Exploits

Date Text URI
Dec. 3, 2024 CVE-2024-48651: ProFTPD Vulnerability Grants Root Access to Attackers https://securityonline.info/cve-2024-48651-proftpd-vulnerability-grants-root-access-to-attackers/
Dec. 3, 2024 Zero-Day Exploit Code Released for Windows Task Scheduler Flaw (CVE-2024-49039), Actively Exploited by RomCom Group https://securityonline.info/zero-day-exploit-code-released-for-windows-task-scheduler-flaw-cve-2024-49039-actively-exploited-by-romcom-group/
Dec. 3, 2024 Critical Vulnerabilities in mySCADA myPRO Software Pose Significant Risk to Industrial Control Systems https://securityonline.info/critical-vulnerabilities-in-myscada-mypro-software-pose-significant-risk-to-industrial-control-systems/
Nov. 30, 2024 CVE-2024-52338: Critical Security Flaw in Apache Arrow R Package Allows Arbitrary Code Execution https://securityonline.info/cve-2024-52338-critical-security-flaw-in-apache-arrow-r-package-allows-arbitrary-code-execution/
Nov. 29, 2024 CVE-2024-11667: Critical Vulnerability in Zyxel Firewalls Actively Exploited https://securityonline.info/cve-2024-11667-critical-vulnerability-in-zyxel-firewalls-actively-exploited/
Nov. 29, 2024 Integer Overflow Vulnerability in Windows Driver Enables Privilege Escalation, PoC Published https://securityonline.info/integer-overflow-vulnerability-in-windows-driver-enables-privilege-escalation-poc-published/
Nov. 29, 2024 Zero-Day in Active Directory Certificate Services: Researcher Exposes CVE-2024-49019 with PoC https://securityonline.info/zero-day-in-active-directory-certificate-services-researcher-exposes-cve-2024-49019-with-poc/
Nov. 29, 2024 CVE-2024-52338: Critical Security Flaw in Apache Arrow R Package Allows Arbitrary Code Execution https://securityonline.info/cve-2024-52338-critical-security-flaw-in-apache-arrow-r-package-allows-arbitrary-code-execution/
Nov. 21, 2024 CVE-2024-52940: AnyDesk Vulnerability Exposes User IP Addresses, PoC Published https://securityonline.info/cve-2024-52940-anydesk-vulnerability-exposes-user-ip-addresses-poc-published/
Nov. 21, 2024 CVE-2024-10220: Kubernetes Vulnerability Allows Arbitrary Command Execution https://securityonline.info/cve-2024-10220-kubernetes-vulnerability-allows-arbitrary-command-execution/
Nov. 21, 2024 Critical VMware vCenter Server Flaws Under Active Attack: CISA Issues Urgent Warning https://securityonline.info/critical-vmware-vcenter-server-flaws-under-active-attack-cisa-issues-urgent-warning/
Nov. 4, 2024 Okta Patches Vulnerability (CVE-2024-9191) in Verify Desktop MFA for Windows https://securityonline.info/okta-patches-vulnerability-cve-2024-9191-in-verify-desktop-mfa-for-windows/
Nov. 4, 2024 CVE-2024-8956 & CVE-2024-8957: Two Actively Exploited Vulnerabilities in PTZ Cameras https://securityonline.info/cve-2024-8956-cve-2024-8957-two-actively-exploited-vulnerabilities-in-ptz-cameras/
Nov. 4, 2024 CVE-2024-46538: Unpatched XSS Flaw in pfSense Allows Remote Exploits, PoC Published https://securityonline.info/cve-2024-46538-unpatched-xss-flaw-in-pfsense-allows-remote-exploits-poc-published/
Sept. 10, 2024 Siemens Issues Critical Security Advisory for User Management Component (UMC) – CVE-2024-33698 https://securityonline.info/siemens-issues-critical-security-advisory-for-user-management-component-umc-cve-2024-33698/
Sept. 10, 2024 CVE-2024-6342: Critical Command Injection Flaw in Zyxel NAS Devices, Hotfixes Released for End-of-Support Products https://securityonline.info/cve-2024-6342-critical-command-injection-flaw-in-zyxel-nas-devices-hotfixes-released-for-end-of-support-products/
Sept. 10, 2024 Ivanti Issues Patch for Critical Vulnerabilities in Endpoint Manager, Including CVE-2024-29847 (CVSS 10.0) https://securityonline.info/ivanti-issues-patch-for-critical-vulnerabilities-in-endpoint-manager-including-cve-2024-29847-cvss-10-0/
Sept. 9, 2024 Critical Kibana Flaws (CVE-2024-37288, CVE-2024-37285) Expose Systems to Arbitrary Code Execution https://securityonline.info/critical-kibana-flaws-cve-2024-37288-cve-2024-37285-expose-systems-to-arbitrary-code-execution/
Sept. 9, 2024 MindsDB Fixes Critical CVE-2024-24759: DNS Rebinding Attack Bypasses Security Protections https://securityonline.info/mindsdb-fixes-critical-cve-2024-24759-dns-rebinding-attack-bypasses-security-protections/
Sept. 9, 2024 PoC Exploit Releases for Windows Elevation of Privilege Vulnerability CVE-2024-26230 https://securityonline.info/poc-exploit-releases-for-windows-elevation-of-privilege-vulnerability-cve-2024-26230/
Sept. 9, 2024 HAProxy Vulnerability CVE-2024-45506 Under Active Exploit: Urgent Patching Required https://securityonline.info/haproxy-vulnerability-cve-2024-45506-under-active-exploit-urgent-patching-required/
Sept. 9, 2024 YubiKey Side-Channel Attack https://www.schneier.com/blog/archives/2024/09/yubikey-side-channel-attack.html
Aug. 23, 2024 Exploit for CVE-2024-38054 Released: Elevation of Privilege Flaw in Windows Kernel Streaming WOW Thunk https://securityonline.info/exploit-for-cve-2024-38054-released-elevation-of-privilege-flaw-in-windows-kernel-streaming-wow-thunk/
Aug. 23, 2024 Urgent Edge Security Update: Microsoft Patches Zero-day & RCE Vulnerabilities https://securityonline.info/urgent-edge-security-update-microsoft-patches-zero-day-rce-vulnerabilities/
Aug. 14, 2024 CVE-2024-38063 (CVSS 9.8): 0-Click RCE Affects All Windows Systems https://securityonline.info/cve-2024-38063-cvss-9-8-0-click-rce-affects-all-windows-systems/
Aug. 14, 2024 CVE-2024-28986 (CVSS 9.8): SolarWinds Web Help Desk Users Must Patch Now! https://securityonline.info/cve-2024-28986-cvss-9-8-solarwinds-web-help-desk-users-must-patch-now/
Aug. 14, 2024 ArtiPACKED: A New GitHub Actions Vulnerability Exposes Critical Credentials https://securityonline.info/artipacked-a-new-github-actions-vulnerability-exposes-critical-credentials/
Aug. 8, 2024 Critical Progress WhatsUp RCE flaw now under active exploitation https://www.bleepingcomputer.com/news/security/critical-progress-whatsup-rce-flaw-now-under-active-exploitation/
