virus-or-not

3 exploits Active since Jan 2025
CVE-2024-55591 NOMISEC CRITICAL WORKING POC
FortiProxy 7.0.0-7.0.19 and 7.2.0-7.2.12 - Authentication Bypass via Node.js Websocket Module
An Authentication Bypass Using an Alternate Path or Channel vulnerability [CWE-288] affecting FortiOS version 7.0.0 through 7.0.16 and FortiProxy version 7.0.0 through 7.0.19 and 7.2.0 through 7.2.12 allows a remote attacker to gain super-admin privileges via crafted requests to Node.js websocket module.
8 stars
CVSS 9.8
CVE-2026-3220 GITHUB HIGH tsql WORKING POC
Autoptimize < 3.1.15; Clearfy Cache < 2.4.2; Speed Optimizer < 7.7.9 - Stored XSS via HTML Minification
The Autoptimize WordPress plugin before 3.1.15, Clearfy Cache WordPress plugin before 2.4.2, Speed Optimizer WordPress plugin before 7.7.9 are vulnerable to unauthenticated Stored Cross-Site Scripting (XSS) due to a predictable replacement hash used during the HTML minification process and abusing a regular expression. This allows an attacker to inject arbitrary HTML attributes in the final HTML output by anticipating the placeholder format.
CVSS 8.8
CVE-2026-32202 GITHUB MEDIUM python WORKING POC
Windows Shell Spoofing Vulnerability
Protection mechanism failure in Windows Shell allows an unauthorized attacker to perform spoofing over a network.
CVSS 4.3