PT-2025-39209

Name of the Vulnerable Software and Affected Versions Http4s versions 1.0.0-M1 through 1.0.0-M44 Http4s versions prior to 0.23.31 Description Http4s is susceptible to HTTP Request Smuggling because of incorrect handling of the HTTP trailer section. This can allow attackers to circumvent front-end...

CVE-2025-57601

AiKaan Cloud Controller uses a single hardcoded SSH private key and the username proxyuser for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open Remote Terminal" from the AiKaan dashboard, the controller sends this same static private key to the target...

nightmare

This repository is an introduction to binary exploitation and reverse engineering course based on CTF challenges, called "Nightmare". It contains a large amount of content, with over 90 challenges, laid out in a linear fashion, and well-documented write-ups explaining how to go from being handed...

PT-2025-38760

Name of the Vulnerable Software and Affected Versions Creacast Creabox Manager version 4.4.4 Description A critical Remote Code Execution issue exists in Creacast Creabox Manager version 4.4.4. An authenticated attacker can inject arbitrary Lua code into the configuration through the edit.php...

CVE-2025-57601

AiKaan Cloud Controller uses a single hardcoded SSH private key and the username proxyuser for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open Remote Terminal" from the AiKaan dashboard, the controller sends this same static private key to the target...

PT-2025-38730

Name of the Vulnerable Software and Affected Versions AiKaan Cloud Controller affected versions not specified Description The AiKaan Cloud Controller utilizes a single, hardcoded SSH private key and the username proxyuser for remote terminal access to all managed IoT/edge devices. When an...

CVE-2025-57601

Affected software : AiKaan Cloud Controller. Vulnerability : uses a single hardcoded SSH private key and the same proxyuser for remote terminal access to all managed IoT/edge devices; when Open Remote Terminal is invoked, the static key is sent to the target device, enabling reverse SSH tunnels t...

CVE-2025-57601

AiKaan Cloud Controller uses a single hardcoded SSH private key and the username proxyuser for remote terminal access to all managed IoT/edge devices. When an administrator initiates "Open Remote Terminal" from the AiKaan dashboard, the controller sends this same static private key to the target...

Exploit for SQL Injection in Fortinet Fortiweb

CVE-2025-25257 Exploits for CVE-2025-25257 released by watchto...

Researchers Uncover GPT-4-Powered MalTerminal Malware Creating Ransomware, Reverse Shell

Cybersecurity researchers have discovered what they say is the earliest example known to date of a malware with that bakes in Large Language Model LLM capabilities. The malware has been codenamed MalTerminal by SentinelOne SentinelLABS research team. The findings were presented at the LABScon 202...

SUSE CVE-2022-50355

In the Linux kernel, the following vulnerability has been resolved: staging: vt6655: fix some erroneous memory clean-up loops In some initialization functions of this driver, memory is allocated with 'i' acting as an index variable and increasing from 0. The commit in "Fixes" introduces some...

CVE-2022-50355 staging: vt6655: fix some erroneous memory clean-up loops

In the Linux kernel, the following vulnerability has been resolved: staging: vt6655: fix some erroneous memory clean-up loops In some initialization functions of this driver, memory is allocated with 'i' acting as an index variable and increasing from 0. The commit in "Fixes" introduces some...

CVE-2022-50355

In the Linux kernel, the following vulnerability has been resolved: staging: vt6655: fix some erroneous memory clean-up loops In some initialization functions of this driver, memory is allocated with 'i' acting as an index variable and increasing from 0. The commit in "Fixes" introduces some...

Arbitrary Code Injection

Overview flowise-components is a Flowiseai Components Affected versions of this package are vulnerable to Arbitrary Code Injection via the supabaseRPCFilter parameter. An attacker with administrative privileges can execute arbitrary server-side code, access sensitive environment variables, and...

FlowiseAI Pre-Auth Arbitrary Code Execution

Summary An authenticated admin user of FlowiseAI can exploit the Supabase RPC Filter component to execute arbitrary server-side code without restriction. By injecting a malicious payload into the filter expression field, the attacker can directly trigger JavaScript's execSync to launch reverse...

Mustang Panda Deploys SnakeDisk USB Worm to Deliver Yokai Backdoor on Thailand IPs

The China-aligned threat actor known as Mustang Panda has been observed using an updated version of a backdoor called TONESHELL and a previously undocumented USB worm called SnakeDisk. "The worm only executes on devices with Thailand-based IP addresses and drops the Yokai backdoor," IBM X-Force...

Exploit for CVE-2024-28397

CVE-2024-28397 js2py Sandbox Escape Exploit A collection of e...

LFISuite

This repository is an offensive tool for Local File Inclusion LFI exploitation and scanning. It is primarily used to exploit LFI vulnerabilities in web applications, allowing an attacker to access sensitive files and potentially gain unauthorized access to a system. The tool, called LFI Suite,...

Phantom-Evasion

This is a Python antivirus evasion tool called Phantom-Evasion. It is free software, licensed under the GNU General Public License GPL version 3. The tool is designed to evade detection by antivirus software and is intended for educational or research purposes only. The tool has several modules,...

ctf-tasks

This is a CTF Capture The Flag challenge repository from the CONFidence CTF 2014 event. The repository contains several files and directories related to two tasks: "Crypto Machine" and "Memory". Crypto Machine The "Crypto Machine" task is a reverse engineering challenge that involves exploiting a...