Exploit for Race Condition in Canonical Ubuntu_Linux

500+ Pentest One-Liners & Commands for Every Hacking Scenario...

omrs-rce

OMRS — Online Marriage Registration System 1.0 — RCE & Auto Re...

[SECURITY] Fedora 42 Update: golang-github-openprinting-ipp-usb-0.9.31-1.fc42

HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB protocol...

CVE-2026-22199

Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication path traversal vulnerability in the upload.cgi endpoint that allows unauthenticated attackers to read arbitrary files on the device filesystem by supplying directory traversal sequences in the params parameter. Attackers can...

Exploit for Use After Free in Redis

CVE-2025-49844 Original uv POC: https:...

vsFTPd-2.3.4-exploit-netcat-revshell-PoC

vsFTPd...

CVE-2026-22199 Voltronic Power SNMP Web Pro 1.1 Path Traversal via upload.cgi

Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication path traversal vulnerability in the upload.cgi endpoint that allows unauthenticated attackers to read arbitrary files on the device filesystem by supplying directory traversal sequences in the params parameter. Attackers can...

Quantum CDMA-Based Continuous Variable Quantum Key Distribution Using Chaotic Phase Shifters

We present a quantum code-division multiple-access q-CDMA framework for multiuser continuous-variable quantum key distribution CV-QKD over a shared quantum channel. The proposed architecture employs chaotic phase shifters to encode and decode quantum states, enabling efficient multiplexing and...

PT-2026-25140

wpDiscuz before 7.6.47 contains a vote manipulation vulnerability that allows attackers to manipulate comment votes by obtaining fresh nonces and bypassing rate limiting through client-controlled headers. Attackers can vary User-Agent headers to reset rate limits, request nonces from the...

binary-exploitation

binary-exploitation A collection of binary exploitation...

Exploit for CVE-2026-31816

CVE-2026-31816 Reverse Shell Exploit Overview This tool e...

Apache ZooKeeper 3.8.x < 3.8.6 / 3.9.x < 3.9.5 Multiple Vulnerabilities

The version of Apache ZooKeeper listening on the remote host is 3.8.x prior to 3.8.6 or 3.9.x prior to 3.9.5. It is, therefore, affected by multiple vulnerabilities: - Improper handling of configuration values in ZKConfig allows an attacker to expose sensitive information stored in client...

Anytype Heart's gRPC API client challenge verification can be bypassed on localhost

Impact The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. Affected components: - Anytype Desktop all platforms ≤ v0.48.2 - Anytype-CLI headless deployments ≤ v0.1.9 Not affected: - Anytype mobile apps iOS...

CVE-2026-26130

A flaw was found in ASP.NET Core. This vulnerability allows an unauthorized attacker to perform a Denial of Service DoS attack over a network by allocating resources without limits or throttling. This can lead to the unavailability of the service for legitimate users. Mitigation To mitigate this...

Malicious code in anontest123 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f4d47757d3ee2d0dde7ed82934a06bf64343c344a7b090cf77f05dcd73f813a5 Installing the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

MAL-2026-1339 Malicious code in anontest123 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f4d47757d3ee2d0dde7ed82934a06bf64343c344a7b090cf77f05dcd73f813a5 Installing the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

Malicious code in safetest123 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 697641cf873581d63edc257a57ab2bef9e6662b8c6afbe7917fef190e539df39 Installing the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

MAL-2026-1340 Malicious code in safetest123 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 697641cf873581d63edc257a57ab2bef9e6662b8c6afbe7917fef190e539df39 Installing the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...

GHSA-775H-3XRC-C228 Parse Server has a rate limit bypass via batch request endpoint

Impact Parse Server's rate limiting middleware is applied at the Express middleware layer, but the batch request endpoint /batch processes sub-requests internally by routing them directly through the Promise router, bypassing Express middleware including rate limiting. An attacker can bundle...

BIT-ZOOKEEPER-2026-24281 Apache ZooKeeper: Reverse-DNS fallback enables hostname verification bypass in ZooKeeper ZKTrustManager

Hostname verification in Apache ZooKeeper ZKTrustManager falls back to reverse DNS PTR when IP SAN validation fails, allowing attackers who control or spoof PTR records to impersonate ZooKeeper servers or clients with a valid certificate for the PTR name. It's important to note that attacker must...