CVE-2025-7379

CVE-2025-7379 is a security bypass risk affecting ASUSTOR DataSync Center on ADM, via Reverse Tabnabbing. Affected versions are DataSync Center 1.1.0 up to but not including 1.1.0.r207, and 1.2.0 up to but not including 1.2.0.r206. The root cause is a tab hijacking/phishing vector that could enab...

CVE-2025-7379 A security bypass vulnerability was found in DataSync Center installed on ADM

A security bypass vulnerability allows exploitation via Reverse Tabnabbing, a type of phishing attack where attackers can manipulate the content of the original tab, leading to credential theft and other security risks. This issue affects DataSync Center: from 1.1.0 before 1.1.0.r207, and from...

CVE-2025-7379 A security bypass vulnerability was found in DataSync Center installed on ADM

A security bypass vulnerability allows exploitation via Reverse Tabnabbing, a type of phishing attack where attackers can manipulate the content of the original tab, leading to credential theft and other security risks. This issue affects DataSync Center: from 1.1.0 before 1.1.0.r207, and from...

WatchWitch: Interoperability, Privacy, and Autonomy for the Apple Watch

Smartwatches such as the Apple Watch collect vast amounts of intimate health and fitness data as we wear them. Users have little choice regarding how this data is processed: The Apple Watch can only be used with Apple's iPhones, using their software and their cloud services. We are the first to...

PT-2025-28862 · Unknown · Datasync Center

Name of the Vulnerable Software and Affected Versions: DataSync Center versions 1.1.0 through 1.1.0.r207 DataSync Center versions 1.2.0 through 1.2.0.r206 Description: A security bypass issue allows exploitation via Reverse Tabnabbing, a type of phishing attack where attackers can manipulate the...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796 Remote Code Execution POC c 2020 ZecOps, Inc. - https://www.zecops.com - Find Attackers' Mistakes Remote Code Execution POC for CVE-2020-0796 / "SMBGhost" Expected outcome: Reverse shell with system access. Intended only for educational and testing in corporate environments. ZecOps...

Exploit-Writeups

This is a collection of writeups for various CTF Capture The Flag challenges, specifically focusing on reverse engineering RE, pwnables, and miscellaneous challenges. The writeups are from the EncryptCTF-2019 and DawgCTF-2021 CTFs. The writeups cover a range of challenges, from simple to complex,...

Exploit for Improper Access Control in Appsmith

This is a PoC exploit for CVE-2024-55963, a vulnerability allowi...

CVE-2025-52554

n8n is a workflow automation platform. Prior to version 1.99.1, an authorization vulnerability was discovered in the /rest/executions/:id/stop endpoint of n8n. An authenticated user can stop workflow executions that they do not own or that have not been shared with them, leading to potential...

CVE-2025-52554

n8n (workflow automation platform) had an authorization vulnerability affecting the /rest/executions/:id/stop endpoint prior to version 1.99.1. An authenticated user could stop workflow executions they did not own or that were not shared with them, potentially disrupting business processes. The i...

Exploit for Code Injection in Langflow

CVE-2024-48061 Langflow vulnerable to remote code execution...

Automagic Reverse Engineering

Automagic Reverse Engineering By Trellix · July 1, 2025 This blog was written by Max Kersten Over the last few years, I have looked into methods to improve the reverse engineering process. This saves essential time during the analysis, which helps while defending from well prepared threat actors...

SUSE CVE-2025-38084

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: unshare page tables during VMA split, not before Currently, splitvma triggers hugetlb page table unsharing through vmops-maysplit. This happens before the VMA lock and rmap locks are taken - which is too early, it...

UBUNTU-CVE-2025-38084

In the Linux kernel, the following vulnerability has been resolved: mm/hugetlb: unshare page tables during VMA split, not before Currently, splitvma triggers hugetlb page table unsharing through vmops-maysplit. This happens before the VMA lock and rmap locks are taken - which is too early, it...

Exploit for Code Injection in Langflow

CVE-2025-3248 - Langflow Code Validation Endpoint RCE A proof...

CVE-2025-30131

An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commands by uploading a CGI-based webshell. Once a file is uploaded, the attacker can execute commands with root privileges, gaining full control over the dashcam...

Unveiling RIFT: Enhancing Rust malware analysis through pattern matching

Today, Microsoft Threat Intelligence Center is excited to announce the release of RIFT , a tool designed to assist malware analysts automate the identification of attacker-written code within Rust binaries. Known for its efficiency, type safety, and robust memory safety, Rust has increasingly...

One Video to Steal Them All: 3D-Printing IP Theft through Optical Side-Channels

The 3D printing industry is rapidly growing and increasingly adopted across various sectors including manufacturing, healthcare, and defense. However, the operational setup often involves hazardous environments, necessitating remote monitoring through cameras and other sensors, which opens the do...

📄 Mouselink 5.0.1 Remote Code Execution

Mouselink version 5.0.1 allows unauthenticated remote attackers to execute arbitrary commands by abusing an exposed login endpoint and insecure WebSocket-based keyboard simulation. With no password per default, an attacker can obtain a JWT token, open a WebSocket session, and simulate keystrokes ...

📄 VLC Mobile Remote for Windows 1.3.9.3 Remote Code Execution

VLC Mobile Remote for Windows version 1.3.9.3 allows remote code execution via unauthenticated keystroke injection over TCP, enabling command execution and reverse shell delivery. This is a second version of the original exploit by the same author. Exploit Title: VLC Mobile Remote VMR for Windows...