST /api/v1/customcomponent" endpoint and provide a Python script...

CVE-2024-37014

Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/customcomponent" endpoint and provide a Python script...

CVE-2024-37014

Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/customcomponent" endpoint and provide a Python script...

CVE-2024-37014

CVE-2024-37014 affects Langflow up to version 0.6.19. The vulnerability allows remote code execution when an untrusted user can access the endpoint POST /api/v1/custom_component and provide a Python script. The cited sources describe this vector and the resulting arbitrary code execution, with im...

CVE-2024-37014

Langflow through 0.6.19 allows remote code execution if untrusted users are able to reach the "POST /api/v1/customcomponent" endpoint and provide a Python script...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

CVE-2024-24919-Sniper !CVE-2024-24919 Sniper Screenshotsni...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

CVE-2024-24919 Bulk Scanner CVE-2024-24919 Check Point Securi...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

Mass Auto Scanner for CVE-2024-24919 This script is designed to...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Checkpoint Quantum_Spark_Firmware

Intro Simple POC Python script that check & leverage Check Poi...

Exploit for Deserialization of Untrusted Data in Apache Activemq

Resumen Técnico del Ataque: CVE-2023-46604 El script explota un...

Exploit for SQL Injection in Valvepress Automatic

CVE-2024-27956-RCE File Package Contents: 1. exploit.py...

Apache mod_proxy_cluster - Stored XSS Exploit

import requests import argparse from bs4 import BeautifulSoup from urllib.parse import urlparse, parseqs, urlencode, urlunparse from requests.exceptions import RequestException class Colors: RED = '\03391m' GREEN = '\0331;49;92m' RESET = '\0330m' def getclustermanagerurlbaseurl, path:...

Shiro-721

This is a vulnerability analysis of a repository containing a proof-of-concept PoC exploit for a remote code execution RCE vulnerability in Apache Shiro, a Java-based security framework. The vulnerability is caused by a padding oracle attack, which allows an attacker to construct serialized data...

Exploit for Protection Mechanism Failure in Microsoft

CVE-2024-29988-exploit Exploit for Microsoft SmartScreen malic...

Exploit for Incorrect User Management in Portainer

Portainer CVE-2024-29296 Proof of Concept Script Requireme...