# Exploit Title: MikroTik RouterOS 7.19.1 – Reflected XSS # Google Dork: inurl:/login?dst= # Date: 2025-07-15 # Exploit Author: Prak Sokchea # Vendor Homepage: https://mikrotik.com # Software Link: https://mikrotik.com/download # Version: RouterOS <= 7.19.1 # Tested on: MikroTik CHR 7.19.1 # CVE : CVE-2025-6563 # PoC: # Visit the following URL while connected to…
# Exploit Title : SugarCRM 14.0.0 – SSRF/Code Injection # Author: Egidio Romano aka EgiX # Email : n0b0d13s@gmail.com # Software Link: https://www.sugarcrm.com # Affected Versions: All commercial versions before 13.0.4 and 14.0.1. # CVE Reference: CVE-2024-58258 # Vulnerability Description: User input passed through GET parameters to the /css/preview REST API endpoint is…
# Title: TOTOLINK N300RB 8.54 – Command Execution # Author: Skander BELABED – Magellan Sécurité # Date: 07/11/2025 # Vendor: TOTOLINK # Product: N300RB # Firmware version: 8.54 # CVE: CVE-2025-52089 ## Description: A hidden remote support feature protected by a static secret in TOTOLINK N300RB firmware version 8.54 allows an authenticated attacker to…
#!/usr/bin/env python3 # Exploit Title: Langflow 1.2.x – Remote Code Execution (RCE) # Date: 2025-07-11 # Exploit Author: Raghad Abdallah Al-syouf # Vendor Homepage: https://github.com/logspace-ai/langflow # Software Link: https://github.com/logspace-ai/langflow/releases # Version: <= 1.2.x # Tested on: Ubuntu / Docker # CVE: CVE-2025-3248 # Description: #Langflow exposes a vulnerable endpoint `/api/v1/validate/code` that improperly evaluates arbitrary…
**Exploit Title : Microsoft Graphics Component Windows 11 Pro (Build 26100+) – Local Elevation of Privileges **Author:** nu11secur1ty **Date:** 07/11/2025 — ## Overview This repository contains a PowerShell script to **validate whether a Windows 11 system is vulnerable to CVE-2025-49744**—a critical local privilege escalation vulnerability involving the `gdi32.dll` and `win32kfull.sys` system components. …
#!/usr/bin/env python3 # Exploit Title: Keras 2.15 – Remote Code Execution (RCE) # Author: Mohammed Idrees Banyamer # Instagram: @banyamer_security # GitHub: https://github.com/mbanyamer # Date: 2025-07-09 # Tested on: Ubuntu 22.04 LTS, Python 3.10, TensorFlow/Keras <= 2.15 # CVE: CVE-2025-1550 # Type: Remote Code Execution (RCE) # Platform: Python / Machine Learning (Keras) # Author…
ISC Stormcast For Wednesday, July 16th, 2025 https://isc.sans.edu/podcastdetail/9528, (Wed, Jul 16th) Source link
If many malware samples try to be “filess” (read: they try to reduce their filesystem footprint to the bare minimum), another technique remains interesting: Alternate Data Streams or “ADS”[1]. This NTFS feature allows files to contain multiple data streams, enabling hidden or additional metadata to be stored alongside the main file content without being visible in…
ISC Stormcast For Tuesday, July 15th, 2025 https://isc.sans.edu/podcastdetail/9526, (Tue, Jul 15th) Source link
The volume of honeypot logs changes over time. Very rarely are honeypot logs quiet, meaning that there are no internet scans or malicious activity generating logs. Honeypots can see large increases in activity [1], but this has tended to be the exception, rather than the rule. Within the last few months, however, there has been…
