Exploit for CVE-2025-1094

Analysis of CVE-2025-1094 and Emulation Setup This detailed e...

CVE-2025-27254

CWE-282 "Improper Ownership Management" in GE Vernova EnerVista UR Setup allows Authentication Bypass. The software's startup authentication can be disabled by altering a Windows registry setting that any user can modify...

CVE-2025-25680

LSC Smart Connect LSC Indoor PTZ Camera 7.6.32 is contains a RCE vulnerability in the tuyaipcdirectconnect function of the anykaipc process. The vulnerability allows arbitrary code execution through the Wi-Fi configuration process when a specially crafted QR code is presented to the camera...

CVE-2025-0629

CVE-2025-0629 affects the Coronavirus (COVID-19) Notice Message WordPress plugin (

SAP NetWeaver Enterprise Portal OBN 访问控制错误漏洞

SAP NetWeaver Enterprise Portal OBN is a NetWeaver's enterprise portal related product from SAP, Germany. It is used for organizations to build and manage portals to integrate information and business processes. An Access Control Error vulnerability exists in SAP NetWeaver Enterprise Portal OBN,...

CVE-2025-27257

Insufficient Verification of Data Authenticity vulnerability in GE Vernova UR IED family devices allows an authenticated user to install a modified firmware. The firmware signature verification is enforced only on the client-side dedicated software Enervista UR Setup, allowing the integration che...

CVE-2025-27256

Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack on the network...

CVE-2025-27256

Missing Authentication for Critical Function vulnerability in GE Vernova Enervista UR Setup application allows Authentication Bypass due to a missing SSH server authentication. Since the client connection is not authenticated, an attacker may perform a man-in-the-middle attack on the network...

CVE-2025-27255

Use of Hard-coded Credentials vulnerability in GE Vernova EnerVista UR Setup allows Privilege Escalation. The local user database is encrypted using an hardcoded password retrievable by an attacker analyzing the application code...

CVE-2025-27255

This CVE concerns GE Vernova EnerVista UR Setup. The vulnerability arises from hard-coded credentials used to encrypt the local user database, with the credential password retrievable by analyzing the application code. A local attacker could leverage this to escalate privileges on the affected sy...

Apache NiFi 0.0.2 Remote Code Execution

Apache NiFi version 0.0.2 proof of concept remote code execution exploit that takes advantage of a flaw from 2023. ============================================================================================================================================= | Title : Apache NiFi 0.0.2 RCE...

CVE-2025-1363

CVE-2025-1363 affects the WordPress plugin “URL Shortener | Conversion Tracking | AB Testing | WooCommerce” (versions up to 9.0.2). The vulnerability is a Stored Cross-Site Scripting (XSS) that occurs due to insufficient sanitisation/escaping of certain plugin settings, enabling a high-privilege ...

CVE-2024-9458

The Reservit Hotel WordPress plugin before 3.0 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example in multisite setup...

Linux Distros Unpatched Vulnerability : CVE-2024-27408

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - dmaengine: dw-edma: eDMA: Add sync read before starting the DMA transfer in remote setup The Linked list element and pointer are not stored in the same memory a...

Linux Distros Unpatched Vulnerability : CVE-2024-46795

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: unset the binding mark of a reused connection Steve French reported null pointer...

Linux Distros Unpatched Vulnerability : CVE-2023-5380

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A use-after-free flaw was found in the xorg-x11-server. An X server crash may occur in a very specific and legacy configuration a multi-screen setup with multip...

The vulnerability of the openvpn_server_setup() function in the openvpn.cgi scenario of the Wavlink AC3000 (WL-WN533A8) router microprogramming software allows a hacker to circumvent existing security restrictions.

The vulnerability of the openvpnserversetup function in the openvpn.cgi script of the Wavlink AC3000 WL-WN533A8 router software is related to errors in system configuration or settings. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions by sending...

The vulnerability of the openvpn_server_setup() function in the openvpn.cgi scenario of the Wavlink AC3000 (WL-WN533A8) router microprogramming software allows a hacker to circumvent existing security restrictions.

The vulnerability of the openvpnserversetup function in the openvpn.cgi script of the Wavlink AC3000 WL-WN533A8 router software is related to errors in system configuration or settings. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions by sending...

The vulnerability of the openvpn_server_setup() function in the openvpn.cgi scenario of the Wavlink AC3000 (WL-WN533A8) router microprogramming software allows a hacker to circumvent existing security restrictions.

The vulnerability of the openvpnserversetup function in the openvpn.cgi script of the Wavlink AC3000 WL-WN533A8 router software is related to errors in system configuration or settings. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions by sending...

Linux Distros Unpatched Vulnerability : CVE-2021-47217

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: x86/hyperv: Fix NULL deref in sethvtscchangecb if Hyper-V setup fails Check for a valid...