Aug. 7, 2024 CVE-2024-43044: Critical Jenkins Vulnerability Exposes Servers to RCE Attacks https://securityonline.info/cve-2024-43044-critical-jenkins-vulnerability-exposes-servers-to-rce-attacks/
Aug. 3, 2024 From Limited file read to full access on Jenkins (CVE-2024-23897) https://www.reddit.com/r/netsec/comments/1ehd85y/from_limited_file_read_to_full_access_on_jenkins/
Aug. 3, 2024 Windows AppLocker Driver LPE Vulnerability - CVE-2024-21338 https://www.reddit.com/r/netsec/comments/1ehjatd/windows_applocker_driver_lpe_vulnerability/
July 26, 2024 Critical ServiceNow RCE flaws actively exploited to steal credentials https://www.bleepingcomputer.com/news/security/critical-servicenow-rce-flaws-actively-exploited-to-steal-credentials/
July 20, 2024 CVE-2024-22442 (CVSS 9.8): HPE Patches Critical 3PAR Service Processor Flaw https://securityonline.info/cve-2024-22442-cvss-9-8-hpe-patches-critical-3par-service-processor-flaw/
July 20, 2024 Oracle WebLogic Users Urged to Patch Critical Vulnerability (CVE-2024-21181, CVSS 9.8) https://securityonline.info/oracle-weblogic-users-urged-to-patch-critical-vulnerability-cve-2024-21181-cvss-9-8/
July 20, 2024 Broadcom Urges Immediate Patching for Critical Symantec PAM Vulnerabilities https://securityonline.info/broadcom-urges-immediate-patching-for-critical-symantec-pam-vulnerabilities/
July 20, 2024 Cisco Warns of Unpatched Vulnerability (CVE-2024-20416) in RV340 and RV345 Routers https://securityonline.info/cisco-warns-of-unpatched-vulnerability-cve-2024-20416-in-rv340-and-rv345-routers/
July 17, 2024 CISA warns critical Geoserver GeoTools RCE flaw is exploited in attacks https://www.bleepingcomputer.com/news/security/cisa-warns-critical-geoserver-geotools-rce-flaw-is-exploited-in-attacks/
July 9, 2024 Hackers are Actively Exploiting CVE-2024-5441 Flaw, 150,000 Sites at Risk https://securityonline.info/hackers-are-actively-exploiting-cve-2024-5441-flaw-150000-sites-at-risk/
July 9, 2024 Turla APT Group Unleashes Sophisticated Fileless Backdoor via Compromised Site https://securityonline.info/turla-apt-group-unleashes-sophisticated-fileless-backdoor-via-compromised-site/
July 9, 2024 Critical Security Advisory for Apache CloudStack: CVE-2024-38346 and CVE-2024-39864 https://securityonline.info/critical-security-advisory-for-apache-cloudstack-cve-2024-38346-and-cve-2024-39864/
July 9, 2024 CVE-2024-36138: High-Severity Vulnerability in Node.js Allows Code Execution on Windows https://securityonline.info/cve-2024-36138-high-severity-vulnerability-in-node-js-allows-code-execution-on-windows/
July 9, 2024 VMware vCenter Server RCE (CVE-2024-22274): PoC Exposes Systems to Remote Takeover https://securityonline.info/vmware-vcenter-server-rce-cve-2024-22274-poc-exposes-systems-to-remote-takeover/
July 9, 2024 BlastRADIUS Vulnerability (CVE-2024-3596): Flaw in RADIUS Protocol Exposes Networks to Attack https://securityonline.info/blastradius-vulnerability-cve-2024-3596-flaw-in-radius-protocol-exposes-networks-to-attack/
July 9, 2024 CVE-2024-6409: New Remote Code Execution Vulnerability in OpenSSH https://securityonline.info/cve-2024-6409-new-remote-code-execution-vulnerability-in-openssh/
July 8, 2024 Cisco Confirms Critical OpenSSH regreSSHion (CVE-2024-6387) Flaw in Multiple Products https://securityonline.info/cisco-confirms-critical-openssh-regresshion-cve-2024-6387-flaw-in-multiple-products/
July 8, 2024 CVE-2024-39349 (CVSS 9.8): Critical Vulnerability in Synology Surveillance Cameras https://securityonline.info/cve-2024-39349-cvss-9-8-critical-vulnerability-in-synology-surveillance-cameras/
July 3, 2024 New Open SSH Vulnerability https://www.schneier.com/blog/archives/2024/07/new-open-ssh-vulnerability.html
June 30, 2024 CVE-2024-36072 (CVSS 10): Unauthenticated RCE Flaw in CoSoSys Endpoint Protector https://securityonline.info/cve-2024-36072-unauthenticated-rce-flaw-in-cososys-endpoint-protector/
June 30, 2024 PoC Released for Unauthenticated RCE Vulnerability in TP-Link VIGI NVR4032H Network Video Recorder https://securityonline.info/poc-released-for-unauthenticated-rce-vulnerability-in-tp-link-vigi-nvr4032h-network-video-recorder/
June 30, 2024 CVE-2024-2973 (CVSS 10): Juniper Session Smart Router Authentication Bypass Vulnerability https://securityonline.info/cve-2024-2973-cvss-10-juniper-session-smart-router-authentication-bypass-vulnerability/
June 30, 2024 Microsoft Issues CVE Numbers for Cloud Service Vulnerabilities https://securityonline.info/microsoft-issues-cve-numbers-for-cloud-service-vulnerabilities/
June 23, 2024 CosmicSting (CVE-2024-34102): A Critical E-Commerce Vulnerability Threatening Millions of Online Stores https://securityonline.info/cosmicsting-cve-2024-34102-a-critical-e-commerce-vulnerability-threatening-millions-of-online-stores/
June 23, 2024 Ghostscript Patches Multiple Vulnerabilities, Potential for Arbitrary Code Execution https://securityonline.info/ghostscript-patches-multiple-vulnerabilities-potential-for-arbitrary-code-execution/
June 23, 2024 ESET Issues Security Patch for Privilege Escalation Flaw in Windows Products https://securityonline.info/eset-issues-security-patch-for-privilege-escalation-flaw-in-windows-products/
June 21, 2024 Phoenix UEFI vulnerability impacts hundreds of Intel PC models https://www.bleepingcomputer.com/news/security/phoenix-uefi-vulnerability-impacts-hundreds-of-intel-pc-models/
June 21, 2024 SolarWinds Serv-U path traversal flaw actively exploited in attacks https://www.bleepingcomputer.com/news/security/solarwinds-serv-u-path-traversal-flaw-actively-exploited-in-attacks/
June 21, 2024 CosmicSting flaw impacts 75% of Adobe Commerce, Magento sites https://www.bleepingcomputer.com/news/security/cosmicsting-flaw-impacts-75-percent-of-adobe-commerce-magento-sites/
June 20, 2024 VMware fixes critical vCenter RCE vulnerability, patch now https://www.bleepingcomputer.com/news/security/vmware-fixes-critical-vcenter-rce-vulnerability-patch-now/
