Exploit for Code Injection in Xwiki

Reverse shell for CVE-2025-24893 bash python3 CVE-2025-...

CVE-2025-58056

Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters LF as a chunk-size line...

CVE-2025-58056 Netty is vulnerable to request smuggling due to incorrect parsing of chunk extensions

Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters LF as a chunk-size line...

CVE-2025-58056

Netty is an asynchronous event-driven network application framework for development of maintainable high performance protocol servers and clients. In versions 4.1.124.Final, and 4.2.0.Alpha3 through 4.2.4.Final, Netty incorrectly accepts standalone newline characters LF as a chunk-size line...

Malicious code in python-dev-toolkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3e8bbf18a10505977ab19adc6dd13d15e1c7df3c69391e1c930289b953619549 Installing packages exfiltrates data different in different packages and versions or run revshells --- Category: MALICIOUS - The campaign has clearly malicious...

MAL-2025-191839 Malicious code in python-dev-toolkit (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 3e8bbf18a10505977ab19adc6dd13d15e1c7df3c69391e1c930289b953619549 Installing packages exfiltrates data different in different packages and versions or run revshells --- Category: MALICIOUS - The campaign has clearly malicious...

Linux Distros Unpatched Vulnerability : CVE-2021-33037

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Apache Tomcat 10.0.0-M1 to 10.0.6, 9.0.0.M1 to 9.0.46 and 8.5.0 to 8.5.66 did not correctly parse the HTTP transfer-encoding request header in some circumstance...

Reverse Tabnabbing

hfs is vulnerable to reverse tabnabbing. The vulnerability is due to missing rel="noopener noreferrer" when opening web links with target="blank", which allows an attacker to manipulate the original HFS tab via the window.opener property...

Exploit for Improper Restriction of XML External Entity Reference in Sysaid

From-EternalBlue-to-CVE-2025-2776-The-Evolution-of-an-SMB-Atta...

Linux Distros Unpatched Vulnerability : CVE-2021-43848

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - h2o is an open source http server. In code prior to the 8c0eca3 commit h2o may attempt to access uninitialized memory. When receiving QUIC frames in certain...

Linux Distros Unpatched Vulnerability : CVE-2024-45403

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - h2o is an HTTP server with support for HTTP/1.x, HTTP/2 and HTTP/3. When h2o is configured as a reverse proxy and HTTP/3 requests are cancelled by the client, h...

ROS-20250828-03

The Apache Tomcat application server vulnerability is due to Apache Tomcat not setting the attribute "Secure" attribute for session cookie JSESSIONID when using RemoteIpFilter with requests, received from a reverse proxy server over HTTP and containing an X-Forwarded-Proto header set to on https...

Exploit for CVE-2007-2447

CVE-2007-2447 Samba Exploit A Rust implementation of the CVE-...

Linux Distros Unpatched Vulnerability : CVE-2019-15486

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - django-js-reverse aka Django JS Reverse before 0.9.1 has XSS via jsreverseinline. CVE-2019-15486 Note that Nessus relies on the presence of the package as...

Linux Distros Unpatched Vulnerability : CVE-2021-41281

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Synapse is a package for Matrix homeservers written in Python 3/Twisted. Prior to version 1.47.1, Synapse instances with the media repository enabled can be...

Exploit for Code Injection in Xwiki

solrsearch-rce-exploit Unauth RCE PoC for XWiki SolrSearch CV...

mitmproxy binaries embed a vulnerable python-hyper/h2 dependency

mitmproxy 12.1.1 and below embed python-hyper/h2 ≤ v4.2.0, which has a gap in its HTTP/2 header validation. This enables request smuggling attacks when mitmproxy is in a configuration where it translates HTTP/2 to HTTP/1. For example, this affects reverse proxies to http:// backends. It does not...

GHSA-4GV9-MP8M-592R Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation (Post-RCE)

This vulnerability was discovered by researchers at Check Point. We are sharing this report as part of a responsible disclosure process and are happy to assist in validation and remediation if needed. Summary A privilege escalation vulnerability exists in Langflow containers where an authenticate...

Linux Distros Unpatched Vulnerability : CVE-2016-7046

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Red Hat JBoss Enterprise Application Platform EAP 7, when operating as a reverse-proxy with default buffer sizes, allows remote attackers to cause a denial of...

CVE-2025-55745

UnoPim is an open-source Product Information Management PIM system built on the Laravel framework. Versions 0.3.0 and prior are vulnerable to CSV injection, also known as formula injection, in the Quick Export feature. This vulnerability allows attackers to inject malicious content into exported...