CLEANSTART-2026-LU31244 Security fixes for CVE-2015-8080, CVE-2019-10192, CVE-2019-10193, CVE-2020-14147, CVE-2021-32625, CVE-2021-32626, CVE-2021-32627, CVE-2021-32628, CVE-2021-32672, CVE-2021-32675, CVE-2021-32687, CVE-2021-32762, CVE-2021-41099, CVE-2022-24736, CVE-2022-24834, CVE-2022-35977, CVE-2022-3647, CVE-2023-36824, CVE-2023-41053, CVE-2023-41056, CVE-2023-45145, CVE-2024-31227, CVE-2024-31228, CVE-2024-31449, CVE-2025-46817, CVE-2025-46818, CVE-2025-46819, CVE-2025-49844 applied in versions: 5.0.4-r0, 5.0.8-r0, 6.0.3-r0, 6.2.0-r0, 6.2.4-r0, 6.2.5-r0, 6.2.6-r0, 6.2.7-r0, 7.0.12-r0, 7.0.4-r0, 7.0.5-r0, 7.0.6-r0, 7.0.8-r0, 7.2.1-r0, 7.2.2-r0, 7.2.4-r0, 7.2.5-r1, 8.2.2-r0

Multiple security vulnerabilities affect the redis package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-CP95927 Security fixes for CVE-2025-61732, CVE-2025-68121, CVE-2026-24051, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, ghsa-9h8m-3fm2-qjrq, ghsa-p77j-4mvh-x3m3 applied in versions: 1.28.1-r0, 1.28.1-r1

Multiple security vulnerabilities affect the cass-operator package. These issues are resolved in later releases. See references for individual vulnerability details...

CLEANSTART-2026-CD92481 Within HostnameError

Multiple security vulnerabilities affect the kubernetes package. Within HostnameError. See references for individual vulnerability details...

EUVD-2025-14156

Malicious code in bioql PyPI...

GHSA-373J-MHPF-84WG Janssen Config API returns results without scope verification

Impact What kind of vulnerability is it? Who is impacted? The configAPI is an internal service and hence should never be exposed to the internet. With that said, this is a serious vulnerability that has a large internal surface attack area that exposes all sorts of information from the IDP...

WildFly Elytron OpenID Connect Client ExtensionOIDC authorization code injection attack

Impact A vulnerability was found in OIDC-Client. When using the elytron-oidc-client subsystem with WildFly, authorization code injection attacks can occur, allowing an attacker to inject a stolen authorization code into the attacker's own session with the client with a victim's identity. This is...

CVE-2025-20115

creationtimestamp| type| source ---|---|--- 2025-03-12 17:48:30+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114150716852953937 2025-03-12 19:03:04+00:00| seen| https://infosec.exchange/users/vuldb/statuses/114151010071305070 2025-03-12 20:23:16+00:00| seen|...

Multiple rtmpdump vulnerabilities

The version of rtmpdump contained in this package has multiple known vulnerabilities. Patches This package is abandoned and should not be used anymore. There is no patched release. Workarounds You should install rmtpdump from another source. References...

MantisBT Host Header Injection vulnerability

Impact Knowing a user's email address and username, an unauthenticated attacker can hijack the user's account by poisoning the link in the password reset notification message. Patches https://github.com/mantisbt/mantisbt/commit/7055731d09ff12b2781410a372f790172e279744 Workarounds Define $gpath as...

Hail relies on OIDC email claims to verify the validity of a user's domain.

Impact All Hail Batch clusters are affected. An attacker is able to: 1. Create one or more accounts with Hail Batch without corresponding real accounts in the organization. For example, a user could create a Microsoft or Google account and then change their email to "[email protected]"...

GSD-2022-1005965 clk: qcom: ipq8074: dont disable gcc_sleep_clk_src

clk: qcom: ipq8074: dont disable gccsleepclksrc This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.4.211 by commit...

编号已被CVE保留

No details are available at this time...

GSD-2022-1004368 x86/speculation: Disable RRSBA behavior

x86/speculation: Disable RRSBA behavior This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.15.57 by commit...

GSD-2022-1002461 drm/amdkfd: Check for potential null return of kmalloc_array()

drm/amdkfd: Check for potential null return of kmallocarray This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v4.9.311 by commit...

Exploit for Code Injection in Vmware Spring_Framework

Spring Framework RCE exploitation Quick pentest notes...

Cross-site Scripting (XSS) - Stored in sergix44/xbackbone

✍️ Description Stored xss through file upload via a .svg file 🕵️‍♂️ Proof of Concept Upload a .svg file with the following content: javascript alertdocument.cookie; give a name you want ending with .svg store-xss.svg for example and upload the file, after upload click on open click on raw see the...

Exploit for Use After Free in Adobe Flash_Player

Awesome CobaltStrike 0x00 前言 1. 一部分是近期做RedTeam项目的时候看到的一些关于CobaltStrike不错的文章 2. 目前网上的Aggressor Script种类繁多，大多数资源的聚合都是只给出对应的链接，而不说明是干什么的，以至于在查看时不知道如何选择，要一个一个打开看 3. 关于新特性BOF资源的整合 4. 解决要用的时候找不到合适aggressor script或者BOF的问题 5. 如果有本repo没有涉及的优质内容，欢迎大家提交pr 0x01 相关文章合集 基础知识参考： 1. CobaltStrikewiki 2...

Uber: Subdomain takeover on mta1a1.spmail.uber.com

A dangling AWS record on mta1a1.spmail.uber.com allowed a complete DNS zone takeover, giving an adversary access to mta1a1.spmail.uber.com-scoped cookies and CORS, which could facilitate phishing attacks. Thanks again, @0x3c3e! It's so called IP-use-after-free attack. I was able to obtain an IP...

FLIR Systems FLIR Thermal Camera F/FC/PT/D Multiple Information Disclosures

Summary FLIR's PT-Series of high-performance, multi-sensor pan/tilt cameras bring thermal and visible-light imaging together in a system that gives you video and control over both IP and analog networks. The PT-Series' precision pan/tilt mechanism gives you accurate pointing control while providi...

The Correlated Vulnerability And Threat Database: vFeed

vFeed Framework is a CVE, CWE and OVAL Compatible naming scheme concept that provides extra structured detailed third-party references and technical characteristics for a CVE entry through an extensible XML/JSON schema. It also improves the reliability of CVEs by providing a flexible and...