52493 matches found
CVE-2026-24785 Clatter has a PSK Validity Rule Violation issue
Clatter is a nostd compatible, pure Rust implementation of the Noise protocol framework with post-quantum support. Versiosn prior to2.2.0 have a protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK validity rule Noise Protocol Framework...
CVE-2026-24785
Clatter is a nostd compatible, pure Rust implementation of the Noise protocol framework with post-quantum support. Versiosn prior to2.2.0 have a protocol compliance vulnerability. The library allowed post-quantum handshake patterns that violated the PSK validity rule Noise Protocol Framework...
Exploit for Out-of-bounds Read in Libpng
Spring Boot Minimal Images PoC Dummy Spring Boot application...
CVE-2025-13878
Malformed BRID/HHIT records can cause named to terminate unexpectedly. This issue affects BIND 9 versions 9.18.40 through 9.18.43, 9.20.13 through 9.20.17, 9.21.12 through 9.21.16, 9.18.40-S1 through 9.18.43-S1, and 9.20.13-S1 through 9.20.17-S1...
MAL-2026-324 Malicious code in typedoc-plugin-fuel-variants (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6adc38777e8d247da805a1d508c3d27067be2a85dc25149b0d18453a67dcc18a The package typedoc-plugin-fuel-variants was found to contain malicious code. Source: ossf-package-analysis...
Malicious code in typedoc-plugin-fuel-variants (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 6adc38777e8d247da805a1d508c3d27067be2a85dc25149b0d18453a67dcc18a The package typedoc-plugin-fuel-variants was found to contain malicious code. Source: ossf-package-analysis...
MiracleLinux 4 : kernel-2.6.32-696.18.7.el6 (AXSA:2018-2508:01)
The remote MiracleLinux 4 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2018-2508:01 advisory. An industry-wide issue was found in the way many modern microprocessor designs have implemented speculative execution of instructions a commonly use...
MiracleLinux 4 : dbus-1.2.24-4.AXS4 (AXSA:2011-116:01)
The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2011-116:01 advisory. D-BUS is a system for sending messages between applications. It is used both for the system-wide message bus service, and as a per-user-login-session messagin...
CVE-2026-0625
Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the device’s DN...
INTERPOL Arrests 574 in Africa; Ukrainian Ransomware Affiliate Pleads Guilty
A law enforcement operation coordinated by INTERPOL has led to the recovery of $3 million and the arrest of 574 suspects by authorities from 19 countries, amidst a continued crackdown on cybercrime networks in Africa. The coordinated effort, named Operation Sentinel, took place between October 27...
📄 HPE OneView Unauthenticated Remote Code Execution
This Metasploit module exploits an unauthenticated remote code execution vulnerability against Hewlett Packard Enterprise HPE OneView. All versions below 11.00 are vulnerable so long as the vendor supplied hotfix has not been applied, however some VM product versions do not enable the vulnerable...
CVE-2025-13750
The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /webp-converter/v1/regenerate-attachment REST endpoint in all versions up to, and including, 6.3.2. This makes it possib...
CVE-2025-13750
Technical details for CVE-2025-13750 are not publicly available in the provided documents. Monitor for updates from official advisories to confirm affected versions, impact, and remediation.
WordPress plugin Converter for Media 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-51816
The Converter for Media – Optimize images | Convert WebP & AVIF plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the /webp-converter/v1/regenerate-attachment REST endpoint in all versions up to, and including, 6.3.2. This makes it possib...
EUVD-2025-203021
GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. do not validate origins in WebSockets. If a user accesses a crafted page, Chat information sent to the user may be exposed...
CVE-2025-53523
Stored cross-site scripting vulnerabilities exist in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. A logged-in user can prepare a malicious page or URL, and an arbitrary script may be executed on the web browser when...
PT-2025-50874
Cross-site request forgery vulnerability exists in GroupSession Free edition prior to ver5.3.0, GroupSession byCloud prior to ver5.3.3, and GroupSession ZION prior to ver5.3.2. If a user accesses a malicious page while logged in, unintended operations may be performed...
Exploit for Deserialization of Untrusted Data in Facebook React
⚡ CVE-2025-55182 – Auto Exploit Toolkit Precision Engine...
Exploit for Deserialization of Untrusted Data in Facebook React
⚡ CVE-2025-55182 – Advanced Auto Exploit Toolkit Precisi...