June 13, 2024 CVE-2024-37051: Critical JetBrains Flaw Exposes GitHub Tokens in IntelliJ IDEs, PoC Published https://securityonline.info/cve-2024-37051-exploit-poc-jetbrains-github-tokens/
June 13, 2024 Urgent Security Alert: SuiteCRM Users Urged to Patch Multiple Critical Vulnerabilities https://securityonline.info/urgent-security-alert-suitecrm-users-urged-to-patch-multiple-critical-vulnerabilities/
June 13, 2024 VLC Media Player Patches Two Vulnerabilities: Users Urged to Update Immediately https://securityonline.info/vlc-media-player-patches-two-vulnerabilities-users-urged-to-update-immediately/
June 13, 2024 CVE-2024-27801: Critical Vulnerability Discovered in Apple Ecosystem, PoC Published https://securityonline.info/cve-2024-27801-critical-vulnerability-discovered-in-apple-ecosystem-poc-published/
June 13, 2024 CVE-2024-26169: Windows Zero-Day Vulnerability Abused by Black Basta Ransomware https://securityonline.info/cve-2024-26169-windows-zero-day-vulnerability-abused-by-black-basta-ransomware/
June 13, 2024 Adobe Patches Critical Flaws in Multiple Products, Urging Users to Update https://securityonline.info/adobe-patches-critical-flaws-in-multiple-products-urging-users-to-update/
June 13, 2024 CVE-2024-32896: Google Patches Actively Exploited Zero-Day Vulnerability in Pixel Devices https://securityonline.info/cve-2024-32896-google-patches-actively-exploited-zero-day-vulnerability-in-pixel-devices/
June 13, 2024 CVE-2024-35213: Critical Vulnerability Discovered in BlackBerry QNX SDP https://securityonline.info/cve-2024-35213-critical-vulnerability-discovered-in-blackberry-qnx-sdp/
June 11, 2024 Veeam Patches Critical Security Flaw in Recovery Orchestrator (CVE-2024-29855) https://securityonline.info/veeam-patches-critical-security-flaw-in-recovery-orchestrator-cve-2024-29855/
June 3, 2024 13,800+ Check Point Gateways Exposed: 0-Day CVE-2024-24919 Flaw Under Attack https://securityonline.info/13800-check-point-gateways-exposed-0-day-cve-2024-24919-flaw-under-attack/
June 3, 2024 CVE-2024-3820 (CVSS 10) in wpDataTables Puts 70,000 WordPress Sites at Risk https://securityonline.info/cve-2024-3820-cvss-10-in-wpdatatables-puts-70000-wordpress-sites-at-risk/
June 3, 2024 Patch Now to Avoid Apache OFBiz Remote Code Execution – CVE-2024-36104 https://securityonline.info/patch-now-to-avoid-apache-ofbiz-remote-code-execution-cve-2024-36104/
May 15, 2024 PoC exploit released for RCE zero-day in D-Link EXO AX4800 routers https://www.bleepingcomputer.com/news/security/poc-exploit-released-for-rce-zero-day-in-d-link-exo-ax4800-routers/
May 13, 2024 [KIS-2024-04] Cacti <= 1.2.26 Remote Code Execution Vulnerability https://www.reddit.com/r/netsec/comments/1cqurbm/kis202404_cacti_1226_remote_code_execution/
May 9, 2024 New BIG-IP Next Central Manager bugs allow device takeover https://www.bleepingcomputer.com/news/security/new-big-ip-next-central-manager-bugs-allow-device-takeover/
May 2, 2024 CVE-2024-32971: Critical Vulnerability in Apollo Router Compromises Data Integrity https://securityonline.info/cve-2024-32971-critical-vulnerability-in-apollo-router-compromises-data-integrity/
May 2, 2024 CVE-2024-32114: High-Severity Vulnerability Exposed in Apache ActiveMQ https://securityonline.info/cve-2024-32114-high-severity-vulnerability-exposed-in-apache-activemq/
May 2, 2024 Cisco IP Phones Exposed: Vulnerabilities Allow Hackers to Disrupt, Spy, and Even Make Calls https://securityonline.info/cisco-ip-phones-exposed-vulnerabilities-allow-hackers-to-disrupt-spy-and-even-make-calls/
May 2, 2024 HPE Aruba Networking Patches Critical Vulnerabilities in Mobility Controllers and Gateways https://securityonline.info/hpe-aruba-networking-patches-critical-vulnerabilities-in-mobility-controllers-and-gateways/
May 2, 2024 CVE-2024-32962 (CVSS 10): Critical Vulnerability in XML-Crypto Affects Millions https://securityonline.info/cve-2024-32962-cvss-10-critical-vulnerability-in-xml-crypto-affects-millions/
April 30, 2024 New R Vulnerability CVE-2024-27322: Code Execution Risk in Data Files https://securityonline.info/new-r-vulnerability-cve-2024-27322-code-execution-risk-in-data-files/
April 30, 2024 Ant Media Server Flaw Grants Local Users Root Access (CVE-2024-32656) https://securityonline.info/ant-media-server-flaw-grants-local-users-root-access-cve-2024-32656/
April 29, 2024 CVE-2024-32766 (CVSS 10) – QNAP Vulnerability: Hackers Can Hijack Your NAS https://securityonline.info/cve-2024-32766-cvss-10-qnap-vulnerability-hackers-can-hijack-your-nas/
April 29, 2024 Telegram Patches Flaw in Web Version, Vulnerability Exposed User Accounts to Hackers https://securityonline.info/telegram-patches-flaw-in-web-version-vulnerability-exposed-user-accounts-to-hackers/
April 29, 2024 Researchers Uncover ‘Pathfinder’ Exploit, Putting CPUs at Risk of High-Precision Attacks https://securityonline.info/researchers-uncover-pathfinder-exploit-putting-cpus-at-risk-of-high-precision-attacks/
April 28, 2024 Windows Kernel EoP Vulnerability (CVE-2024-21345) Gets PoC Exploit Code https://securityonline.info/windows-kernel-eop-vulnerability-cve-2024-21345-gets-poc-exploit-code/
April 28, 2024 Mitel Issues Critical Fixes for XSS Vulnerabilities in MiContact Center Business https://securityonline.info/mitel-issues-critical-fixes-for-xss-vulnerabilities-in-micontact-center-business/
April 26, 2024 Skylab IGX IIoT Gateway Vulnerability (CVE-2024-4163): Root Access for Attackers https://securityonline.info/skylab-igx-iiot-gateway-vulnerability-cve-2024-4163-root-access-for-attackers/
April 26, 2024 PoC Exploit Releases for Critical Progress Flowmon Bug – CVE-2024-2389 (CVSS 10) https://securityonline.info/poc-exploit-releases-for-critical-progress-flowmon-bug-cve-2024-2389-cvss-10/
April 26, 2024 Security Update for Webmin: Addressing Privilege Escalation Vulnerability https://securityonline.info/critical-security-update-for-webmin-addressing-privilege-escalation-vulnerability/
