Download of Code Without Integrity Check

Overview Affected versions of this package are vulnerable to Download of Code Without Integrity Check in the update process due to improper handling of attacker-controlled HTTP response headers. An attacker can achieve arbitrary code execution by influencing update responses to inject path...

AutoRunScan-

AutoRunScan PowerShell-инструмент для аудита автозагрузок W...

CVE-2026-22569

An incorrect startup configuration of affected versions of Zscaler Client Connector on Windows may cause a limited amount of traffic from being inspected under rare circumstances...

Two telnyx versions published containing credential harvesting malware

After an API token exposure from an exploited Trivy dependency,two new releases of telnyx were uploaded to PyPI containing automatically activated malware,harvesting sensitive credentials and files, and exfiltrating to a remote API.Compromised versions execute code during importing the telnyx...

Linux WSL via Startup Folder Persistence

This module establishes persistence by creating a payload in the windows startup folder from within the Windows Subsystem for Linux WSL environment. This allows for code execution on Windows user login. Verified on Windows 10 with Ubuntu 24.04 WSL distribution. Module Options msf use...

CVE-2026-25635

calibre is an e-book manager. Prior to 9.2.0, Calibre's CHM reader contains a path traversal vulnerability that allows arbitrary file writes anywhere the user has write permissions. On Windows haven't tested on other OS's, this can lead to Remote Code Execution by writing a payload to the Startup...

Google Warns of Active Exploitation of WinRAR Vulnerability CVE-2025-8088

Google on Tuesday revealed that multiple threat actors, including nation-state adversaries and financially motivated groups, are exploiting a now-patched critical security flaw in RARLAB WinRAR to establish initial access and deploy a diverse array of payloads. "Discovered and patched in July 202...

Exploit for Path Traversal in Rarlab Winrar

CVE-2025-8088 WinRAR path traversal tool ⚠ This tool is c...

Metasploit Wrap-Up 10/31/2025

New module content 3 ReDoc API Docs UI Exposed Author: Hamza Sahin Type: Auxiliary Pull request: 20594 contributed by HamzaSahin61 Path: scanner/http/redocexposed Description: Adds a module to detect publicly exposed ReDoc API documentation pages using read-only HTTP GET requests searching for...

Windows Persistent Startup Folder

This Metasploit module establishes persistence by creating a payload in the user or system startup folder. Works on Vista and newer systems...

EUVD-2021-24009

Malware in sbrugna...

EUVD-2006-1165

Malware in sbrugna...

Exploit for Path Traversal in Rarlab Winrar

CVE-2025-8088 WinRAR path traversal tool ⚠ This tool is c...

Exploit for Path Traversal in Rarlab Winrar

CVE-2025-8088 WinRAR Exploit 🔓 A proof-of-concept exploit for...

Exploit for Path Traversal in Rarlab Winrar

🚨 CVE-2025-8088 WinRAR Exploit Tool !Pythonhttps://img.s...

CVE-2021-37444

NCH IVM Attendant v5.12 and earlier suffers from a directory traversal weakness upon uploading plugins in a ZIP archive. This can lead to code execution if a ZIP element's pathname is set to a Windows startup folder, a file for the inbuilt Out-Going Message function, or a file for the the inbuilt...

Sessions not logging out after enabling Shellbridge

Seamless sessions might not log off gracefully and leave sessions to be active in Citrix Studio or Citrix Director when using Citrix Virtual Apps and Desktops 2212 or later including Citrix Apps and Desktops 2402 LTSR. Starting with Citrix Virtual Apps and Desktops 2212 the Windows startup...

SUSE-SU-2023:2958-1 Security update for MozillaFirefox

This update for MozillaFirefox fixes the following issues: Firefox was updated to version 115.0.2 ESR bsc1213230: - CVE-2023-3600: Fixed Use-after-free in workers bmo1839703. Bugfixes: - Fixed a startup crash experienced by some Windows users by blocking instances of a malicious injected DLL...

Iranian Hackers Spotted Using a new DNS Hijacking Malware in Recent Attacks

The Iranian state-sponsored threat actor tracked under the moniker Lyceum has turned to using a new custom .NET-based backdoor in recent campaigns directed against the Middle East. "The new malware is a .NET based DNS Backdoor which is a customized version of the open source tool 'DIG.net,'"...

NCH IVM Attendant Remote Code Execution Vulnerability

NCH IVM Attendant is a complete voicemail, call attendant, and IVR solution for Windows.A security vulnerability exists in NCH IVM Attendant, which stems from the fact that if the pathname of a ZIP element is set to the Windows startup folder, a file with a built-in Out-Going Message function, or...