PT-2026-8383

Apple recently patched the missing piece in the userland part of the Dec'25 full-chain exploit. CVE-2026-20700: dyld memory corruption to PAC bypass This bug completes the chain of CVE-2026-43529 jsc UAF RCE, PoC public and CVE-2026-14174 Angle OOB EoP, no working PoC yet. Patched in iOS 26.3...

React2Shell (CVE-2025-55182): Everything You Need to Know About the Critical React Vulnerability

Detect and mitigate React2Shell CVE-2025-55182, critical RCE vulnerability in React and Next.js exploited in the wild. Organizations should patch urgently...

EUVD-2023-40815

Malicious code in bioql PyPI...

PT-2025-33645 · Undefined · Undefined

🚨 URGENT: Kubernetes admins must patch CVE-2025-02383 SUSE-2025-02383-2 ✅ Affects: kube-apiserver v1.26.x ✅ Risk: Moderate-severity RBAC bypass. ✅ Fix: Apply SUSE patches NOW + validate with kube-bench. Read more: 👉 https://t.co/VRCE9nkHn3 https://t.co/ukAF3LWe56...

PT-2025-31139 · Undefined · Undefined

URGENT: Patch QEMU now! CVE-2025-02530 CVSS 8.2 allows guest-to-host privilege escalation in @SUSE Linux. Impact: Cloud/hybrid environments Fix: zypper patch + config hardening Read more:👉 https://t.co/3PoKQoeDEU infosec SUSE https://t.co/kSt4wekVWd...

WordPress bSecure plugin 1.3.7-1.7.9 - Missing Authorization to Unauthenticated Privilege Escalation via order_info REST Endpoint

Missing Authorization to Unauthenticated Privilege Escalation via orderinfo REST Endpoint vulnerability discovered by kr0d in WordPress Plugin bSecure Your Universal Checkout versions 1.3.7-1.7.9...

CVE-2025-54309: CrushFTP Zero-Day Exploited in the Wild

On Friday, July 18, 2025, managed file transfer vendor CrushFTP released information to a private mailing list on a new critical vulnerability, tracked as CVE-2025-54309, affecting versions below 10.8.5 and 11.3.423 across all platforms. According to the public-facing vendor advisory, this...

WordPress PressGrid - Frontend Publish Reaction & Multimedia Theme Theme <= 1.3.1 is vulnerable to Deserialization of untrusted data

Software PressGrid - Frontend Publish Reaction & Multimedia Theme Type Theme Vulnerable versions = 1.3.1 Fixed in N/A OWASP Top 10 A3: Injection Classification Deserialization of untrusted data CVE CVE-2025-31429 Patch priority High CVSS severity High 9.8 Developer Claim ownership PSID db5f1e6278...

Palo Alto Releases Patch for PAN-OS DoS Flaw — Update Immediately

Palo Alto Networks has disclosed a high-severity vulnerability impacting PAN-OS software that could cause a denial-of-service DoS condition on susceptible devices. The flaw, tracked as CVE-2024-3393 CVSS score: 8.7, impacts PAN-OS versions 10.X and 11.X, as well as Prisma Access running PAN-OS...

PT-2024-8694

Name of the Vulnerable Software and Affected Versions Oracle Agile PLM Framework version 9.3.6 Description The issue is related to an unauthenticated file disclosure flaw in the Oracle Agile PLM Framework, allowing an attacker to access files without authentication. This vulnerability can result ...

Ivanti Endpoint Manager Flaw Actively Targeted, CISA Warns Agencies to Patch

The U.S. Cybersecurity and Infrastructure Security Agency CISA on Wednesday added a security flaw impacting Ivanti Endpoint Manager EPM that the company patched in May to its Known Exploited Vulnerabilities KEV catalog, based on evidence of active exploitation. The vulnerability, tracked as...

PT-2024-32013 · Promptr · Promptr

Name of the Vulnerable Software and Affected Versions: promptr version 6.0.7 Description: A remote command execution issue allows attackers to execute arbitrary commands via a crafted URL. This can lead to privilege escalation, resulting in unauthorized access. It is crucial to prioritize...

SonicWall Secure Mobile Access Remote Code Execution (SNWLID-2021-0001)

According to its self-reported version, the remote SonicWall Secure Mobile Access is affected by a remote code execution vulnerability. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands. Note that Nessus has not tested for these issues bu...

无需登录sql注入泛微集团分权管理（e-cology）（某世界500强企业&amp;demo复现）

简要描述： 危害较大，还请官方及时修复并更新到各个用户。 详细说明： 1.先以其众多大客户中的世界500强企业“绿地集团”作为通用性演示： http://.../login/Login.jsp?logintype=1 注入点就在登陆框，注入参数是:loginid 下面是详情： GET...

OpenSSH 2.x3.0.13.0.2 - Channel Code Off-by-One

OpenSSH 2.x3.0.13.0.2 - Channel Code Off-by-One source: https://www.securityfocus.com/bid/4241/info OpenSSH is a suite implementing the SSH protocol. It includes client and server software, and supports ssh and sftp. It was initially developed for BSD, but is also widely used for Linux, Solaris,...

CVE-2022-26037

...

CVE-2025-50142

...