Microsoft Office 365 (2016 Click-to-Run) RCE Vulnerability (Jul 2025)

This host is missing a critical security update according to Microsoft Office Click-to-Run update July 2025. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

Microsoft Outlook 2016 RCE Vulnerability (KB5002747)

This host is missing an important security update according to Microsoft KB5002747 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

CVE-2025-32023 Redis allows out of bounds writes in hyperloglog commands leading to RCE

Redis is an open source, in-memory database that persists on disk. From 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, an authenticated user may use a specially crafted string to trigger a stack/heap out of bounds write on hyperloglog operations, potentially leading to remote code execution. The...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813 Apache Tomcat RCE Exploit PoC This repository...

MAL-2025-5829 Malicious code in node-mongoose-orm (npm)

The package employs typosquatting to impersonate a legitimate author and package, and it contains obfuscated code that exfiltrates sensitive user data and creates a backdoor for remote code execution, The core of the malicious activity is found in the package/lib/writer.js file. The lib/writer.js...

Oracle Linux 10 : tomcat9 (ELSA-2025-7494)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7494 advisory. 1:9.0.87-5 - Resolves: RHEL-82927 tomcat: Potential RCE and/or information disclosure and/or information corruption with partial PUT CVE-2025-24813 Tenable has...

Exploit for Injection in Cisco Identity_Services_Engine

CVE-2025-20281-2-Cisco-ISE-RCE Unauthenticated Python PoC for...

Critical RCE Flaws in Cisco ISE and ISE-PIC Allow Unauthenticated Attackers to Gain Root Access

Cisco has released updates to address two maximum-severity security flaws in Identity Services Engine ISE and ISE Passive Identity Connector ISE-PIC that could permit an unauthenticated attacker to execute arbitrary commands as the root user. The vulnerabilities, assigned the CVE identifiers...

KLA85379 RCE vulnerability in WinRAR

Code execution vulnerability was found in WinRAR. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories WinRAR 7.12 Final released ZDI-25-409 CVE-2025-6218 Related products WinRAR CVE list CVE-2025-6218 critical Solution Update to the latest version Downloa...

Exploit for External Control of File Name or Path in Microsoft

CVE-2025-33053 - WebDAV Remote Code Execution RCE PoC & C2 S...

Exploit for Code Injection in Langflow

CVE-2025-3248 — Langflow AI Remote Code Execution Unauthentic...

New Flodrix Botnet Variant Exploits Langflow AI Server RCE Bug to Launch DDoS Attacks

Cybersecurity researchers have called attention to a new campaign that's actively exploiting a recently disclosed critical security flaw in Langflow to deliver the Flodrix botnet malware. "Attackers use the vulnerability to execute downloader scripts on compromised Langflow servers, which in turn...

Exploit for Code Injection in Langflow

mitsec - CVE-2025-3248 Langflow RCE Exploit Remote Code Execu...

TencentOS Server 3: tomcat (TSSA-2025:0304)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0304 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

Exploit for Code Injection in Grafana

🛠️ CVE-2024-9264 - Fixed Grafana RCE Exploit This is a fixe...

BIT-KAFKA-2025-27819 Apache Kafka: Possible RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration

In CVE-2023-25194, we announced the RCE/Denial of service attack via SASL JAAS JndiLoginModule configuration in Kafka Connect API. But not only Kafka Connect API is vulnerable to this attack, the Apache Kafka brokers also have this vulnerability. To exploit this vulnerability, the attacker needs ...

Fedora 42 : roundcubemail (2025-70701de9de)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-70701de9de advisory. This is a security update to the stable version 1.6 of Roundcube Webmail. It provides fixes to recently reported security vulnerabilities: Fix Post-Auth RCE...

Exploit for CVE-2025-24514

🔥 CVE-2025-24514 원격 취약점 점검 PoC 이 스크립트는 CVE-2025-24514 취약점ing...

Microsoft Word 2016 Multiple RCE Vulnerabilities (KB5002710)

This host is missing an important security update according to Microsoft KB5002710 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...

Microsoft Excel 2016 RCE Vulnerability (KB5002735)

This host is missing an important security update according to Microsoft KB5002735 SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescriptio...