Windows Persistent Service Installer

This Module will generate and upload an executable to a remote host. It will create a new service which will start the payload whenever the service is running. Admin or system privilege is required. Module Options msf use exploit/windows/persistence/service msf exploitservice show targets...

CVE-2025-63603

A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...

CVE-2025-63603

A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...

CVE-2025-64046

OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting XSS in /system/update-run.php...

EUVD-2025-198042

A command injection vulnerability exists in the MCP Data Science Server's reading-plus-ai/mcp-server-data-exploration 0.1.6 in the safeeval function src/mcpserverds/server.py:108. The function uses Python's exec to execute user-supplied scripts but fails to restrict the builtins dictionary in the...

PT-2025-47331

Name of the Vulnerable Software and Affected Versions MCP Data Science Server version 0.1.6 Description A command injection issue exists in the safe eval function src/mcp server ds/server.py:108 of the software. The function utilizes Python’s exec to run scripts provided by users, but it does not...

CVE-2025-13305

A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched...

CVE-2025-13305 D-Link DWR-M920/DWR-M921/DWR-M960/DIR-822K/DIR-825M formTracerouteDiagnosticRun buffer overflow

A weakness has been identified in D-Link DWR-M920, DWR-M921, DWR-M960, DIR-822K and DIR-825M 1.01.07. This issue affects some unknown processing of the file /boafrm/formTracerouteDiagnosticRun. Executing manipulation of the argument host can lead to buffer overflow. The attack may be launched...

CVE-2025-13304 D-Link DWR-M920/DWR-M921/DWR-M960/DWR-M961/DIR-825M formPingDiagnosticRun buffer overflow

A security flaw has been discovered in D-Link DWR-M920, DWR-M921, DWR-M960, DWR-M961 and DIR-825M 1.01.07/1.1.47. This vulnerability affects unknown code of the file /boafrm/formPingDiagnosticRun. Performing manipulation of the argument host results in buffer overflow. The attack may be initiated...

EUVD-2025-197816

OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting XSS in /system/update-run.php...

CVE-2025-64046

OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting XSS in /system/update-run.php...

CVE-2025-64046

OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting XSS in /system/update-run.php...

PT-2025-47151

Name of the Vulnerable Software and Affected Versions OpenRapid RapidCMS version 1.3.1 Description OpenRapid RapidCMS version 1.3.1 is susceptible to Cross Site Scripting XSS attacks. The issue is located in the /system/update-run.php API endpoint. This allows for the injection of malicious...

CVE-2025-64046

OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting (XSS) in the /system/update-run.php endpoint. The Red Hat/EUVD/NVD and related feeds confirm the same description. The root cause is a reflected or stored XSS flaw in that API endpoint, enabling injection of malicious scripts. Impact ...

CVE-2025-64046

OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting XSS in /system/update-run.php...

CVE-2025-64046

OpenRapid RapidCMS 1.3.1 is vulnerable to Cross Site Scripting XSS in /system/update-run.php...

CVE-2025-40123

In the Linux kernel, the following vulnerability has been resolved: bpf: Enforce expectedattachtype for tailcall compatibility Yinhao et al. recently reported: Our fuzzer tool discovered an uninitialized pointer issue in the bpfprogtestrunxdp function within the Linux kernel's BPF subsystem. This...

CVE-2025-40116

In the Linux kernel, the following vulnerability has been resolved: usb: host: max3421-hcd: Fix error pointer dereference in probe cleanup The kthreadrun function returns error pointers so the max3421hcd-spithread pointer can be either error pointers or NULL. Check for both before dereferencing i...

EUVD-2025-176585

Malicious code in run-script-juno-supernova-commitlint npm...

EUVD-2025-178733

Malicious code in genomics-run-script-auth-neptune npm...