EUVD-2026-28542

A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and achieve arbitrary code execution as root on the server side. Depending on implementation the vulnerability can be exploited by an unauthenticated attacker...

CVE-2026-6213 Remote Spark SparkView RCE

A vulnerability in Remote Spark SparkView before build 1122 allows an attacker to bypasses the local connection check and achieve arbitrary code execution as root on the server side. Depending on implementation the vulnerability can be exploited by an unauthenticated attacker...

CVE-2026-43284

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

CVE-2025-67888

An issue was discovered in Control Web Panel CWP before 0.9.8.1209. User input passed via the "key" GET parameter to /admin/index.php when the "api" parameter is set is not properly sanitized before being used to execute OS commands. This can be exploited by unauthenticated attackers to inject an...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CopyFail – CVE-2026-31431 Examples of PoCs and payloads for...

EUVD-2024-28103

/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to execute arbitrary commands as root via a POST request that carries a serverName parameter...

Linux Kernel Dirty Frag LPE Exploit Enables Root Access Across Major Distributions

Details have emerged about a new, unpatched local privilege escalation LPE vulnerability impacting the Linux kernel. Dubbed Dirty Frag , it has been described as a successor to Copy Fail CVE-2026-31431, CVSS score: 7.8, a recently disclosed LPE flaw impacting the Linux kernel that has since come...

CVE-2025-67888

An issue was discovered in Control Web Panel CWP before 0.9.8.1209. User input passed via the "key" GET parameter to /admin/index.php when the "api" parameter is set is not properly sanitized before being used to execute OS commands. This can be exploited by unauthenticated attackers to inject an...

CVE-2022-45899

Nokia Broadcast Message Center BMC before 13.1 allows an unauthenticated remote attacker to do OS command injection as root via shell metacharacters in the Log Scanner Search Pattern field...

PT-2026-38667

Name of the Vulnerable Software and Affected Versions Atlona AT-OME-MS42 Matrix Switcher version 1.1.2 Description Remote authenticated users can execute arbitrary commands with root privileges. This is possible via a POST request to the '/cgi-bin/time.cgi' endpoint using the serverName parameter...

KLA91020 Memory handling vulnerability in Linux Kernel

Memory handling vulnerability was found in Linux Kernel. Malicious users can exploit this vulnerability to obtain sensitive information, cause denial of service, gain root privileges. Original advisories CVE-2026-43284 Exploitation Public exploits exist for this vulnerability. Malware exists for...

CVE-2024-30167

/cgi-bin/time.cgi in Atlona AT-OME-MS42 Matrix Switcher 1.1.2 allow remote authenticated users to execute arbitrary commands as root via a POST request that carries a serverName parameter...

📄 telnetd 2.7 Buffer Overflow

telnetd version 2.7 addslc remote buffer overflow exploit that achieves root. Exploit Title: telnetd 2.7 - Buffer Overflow Google Dork: N/A Date: 2026-04-03 Exploit Author: Jeff Barron jeffaf Vendor Homepage: https://www.gnu.org/software/inetutils/ Software Link: https://ftp.gnu.org/gnu/inetutils...

📄 Exim 4.91 Remote Command Execution

Exim versions 4.87 through 4.91 improper recipient-address validation remote command execution exploit. Spawns a netcat shell on port 31415 as root, then connects to it Vulnerablity is within Exim 4.87-4.91 import subprocess import socket import os import time from subprocess import Popen, PIPE...

📄 NocoBase 2.0.27 VM Sandbox Escape

NocoBase versions 2.0.27 and below VM sandbox escape exploit. Exploit Title: NocoBase 2.0.27 - VM Sandbox Escape Date: 2026-03-26 Exploit Author: Onurcan Genç Vendor Homepage: https://www.nocobase.com/ Software Link: https://github.com/nocobase/nocobase Version: = 2.0.27 — patched in 2.0.28 Teste...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CopyFail2 CVE-2026-31431 - Python Implementation Python por...

dirtyfrag

Dirty Frag: Universal Linux LPE Abstract !tuxasse...

EUVD-2026-28366

The Optoma CinemaX P2 projector firmware TVOS-04.24.010.04.01, Android 8.0.0 exposes Android Debug Bridge ADB on TCP port 5555 over the network without requiring authentication. The device is configured with ro.adb.secure=0, which disables RSA key verification. Additionally, a functional su binar...

CVE-2026-30495

The Optoma CinemaX P2 projector firmware TVOS-04.24.010.04.01, Android 8.0.0 exposes Android Debug Bridge ADB on TCP port 5555 over the network without requiring authentication. The device is configured with ro.adb.secure=0, which disables RSA key verification. Additionally, a functional su binar...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 CVE-2026-31431检测和测试 0x01 Quick Start Some ta...