April 25, 2024 Multiple Vulnerabilities in Open Devin (Autonomous AI Software Engineer) https://www.reddit.com/r/netsec/comments/1cctaah/multiple_vulnerabilities_in_open_devin_autonomous/
April 25, 2024 18 vulnerabilities in Brocade SANnav https://www.reddit.com/r/netsec/comments/1cbztz4/18_vulnerabilities_in_brocade_sannav/
April 25, 2024 Cisco ASA exploit in the wild. https://www.reddit.com/r/netsec/comments/1cc62sy/cisco_asa_exploit_in_the_wild/
April 24, 2024 Grafana backend sql injection affected all version https://www.reddit.com/r/netsec/comments/1cbrrg8/grafana_backend_sql_injection_affected_all_version/
April 24, 2024 CVE-2024-2389: Command Injection Vulnerability In Progress Flowmon https://www.reddit.com/r/netsec/comments/1cb7vz5/cve20242389_command_injection_vulnerability_in/
April 23, 2024 Oracle VirtualBox Elevation of Privilege Vulnerability (CVE-2024-21111): PoC Published https://securityonline.info/oracle-virtualbox-elevation-of-privilege-vulnerability-cve-2024-21111-poc-published/
April 23, 2024 Linux Systems Targeted: Open-Source Pupy RAT Exploited in Attacks Across Asia https://securityonline.info/linux-systems-targeted-open-source-pupy-rat-exploited-in-attacks-across-asia/
April 23, 2024 CVE-2024-2796: Critical Vulnerability Discovered in Popular API Developer Portal https://securityonline.info/cve-2024-2796-critical-vulnerability-discovered-in-popular-api-developer-portal/
April 23, 2024 Citrix uberAgent Update for Privilege Escalation Vulnerability (CVE-2024-3902) https://securityonline.info/citrix-uberagent-update-for-privilege-escalation-vulnerability-cve-2024-3902/
April 23, 2024 Multiple Vulnerabilities Patched in Apache HugeGraph – Update Immediately https://securityonline.info/multiple-vulnerabilities-patched-in-apache-hugegraph-update-immediately/
April 22, 2024 CrushFTP warns users to patch exploited zero-day “immediately” https://www.bleepingcomputer.com/news/security/crushftp-warns-users-to-patch-exploited-zero-day-immediately/
April 22, 2024 Critical Forminator plugin flaw impacts over 300k WordPress sites https://www.bleepingcomputer.com/news/security/critical-forminator-plugin-flaw-impacts-over-300k-wordpress-sites/
April 18, 2024 An Obscure Actions Workflow Vulnerability in Google’s Flank https://www.reddit.com/r/netsec/comments/1c6i2pj/an_obscure_actions_workflow_vulnerability_in/
April 18, 2024 Element Android CVE-2024-26131, CVE-2024-26132 - Never Take Intents From Strangers - Shielder https://www.reddit.com/r/netsec/comments/1c6z1bn/element_android_cve202426131_cve202426132_never/
April 17, 2024 PoC Exploit Released for 0-day Windows Kernel Elevation of Privilege Vulnerability (CVE-2024-21338) https://securityonline.info/poc-exploit-released-for-0-day-windows-kernel-elevation-of-privilege-vulnerability-cve-2024-21338/
April 17, 2024 CVE-2024-32019 in Popular Monitoring Tool Netdata Could Allow Hackers Root Access https://securityonline.info/cve-2024-32019-in-popular-monitoring-tool-netdata-could-allow-hackers-root-access/
April 17, 2024 Ivanti warns of critical flaws in its Avalanche MDM solution https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-flaws-in-its-avalanche-mdm-solution/
April 17, 2024 Cisco discloses root escalation flaw with public exploit code https://www.bleepingcomputer.com/news/security/cisco-discloses-root-escalation-flaw-with-public-exploit-code/
April 16, 2024 Exploit released for Palo Alto PAN-OS bug used in attacks, patch now https://www.bleepingcomputer.com/news/security/exploit-released-for-palo-alto-pan-os-bug-used-in-attacks-patch-now/
April 16, 2024 Ivanti warns of critical flaws in its Avalanche MDM solution https://www.bleepingcomputer.com/news/security/ivanti-warns-of-critical-flaws-in-its-avalanche-mdm-solution/
April 16, 2024 PuTTY SSH client flaw allows recovery of cryptographic private keys https://www.bleepingcomputer.com/news/security/putty-ssh-client-flaw-allows-recovery-of-cryptographic-private-keys/
April 14, 2024 CVE-2024-22262: Spring Framework Hit by New Vulnerability, Urgent Update Needed https://securityonline.info/cve-2024-22262-spring-framework-hit-by-new-vulnerability-urgent-update-needed/
April 14, 2024 PoC Released for Zero-Click CVE-2023-35628 Vulnerability in Microsoft Windows https://securityonline.info/poc-released-for-zero-click-cve-2023-35628-vulnerability-in-microsoft-windows/
April 14, 2024 CVE-2024-22734 – Critical Flaw in Trux Software: Hackers Can Take Over Systems https://securityonline.info/cve-2024-22734-critical-flaw-in-trux-software-hackers-can-take-over-systems/
April 14, 2024 CVE-2024-20670 Report - "New Outlook" NTLM Leak and File Execution https://www.reddit.com/r/netsec/comments/1c28wyp/cve202420670_report_new_outlook_ntlm_leak_and/
April 14, 2024 Bitdefender Patches Critical Vulnerabilities in GravityZone and Endpoint Security https://securityonline.info/bitdefender-patches-critical-vulnerabilities-in-gravityzone-and-endpoint-security/
Feb. 29, 2024 Urgent Security Alert: Avada WordPress Theme Vulnerability (CVE-2024-1468) https://securityonline.info/urgent-security-alert-avada-wordpress-theme-vulnerability-cve-2024-1468/
Feb. 29, 2024 Zero-Day Alert (CVE-2024-21338): Lazarus Group Exploits Windows Kernel Vulnerability https://securityonline.info/zero-day-alert-cve-2024-21338-lazarus-group-exploits-windows-kernel-vulnerability/
Feb. 29, 2024 NVIDIA Tackles Severe GPU Display Driver Vulnerabilities – Urgent Update Required https://securityonline.info/nvidia-tackles-severe-gpu-display-driver-vulnerabilities-urgent-update-required/
Feb. 16, 2024 PoC Exploit Released for Microsoft Outlook RCE Flaw – CVE-2024-21413 https://securityonline.info/poc-exploit-released-for-microsoft-outlook-rce-flaw-cve-2024-21413/#google_vignette
Feb. 11, 2024 Exploiting the probmon.sys Minifilter driver in order to create a process killer. https://github.com/enkomio/s4killer
Feb. 11, 2024 Google Chrome Zero-Day PoC Code Released https://securityonline.info/google-chrome-zero-day-poc-code-released/#google_vignette
