Erlang OTP Pre-Auth RCE Scanner and Exploit

This module detect and exploits CVE-2025-32433, a pre-authentication vulnerability in Erlang-based SSH servers that allows remote command execution. By sending crafted SSH packets, it executes a payload to establish a reverse shell on the target system. The exploit leverages a flaw in the SSH...

Security Bulletin: IBM OpenPages with Watson has addressed a reverse tabnabbing vulnerability (CVE-2020-4440)

Summary IBM OpenPages with Watson has addressed a reverse tabnabbing vulnerability CVE-2020-4440 Vulnerability Details CVEID:CVE-2020-4440 DESCRIPTION: IBM OpenPages with Watson could allow an authenticated user to replace a target page with a phishing site which could allow the attacker to obtai...

BoxBilling 4.22.1.5 Remote Code Execution

BoxBilling versions 4.22.1.5 and below remote code execution exploit that spawns a php reverse shell...

CVE-2025-32431

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backe...

Exploit for Missing Authentication for Critical Function in Erlang Erlang\/Otp

CVE-2025-32433 Erlang/OTP SSH RCE EXP Description A serio...

SUSE CVE-2025-43859

h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires...

[SECURITY] Fedora 40 Update: golang-github-openprinting-ipp-usb-0.9.30-4.fc40

HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB protocol...

Malicious code in ark-vmp-reverse (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 28ac22df743a6a65eed4d1d25f66c0f3eb42c5235dc749a84162883d313bd415 During installation, a website with the current working dir is being called. It looks like something between spam and pentest as the website is most probably n...

MAL-2025-4206 Malicious code in ark-vmp-reverse (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 28ac22df743a6a65eed4d1d25f66c0f3eb42c5235dc749a84162883d313bd415 During installation, a website with the current working dir is being called. It looks like something between spam and pentest as the website is most probably n...

Exploit for SQL Injection in Code-Projects Patient_Record_Management_System

CVE-2025-32433 Erlang SSH Library Exploit A proof-of-concept...

UBUNTU-CVE-2025-43859

h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires...

CVE-2025-43859

h11 is a Python implementation of HTTP/1.1. Prior to version 0.16.0, a leniency in h11's parsing of line terminators in chunked-coding message bodies can lead to request smuggling vulnerabilities under certain conditions. This issue has been patched in version 0.16.0. Since exploitation requires...

OctoPrint Authenticated Reverse Proxy Page Authentication Bypass

Impact OctoPrint versions up until and including 1.10.3 contain a vulnerability that allows an attacker to bypass the login redirect and directly access the rendered HTML of certain frontend pages. The impact on data exposure is minimal because, typically, data is loaded via API requests that...

CVE-2025-32431

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backe...

CVE-2025-32431

CVE-2025-32431 : Traefik is vulnerable when using path-based matchers (PathPrefix, Path, PathRegex). If a request URL contains a trailing path traversal like /../ in the path, an attacker can bypass middleware routing and target a backend exposed via another router. This affects older releases pr...

CVE-2025-32431 Traefik has a possible vulnerability with the path matchers

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backe...

CVE-2025-32431 Traefik has a possible vulnerability with the path matchers

Traefik pronounced traffic is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backe...

Bytesrevealer - Online Reverse Enginerring Viewer

Bytes Revealer is a powerful reverse engineering and binary analysis tool designed for security researchers, forensic analysts, and developers. With features like hex view, visual representation, string extraction, entropy calculation, and file signature detection, it helps users uncover hidden...

Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

CVE-2023-27163 CVE-2023-27163 Request-baskets up to v1.2.1 was...

Chinese Hackers Target Linux Systems Using SNOWLIGHT Malware and VShell Tool

The China-linked threat actor known as UNC5174 has been attributed to a new campaign that leverages a variant of a known malware dubbed SNOWLIGHT and a new open-source tool called VShell to infect Linux systems. "Threat actors are increasingly using open source tools in their arsenals for...