CVE-2026-33414

Podman is a tool for managing OCI containers and pods. Versions 4.8.0 through 5.8.1 contain a command injection vulnerability in the HyperV machine backend in pkg/machine/hyperv/stubber.go, where the VM image path is inserted into a PowerShell double-quoted string without sanitization, allowing $...

HTTP Fetch, Windows Upload/Execute, Bind TCP Stager (RC4 Stage Encryption, Metasm)

Fetch and execute an x86 payload from an HTTP server. Uploads an executable and runs it staged. Listen for a connection Module Options msf use payload/cmd/windows/http/x86/upexec/bindtcprc4 msf payloadbindtcprc4 show actions ...actions... msf payloadbindtcprc4 set ACTION msf payloadbindtcprc4 sho...

SUSE CVE-2026-26064

calibre is a cross-platform e-book manager for viewing, converting, editing, and cataloging e-books. Versions 9.2.1 and below contain a Path Traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows, this leads to Remote Code Execution by writin...

CVE-2021-47881

dataSIMS Avionics ARINC 664-1 version 4.5.3 contains a local buffer overflow vulnerability that allows attackers to overwrite memory by manipulating the milstd1553result.txt file. Attackers can craft a malicious file with carefully constructed payload and alignment sections to potentially execute...

CVE-2025-12507 Insecure service configuration – unquoted path

The service Bizerba Communication Server BCS has an unquoted service path. Due to the way Windows searches the executable for the BCS service, malicious programs can be executed...

CVE-2020-26284

Hugo is a fast and Flexible Static Site Generator built in Go. Hugo depends on Go's os/exec for certain features, e.g. for rendering of Pandoc documents if these binaries are found in the system %PATH% on Windows. In Hugo before version 0.79.1, if a malicious file with the same name exe or bat is...

CVE-2022-24826 Git LFS can execute a binary from the current directory on Windows

On Windows, if Git LFS operates on a malicious repository with a ..exe file as well as a file named git.exe, and git.exe is not found in PATH, the ..exe program will be executed, permitting the attacker to execute arbitrary code. This does not affect Unix systems. Similarly, if the malicious...

PT-2022-16905 · Github +1 · Git Lfs +1

Name of the Vulnerable Software and Affected Versions: Git LFS versions 2.12.1 through 3.1.2 Description: On Windows, if Git LFS operates on a malicious repository with a ..exe file as well as a file named git.exe, and git.exe is not found in PATH, the ..exe program will be executed, permitting t...

Exploit for Path Traversal in Microsoft

This repository is an exploit module for CVE-2021-40444, a remote code execution vulnerability in Microsoft Office Word. The exploit is a malicious docx generator that creates a document that, when opened, will execute a malicious DLL file. The exploit is based on some reverse engineering over a...

Vulnerability fixed in Atlassian Bitbucket

By placing a specially crafted DLL file in the Bitbucket installation directory, an unauthorized user can execute arbitrary code with SYSTEM privileges on a Windows system on which the vulnerable Bitbucket software is installed. Atlassian has released updates to fix the vulnerability. fix. For mo...

YoGen Vocal Remover Local Buffer Overflow Exploit

Exploit for windows platform in category local exploits !/usr/bin/perl Exploit Title: YoGen Vocal Remover Local Buffer Overflow Exploit Author: Angel Injection Thanks: r0073r // Sid3^effects // r4dc0re // CrosS || Inj3ct0r Team || "SeeMe" // XroGuE // gunslinger // indoushka // KnocKout // ZoRLu ...