Feb. 6, 2024 Critical Alert: CVE-2024-23917 Exposes TeamCity to Unauthenticated Attacks https://securityonline.info/critical-alert-cve-2024-23917-exposes-teamcity-to-unauthenticated-attacks/#google_vignette
Feb. 5, 2024 Escaping the Sandbox: CVE-2024-21399 Microsoft Edge RCE Vulnerability https://securityonline.info/escaping-the-sandbox-cve-2024-21399-microsoft-edge-rce-vulnerability/
Feb. 5, 2024 CVE-2024-23208 Exposed: A PoC Tool Unveils iOS Kernel Flaw https://securityonline.info/cve-2024-23208-exposed-a-poc-tool-unveils-ios-kernel-flaw/
Jan. 24, 2024 CVE-2023-6546 (ZDI-24-020) - Linux Kernel GSM Multiplexing Race Condition LPE https://github.com/Nassim-Asrir/ZDI-24-020/
Dec. 29, 2023 POC for Apache ActiveMQ CVE-2023-46604 https://github.com/X1r0z/ActiveMQ-RCE
Dec. 28, 2023 Critical Apache OFBiz Zero-day -AuthBiz https://blog.sonicwall.com/en-us/2023/12/sonicwall-discovers-critical-apache-ofbiz-zero-day-authbiz/
Dec. 23, 2023 Full Chain Baseband Exploits, Part 1 https://labs.taszk.io/articles/post/full_chain_bb_part1/
Dec. 16, 2023 The new In-The-Wild Google Chrome Heap buffer overflow in WebP (CVE-2023-4863) is due to an out-of-bounds write vulnerability within the "BuildHuffmanTable" function https://chromium.googlesource.com/webm/libwebp.git/+/2af26267cdfcb63a88e5c74a85927a12d6ca1d76
Dec. 16, 2023 Microsoft Office SKP File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability https://www.zerodayinitiative.com/advisories/ZDI-23-1785/
Dec. 16, 2023 Microsoft office buffer overflow https://www.redpacketsecurity.com/microsoft-office-buffer-overflow/
Dec. 12, 2023 Researcher to Release PoC for 0-day Windows CVE-2023-36036 Flaw https://securityonline.info/researcher-to-release-poc-0day-cve-2023-36036-vulnerability/#google_vignette
Dec. 9, 2023 CVE-2023-45866: Unauthenticated Bluetooth keystroke-injection in Android, Linux, macOS and iOS https://github.com/skysafe/reblog/tree/main/cve-2023-45866
Nov. 21, 2023 Log4Shell - different avenues of exploitation https://olexvel.substack.com/p/log4shell-different-avenues-of-exploitation
Nov. 18, 2023 AI Exploits https://github.com/protectai/ai-exploits
Nov. 16, 2023 Padre - Blazing Fast, Advanced Padding Oracle Exploit https://www.kitploit.com/2023/11/padre-blazing-fast-advanced-padding.html
Nov. 15, 2023 Reptar: an Intel Ice Lake CPU vulnerability, by Tavis Ormandy https://lock.cmpxchg8b.com/reptar.html
Nov. 14, 2023 Ubuntu Privilege Escalation bash one-liner using CVE-2023-32629 & CVE-2023-2640 https://github.com/ThrynSec/CVE-2023-32629-CVE-2023-2640---POC-Escalation
Nov. 14, 2023 Randstorm: You Can’t Patch a House of Cards (BitcoinJS) https://www.unciphered.com/blog/randstorm-you-cant-patch-a-house-of-cards
Nov. 11, 2023 SpoolSploit - A collection of Windows print spooler exploits containerized with other utilities for practical exploitation. https://github.com/BeetleChunks/SpoolSploit
Nov. 11, 2023 unauth RCE exploit against Cisco IOS XE (CVE-2023-20198 and CVE-2023-20273) https://www.rapid7.com/blog/post/2023/11/10/metasploit-weekly-wrap-up-35/
Nov. 9, 2023 Hacking the Canon imageCLASS MF742Cdw/MF743Cdw (again) https://haxx.in/posts/hacking-canon-imageclass/
Oct. 26, 2023 CitrixBleed Exploit https://github.com/assetnote/exploits/blob/main/citrix/CVE-2023-4966/exploit.py
Oct. 5, 2023 Zero-days for hacking WhatsApp are now worth millions of dollars https://techcrunch.com/2023/10/05/zero-days-for-hacking-whatsapp-are-now-worth-millions-of-dollars/?guccounter=1&guce_referrer=aHR0cHM6Ly90LmNvLw&guce_referrer_sig=AQAAAKdeU5wm3OO2aerJISEVsN0GtLjIZD2h
Oct. 3, 2023 ShellTorch: Multiple Critical Vulnerabilities in PyTorch Model Server (TorchServe) (CVSS 9.9, CVSS 9.8) Threatens Countless AI Users - Immediate Action Required https://www.oligo.security/blog/shelltorch-torchserve-ssrf-vulnerability-cve-2023-43654
Oct. 3, 2023 CVE-2023-34040 Spring Kafka Deserialization Remote Code Execution https://pyn3rd.github.io/2023/09/15/CVE-2023-34040-Spring-Kafka-Deserialization-Remote-Code-Execution/
Sept. 20, 2023 Alert Regarding Vulnerability in Trend Micro Multiple Endpoint Security Products for Enterprises https://www.jpcert.or.jp/english/at/2023/at230021.html
Sept. 14, 2023 CVE-2023-38146: Arbitrary Code Execution via Windows Themes https://exploits.forsale/themebleed/
Sept. 12, 2023 Chrome zero-day exploited in the wild, patch now! (CVE-2023-4863) https://www.helpnetsecurity.com/2023/09/12/cve-2023-4863/
Sept. 11, 2023 PoC Exploit for CVE-2023-27524 in Apache Superset Leads to RCE Released https://securityonline.info/poc-exploit-for-cve-2023-27524-in-apache-superset-leads-to-rce-released/
Sept. 8, 2023 BLASTPASS: NSO Group iPhone Zero-Click, Zero-Day Exploit Captured in the Wild https://citizenlab.ca/2023/09/blastpass-nso-group-iphone-zero-click-zero-day-exploit-captured-in-the-wild/
Sept. 6, 2023 Code Vulnerabilities Leak Emails in Proton Mail https://www.sonarsource.com/blog/code-vulnerabilities-leak-emails-in-proton-mail/?utm_source=twitter&utm_medium=social&utm_campaign=protonmail&utm_content=security&utm_term=mofu
Sept. 3, 2023 Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1331 https://www.cve.org/CVERecord?id=CVE-2023-4751
Sept. 3, 2023 CVE-2023-37895: Apache Jackrabbit RMI RCE https://y4er.com/posts/cve-2023-37895-apache-jackrabbit-rmi-rce/
Sept. 3, 2023 Vulnerability in Windows’s File History Service allows local users to gain elevated privileges on the Windows operating system https://ssd-disclosure.com/ssd-advisory-file-history-service-fhsvc-dll-elevation-of-privilege/
Sept. 1, 2023 Multiple Security Vulnerabilities Found in NVIDIA DGX H100 System https://securityonline.info/multiple-security-vulnerabilities-found-in-nvidia-dgx-h100-system/#google_vignette
Sept. 1, 2023 Researcher releases PoC exploit for critical VMware Aria (CVE-2023-34039) bug https://securityonline.info/researcher-releases-poc-exploit-for-critical-vmware-aria-cve-2023-34039-bug/
Aug. 31, 2023 Splunk Enterprise on Windows Privilege Escalation due to Insecure OPENSSLDIR Build Definition Reference in DLL https://advisory.splunk.com/advisories/SVD-2023-0805
