Lucene search
K

311 matches found

EUVD
EUVD
added 2025/10/03 8:7 p.m.11 views

EUVD-2025-13409

Malicious code in bioql PyPI...

6.8CVSS6.3AI score0.00411EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.6 views

EUVD-2024-53129

Malicious code in bioql PyPI...

7.8CVSS6.4AI score0.00334EPSS
Exploits0References2
Gitee
Gitee
added 2025/09/14 5:14 p.m.136 views

fimap

fimap is a Python tool designed to find, prepare, audit, exploit, and even automatically Google for local and remote file inclusion LFI/RFI bugs in web applications. It can identify and exploit file inclusion bugs, including include, includeonce, require, and requireonce functions. The tool has a...

7.1AI score
Exploits0
OSV
OSV
added 2025/09/10 7:50 p.m.10 views

GHSA-MJQP-26HC-GRXG Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check

Summary Picklescan's ability to scan ZIP archives for malicious pickle files is compromised when the archive contains a file with a bad Cyclic Redundancy Check CRC. Instead of attempting to scan the files within the archive, whatever the CRC is, Picklescan fails in error and returns no results...

9.3CVSS7.1AI score0.01428EPSS
Exploits1References8
GithubExploit
GithubExploit
added 2025/09/04 12:53 p.m.128 views

Exploit for Path Traversal in Igniterealtime Openfire

!Burp Suitehttps://img.shields.io/badge/Burp%20Suite-Pro%20E...

8.6CVSS7.2AI score0.99999EPSS
Exploits15
Positive Technologies
Positive Technologies
added 2025/09/02 12:0 a.m.12 views

PT-2025-35521

Name of the Vulnerable Software and Affected Versions MobSF version 4.4.0 Description The GET /download/ route uses string path verification via os.path.commonprefix, which allows an authenticated user to download files outside the intended download directory from neighboring directories with...

5.3CVSS6.1AI score0.0073EPSS
Exploits1References15
Fedora
Fedora
added 2025/06/21 1:28 a.m.10 views

[SECURITY] Fedora 42 Update: pam-1.7.0-6.fc42

PAM Pluggable Authentication Modules is a system security tool that allows system administrators to set authentication policy without having to recompile programs that handle authentication...

7.8CVSS7.5AI score0.00399EPSS
Exploits0
GithubExploit
GithubExploit
added 2025/06/18 6:31 a.m.517 views

Exploit for Race Condition in Microsoft

RCE-CVE-2025-32710 Windows Remote Desktop Services Vulnerabili...

8.1CVSS6.8AI score0.0095EPSS
Exploits1
CNNVD
CNNVD
added 2025/05/28 12:0 a.m.4 views

Fortinet FortiPortal 日志信息泄露漏洞

Fortinet FortiPortal is an advanced, feature-rich hosted security analysis and management support tool for Fortinet's FortiGate, FortiWiFi and FortiAP product lines, available as a virtual machine for MSPs. Fortinet FortiPortal suffers from a log information disclosure vulnerability that originat...

2.7CVSS6.1AI score0.00209EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/05/05 7:32 p.m.10 views

CVE-2025-46730 Mobile Security Framework (MobSF) Allows Web Server Resource Exhaustion via ZIP of Death Attack

MobSF is a mobile application security testing tool used. Typically, MobSF is deployed on centralized internal or cloud-based servers that also host other security tools and web applications. Access to the MobSF web interface is often granted to internal security teams, audit teams, and external...

6.8CVSS6.7AI score0.00411EPSS
Exploits1References2
Metasploit
Metasploit
added 2025/02/20 6:55 p.m.288 views

HTTPS Fetch

Fetch and execute an AARCH64 payload from an HTTPS server. Module Options msf use payload/cmd/linux/https/aarch64/meterpreterreversetcp msf payloadmeterpreterreversetcp show actions ...actions... msf payloadmeterpreterreversetcp set ACTION msf payloadmeterpreterreversetcp show options ...show and...

