Snipe-IT is an IT asset/license management system. In versions prior to 8.6.0, a user with only users.edit can send a PATCH to /api/v1/users/{their...
Poweradmin is a web-based DNS administration tool for PowerDNS server. Versions prior to 4.2.4 and 4.3.3 are vulnerable to CSV Injection (Formula I...
Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0 may assign incorrect or elevated effective permission...
Fortra File Integrity Monitoring (FIM), formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored cross-site scripting (XSS) vulnera...
When using the "tarfile" module with a file opened in "streaming mode" (mode="r|") the tarfile module did not properly handle EOF, meaning an archi...
CVE-2026-11834 PoC TP-Link DHCP Option 66 Unauthenticated RCE CVE-2026-11834 Overview A command injection vulnerability CWE-78 in the DHCP Option 6...
CVE-2026-42978 PoC & Research Windows Push Notifications Use-After-Free Race condition in Windows Push Notifications service WpnService that runs a...
This module detects Audiobookshelf servers affected by CVE-2025-25205, an unauthenticated authentication bypass. Affected versions 2.17.0 through 2...
🌐 Web Exploitation Lab Payloads, techniques et cheatsheet web — SQLi, XSS, LFI, SSRF — by @ibramoha2 --- 💉 SQL Injection sql -- Test basique ' OR...
LastPass has confirmed it was affected by the Klue supply chain incident, saying an unauthorised actor used stolen…
AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning — all in one platform.