Aug. 28, 2023 Exploit released for Juniper firewall bugs allowing RCE attacks https://github.com/watchtowrlabs/juniper-rce_cve-2023-36844
Aug. 28, 2023 Multiple Vulnerabilities found in Techview LA-5570 Wireless Gateway Home Automation Controller https://www.exploitsecurity.io/post/cve-2023-34723-cve-2023-34724-cve-2023-34725
Aug. 28, 2023 Busybox cpio directory traversal vulnerability (CVE-2023-39810) https://www.pentagrid.ch/en/blog/busybox-cpio-directory-traversal-vulnerability/
Aug. 25, 2023 Full exploit chain for Faronics-DeepFreeze-8 https://github.com/snowcra5h/Faronics-DeepFreeze-8-Exploit
Aug. 21, 2023 CVE-2023-3269: Linux kernel privilege escalation vulnerability https://github.com/lrh2000/StackRot
Aug. 21, 2023 CVE-2023-36874: proof-of-concept exploit written in C++ that demonstrates the exploitation of a vulnerability affecting the Windows Error Reporting (WER) https://github.com/d0rb/CVE-2023-36874
Aug. 19, 2023 WinRAR flaw lets hackers run programs when you open RAR archives https://www.bleepingcomputer.com/news/security/winrar-flaw-lets-hackers-run-programs-when-you-open-rar-archives/
Aug. 19, 2023 CVE-2023-40477: WinRAR Code Execution Vulnerability https://securityonline.info/cve-2023-40477-winrar-code-execution-vulnerability/
Aug. 17, 2023 Creating an Exploit: SolarWinds Vulnerability CVE-2021-35211 https://bishopfox.com/blog/exploit-for-cve-2021-35211
Aug. 15, 2023 AMD issued the second patch to fix “Division by zero” vulnerability in AMD Zen 1 https://securityonline.info/amd-issued-the-second-patch-to-fix-division-by-zero-vulnerability-in-amd-zen-1/
Aug. 14, 2023 WPS Office Remote Code Execution Exploit On 2023-08-10 https://github.com/ba0gu0/wps-rce
Aug. 11, 2023 Google details 0-click bug in Pixel 6 modem: Advises users to disable 2G https://www.scmagazine.com/news/google-details-0-click-bug-in-pixel-6-modem-advises-users-to-disable-2g
Aug. 8, 2023 Downfall Attacks - Downfall attacks targets a critical weakness found in billions of modern processors used in personal and cloud computers https://downfall.page/
Aug. 7, 2023 Western Digital MyCloud Unauthenticated Command Injection Exploit https://0day.today/exploit/description/38924
Aug. 7, 2023 Rudder Server SQL Injection / Remote Code Execution Exploit https://0day.today/exploit/description/38923
Aug. 7, 2023 General Device Manager 2.5.2.2 - Buffer Overflow (SEH) Exploit https://0day.today/exploit/description/38921
Aug. 7, 2023 Checkpoint Gaia Portal R81.10 Remote Command Execution Vulnerability https://0day.today/exploit/description/38928
Aug. 7, 2023 VMWare Aria Operations For Networks Remote Command Execution Exploit https://0day.today/exploit/description/38902
Aug. 7, 2023 Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege / Remote Code Execution https://0day.today/exploit/description/38891
Aug. 4, 2023 [remote] ReyeeOS 1.204.1614 - MITM Remote Code Execution (RCE) https://www.exploit-db.com/exploits/51642?utm_source=dlvr.it&utm_medium=twitter
Aug. 3, 2023 CVE-2023-35082 - MobileIron Core Unauthenticated API Access Vulnerability https://www.rapid7.com/blog/post/2023/08/02/cve-2023-35082-mobileiron-core-unauthenticated-api-access-vulnerability/
Aug. 3, 2023 SpoolSploit: A collection of Windows print spooler exploits containerized with other utilities for practical exploitation https://github.com/BeetleChunks/SpoolSploit
Aug. 2, 2023 MikroTik remote jailbreak for v6.x.x https://github.com/MarginResearch/FOISted
Aug. 2, 2023 CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You https://emily.id.au/tailscale
Aug. 2, 2023 CVE-2022-41924 - RCE in Tailscale, DNS Rebinding, and You https://emily.id.au/tailscale
Aug. 2, 2023 CVE-2023-35086 POC - ASUS routers format string vulnerability https://github.com/tin-z/CVE-2023-35086-POC
July 31, 2023 CVE-2023-35086 POC - ASUS routers format string vulnerability https://github.com/tin-z/CVE-2023-35086-POC
July 28, 2023 Chaining our way to Pre-Auth RCE in Metabase (CVE-2023-38646) https://blog.assetnote.io/2023/07/22/pre-auth-rce-metabase/
July 27, 2023 CVE-2023-3390: Use After Free on Linux Netfilter nftables MFT_MSG_NEWRULE leads to Local Privilege Escalation https://github.com/google/security-research/pull/40
July 27, 2023 CVE-2023-33802 - SumatraPDF 3.4.6 -32-bit Denial Of Services (DoS) https://github.com/CDACesec/CVE-2023-33802
July 27, 2023 GameOverlay: Easy to exploit local privilege escalation vulnerabilities in Ubuntu Linux affecting 40% of Ubuntu users https://www.wiz.io/blog/ubuntu-overlayfs-vulnerability
July 27, 2023 V8 CreateLiteral type confusion when processing ..spread leads to RCE https://bugs.chromium.org/p/chromium/issues/detail?id=1260129
July 26, 2023 CVE-2023-38647: Critical Deserialization Vulnerability in Apache Helix Workflow and REST https://seclists.org/oss-sec/2023/q3/73
July 26, 2023 CVE-2023-38646: Remote Command Execution Vulnerability in Metabase https://www.metabase.com/blog/security-advisory
July 26, 2023 CVE-2023-37895: Apache Jackrabbit RMI access can lead to RCE https://lists.apache.org/thread/hy0h3hfqln934oy98frhgfjono6zgqps
July 26, 2023 Microsoft Edge MSDCPDF Javascript addIcon type confusion vulnerability https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1747
July 26, 2023 Remote Code Execution - Atlassian Products https://confluence.atlassian.com/security/security-bulletin-july-18-2023-1251417643.html
July 25, 2023 Integer arithmetic bug within the Windows Kernel Ancillary Function Driver (AFD.sys) https://versprite.com/vs-labs/afd-sys-primitives-in-the-pocket/
July 25, 2023 CVE-2023-26045: NodeBB Forum Software Remote Code Execution Flaw https://securityonline.info/cve-2023-26045-nodebb-forum-software-remote-code-execution-flaw/
July 24, 2023 Microsoft Office 365 Version 18.2305.1222.0 - Elevation of Privilege / Remote Code Execution https://0day.today/exploit/description/38891
July 24, 2023 ServiceNow Insecure Access Control To Full Admin Takeover https://x64. sh/posts/ServiceNow-Insecure-access-control-to-admin/ https://x64.sh/posts/ServiceNow-Insecure-access-control-to-admin/
