From-Shell-to-Root

🔥 Red Team Notes Pentesting This repository contains real-w...

CVE-2026-0626 WPFunnels <= 3.7.9 - Authenticated (Contributor+) Stored Cross-Site Scripting via 'wpf_optin_form' Shortcode

The WPFunnels – Easy Funnel Builder To Optimize Buyer Journeys And Get More Leads & Sales plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'wpfoptinform' shortcode in all versions up to, and including, 3.7.9 due to insufficient input sanitization and output escaping of th...

CVE-2026-2244

A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...

PT-2026-22149

A vulnerability in Google Cloud Vertex AI Workbench from 7/21/2025 to 01/30/2026 allows an attacker to exfiltrate valid Google Cloud access tokens of other users via abuse of a built-in startup script. All instances after January 30th, 2026 have been patched to protect from this vulnerability. No...

Malicious code in p7zip-full (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 af6725a21a64c36ce8e101fd062bb45cb87fdb8cb62df47538390c6c1fc4323c Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2022-50695 SOUND4 IMPACT/FIRST/PULSE/Eco <=2.x ICMP Flood Attack via Network Commands

SOUND4 IMPACT/FIRST/PULSE/Eco versions 2.x contains a network vulnerability that allows unauthenticated attackers to send ICMP signals to arbitrary hosts through network command scripts. Attackers can abuse ping.php, traceroute.php, and dns.php to generate network flooding attacks targeting...

AlmaLinux 9 : redis (ALSA-2025:20926)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:20926 advisory. redis: Lua library commands may lead to integer overflow and potential RCE CVE-2025-46817 Redis: Redis: Authenticated users can execute LUA scripts as a...

MAL-2025-166919 Malicious code in teagood-lokika53 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector ee744d652b7fe41e731d9643cde2eb30656c28ea058f746d4f26e2cab784dec6 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

CVE-2025-1037

CVE-2025-1037 affects Hitachi TropOS 4th Gen. The Red Hat, NVD, ENISA/EUVD, CIRCL sighting entries describe a vulnerability in the device’s web-based configuration utility (notably the Logging page) where an authenticated, low-privileged user who can run user-level shell commands can abuse script...

CVE-2025-46818 Redis: Authenticated users can execute LUA scripts as a different user

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions o...

MAL-2024-12359 Malicious code in test-packages1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5c5608702af52a2ca19f0b384036f76248848f4b4ddbe582631d85b3f5e77dca Generic campaign for all likely research / pentests, where the amount or art of collected data raises questions about the privacy, security and ethical side. -...

Malicious code in get-time-zzs (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 32b5c264a16b0327f601265edb8f3d69b915695ab82d184c724d5e79d32d3f11 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

ResidenceCMS 跨站脚本漏洞

ResidenceCMS is a fast, lightweight property management system. A cross-site scripting vulnerability exists in ResidenceCMS version 2.10.1, which stems from the application's lack of effective filtering and escaping of user-supplied data, and can be exploited by an attacker to create malicious...

CVE-2024-36218

Adobe Experience Manager versions 6.5.20 and earlier are affected by a stored Cross-Site Scripting XSS vulnerability that could be abused by an attacker to inject malicious scripts into vulnerable form fields. Malicious JavaScript may be executed in a victim’s browser when they browse to the page...

UBUNTU-CVE-2024-23831

LedgerSMB is a free web-based double-entry accounting system. When a LedgerSMB database administrator has an active session in /setup.pl, an attacker can trick the admin into clicking on a link which automatically submits a request to setup.pl without the admin's consent. This request can be used...

DEBIAN-CVE-2019-16775

Versions of the npm CLI prior to 6.13.3 are vulnerable to an Arbitrary File Write. It is possible for packages to create symlinks to files outside of thenodemodules folder through the bin field upon installation. A properly constructed entry in the package.json bin field would allow a package...

Solarwinds LEM Privilege Escalation via Sudo Script Abuse

Vulnerability Details Affected Vendor: Solarwinds Affected Product: Log and Event Manager Virtual Appliance Affected Version: v6.3.1 Platform: Embedded Linux CWE Classification: CWE-269: Improper Privilege Management Impact: Privileged Access Attack vector: SSH 2. Vulnerability Description An...

Solarwinds LEM 6.3.1 Sudo Script Abuse Privilege Escalation

KL-001-2017-006 : Solarwinds LEM Privilege Escalation via Sudo Script Abuse Title: Solarwinds LEM Privilege Escalation via Sudo Script Abuse Advisory ID: KL-001-2017-006 Publication Date: 2017.04.24 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2017-006.txt 1. Vulnerabili...