Fedora: Security Advisory (FEDORA-2026-a2f3af8a86)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2022-23005

Western Digital has identified a weakness in the UFS standard that could result in a security vulnerability. This vulnerability may exist in some systems where the Host boot ROM code implements the UFS Boot feature to boot from UFS compliant storage devices. The UFS Boot feature, as specified in...

Exploit for Out-of-bounds Read in Microsoft

Usage and information Command - python3 CVE-2024-49...

Exploit for OS Command Injection in Php

🚀 CVE-2024-4577: PHP CGI Argument Injection Scanner and Exploi...

Exploit for OS Command Injection in Php

PHP RCE PoC CVE-2024-4577: Argument Injection in PHP-CGI...

New Docker Malware Steals CPU for Crypto & Drives Fake Website Traffic

Vulnerable Docker services are being targeted by a novel campaign in which the threat actors are deploying XMRig cryptocurrency miner as well as the 9Hits Viewer software as part of a multi-pronged monetization strategy. "This is the first documented case of malware deploying the 9Hits applicatio...

Atlassian Confluence Data Center and Server Security Vulnerability

Atlassian Confluence Data Center and Server is a data center of Atlassian Australia. A security vulnerability exists in Atlassian Confluence Data Center and Server. An attacker exploiting this vulnerability could cause resources to become unavailable to their intended users by temporarily or...

Exploit for OS Command Injection in Eparks Fiberlink_210_Firmware

CVE-2023-33617 Authenticated OS command injection vulnerabili...

Exploit for Argument Injection in Atlassian Bitbucket

CVE-2022-36804-PoC Multithreaded exploit script for CVE-2022-3...

JBOSS EAP/AS 6.x Remote Code Execution

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'JBOSS EAP/AS Remoting Unified Invoker RCE', 'Description' = %q An unauthenticated attacker with network access to the JBOSS EAP/AS 'Joao Matos ',...

6 Ways to Quickly Detect a Log4Shell Exploit in Your Environment

In recent days, the cybersecurity industry has been rapidly assessing the full impact of the Log4Shell CVE-2021-44228 and CVE-2021-45046 vulnerability. Many organizations are quickly trying to figure out whether this vulnerability is within their environment, and where. The next question a securi...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

nse-log4shell Nmap NSE scripts to check against log4shell or...

Exploit for CVE-2021-1675

CVE-2021-1675 Impacket implementation of the PrintNightmare...

Exploit for Path Traversal in Citrix Xenmobile_Server

使用方法&免责声明 该脚本为Citrix XenMobile 目录遍历漏洞（CVE-2020-8209）批量检测脚本。 使用方法：Python CVE-2020-8209-Multiple.py url.txt 存在漏洞的地址输出在vul.txt中 影响版本： - RP2之前的Citrix XenMobile Server 10.12 - RP4之前的Citrix XenMobile Server 10.11 - RP6之前的Citrix XenMobile Server 10.10 - RP5之前的Citrix XenMobile Server 10.9...

NSA Announces Sandworm Actors Exploiting Exim MTA Vulnerability (CVE-2019-10149)

The Exim MTA vulnerability, initially reported by Qualys in May 2019, is currently being exploited in the wild. Recently, the US National Security Agency NSA announced that Sandworm actors Russian hacker group have been actively exploiting the Exim Mail Transfer Agent vulnerability. Qualys releas...

CVE-2020-0796 - SMBGhost

A remote code execution vulnerability exists in the way that the Microsoft Server Message Block 3.1.1 SMBv3 protocol handles certain requests, aka ‘Windows SMBv3 Client/Server Remote Code Execution Vulnerability’. Recent assessments: jorgeorchilles at March 11, 2020 1:19pm UTC reported: Summary...

OpenBSD Local Privilege Escalation Vulnerability (CVE-2019-19726)

Qualys Research Labs discovered a local privilege escalation vulnerability in OpenBSD's dynamic loader. The vulnerability could allow local users or malicious software to gain full root privileges. OpenBSD developers have confirmed the vulnerability and released security patches in less than 3...

OpenBSD Multiple Authentication Vulnerabilities

Multiple authentication vulnerabilities in OpenBSD have been disclosed by Qualys Research Labs. The vulnerabilities are assigned following CVEs: CVE-2019-19522, CVE-2019-19521, CVE-2019-19520, CVE-2019-19519. OpenBSD developers have confirmed the vulnerabilities and also provided a quick response...

Docker Containers Riddled with Graboid Crypto-Worm

The Docker cloud containerization technology is the target for a just-discovered cryptojacking worm dubbed Graboid. According to researchers at Palo Alto’s Unit 42, the worm, which looks to mine the Monero cryptocurrency, has infected more than 2,000 unsecured Docker Engine Community Edition host...

ESXi 6.0 / 6.5 / 6.7 Multiple Vulnerabilities (VMSA-2019-0013)

The remote VMware ESXi host is version 6.0, 6.5 or 6.7 and is affected the following vulnerabilities: - A remote code execution vulnerability caused by a failure to sanitize filenames in the tab autocomplete feature of BusyBox. This allows an attacker to execute arbitrary code, write arbitrary...