July 24, 2023 ZenBleed - Use-after-free Bug in AMD Zen2 processors! https://lock.cmpxchg8b.com/zenbleed.html
July 24, 2023 Hikvision Hybrid SAN Ds-a71024 Firmware - Multiple Remote Code Execution Exploit https://0day.today/exploit/description/38888
July 23, 2023 CVE-2023-38408 Remote Code Execution in OpenSSH's forwarded ssh-agent https://github.com/snowcra5h/CVE-2023-38408
July 21, 2023 Analysis of CVE-2023-3519 in Citrix ADC and NetScaler Gateway https://blog.assetnote.io/2023/07/21/citrix-CVE-2023-3519-analysis/
July 21, 2023 Atlassian Confluence and Bamboo Remote Code Execution Vulnerabilities https://securityonline.info/atlassian-confluence-and-bamboo-remote-code-execution-vulnerabilities/
July 21, 2023 PoC released for critical CloudPanel CVE-2023-35885 vulnerability https://securityonline.info/poc-released-for-critical-cloudpanel-cve-2023-35885-vulnerability/
July 20, 2023 Google says Apple employee found a zero-day but did not report it https://techcrunch.com/2023/07/20/google-says-apple-employee-found-a-zero-day-but-did-not-report-it/
July 19, 2023 Citrix ADC and Citrix Gateway Security Bulletin for CVE-2023-3519, CVE-2023-3466, CVE-2023-3467 https://support.citrix.com/article/CTX561482/citrix-adc-and-citrix-gateway-security-bulletin-for-cve20233519-cve20233466-cve20233467
July 19, 2023 CVE-2023-38408: Remote Code Execution in OpenSSH's forwarded ssh-agent https://www.qualys.com/2023/07/19/cve-2023-38408/rce-openssh-forwarded-ssh-agent.txt
July 19, 2023 CVE-2023-3765: Critical flaw in open source machine learning development MLflow https://securityonline.info/cve-2023-3765-critical-flaw-in-open-source-machine-learning-development-mlflow/
July 19, 2023 CVE-2023-38357 - RWS WorldServer: Session Token Enumeration https://www.redteam-pentesting.de/de/advisories/rt-sa-2023-001/-session-token-enumeration-in-rws-worldserver
July 18, 2023 ProjeQtOr - Project Management System v10.4.1 - Multiple XSS Vulnerabilities https://0day.today/exploit/description/38869
July 18, 2023 Cisco UCS-IMC Supervisor 2.2.0.0 - Authentication Bypass https://0day.today/exploit/description/38871
July 18, 2023 WinterCMS < 1.2.3 - Persistent Cross-Site Scripting Vulnerability https://0day.today/exploit/description/38872
July 18, 2023 Pluck v4.7.18 - Remote Code Execution Exploit https://0day.today/exploit/description/38873
July 17, 2023 Windows 10 v21H1 - HTTP Protocol Stack Remote Code Execution Exploit https://en.0day.today/exploit/description/38855
July 17, 2023 CISA - Known Exploited Vulnerabilities https://www.cisa.gov/known-exploited-vulnerabilities-catalog
July 17, 2023 PoC script for CVE-2023-20110 - Cisco Smart Software Manager On-Prem SQL Injection Vulnerability https://github.com/redfr0g/CVE-2023-20110
July 17, 2023 EchOh-No! - An exploit in @echodotac's #minecraft #anticheat driver - allowing simple arbitrary Kernel and Virtual memory Read and Write, demonstrated with a simple Privilege Escalation PoC. https://ioctl.fail/echo-ac-writeup/
July 17, 2023 MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path (MTAgentService) Vulnerability https://en.0day.today/exploit/description/38859
July 17, 2023 MiniTool Partition Wizard ShadowMaker v.12.7 - Unquoted Service Path (MTSchedulerService) Vulnerability https://en.0day.today/exploit/description/38860
July 17, 2023 AVG Anti Spyware 7.5 - Unquoted Service Path (AVG Anti-Spyware Guard) Vulnerability https://en.0day.today/exploit/description/38862
July 17, 2023 Apache RocketMQ 5.1.0 Arbitrary Code Injection Exploit https://en.0day.today/exploit/description/38856
July 15, 2023 CVE-2023-37466: Critical Sandbox Escape Vulnerabilities in VM2 Library https://securityonline.info/cve-2023-37466-critical-sandbox-escape-vulnerabilities-in-vm2-library/
July 14, 2023 Zimbra Warns of Critical Zero-Day Flaw in Email Software Amid Active Exploitation https://thehackernews.com/2023/07/zimbra-warns-of-critical-zero-day-flaw.html
July 14, 2023 Uncovering weaknesses in Apple macOS and VMWare vCenter: 12 vulnerabilities in RPC implementation https://blog.talosintelligence.com/weaknesses-mac-os-vmware-msrpc/
July 12, 2023 Critical RCE found in popular Ghostscript open-source PDF library https://www.bleepingcomputer.com/news/security/critical-rce-found-in-popular-ghostscript-open-source-pdf-library/
July 12, 2023 Bee-yond Capacity: Unauthenticated RCE in Extreme Networks/Aerohive Wireless APs - CVE-2023-35803 https://research.aurainfosec.io/pentest/bee-yond-capacity/
July 11, 2023 Apple releases emergency update to fix zero-day exploited in attacks https://www.bleepingcomputer.com/news/apple/apple-releases-emergency-update-to-fix-zero-day-exploited-in-attacks/
July 10, 2023 A More Complete Exploit for Fortinet CVE-2022-42475 https://bishopfox.com/blog/exploit-cve-2022-42475
July 7, 2023 Another Critical Unauthenticated SQLi Flaw Discovered in MOVEit Transfer Software https://thehackernews.com/2023/07/another-critical-unauthenticated-sqli.html?m=1
July 7, 2023 Critical TootRoot bug lets attackers hijack Mastodon servers https://www.bleepingcomputer.com/news/security/critical-tootroot-bug-lets-attackers-hijack-mastodon-servers/
July 7, 2023 CVE-2023-3269: Linux kernel privilege escalation vulnerability https://github.com/lrh2000/StackRot
July 7, 2023 Google Releases Android Patch Update for 3 Actively Exploited Vulnerabilities https://thehackernews.com/2023/07/google-releases-android-patch-update.html?m=1
July 7, 2023 Rukovoditel 3.4.1 - Multiple Stored XSS Vulnerability https://0day.today/exploit/description/38829
July 7, 2023 Sales of Cashier Goods v1.0 - Cross Site Scripting Exploit https://0day.today/exploit/description/38830
July 7, 2023 FuguHub 8.1 - Remote Code Execution Exploit https://0day.today/exploit/description/38831
July 7, 2023 POS Codekop v2.0 - Authenticated Remote Code Execution Vulnerability https://0day.today/exploit/description/38832
