Indicators of Compromise

Zero Day Initiative CVE Jan 9

ZDI-26-033: (0Day) Open WebUI Cleartext Transmission of Credentials Information Disclosure Vulnerability

This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of Open WebUI. Authentication is not require...

CVEs: CVE-2026-0767

Zero Day Initiative →

Zero Day Initiative CVE Jan 9

ZDI-26-032: (0Day) Open WebUI load_tool_module_by_id Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vuln...

CVEs: CVE-2026-0766

Zero Day Initiative →

Zero Day Initiative CVE Jan 9

ZDI-26-031: (0Day) Open WebUI PIP install_frontmatter_requirements Command Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Open WebUI. Authentication is required to exploit this vuln...

CVEs: CVE-2026-0765

Zero Day Initiative →

Zero Day Initiative CVE Jan 9

ZDI-26-030: (0Day) GPT Academic upload Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Authentication is not required to exploit thi...

CVEs: CVE-2026-0764

Zero Day Initiative →

Zero Day Initiative CVE Jan 9

ZDI-26-029: (0Day) GPT Academic run_in_subprocess_wrapper_func Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Authentication is not required to exploit thi...

CVEs: CVE-2026-0763

Zero Day Initiative →

Zero Day Initiative CVE Jan 9

ZDI-26-028: (0Day) GPT Academic stream_daas Deserialization of Untrusted Data Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of GPT Academic. Interaction with a malicious DAAS server is r...

CVEs: CVE-2026-0762

Zero Day Initiative →

Zero Day Initiative CVE Jan 9

ZDI-26-027: (0Day) Foundation Agents MetaGPT actionoutput_str_to_mapping Code Injection Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Foundation Agents MetaGPT. Authentication is not required t...

CVEs: CVE-2026-0761

Zero Day Initiative →

Exploit Database Vulnerability Disclosure Dec 25

[webapps] WordPress Quiz Maker 6.7.0.56 - SQL Injection

WordPress Quiz Maker 6.7.

IPs: 6.7.0.56

Exploit Database →

WeLiveSecurity CVE Dec 22

Revisiting CVE-2025-50165: A critical flaw in Windows Imaging Component

A comprehensive analysis and assessment of a critical severity vulnerability with low likelihood of mass exploitation

CVEs: CVE-2025-50165

WeLiveSecurity →

Recorded Future TTPs Dec 17

BlueDelta’s Persistent Campaign Against UKR.NET

Discover how Russia’s BlueDelta targets UKR.NET users with advanced credential-harvesting campaigns, evolving tradecraft, and multi-stage phishing techniques.

Domains: ukr.net

Recorded Future →

Google Project Zero CVE Dec 16

Thinking Outside The Box [dusted off draft from 2017]

Preface Hello from the future! This is a blogpost I originally drafted in early 2017.

CVEs: CVE-2017-3558

Google Project Zero →

Mandiant Blog CVE Dec 12

Multiple Threat Actors Exploit React2Shell (CVE-2025-55182)

Written by: Aragorn Tseng, Robert Weiner, Casey Charrier, Zander Work, Genevieve Stark, Austin Larsen Introduction On Dec. 3, 2025, a critical unauthenticate...

CVEs: CVE-2025-55182

Mandiant Blog →

Exploit Database General Sep 16

[remote] Ilevia EVE X1/X5 Server 4.7.18.0.eden - Reverse Rootshell

Ilevia EVE X1/X5 Server 4.7.

IPs: 4.7.18.0

Exploit Database →

WeLiveSecurity CVE Sep 12

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

UEFI copycat of Petya/NotPetya exploiting CVE-2024-7344 discovered on VirusTotal

CVEs: CVE-2024-7344

WeLiveSecurity →