# Exploit Title: Grav CMS 1.7.48 – Remote Code Execution (RCE) # Date: 2025-08-07 # Exploit Author: binneko (https://github.com/binneko) # Vendor Homepage: https://getgrav.org/ # Software Link: https://github.com/getgrav/grav/releases/tag/1.7.48 # Version: Grav CMS v1.7.48 / Admin Plugin v1.10.48 # Tested on: Debian 11, Apache2, PHP 7.4 # CVE: CVE-2025-50286 # Description: Grav CMS v1.7.48 with Admin…
# Titles: Microsoft Windows – Storage QoS Filter Driver Checker # Author: nu11secur1ty # Date: 08/04/2025 # Vendor: Microsoft # Software: https://www.microsoft.com/en-us/software-download/windows11 # Reference: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-49730 ## Description This PowerShell script checks if your Windows system is vulnerable to **CVE-2025-49730**, a critical vulnerability in the `storqosflt.sys` Storage QoS Filter Driver. ## Features -…
/* * Exploit Title : atjiu pybbs 6.0.0 – Cross Site Scripting (XSS) * Exploit Author: Byte Reaper * Vendor Homepage: https://github.com/atjiu/pybbs * Tested on: Kali Linux * CVE: CVE-2025-8550 * ———————————————————————————————————————————— */ #include #include #include #include #include #include “argparse.h” #include #include #include #include #include…
/* * Title : projectworlds Online Admission System 1.0 – SQL Injection * Author : Byte Reaper * CVE : CVE-2025-8471 */ #include #include #include #include #include “argparse.h” #include #define FULL 2200 int verbose = 0; int selCookie = 0; const char *cookies; void sleepAssembly(void) { struct timespec s ; …
Modern compliance and security programs often fail due to technology blind spots rather than weak policies or procedures. Today’s IT environments, spanning hybrid, cloud-native, containerized, and legacy platforms, introduce complexities that traditional compliance tools can’t fully address. When compliance solutions overlook parts of your infrastructure, it leads to incomplete audits, increased manual work, security risks,…
# Exploit Title: Cisco ISE 3.0 – Remote Code Execution (RCE) # Exploit Author: @ibrahimsql ibrahimsql.com # Exploit Author’s github: https://github.com/ibrahmsql # Description: Cisco ISE API Java Deserialization RCE # CVE: CVE-2025-20124 # Vendor Homepage: https://www.cisco.com/ # Requirements: requests>=2.25.0, urllib3>=1.26.0 # Usage: python3 CVE-2025-20124.py –url https://ise.target.com –session TOKEN –cmd “id” #!/usr/bin/env python3 # -*-…
For the latest discoveries in cyber research for the week of 11th August, please download our Threat Intelligence Bulletin. TOP ATTACKS AND BREACHES Air France has experienced a data breach that resulted in unauthorized access to customer data through a compromised external customer service platform. The attack exposed personal information, including names, email addresses, phone…
ISC Stormcast For Monday, August 11th, 2025 https://isc.sans.edu/podcastdetail/9564, (Mon, Aug 11th) Source link
In recent media events, Tesla has demoed progressively more sophisticated versions of its Optimus robots. The sales pitch is pretty simple: “Current AI” is fun, but what we really need is not something to create more funny kitten pictures. We need AI to load and empty dishwashers, fold laundry, and mow lawns. But the robot…
We are very excited to present you with a release candidate of the upcoming Tails 7.0. We plan to release Tails 7.0 officially on October 16. You can help us by testing this release candidate already. Tails 7.0 will be the first version of Tails based on Debian 13 (Trixie) and GNOME 48. It will…