July 7, 2023 WebsiteBaker v2.13.3 - Stored XSS Vulnerability https://0day.today/exploit/description/38833
July 7, 2023 WebsiteBaker v2.13.3 - Directory Traversal Vulnerability https://0day.today/exploit/description/38834
July 7, 2023 D-Link DAP-1325 - Broken Access Control Vulnerability https://0day.today/exploit/description/38835
July 7, 2023 SPIP v4.1.10 - Spoofing Admin account Vulnerability https://0day.today/exploit/description/38836
July 7, 2023 Time Slot Booking Calendar 1.8 - Stored Cross-Site Scripting Vulnerability https://0day.today/exploit/description/38837
July 7, 2023 Super Store Finder PHP Script 3.6 SQL Injection Vulnerability https://0day.today/exploit/description/38848
July 7, 2023 Beauty Salon Management System v1.0 - SQL injection Vulnerability https://0day.today/exploit/description/38847
July 7, 2023 Car Rental Script 1.8 - Stored Cross-site scripting Vulnerability https://0day.today/exploit/description/38846
July 7, 2023 WBCE CMS 1.6.1 - Open Redirect & CSRF Vulnerability https://0day.today/exploit/description/38845
July 7, 2023 Prestashop 8.0.4 - Cross-Site Scripting Vulnerability https://0day.today/exploit/description/38842
July 7, 2023 Alkacon OpenCMS 15.0 - Multiple Cross-Site Scripting Vulnerability https://0day.today/exploit/description/38843
July 7, 2023 Vacation Rental 1.8 - Stored Cross-Site Scripting Vulnerability https://0day.today/exploit/description/38841
July 7, 2023 PodcastGenerator 3.2.9 - Blind SSRF via XML Injection Vulnerability https://0day.today/exploit/description/38844
July 7, 2023 Wordpress WP AutoComplete 1.0.4 - Unauthenticated SQL injection Vulnerability https://0day.today/exploit/description/38839
July 7, 2023 GZ Forum Script 1.8 - Stored Cross-Site Scripting Vulnerability https://0day.today/exploit/description/38838
July 7, 2023 Steam Community turn up the level Exploit https://0day.today/exploit/description/38849
July 7, 2023 TP-Link TL-WR940N V4 - Buffer OverFlow Exploit https://0day.today/exploit/description/38840
July 6, 2023 CVE-2023-36664: Flaw in Ghostscript Could Allow Command Execution https://securityonline.info/cve-2023-36664-flaw-in-ghostscript-could-allow-command-execution/
July 5, 2023 CVE-2023-37212 Memory safety bugs present in Firefox 114 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-37212
July 3, 2023 WordPress Social Login And Register 7.6.4 Authentication Bypass Vulnerability https://en.0day.today/exploit/description/38828
July 3, 2023 Windows 11 22h2 - Kernel Privilege Elevation Exploit https://en.0day.today/exploit/description/38816
July 3, 2023 Apache Druid JNDI Injection Remote Code Execution Exploit https://en.0day.today/exploit/description/38825
July 3, 2023 CVE-2023-27997: heap overflow 👉 preauth RCE in FortiGate firewalls https://twitter.com/noperator/status/1674959251435925504
July 3, 2023 PoC released for Windows Common Log File System 0-Day (CVE-2023-28252) https://securityonline.info/poc-released-for-windows-common-log-file-system-0-day-cve-2023-28252/
July 3, 2023 Windows Common Log File System Driver Elevation of Privilege Vulnerability https://github.com/fortra/CVE-2023-28252
June 29, 2023 CVE-2023-33246_RocketMQ_RCE_EXPLOIT https://github.com/Malayke/CVE-2023-33246_RocketMQ_RCE_EXPLOIT
June 26, 2023 CVE-2023-36675 - MediaWiki - BlockLogFormatter.php in BlockLogFormatter allows XSS in the partial blocks feature. https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-36675
June 26, 2023 CVE-2023-30261 Command Injection vulnerability in OpenWB 1.6 and 1.7 allows remote attackers to run arbitrary commands via crafted GET request https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-30261
June 23, 2023 Directory browsing vulnerability in MCL-Net version 4.3.5.8788 webserver https://www.exploit-db.com/exploits/51542?utm_source=dlvr.it&utm_medium=twitter
June 23, 2023 PoC Released for Windows SysInternals Sysmon Privilege Escalation (CVE-2023-29343) Bug https://github.com/Wh04m1001/CVE-2023-29343
June 23, 2023 Microsoft OneNote (Version 2305 Build 16.0.16501.20074) 64-bit - Spoofing https://www.exploit-db.com/exploits/51538?utm_source=dlvr.it&utm_medium=twitter
June 23, 2023 POC for CVE-2023-20887 VMWare Aria Operations for Networks (vRealize Network Insight) unauthenticated RCE https://github.com/sinsinology/CVE-2023-20887
June 22, 2023 WordPress Medic Theme v1.0.0 - Weak Password Recovery Mechanism for Forgotten Password Exploit https://en.0day.today/exploit/description/38804
June 22, 2023 Exploit released for Cisco AnyConnect bug giving SYSTEM privileges https://www.bleepingcomputer.com/news/security/exploit-released-for-cisco-anyconnect-bug-giving-system-privileges/
June 22, 2023 LibreOffice Arbitrary File Write (CVE-2023-1883) https://secfault-security.com/blog/libreoffice.html
June 21, 2023 CVE-2023-20887 Pre-Authenticated Remote Code Execution in VMWare vRealize Network Insight https://summoning.team/blog/vmware-vrealize-network-insight-rce-cve-2023-20887/
June 21, 2023 Diafan CMS 6.0 - Reflected Cross-Site Scripting (XSS) https://0day.today/exploit/description/38801
June 21, 2023 CVE-2023-27997 - Heap buffer overflow in FortiGate SSL VPN https://bishopfox.com/blog/cve-2023-27997-vulnerability-scanner-fortigate
June 20, 2023 cve-2023-33476 - ReadyMedia (MiniDLNA) versions from 1.1.15 up to 1.3.2 is vulnerable to Buffer Overflow. http://blog.coffinsec.com/0day/2023/06/19/minidlna-cve-2023-33476-exploits.html
June 20, 2023 TP-Link Archer AX10(EU)_V1.2_230220 Buffer Overflow Vulnerability https://en.0day.today/exploit/description/38797
June 19, 2023 Powershell Code Arbitary Execution Builder FUD Exploit https://en.0day.today/exploit/description/37910
June 19, 2023 Symmetricom SyncServer Unauthenticated Remote Command Execution Exploit https://en.0day.today/exploit/description/38796
June 19, 2023 Microsoft Outlook Remote Code Execution 0day Exploit https://en.0day.today/exploit/description/38261
June 15, 2023 Sales Tracker Management System v1.0 - Multiple Vulnerabilities https://0day.today/exploit/description/38786