cyber-pentools

🔥 Cyber Pentools — All-in-One Penetration Testing Toolkit 2...

CVE-2024-54017

A vulnerability has been identified in SIPROTEC 5 6MD84 CP300 All versions = V7.80 = V7.80 = V7.80 = V7.80 = V7.80 = V7.80, SIPROTEC 5 7SA82 CP150 All versions = V7.80 = V7.80 = V7.80, SIPROTEC 5 7SD82 CP150 All versions = V7.80 = V7.80 = V7.80, SIPROTEC 5 7SJ81 CP150 All versions = V7.80, SIPROT...

CVE-2026-41644

monetr is a budgeting application for recurring expenses. Prior to version 1.12.5, a server-side request forgery SSRF vulnerability in monetr's Lunch Flow integration allowed any authenticated user on a self-hosted instance to cause the monetr server to issue HTTP GET requests to arbitrary URLs...

GHSA-9VQF-7F2P-GF9V Hono: bodyLimit() can be bypassed for chunked / unknown-length requests

Summary bodyLimit does not reliably enforce maxSize for requests without a usable Content-Length e.g. Transfer-Encoding: chunked. Oversized requests can reach handlers and return 200 instead of 413. Details For chunked / unknown-length requests, bodyLimit wraps the body in a stream that counts...

Exploit for CVE-2026-35616

CVE-2026-35616 - FortiClient EMS Vulnerability Detector !Py...

SUSE CVE-2026-29111

systemd, a system and service manager, as PID 1 hits an assert and freezes execution when an unprivileged IPC API call is made with spurious data. On version v249 and older the effect is not an assert, but stack overwriting, with the attacker controlled content. From version v250 and newer this i...

CVE-2025-15518

CVE-2025-15518 affects TP-Link Archer NX200/NX210/NX500/NX600. The issue is improper input handling in a wireless-control administrative CLI command, where crafted input can be executed as part of an operating system command. An authenticated attacker with administrative privileges could run arbi...

CVE-2019-25463

SpotIE Internet Explorer Password Recovery 2.9.5 contains a denial of service vulnerability in the registration key input field that allows local attackers to crash the application by supplying an excessively long string. Attackers can paste a 256-character payload into the Key field during...

PT-2026-24770

IntelBras Telefone IP TIP200 and 200 LITE contain an unauthenticated arbitrary file read vulnerability in the dumpConfigFile function accessible via the cgiServer.exx endpoint. Attackers can send GET requests to /cgi-bin/cgiServer.exx with the command parameter containing dumpConfigFile to read...

CVE-2025-38458 affecting package kernel for versions less than 5.15.200.1-1

CVE-2025-38458 affecting package kernel for versions less than 5.15.200.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2022-49465 affecting package kernel for versions less than 5.15.200.1-1

CVE-2022-49465 affecting package kernel for versions less than 5.15.200.1-1. An upgraded version of the package is available that resolves this issue...

PT-2026-22732

Name of the Vulnerable Software and Affected Versions WatchGuard Fireware OS versions 11.9 through 11.12.4 Update1 WatchGuard Fireware OS versions 12.0 through 12.11.7 WatchGuard Fireware OS versions 2025.1 through 2026.1.1 Description An Out-of-bounds Write vulnerability exists in WatchGuard...

CVE-2026-27755

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 contain a weak session identifier generation vulnerability that allows attackers to forge authenticated sessions by computing predictable MD5-based cookies. Attackers who know or guess valid credentials can calculate the session identifie...

PT-2026-22372

SODOLA SL902-SWTGW124AS firmware versions through 200.1.20 use the cryptographically broken MD5 hash function for session cookie generation, weakening session security. Attackers can exploit predictable session tokens combined with MD5's collision vulnerabilities to forge valid session cookies an...

SODOLA SL902-SWTGW124AS 安全漏洞

SODOLA SL902-SWTGW124AS is an industrial switch manufactured by the Spanish company SODOLA. Versions of SODOLA SL902-SWTGW124AS prior to version 200.1.20 contain security vulnerabilities. These vulnerabilities stem from authentication bypass vulnerabilities, which may allow remote attackers to...

Linux Distros Unpatched Vulnerability : CVE-2025-71200

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode When operating in HS200 or HS400 timing modes, reducing the clock frequency below 52M...

CVE-2025-71200 mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode

In the Linux kernel, the following vulnerability has been resolved: mmc: sdhci-of-dwcmshc: Prevent illegal clock reduction in HS200/HS400 mode When operating in HS200 or HS400 timing modes, reducing the clock frequency below 52MHz will lead to link broken as the Rockchip DWC MSHC controller...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from illegally reducing the clock frequency under HS200 or HS400 timing modes, potentially leading to...

CVE-2025-69430

An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS devices, including DM2 version equal to or prior to V1.9.12, DM3 version equal to or prior to V1.9.12, and DM200 version equal to or prior to V1.2.23 that could be exploited by attackers to leak or tamper with the intern...

PT-2026-5971

An Incorrect Symlink Follow vulnerability exists in multiple Yottamaster NAS devices, including DM2 version equal to or prior to V1.9.12, DM3 version equal to or prior to V1.9.12, and DM200 version equal to or prior to V1.2.23 that could be exploited by attackers to leak or tamper with the intern...