Wappalyzer-Next - Python library that uses Wappalyzer extension (and its fingerprints) to detect technologies

This project is a command line tool and python library that uses Wappalyzer extension and its fingerprints to detect technologies. Other projects emerged after discontinuation of the official open source project are using outdated fingerpints and lack accuracy when used on dynamic web-apps, this...

kernel: bonding: stop the device in bond_setup_by_slave()

In the Linux kernel, the following vulnerability has been resolved: bonding: stop the device in bondsetupbyslave Commit 9eed321cde22 "net: lapbether: only support ethernet devices" has been able to keep syzbot away from net/lapb, until today. In the following splat 1, the issue is that a lapbethe...

PT-2025-16707 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel has been resolved, specifically an out-of-bounds array access in the cdns mrvl xspi setup clock function. This issue occurs when requested clk is...

PT-2025-16732

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A NULL pointer dereference issue has been resolved in the Linux kernel. The issue occurred due to incorrect error handling flow when pci setup device fails, leading to a kernel oops duri...

CVE-2025-22903

TOTOLINK N600R V4.3.0cu.7647B20210106 was discovered to contain a stack overflow via the pin parameter in the function setWiFiWpsConfig...

CVE-2024-13610

The Simple Social Media Share Buttons WordPress plugin before 6.0.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite...

CVE-2024-13207 Widget for Social Page Feeds < 6.4.2 - Admin+ Stored XSS

The Widget for Social Page Feeds WordPress plugin before 6.4.2 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setu...

📄 SilverStripe 5.3.8 Cross Site Scripting

SilverStripe version 5.34.8 suffers from a persistent cross site scripting vulnerability. Exploit Title: SilverStripe 5.3.8 - Stored Cross Site Scripting XSS Authenticated Date: 2025-01-15 Exploit Author: James Nicoll Vendor Homepage: https://www.silverstripe.org/ Software Link:...

Exploit for Path Traversal in Lfprojects Mlflow

MLflow CVE-2023-1177 - PoC & Reproduce Repo này chứa mã khai...

CVE-2024-13337

The Clearfy Cache – WordPress optimization plugin, Minify HTML, CSS & JS, Defer plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.3.2. This is due to missing or incorrect nonce validation on the 'setup-wbcrclearfy' page. This makes it possibl...

Exposure of Resource to Wrong Sphere

Overview jupyter-remote-desktop-proxy is a Run a desktop environments on Jupyter Affected versions of this package are vulnerable to Exposure of Resource to Wrong Sphere in the setupwebsockify function, due to the improper configuration of the TigerVNC server, when it as opposed to TurboVNC is th...

Exploit for CVE-2025-31486

CVE-2025-31486-PoC.py url !imagehttps://github.co...

The vulnerability of the formPPPoESetup function in the microprogramming software for routers EDIMAX RE11S allows a hacker to execute arbitrary code or cause a service failure.

The vulnerability of the formPPPoESetup function in the microprogramming software for EDIMAX RE11S routers stems from copying buffers without checking the size of the input data during the processing of the pppUserName parameter. Exploiting this vulnerability allows an attacker to execute arbitra...

CVE-2025-21430

Transient DOS while connecting STA to AP and initiating ADD TS request from AP to establish TSpec session...

The vulnerability of the SetupHandler component in the Live555 multimedia streaming library allows a perpetrator to gain access to confidential data, compromise its integrity, and cause service failures.

The vulnerability of the SetupHandler component in the Live555 multimedia streaming library’s library group relates to the use of memory after it is freed. Exploiting this vulnerability can allow an attacker operating remotely to gain access to confidential data, compromise its integrity, and cau...

Dell Common Event Enabler 安全漏洞

Dell Common Event Enabler is a framework from Dell USA. An unauthorized access vulnerability exists in Dell Common Event Enabler, which arises from the use of insecure default values when initializing resources, and can be exploited by an attacker to cause unauthorized access...

PT-2025-18459

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A dangling pointer issue in the krb authenticate function has been identified. The krb authenticate function frees sess-user but does not set the pointer to NULL. It then calls ksmbd krb...

Exploit for Code Injection in Craftcms Craft_Cms

craft-cms-RCE-CVE-2024-56145 A POC lab environment for CVE-202...

BIT-DOLIBARR-2020-13240

The DMS/ECM module in Dolibarr 11.0.4 allows users with the 'Setup documents directories' permission to rename uploaded files to have insecure file extensions. This bypasses the .noexe protection mechanism against XSS...

UBUNTU-CVE-2025-21980

In the Linux kernel, the following vulnerability has been resolved: sched: address a potential NULL pointer dereference in the GRED scheduler. If kzalloc in gredinit returns a NULL pointer, the code follows the error handling path, invoking greddestroy. This, in turn, calls gredoffload, where...