Exploit for Deserialization of Untrusted Data in Facebook React

🚀 R2S - Next.js RSC Exploit Framework !Versionhttps://im...

undertow: Undertow MadeYouReset HTTP/2 DDoS Vulnerability

A flaw was found in Undertow where malformed client requests can trigger server-side stream resets without triggering abuse counters. This issue, referred to as the "MadeYouReset" attack, allows malicious clients to induce excessive server workload by repeatedly causing server-side stream aborts...

AzuraCast Vulnerable to Pre-Auth File Deletion & Admin RCE

An API endpoint that is intended for internal use by the SFTP software sftpgo was mistakenly exposed to the public-facing HTTP API for AzuraCast installations. This would allow a user with specific internal knowledge of a station's operations to craft a custom HTTP request that would affect the...

NANOREMOTE Malware Uses Google Drive API for Hidden Control on Windows Systems

Cybersecurity researchers have disclosed details of a new fully-featured Windows backdoor called NANOREMOTE that uses the Google Drive API for command-and-control C2 purposes. According to a report from Elastic Security Labs, the malware shares code similarities with another implant codenamed...

CVE-2020-36885 Sony IPELA Network Camera 1.82.01 Remote Stack Buffer Overflow via ftpclient.cgi

Sony IPELA Network Camera 1.82.01 contains a stack buffer overflow vulnerability in the ftpclient.cgi endpoint that allows remote attackers to execute arbitrary code. Attackers can exploit the vulnerability by sending a crafted POST request with oversized data to the FTP client functionality,...

CVE-2025-65199

A command injection vulnerability exists in Windscribe for Linux Desktop App that allows a local user who is a member of the windscribe group to execute arbitrary commands as root via the 'adapterName' parameter of the 'changeMTU' function. Fixed in Windscribe v2.18.3-alpha and v2.18.8...

CVE-2025-40830

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application does not have proper authorization checks for the filetransfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any...

SUSE CVE-2023-53847

In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Fix uninit-value in alaudacheckmedia Syzbot got KMSAN to complain about access to an uninitialized value in the alauda subdriver of usb-storage: BUG: KMSAN: uninit-value in alaudatransport+0x462/0x57f0...

Jenkins 安全漏洞

Jenkins is a Jenkins open source application. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project. A security vulnerability exists in Jenkins 2.540 and earlier and LTS 2.528.2 and earlier, which stems from not properly...

CVE-2025-8148

An Improper Access Control in the SFTP service in Fortra's GoAnywhere MFT prior to version 7.9.0 allows Web Users with an Authentication Alias and a valid SSH key but limited to Password authentication for SFTP to still login using their SSH key...

TFTP Fetch, Linux Command Shell, Bind TCP Inline

Fetch and execute an PPC payload from an TFTP server. Listen for a connection and spawn a command shell Module Options msf use payload/cmd/linux/tftp/ppc/shellbindtcp msf payloadshellbindtcp show actions ...actions... msf payloadshellbindtcp set ACTION msf payloadshellbindtcp show options ...show...

TFTP Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an PPC payload from an TFTP server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/tftp/ppc/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp show...

TFTP Fetch, Linux Command Shell, Find Port Inline

Fetch and execute an PPC payload from an TFTP server. Spawn a shell on an established connection Module Options msf use payload/cmd/linux/tftp/ppc/shellfindport msf payloadshellfindport show actions ...actions... msf payloadshellfindport set ACTION msf payloadshellfindport show options ...show an...

HTTP Fetch, Linux Command Shell, Reverse TCP Inline

Fetch and execute an PPC payload from an HTTP server. Connect back to attacker and spawn a command shell Module Options msf use payload/cmd/linux/http/ppc/shellreversetcp msf payloadshellreversetcp show actions ...actions... msf payloadshellreversetcp set ACTION msf payloadshellreversetcp show...

EUVD-2025-201922

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application does not have proper authorization checks for the filetransfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any...

EUVD-2023-60149

In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Fix uninit-value in alaudacheckmedia Syzbot got KMSAN to complain about access to an uninitialized value in the alauda subdriver of usb-storage: BUG: KMSAN: uninit-value in alaudatransport+0x462/0x57f0...

CVE-2025-40830

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application does not have proper authorization checks for the filetransfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any...

CVE-2025-40830

A vulnerability has been identified in SINEC Security Monitor All versions V4.10.0. The affected application does not have proper authorization checks for the filetransfer feature in ssmctl-client command. This could allow an authenticated, lowly privileged local attacker to read or write to any...

DEBIAN-CVE-2023-53847

In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Fix uninit-value in alaudacheckmedia Syzbot got KMSAN to complain about access to an uninitialized value in the alauda subdriver of usb-storage: BUG: KMSAN: uninit-value in alaudatransport+0x462/0x57f0...

UBUNTU-CVE-2023-53847

In the Linux kernel, the following vulnerability has been resolved: usb-storage: alauda: Fix uninit-value in alaudacheckmedia Syzbot got KMSAN to complain about access to an uninitialized value in the alauda subdriver of usb-storage: BUG: KMSAN: uninit-value in alaudatransport+0x462/0x57f0...