7.2AI score
Exploits0
Debian CVE
Debian CVE
added 2025/01/23 5:34 p.m.16 views

CVE-2025-22153

RestrictedPython is a tool that helps to define a subset of the Python language which allows to provide a program input into a trusted environment. Via a type confusion bug in versions of the CPython interpreter starting in 3.11 and prior to 3.13.2 when using try/except, RestrictedPython starting...

7.9CVSS5.3AI score0.00388EPSS
Exploits0
GithubExploit
GithubExploit
added 2025/01/16 6:7 a.m.322 views

Exploit for Double Free in Openbsd Openssh

OpenSSH Vulnerability Testing Tool for CVE-2023-25136 This re...

6.5CVSS6.9AI score0.89955EPSS
Exploits10
BDU FSTEC
BDU FSTEC
added 2025/01/13 12:0 a.m.6 views

The vulnerability of the VCM software, a security tool from Fortinet for Linux systems, relates to insecure privilege management. This vulnerability allows an attacker to elevate their privileges to the root level.

The vulnerability of the VCM software, a security tool from Fortinet’s FortiClient for Linux, is related to insecure management of privileges. Exploiting this vulnerability allows an attacker, operating remotely, to elevate their privileges to the root level...

8.8CVSS5.4AI score0.00227EPSS
Exploits0References4Affected Software1
CNVD
CNVD
added 2024/12/23 12:0 a.m.3 views

Ivanti Patch SDK Permission Issues Vulnerability

Ivanti Patch SDK is a security tool development kit provided by Ivanti to help organizations automate system vulnerability remediation and patch management. Ivanti Patch SDK suffers from a privilege issue vulnerability that stems from insufficient privileges. An attacker could exploit this...

7.1CVSS7.2AI score0.00209EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/12/10 12:0 a.m.5 views

Ivanti Patch SDK 安全漏洞

Ivanti Patch SDK is a security tool development kit provided by Ivanti to help organizations automate system vulnerability remediation and patch management. Ivanti Patch SDK suffers from a privilege issue vulnerability that stems from insufficient privileges. An attacker could exploit this...

7.1CVSS7AI score0.00209EPSS
Exploits0References2
BDU FSTEC
BDU FSTEC
added 2024/11/26 12:0 a.m.10 views

The vulnerability of Ivanti Connect Secure and Ivanti Policy Secure, which are network access control tools, stems from the failure to take measures to neutralize special elements used in the operating system’s command set. This allows attackers to execute arbitrary code.

The vulnerability of the Ivanti Connect Secure and Ivanti Policy Secure network access control tools is related to the failure to take measures to neutralize special elements used in the operating system’s command set. Exploiting this vulnerability allows a malicious actor to execute arbitrary co...

9.1CVSS8.1AI score0.01652EPSS
Exploits0References3Affected Software2
GithubExploit
GithubExploit
added 2024/09/26 3:5 p.m.134 views

Exploit for CVE-2024-4956

!cvehttps://github.com/user-attachments/assets/c06cbfa1-8fb9-...

7.5CVSS8.8AI score0.18245EPSS
Exploits16
Patchstack
Patchstack
added 2024/08/01 6:34 a.m.10 views

WordPress Ultimate Classified Listings plugin < 1.4 - Reflected XSS vulnerability

Reflected XSS vulnerability discovered by Erwan LR WPScan in WordPress Plugin Ultimate Classified Listings versions 1.4...

7.1CVSS6.4AI score0.00958EPSS
Exploits2References1Affected Software1
GithubExploit
GithubExploit
added 2024/06/03 2:49 a.m.405 views

Exploit for CVE-2024-4956

Badges !MIT Licensehttps://img.shields.io/badge/Licens...

7.5CVSS8.2AI score0.18245EPSS
Exploits16
Rows per page
Query Builder