311 matches found
EUVD-2025-13409
Malicious code in bioql PyPI...
EUVD-2024-53129
Malicious code in bioql PyPI...
fimap
fimap is a Python tool designed to find, prepare, audit, exploit, and even automatically Google for local and remote file inclusion LFI/RFI bugs in web applications. It can identify and exploit file inclusion bugs, including include, includeonce, require, and requireonce functions. The tool has a...
GHSA-MJQP-26HC-GRXG Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check
Summary Picklescan's ability to scan ZIP archives for malicious pickle files is compromised when the archive contains a file with a bad Cyclic Redundancy Check CRC. Instead of attempting to scan the files within the archive, whatever the CRC is, Picklescan fails in error and returns no results...
Exploit for Path Traversal in Igniterealtime Openfire
!Burp Suitehttps://img.shields.io/badge/Burp%20Suite-Pro%20E...
PT-2025-35521
Name of the Vulnerable Software and Affected Versions MobSF version 4.4.0 Description The GET /download/ route uses string path verification via os.path.commonprefix, which allows an authenticated user to download files outside the intended download directory from neighboring directories with...
[SECURITY] Fedora 42 Update: pam-1.7.0-6.fc42
PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication...
Exploit for Race Condition in Microsoft
RCE-CVE-2025-32710 Windows Remote Desktop Services Vulnerabili...
Fortinet FortiPortal 日志信息泄露漏洞
Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. Fortinet FortiPortal suffers from a log information disclosure vulnerability that originat...
CVE-2025-46730 Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack
MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to internal security teams, audit teams, and external...
HTTPS Fetch
Fetch and execute an AARCH64 payload from an HTTPS server. Module Options msf use payload/cmd/linux/https/aarch64/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and...
CVE-2025-22153
RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using try/except, RestrictedPython starting...
Exploit for Double Free in Openbsd Openssh
OpenSSH Vulnerability Testing Tool for CVE-2023-25136 This re...
The vulnerability of the VCM software, a security tool from Fortinet for Linux systems, relates to insecure privilege management. This vulnerability allows an attacker to elevate their privileges to the root level.
The vulnerability of the VCM software, a security tool from Fortinet’s FortiClient for Linux, is related to insecure management of privileges. Exploiting this vulnerability allows an attacker, operating remotely, to elevate their privileges to the root level...
Ivanti Patch SDK Permission Issues Vulnerability
Ivanti Patch SDK is a security tool development kit provided by Ivanti to help organizations automate system vulnerability remediation and patch management. Ivanti Patch SDK suffers from a privilege issue vulnerability that stems from insufficient privileges. An attacker could exploit this...
Ivanti Patch SDK 安全漏洞
Ivanti Patch SDK is a security tool development kit provided by Ivanti to help organizations automate system vulnerability remediation and patch management. Ivanti Patch SDK suffers from a privilege issue vulnerability that stems from insufficient privileges. An attacker could exploit this...
The vulnerability of Ivanti Connect Secure and Ivanti Policy Secure, which are network access control tools, stems from the failure to take measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary code.
The vulnerability of the Ivanti Connect Secure and Ivanti Policy Secure network access control tools is related to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary co...
Exploit for CVE-2024-4956
!cvehttps://github.com/user-attachments/assets/c06cbfa1-8fb9-...
WordPress Ultimate Classified Listings plugin < 1.4 - Reflected XSS vulnerability
Reflected XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin Ultimate Classified Listings versions 1.4...
Exploit for CVE-2024-4956
Badges !MIT Licensehttps://img.shields.io/badge/Licens...