CVE-2023-53875

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server...

CVE-2025-66482 Misskey has a login rate limit bypass via spoofed X-Forwarded-For header

Misskey is an open source, federated social media platform. Attackers who use an untrusted reverse proxy or not using a reverse proxy at all can bypass IP rate limiting by adding a forged X-Forwarded-For header. Starting with version 2025.9.1, an option trustProxy has been added in config file to...

CVE-2025-66482 Misskey has a login rate limit bypass via spoofed X-Forwarded-For header

Misskey is an open source, federated social media platform. Attackers who use an untrusted reverse proxy or not using a reverse proxy at all can bypass IP rate limiting by adding a forged X-Forwarded-For header. Starting with version 2025.9.1, an option trustProxy has been added in config file to...

CVE-2025-66482 Misskey has a login rate limit bypass via spoofed X-Forwarded-For header

Misskey is an open source, federated social media platform. Attackers who use an untrusted reverse proxy or not using a reverse proxy at all can bypass IP rate limiting by adding a forged X-Forwarded-For header. Starting with version 2025.9.1, an option trustProxy has been added in config file to...

CVE-2023-53875

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server...

CVE-2023-53875

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server...

CVE-2023-53875 GOM Player 2.3.90.5360 Remote Code Execution via Insecure IE Component

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in its Internet Explorer component that allows attackers to execute arbitrary code through DNS spoofing. Attackers can redirect victims using a malicious URL shortcut and WebDAV technique to run a reverse shell with SMB server...

CVE-2023-53875

GOM Player 2.3.90.5360 contains a remote code execution vulnerability in the Internet Explorer component. The issue can be triggered via DNS spoofing with a malicious URL shortcut and WebDAV, enabling an attacker to execute arbitrary code and potentially run a reverse shell with SMB server intera...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to trusting reverse-proxy headers by default. An attacker can bypass IP-based access restrictions by crafting requests with malicious X-Forwarded-For headers. Remediation Upgrade...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to trusting reverse-proxy headers by default. An attacker can bypass IP-based access restrictions by crafting requests with malicious X-Forwarded-For headers. Remediation Upgrade...

User Impersonation

Overview Affected versions of this package are vulnerable to User Impersonation due to trusting reverse-proxy headers by default. An attacker can bypass IP-based access restrictions by crafting requests with malicious X-Forwarded-For headers. Remediation Upgrade...

PT-2025-51338

Name of the Vulnerable Software and Affected Versions Misskey versions 2025.9.1 through 2025.11.1 Misskey versions prior to 2025.12.0-alpha.2 Description Misskey is an open source, federated social media platform. Attackers can bypass IP rate limiting by adding a forged X-Forwarded-For header whe...

PT-2025-51293

Name of the Vulnerable Software and Affected Versions GOM Player version 2.3.90.5360 Description GOM Player has a remote code execution issue in its Internet Explorer component. An attacker can execute arbitrary code through DNS spoofing. The attack involves redirecting a victim using a malicious...

Exploit for Improper Neutralization of Line Delimiters in Cacti

Cacti CVE-2025-24367 Authenticated RCE PoC This repository co...

CVE-2024-58305

WonderCMS 4.3.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious JavaScript through the module installation endpoint. Attackers can craft a specially designed XSS payload to install a reverse shell module and execute remote commands by tricking an...

CVE-2025-53960

When issuing JSON Web Tokens JWT, Apache StreamPark directly uses the user's password as the HMAC signing key e.g., with the HS256 algorithm. An attacker can exploit this vulnerability to perform offline brute-force attacks on the user's password using a captured JWT, or to arbitrarily forge...

Use Of Hard-coded Cryptographic Key

Apache StreamPark is vulnerable to use of a hard-coded cryptographic key. The vulnerability is due to Apache StreamPark uses an immutable, embedded key for encryption instead of a securely generated or configurable one, allowing attackers who obtain the key through reverse engineering or source...

CVE-2025-34506

WBCE CMS version 1.6.3 and prior contains an authenticated remote code execution vulnerability that allows administrators to upload malicious modules. Attackers can craft a specially designed ZIP module with embedded PHP reverse shell code to gain remote system access when the module is installed...

EUVD-2024-55351

WonderCMS 4.3.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious JavaScript through the module installation endpoint. Attackers can craft a specially designed XSS payload to install a reverse shell module and execute remote commands by tricking an...

CVE-2024-58305

WonderCMS 4.3.2 contains a cross-site scripting vulnerability that allows attackers to inject malicious JavaScript through the module installation endpoint. Attackers can craft a specially designed XSS payload to install a reverse shell module and execute remote commands by tricking an...