Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. There are security vulnerabilities in versions prior to Apple macOS Sequoia 15.7, Sonoma 14.8, and Tahoe 26. These vulnerabilities stem from logical issues and could allow malicious applicatio...

Apple macOS 安全漏洞

Apple macOS is a proprietary operating system developed by the American company Apple for Mac computers. Vulnerabilities existed in versions of Apple macOS Sequoia 15.7 and Tahoe 26, which stemmed from race conditions and could allow applications to obtain root access...

EUVD-2026-31899

FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...

CVE-2026-48693

FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...

CVE-2026-48693

FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...

TencentOS Server 3: PackageKit (TSSA-2026:0354)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2026:0354 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Important: dnsmasq

Issue Overview: A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet. CVE-2026-4892 An information disclosure vulnerability in dnsmasq allows remote attackers to...

CVE-2026-48693

FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...

cPanel - CRLF Injection

ExploitTitle: cPanel 11.40 - CRLF Injection Author: nu11secur1tyAI Date: 2026-04-30 Vendor: cPanel, L.L.C. Software: cPanel & WHM cpsrvd Reference: CVE-2026-41940 / watchTowr-2026-01 Description: A critical authentication bypass vulnerability exists in the cPanel/WHM cpsrvd daemon due to improper...

tplink-priv-zero

TP-Link TL-WR841N v14 — Authenticated OS Command Injection RC...

exploits

Exploits Exploits and proof-of-concept code from the team at...

Alibaba Cloud Linux 3 : 0127: PackageKit (ALINUX3-SA-2026:0127)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2026:0127 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2026-41651: PackageKit is a a D-Bus abstraction...

Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server

CVE-2025-47812 — Wing FTP Server Unauth RCE rewrite Python...

LiteSpeed cPanel Plugin CVE-2026-48172 Exploited to Run Scripts as Root

A maximum-severity security vulnerability impacting LiteSpeed User-End cPanel Plugin has come under active exploitation in the wild. The flaw, tracked as CVE-2026-48172 CVSS score: 10.0, relates to an instance of incorrect privilege assignment that an attacker could abuse to run arbitrary scripts...

Exploit for Out-of-bounds Write in Paloaltonetworks Pan-Os

CVE-2026-0300 — Palo Alto Networks PAN-OS BOF RCE root...

Metasploit Wrap Up 05/22/2026

Another week, another authentication bypass Our humble Metasploit weeklyish blog has been blessed with a new network component vulnerability. The dynamic duo of @sfewer-r7 and @jburgess-r7 have discovered and authored the admin/networking/ciscosdwanvhubauthbypass module for CVE-2026-20182, a...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

Copy Fail — Python PoC CVE-2026-31431 This is a compact Pyt...

Exploit for CVE-2025-0680

CVE-2025-0680 — Scanner + Exploit New Rock Technologies MX8...

SUSE CVE-2026-7837

A time-of-check time-of-use TOCTOU condition in the adflush function in Netatalk 3.0.0 through 4.4.2 involves root-privileged file operations, which may allow a remote attacker to cause limited data modification under specific race conditions...

Access of Resource Using Incompatible Type ('Type Confusion')

Overview Affected versions of this package are vulnerable to Access of Resource Using Incompatible Type 'Type Confusion' via improper handling of numeric User directives in container configuration. An attacker can gain elevated privileges by supplying a crafted image with an /etc/passwd file that...