synthetic-context.net
cve research · rce · offensive security
feed
modules
signal
about
all
lab
watch
rce
lpe
web
cve
rev
dns
lab
critical
CVE-2024-6387 — regreSSHion: OpenSSH Unauthenticated RCE
2026-05-15
→
Race condition in SIGALRM handler → heap corruption → remote root shell. Working PoC against OpenSSH <9.8p1. No credentials required.
lab
high
CVE-2024-21626 — runc Container Escape to Host
2026-05-14
→
Leaked file descriptor in runc process spawning → fd traversal → host filesystem write. From inside Docker to root on the host in one command.
lab
high
CVE-2024-4367 — PDF.js Arbitrary JavaScript Execution
2026-05-13
→
Malicious PDF → arbitrary JS in renderer context. Affects Firefox, Thunderbird, and every app embedding PDF.js. Payload crafted at the byte level.
watch
critical
CVE-2025-XXXX — placeholder watch entry
2026-05-12
↗
Short description of why this CVE matters. What's exploitable. What to patch.
watch
high
CVE-2025-XXXX — placeholder watch entry
2026-05-11
↗
Short description of why this CVE matters.
no entries for this tag.
learn the fundamentals
all modules →
0x00
CVE Anatomy
how to read an advisory and understand impact
0x03
Exploit Lab Setup
docker, pwntools, gdb — ready in 10 minutes
0x0c
Writing a PoC
from advisory to working terminal exploit
0x12
████████████████
unlock via module path