Vulnerability Disclosure

CISA Advisories Vulnerability Disclosure Apr 30

ABB Edgenius Management Portal

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to send a specially crafted message to the system node allowing the a...

T1556 2 IOCs

CISA Advisories →

CISA Advisories Vulnerability Disclosure Microsoft Apr 30

ABB Ability OPTIMAX

View CSAF Summary Successful exploitation of this vulnerability could allow an attacker to bypass user authentication on OPTIMAX installations that make use ...

CISA Advisories →

The Hacker News Vulnerability Disclosure Google Amazon GitHub Apr 30

Google Fixes CVSS 10 Gemini CLI CI RCE and Cursor Flaws Enable Code Execution

Google has addressed a maximum severity security flaw in Gemini CLI -- the "@google/gemini-cli" npm package and the "google-github-actions/run-gemini-cli" Gi...

The Hacker News →

Exploit Database Vulnerability Disclosure Apr 30

[webapps] FUXA 1.2.8 - Authentication Bypass + RCE Exploit

FUXA 1.2.

T1190 T1556

Exploit Database →

Exploit Database Vulnerability Disclosure Apr 30

[webapps] HUSTOJ Zip-Slip v26.01.24 - RCE

HUSTOJ Zip-Slip v26.01.

Exploit Database →

Exploit Database Vulnerability Disclosure Apr 30

[webapps] SumatraPDF 3.5.2 - Remote Code Execution

SumatraPDF 3.5.

T1190

Exploit Database →

Exploit Database Vulnerability Disclosure Apr 30

[webapps] Frigate NVR 0.16.3 - Remote Code Execution

Frigate NVR 0.16.

T1190

Exploit Database →

Exploit Database Vulnerability Disclosure Apr 30

[webapps] Js2Py 0.74 - RCE

Js2Py 0.

Exploit Database →

Exploit Database Vulnerability Disclosure Apr 30

[webapps] Erugo 0.2.14 - Remote Code Execution (RCE)

Erugo 0.2.

T1190

Exploit Database →

The Hacker News Vulnerability Disclosure Apr 29

Critical cPanel Authentication Vulnerability Identified — Update Your Server Immediately

cPanel has released security updates to address a security issue impacting various authentication paths that could allow an attacker to obtain access to the ...

The Hacker News →

Exploit Database Vulnerability Disclosure Apr 29

[webapps] HAX CMS 24.x - Stored Cross-Site Scripting (XSS)

HAX CMS 24.

Exploit Database →

Exploit Database Vulnerability Disclosure Apr 29

[webapps] Craft CMS 5.6.16 - RCE

Craft CMS 5.6.

Exploit Database →

Exploit Database Vulnerability Disclosure Apr 29

[local] GNU InetUtils 2.6 - Telnetd Remote Privilege Escalation

GNU InetUtils 2.

T1548

Exploit Database →

Exploit Database Vulnerability Disclosure Apr 29

[webapps] GeographicLib v2.5.1 - stack buffer overflow

GeographicLib v2.5.

Exploit Database →

Exploit Database Vulnerability Disclosure Apr 29

[local] OpenWrt 23.05 - Authenticated Remote Code Execution (RCE)

OpenWrt 23.

T1190

Exploit Database →

Exploit Database Vulnerability Disclosure Apr 29

[webapps] GUnet OpenEclass E-learning platform < 4.2 - Remote Code Execution (RCE)

GUnet OpenEclass E-learning platform < 4.

T1190

Exploit Database →

Exploit Database Vulnerability Disclosure Apr 29

[webapps] JuzaWeb CMS 3.4.2 - Authenticated Remote Code Execution

JuzaWeb CMS 3.4.

T1190

Exploit Database →

Exploit Database Vulnerability Disclosure Apr 29

[webapps] FacturaScripts 2025.43 - XSS

FacturaScripts 2025.

Exploit Database →

Exploit Database Vulnerability Disclosure Apr 29

[webapps] Xibo CMS 4.3.0 - RCE via SSTI

Xibo CMS 4.3.

Exploit Database →

Exploit Database Vulnerability Disclosure Apr 29

[local] Fedora - Local Privilege Escalation

Fedora - Local Privilege Escalation

T1548 T1068

Exploit Database →