PHPGurukul Human Metapneumovirus Testing Management System 注入漏洞

Human Metapneumovirus Testing Management System is a human subpneumovirus testing management system. Human Metapneumovirus Testing Management System suffers from a SQL injection vulnerability that originates from the lack of validation of the fromdate/todate parameter in the file...

Hello, Won'T You Tell Me Your Name?: Investigating Anonymity Abuse in IPFS

The InterPlanetary File SystemIPFS offers a decentralized approach to file storage and sharing, promising resilience and efficiency while also realizing the Web3 paradigm. Simultaneously, the offered anonymity raises significant questions about potential misuse. In this study, we explore methods...

Grafana 11.5.x < 11.5.4 Cross-site Scripting

According to its self-reported version, the Grafana install hosted on the remote host is earlier than 10.4.18, or 11.2.x earlier than 11.2.9, or 11.3.x earlier than 11.3.6, or 11.4.x earlier than 11.4.4, or 11.5.x earlier than 11.5.4, or 11.6.x earlier than 11.6.1. It is, therefore, affected by a...

Grafana 10.0.x < 10.0.11 Incorrect Authorization

According to its self-reported version, the Grafana install hosted on the remote host is 9.5.x earlier than 9.5.16, or 10.0.x earlier than 10.0.11, or 10.1.x earlier than 10.1.7, or 10.2.x earlier than 10.2.4, or 10.3.x earlier than 10.3.3. It is, therefore, affected by a incorrect authorization...

Grafana 11.2.x < 11.2.9 Cross-site Scripting

According to its self-reported version, the Grafana install hosted on the remote host is earlier than 10.4.18, or 11.2.x earlier than 11.2.9, or 11.3.x earlier than 11.3.6, or 11.4.x earlier than 11.4.4, or 11.5.x earlier than 11.5.4, or 11.6.x earlier than 11.6.1. It is, therefore, affected by a...

UBUNTU-CVE-2025-29785

quic-go is an implementation of the QUIC protocol in Go. The loss recovery logic for path probe packets that was added in the v0.50.0 release can be used to trigger a nil-pointer dereference by a malicious QUIC client. In order to do so, the attacker first sends valid QUIC packets from different...

Exploit for Code Injection in Grafana

🚨 CVE-2024-9264 - Grafana SQL injection leading to Remote Code...

Randextract: a Reference Library to Test and Validate Privacy Amplification Implementations

Quantum cryptographic protocols do not rely only on quantum-physical resources, they also require reliable classical communication and computation. In particular, the secrecy of any quantum key distribution protocol critically depends on the correct execution of the privacy amplification step. Th...

ConnectWise ScreenConnect < 25.2.4 RCE

According to its version, the ConnectWise ScreenConnect remote access software installed on the remote host is prior to 25.2.4. It is, therefore affected by a remote code execution vulnerability: - ScreenConnect versions 25.2.3 and earlier versions may be susceptible to a ViewState code injection...

Evaluating the Security Efficacy of Web Application Firewalls (WAFs)

Web Application Firewalls WAFs are now a staple in defending web-facing applications and APIs, acting as specialized filters to block malicious traffic before it ever reaches your systems. But simply deploying a WAF isn’t enough, the real challenge is knowing whether it works when it matters most...

CVE-2025-48045, CVE-2025-48046, CVE-2025-48047: MICI NetFax Server Product Vulnerabilities (NOT FIXED)

In the course of a penetration testing engagement, Rapid7 discovered three vulnerabilities in MICI Network Co., Ltd’s NetFax server versions 3.0.1.0. These issues allowed for an authenticated attack chain resulting in Remote Code Execution RCE against the device as the root user. While...

An Advanced Cyber-Physical System Security Testbed for Substation Automation

A Cyber-Physical System CPS testbed serves as a powerful platform for testing and validating cyber intrusion detection and mitigation strategies in substations. This study presents the design and development of a CPS testbed that can effectively assess the real-time dynamics of a substation. Cybe...

Exploit for OS Command Injection in Php

CVE-2024-4577 취약점 테스트 스크립트 이 Python 스크립트는 PHP의 최신 취약점인 CVE-...

CVE-2025-46804

A minor information leak when running Screen with setuid-root privileges allows unprivileged users to deduce information about a path that would otherwise not be available. Affected are older Screen versions, as well as version 5.0.0...

Exploit for CVE-2025-2783

ChromSploit Framework v2.2 🚀 !Python Versionhttps://img...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 : GLib vulnerability (USN-7532-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS / 24.10 / 25.04 host has packages installed that are affected by a vulnerability as referenced in the USN-7532-1 advisory. It was discovered that Glib incorrectly handled certain inputs. An attacker could possibly use this issue to cause a crash...

The vulnerability of Microprogrammed Software for Intel Arc A-series Graphics and Intel Arc Pro A-series Graphics lies in insufficient testing of exception states, allowing attackers to trigger service failures.

The vulnerability of microprogrammed software for Intel Arc A-series graphics processors and Intel Arc Pro A-series graphics processors is related to insufficient testing of exception states. Exploiting this vulnerability can allow attackers to cause system failures...

Mal-D2GAN: Double-Detector Based GAN for Malware Generation

Machine learning ML has been developed to detect malware in recent years. Most researchers focused their efforts on improving the detection performance but ignored the robustness of the ML models. In addition, many machine learning algorithms are very vulnerable to intentional attacks. To solve...

Exploit for Authentication Bypass by Primary Weakness in Crushftp

CVE-2025-31161 - CrushFTP User Creation Authentication Bypass...

Exploit for CVE-2025-0133

CVE-2025-0133 Reflected XSS Detection Tool Author: Derek...