836078 matches found
goby-poc-collection
Goby POC Collection Convert Goby vulnerability scan tools’...
--POC
Goby POC Collection Convert Goby vulnerability scan tools’...
[SECURITY] Fedora 44 Update: log4cxx-1.7.0-2.fc44
Log4cxx is a popular logging package written in C++. One of its distinctive features is the notion of inheritance in loggers. Using a logger hierarchy it is possible to control which log statements are output at arbitrary granularity. This helps reduce the volume of logged output and minimize the...
[SECURITY] Fedora 43 Update: upower-1.91.3-2.fc43
UPower formerly DeviceKit-power provides a daemon, API and command line tools for managing power devices attached to the system...
wordpress-ocr-internal-pentest
─── Internal Web Application & OCR Service ─── 🛡️ A...
Exploit for CVE-2026-13768
CVE-2026-13768 - Gardyn IoT Hub Owner Key Exposure !WARNIN...
Exploit for OS Command Injection in Webmin
요약 Webmin은 Unix 시스템에서 사용되는 웹 기반 시스템 관리 도구이다. 해당 관리 도구의 기능 중...
Exploit for Command Injection in Microsoft
DevTools Helper — Malicious Extension PoC CVE-2025-55319 Pr...
Compromised jscrambler 8.14.0 npm Release Drops Rust Infostealer During Install
The jscrambler npm package was compromised, and simply installing its 8.14.0 release runs an infostealer on your machine. Published on July 11, 2026, the malicious version carries a preinstall hook that drops and executes a native binary, one build each for Windows, macOS, and Linux. Socket flagg...
Hackers Weaponize Balochistan Police Portal in Multi-Group Espionage Campaigns
Cybersecurity researchers have disclosed details of sustained cyber espionage activity against several Pakistani law enforcement organizations undertaken by suspected China- and India-aligned threat actors between February 2024 and April 2026. "At Balochistan Police, the compromised assets includ...
Exploit for Deserialization of Untrusted Data in Apache Camel
Permissive Default ObjectInputFilter — DNS Side-Channel Reprod...
pantest-containers
Pentest Containers Uruchamianie Ten projekt buduje narzęd...
CVE-2026-61448
Parse Server is affected by a stored cross-site scripting XSS vulnerability in versions = 9.0.0, 9.10.0-alpha.2 and = 8.6.83. When an uploaded file's extension is not recognized by the mime package, Parse Server preserves the client-supplied Content-Type. A malformed Content-Type that is not a...
Exploit for CVE-2026-14894
CVE-2026-14894 — Super Forms ≤ 6.3.313...
Exploit for CVE-2026-0740
CVE-2026-0740 — Mass-Target Exploit Engine Author: 0xNuts...
EUVD-2026-43183
Parse Server is affected by a stored cross-site scripting XSS vulnerability in versions = 9.0.0, 9.10.0-alpha.2 and = 8.6.83. When an uploaded file's extension is not recognized by the mime package, Parse Server preserves the client-supplied Content-Type. A malformed Content-Type that is not a...
CVE-2026-61448
Parse Server is affected by a stored XSS in versions 9.0.0–9.9.9 (excluding 9.10.0-alpha.2) and 8.6.0x up to 8.6.83. When a file with an unrecognized extension is uploaded, the client-supplied Content-Type is kept. A malformed Content-Type (not valid type/subtype) can bypass fileUpload.fileExtens...
CVE-2026-61448 Parse Server 9.0.0 Stored XSS via malformed Content-Type
Parse Server is affected by a stored cross-site scripting XSS vulnerability in versions = 9.0.0, 9.10.0-alpha.2 and = 8.6.83. When an uploaded file's extension is not recognized by the mime package, Parse Server preserves the client-supplied Content-Type. A malformed Content-Type that is not a...
Exploit for Code Injection in Ejs
CVE-2022-29078 | EJS SSTI → RCE 화이트햇 스쿨 4기 32반 - 우상범 @t...
tetragon-lab
How it works This poc use copyfail exploit to overwrite page-...