B1tBit

3 exploits Active since Apr 2025
CVE-2026-3220 GITHUB HIGH tsql WORKING POC
Autoptimize < 3.1.15; Clearfy Cache < 2.4.2; Speed Optimizer < 7.7.9 - Stored XSS via HTML Minification
The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting (XSS) due to a predictable replacement hash used during the HTML minification process and abusing a regular expression. This allows an attacker to inject arbitrary HTML attributes in the final HTML output by anticipating the placeholder format.
CVSS 8.8
CVE-2026-32201 NOMISEC MEDIUM WORKING POC
Microsoft SharePoint Server Spoofing Vulnerability
Improper input validation in Microsoft Office SharePoint allows an unauthorized attacker to perform spoofing over a network.
CVSS 6.5
CVE-2025-32434 NOMISEC CRITICAL WORKING POC
PyTorch < 2.6.0 - Remote Code Execution via torch.load with weights_only=True
PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_only=True. This issue has been patched in version 2.6.0.
CVSS 9.8