OPENSUSE-SU-2026:20390-1 Security update for protobuf

This update for protobuf fixes the following issues: Security fixes: - CVE-2025-4565: Fixed parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages that could lead to crash due to RecursionError bsc1244663. - CVE-2026-0994: Fixed google.protobuf.A...

SUSE-SU-2026:20753-1 Security update for protobuf

This update for protobuf fixes the following issues: Security fixes: - CVE-2025-4565: Fixed parsing of untrusted Protocol Buffers data containing an arbitrary number of recursive groups or messages that could lead to crash due to RecursionError bsc1244663. - CVE-2026-0994: Fixed google.protobuf.A...

CVE-Exploit-Research-Development

Objective To research, replicate, and develop a working expl...

PT-2026-26167

Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch server-side, and returns the...

AI Flaws in Amazon Bedrock, LangSmith, and SGLang Enable Data Exfiltration and RCE

Cybersecurity researchers have disclosed details of a new method for exfiltrating sensitive data from artificial intelligence AI code execution environments using domain name system DNS queries. In a report published Monday, BeyondTrust revealed that Amazon Bedrock AgentCore Code Interpreter's...

Exploit for Race Condition in Canonical Ubuntu_Linux

500+ Pentest One-Liners & Commands for Every Hacking Scenario...

omrs-rce

OMRS — Online Marriage Registration System 1.0 — RCE & Auto Re...

[SECURITY] Fedora 42 Update: golang-github-openprinting-ipp-usb-0.9.31-1.fc42

HTTP reverse proxy, backed by IPP-over-USB connection to device. It enables driverless support for USB devices capable of using IPP-over-USB protocol...

CVE-2026-22199

Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication path traversal vulnerability in the upload.cgi endpoint that allows unauthenticated attackers to read arbitrary files on the device filesystem by supplying directory traversal sequences in the params parameter. Attackers can...

Exploit for Use After Free in Redis

CVE-2025-49844 Original uv POC: https:...

vsFTPd-2.3.4-exploit-netcat-revshell-PoC

vsFTPd...

CVE-2026-22199 Voltronic Power SNMP Web Pro 1.1 Path Traversal via upload.cgi

Voltronic Power SNMP Web Pro version 1.1 contains a pre-authentication path traversal vulnerability in the upload.cgi endpoint that allows unauthenticated attackers to read arbitrary files on the device filesystem by supplying directory traversal sequences in the params parameter. Attackers can...

PT-2026-25140

Name of the Vulnerable Software and Affected Versions wpDiscuz versions prior to 7.6.47 Description The software contains a flaw that allows manipulation of comment votes. Attackers can obtain fresh nonces and bypass rate limiting by using client-controlled headers. Specifically, attackers can...

Quantum CDMA-Based Continuous Variable Quantum Key Distribution Using Chaotic Phase Shifters

We present a quantum code-division multiple-access q-CDMA framework for multiuser continuous-variable quantum key distribution CV-QKD over a shared quantum channel. The proposed architecture employs chaotic phase shifters to encode and decode quantum states, enabling efficient multiplexing and...

binary-exploitation

binary-exploitation A collection of binary exploitation...

Exploit for CVE-2026-31816

CVE-2026-31816 Reverse Shell Exploit Overview This tool e...

Apache ZooKeeper 3.8.x < 3.8.6 / 3.9.x < 3.9.5 Multiple Vulnerabilities

The version of Apache ZooKeeper listening on the remote host is 3.8.x prior to 3.8.6 or 3.9.x prior to 3.9.5. It is, therefore, affected by multiple vulnerabilities: - Improper handling of configuration values in ZKConfig allows an attacker to expose sensitive information stored in client...

Anytype Heart's gRPC API client challenge verification can be bypassed on localhost

Impact The challenge-based authentication for the local gRPC client API can be bypassed, allowing an attacker to gain access without the 4-digit code. Affected components: - Anytype Desktop all platforms ≤ v0.48.2 - Anytype-CLI headless deployments ≤ v0.1.9 Not affected: - Anytype mobile apps iOS...

CVE-2026-26130

A flaw was found in ASP.NET Core. This vulnerability allows an unauthorized attacker to perform a Denial of Service DoS attack over a network by allocating resources without limits or throttling. This can lead to the unavailability of the service for legitimate users. Mitigation To mitigate this...

Malicious code in anontest123 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 f4d47757d3ee2d0dde7ed82934a06bf64343c344a7b090cf77f05dcd73f813a5 Installing the package starts a reverse shell --- Category: MALICIOUS - The campaign has clearly malicious intent, like infostealers. Campaign:...