Cockpit version 234 suffers from an unauthenticated server-side request forgery vulnerability.
Backdoor.Win32.Xtreme.yvp malware suffers from an insecure permissions vulnerability that can allow for privilege escalation.
This Metasploit module exploits an arbitrary file upload in the WordPress wpDiscuz plugin version 7.0.4. This flaw gave unauthenticated attackers the ability to upload arbitrary files, including PHP files, and…
Backdoor.Win32.NinjaSpy.c suffers from a remote stack buffer overflow vulnerability. The specimen drops a DLL named “cmd.dll” under C:WINDOWS which listens on both TCP ports 2003 and 2004. By sending consecutive…
PaperStream IP (TWAIN) version 1.42.0.5685 suffers from a local privilege escalation vulnerability.
Gitea version 1.7.5 suffers from a remote code execution vulnerability.
H2 Database version 1.4.199 JNI code execution exploit. This exploit utilizes the Java Native Interface to load a a Java class without needing to use the Java Compiler.
Sonatype Nexus version 3.21.1 suffers from an authenticated remote code execution vulnerability.
Rocket.Chat versions 3.7.1 and below suffers from an email address enumeration vulnerability.
WordPress Plugin wpDiscuz 7.0.4 – Unauthenticated Arbitrary File Upload (Metasploit)