64 matches found
PHANTOM
PHANTOM Autonomous Penetration Testing Framework Recon -...
secscan
secscan !PyPI versionhttps://img.shields.io/pypi/v/secsca...
Nexusuite
Nexusuite Next-Gen Autonomous Pentesting Suite. Scan targets w...
CVE-2026-40028
Hayabusa versions prior to 3.8.0 contain a cross-site scripting XSS vulnerability in its HTML report output that allows an attacker to execute arbitrary JavaScript when a user scans JSON-exported logs containing malicious content in the Computer field. An attacker can inject JavaScript into the...
CVE-2026-40028 Hayabusa < 3.8.0 XSS via JSON Log Import
Hayabusa versions prior to 3.8.0 contain a cross-site scripting XSS vulnerability in its HTML report output that allows an attacker to execute arbitrary JavaScript when a user scans JSON-exported logs containing malicious content in the Computer field. An attacker can inject JavaScript into the...
CVE-2026-40028
Hayabusa versions prior to 3.8.0 contain a cross-site scripting (XSS) vulnerability in the HTML report output. An attacker can inject JavaScript into the Computer field of JSON-exported logs, which executes in the forensic examiner’s browser when viewing the generated HTML report, potentially lea...
websec-audit
🔐 websec-audit Professional Web Security Audit Framework...
Cross-Site Scripting (XSS)
PySpector is vulnerable to stored Cross-Site Scripting XSS. The vulnerability is due to the HTML report generator inserting code snippets without sanitization, where the scanned Python file's JavaScript payload is interpolated into the report and an attacker can trigger execution by opening the...
CVE-2026-33140 PySpector: Stored XSS in PySpector HTML Report Generation leads to Javascript Code Execution
PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a stored Cross-Site Scripting XSS vulnerability in the HTML report generator. When PySpector scans a Python file containing...
CVE-2026-33140
PySpector is a static analysis security testing SAST Framework engineered for modern Python development workflows. PySpector versions 0.1.6 and prior are affected by a stored Cross-Site Scripting XSS vulnerability in the HTML report generator. When PySpector scans a Python file containing...
Linux Distros Unpatched Vulnerability : CVE-2026-32722
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports...
Cross-site Scripting (XSS)
Overview memray is an A memory profiler for Python applications Affected versions of this package are vulnerable to Cross-site Scripting XSS via the command-line metadata process. An attacker can execute arbitrary JavaScript code in the context of the generated HTML report by supplying specially...
DEBIAN-CVE-2026-32722
Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...
CVE-2026-32722
Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...
CVE-2026-32722
Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...
CVE-2026-32722 Memray-generated HTML reports vulnerable to Stored XSS via unescaped command-line metadata
Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...
CVE-2026-32722
CVE-2026-32722 concerns Bloomberg’s Memray Python memory profiler prior to v1.19.2, where the command line of the tracked process was rendered directly into generated HTML reports without escaping. This allowed attacker-controlled command-line metadata to be inserted as raw HTML, enabling JavaScr...
CVE-2026-32722 Memray-generated HTML reports vulnerable to Stored XSS via unescaped command-line metadata
Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...
CVE-2026-32722
Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...
CVE-2026-32722 Memray-generated HTML reports vulnerable to Stored XSS via unescaped command-line metadata
Memray is a memory profiler for Python. Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated...