1805 matches found
EUVD-2022-2924
Malicious code in bioql PyPI...
EUVD-2025-6892
Malicious code in bioql PyPI...
EUVD-2023-48451
Malicious code in bioql PyPI...
EUVD-2021-30227
Malicious code in bioql PyPI...
EUVD-2025-10681
Malicious code in bioql PyPI...
Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Php
sudo docker run -it --rm -p 8080:80 php:8.0.29-apache bash...
CVE-2025-57601
AiKaan Cloud Controller uses a single hardcoded SSH private key and the username proxyuser for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open Remote Terminal" from the AiKaan dashboard, the controller sends this same static private key to the target...
PT-2025-38760
Name of the Vulnerable Software and Affected Versions Creacast Creabox Manager version 4.4.4 Description A critical Remote Code Execution issue exists in Creacast Creabox Manager version 4.4.4. An authenticated attacker can inject arbitrary Lua code into the configuration through the edit.php...
Exploit for SQL Injection in Fortinet Fortiweb
CVE-2025-25257 Exploits for CVE-2025-25257 released by watchto...
Researchers Uncover GPT-4-Powered MalTerminal Malware Creating Ransomware, Reverse Shell
Cybersecurity researchers have discovered what they say is the earliest example known to date of a malware with that bakes in Large Language Model LLM capabilities. The malware has been codenamed MalTerminal by SentinelOne SentinelLABS research team. The findings were presented at the LABScon 202...
FlowiseAI Pre-Auth Arbitrary Code Execution
Summary An authenticated admin user of FlowiseAI can exploit the Supabase RPC Filter component to execute arbitrary server-side code without restriction. By injecting a malicious payload into the filter expression field, the attacker can directly trigger JavaScript's execSync to launch reverse...
Exploit for CVE-2024-28397
CVE-2024-28397 js2py Sandbox Escape Exploit A collection of e...
LFISuite
This repository is an offensive tool for Local File Inclusion LFI exploitation and scanning. It is primarily used to exploit LFI vulnerabilities in web applications, allowing an attacker to access sensitive files and potentially gain unauthorized access to a system. The tool, called LFI Suite,...
fimap
fimap is a Python tool designed to find, prepare, audit, exploit, and even automatically Google for local and remote file inclusion LFI/RFI bugs in web applications. It can identify and exploit file inclusion bugs, including include, includeonce, require, and requireonce functions. The tool has a...
Exploit for Code Injection in Xwiki
xwiki-15.10.8-revers...
Linux Distros Unpatched Vulnerability : CVE-2022-41561
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The JNDI Data Sources component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server, TIBCO JasperReports Server - Community Edition,...
MAL-2025-191709 Malicious code in cti-ctf-challenges (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1cefe6c8a9ac6ede7c6ba497cf17011bf431812980749bb0068995ebba4039d9 If the method from the module is called, it attempts to download a malicious code identified as msf payload and save it locally. In the analysed version, the...
Malicious code in cti-ctf-challenges (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 1cefe6c8a9ac6ede7c6ba497cf17011bf431812980749bb0068995ebba4039d9 If the method from the module is called, it attempts to download a malicious code identified as msf payload and save it locally. In the analysed version, the...
Noisy Bear Campaign Targeting Kazakhstan Energy Sector Outed as a Planned Phishing Test
A threat actor possibly of Russian origin has been attributed to a new set of attacks targeting the energy sector in Kazakhstan. The activity, codenamed Operation BarrelFire, is tied to a new threat group tracked by Seqrite Labs as Noisy Bear. The threat actor has been active since at least April...
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
log4j-shell-poc A Proof-Of-Concept for the recently found CVE-2021-44228 vulnerability. Recently there was a new vulnerability in log4j, a java logging library that is very widely used in the likes of elasticsearch, minecraft and numerous others. In this repository we have made and example...