Malvuln, an interesting project of security researcher John Page (aka hyp3rlinx), catalogues vulnerabilities discovered in malware and provides information on how those vulnerabilities can be exploited.

Since launching the project in early January 2021, Page has discovered more than 260 vulnerabilities across an estimated 105 individual malware families, including trojans, worms, backdoors, droppers, and ransomware.

The vulnerabilities include issues related to memory corruption, insecure permissions, hardcoded credentials, authentication bypass, directory traversal, and information disclosure. Some of the flaws can be exploited for DoS attacks (i.e. to cause the malware to crash), while others allow unauthenticated “attackers” to remotely execute arbitrary commands — either OS commands on the already-infected system or commands made available by the malware.