1002 matches found
CVE-2026-32720
The CTFer.io Monitoring component is in charge of the collection, process and storage of various signals i.e. logs, metrics and distributed traces. Prior to 0.2.1, due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the...
github.com/ctfer-io/monitoring Vulnerable to Improper Access Control
Impact Due to a mis-written NetworkPolicy, a malicious actor can pivot from a component to any other namespace. This breaks the security-by-default property expected as part of the deployment program, leading to a potential lateral movement. Patch Removing the inter-ns NetworkPolicy patches the...
PT-2026-25399
Name of the Vulnerable Software and Affected Versions CTFer.io Monitoring versions prior to 0.2.1 Description The CTFer.io Monitoring component handles the collection, processing, and storage of signals like logs, metrics, and distributed traces. A misconfigured NetworkPolicy allows a malicious...
How to Scale Phishing Detection in Your SOC: 3 Steps for CISOs
Phishing has quietly turned into one of the hardest enterprise threats to expose early. Instead of crude lures and obvious payloads, modern campaigns rely on trusted infrastructure, legitimate-looking authentication flows, and encrypted traffic that conceals malicious behavior from traditional...
GHSA-FVCW-9W9R-PXC7 Flowise affected by Server-Side Request Forgery (SSRF) in HTTP Node Leading to Internal Network Access
Description: Flowise exposes an HTTP Node in AgentFlow and Chatflow that performs server-side HTTP requests using user-controlled URLs. By default, there are no restrictions on target hosts, including private/internal IP ranges RFC 1918, localhost, or cloud metadata endpoints. This enables...
challenge-yourself-level-1
Attack Path Lab !GitHubhttps://img.shields.io/badge/GitHu...
challenge-lab-ASCP
AD Attack Path Lab A complete Active Directory attack simulat...
denkair-lab
DenkAir - Windows AD Pentesting Lab A comprehensive Windows A...
CVE-2026-25146
OpenEMR is a free and open source electronic health records and medical practice management application. From 5.0.2 to before 8.0.0, there are at least two paths where the gatewayapikey secret value is rendered to the client in plaintext. These secret keys being leaked could result in arbitrary...
Signed malware impersonating workplace apps deploys RMM backdoors
In February 2026, Microsoft Defender Experts identified multiple phishing campaigns attributed to an unknown threat actor. The campaigns used workplace meeting lures, PDF attachments, and abuse of legitimate binaries to deliver signed malware. Phishing emails directed users to download malicious...
Fake Tech Support Spam Deploys Customized Havoc C2 Across Organizations
Threat hunters have called attention to a new campaign as part of which bad actors masqueraded as fake IT support to deliver the Havoc command-and-control C2 framework as a precursor to data exfiltration or ransomware attack. The intrusions, identified by Huntress last month across five partner...
RedTeam-MCP
🔴 RedTeam-MCP AI-Powered Autonomous Red Team Framework vi...
📄 Icinga for Windows 1.13.3 Private Key Disclosure
This Metasploit module identifies and exploits insecure default ACL permissions in vulnerable versions of the Icinga for Windows PowerShell Framework. The certificate directory is created with overly permissive read access for the BUILTIN\Users group, allowing any local user to access the...
📄 Splunk Enterprise 8.2.9 / 9.0.2 Authenticated Remote Code Execution
Proof of concept exploit for CVE-2022-43571, a critical authenticated remote code execution vulnerability affecting Splunk Enterprise versions 8.2.9 and 9.0.2. The flaw resides in the SimpleXML dashboard PDF generation process, where insufficient input sanitization allows a privileged authenticat...
Startup
Startup – Professional Write-up Platform: TryHackMe Tar...
PT-2026-20303
Name of the Vulnerable Software and Affected Versions Dell RecoverPoint for Virtual Machines versions prior to 6.0.3.1 HF1 Description Dell RecoverPoint for Virtual Machines contains a critical flaw involving hardcoded Apache Tomcat Manager admin credentials. An unauthenticated remote attacker wi...
CVE-2026-26216
Crawl4AI versions prior to 0.8.0 contain a remote code execution vulnerability in the Docker API deployment. The /crawl endpoint accepts a hooks parameter containing Python code that is executed using exec. The import builtin was included in the allowed builtins, allowing unauthenticated remote...
Analysis of active exploitation of SolarWinds Web Help Desk
The Microsoft Defender Research Team observed a multi‑stage intrusion where threat actors exploited internet‑exposed SolarWinds Web Help Desk WHD instances to get an initial foothold and then laterally moved towards other high-value assets within the organization. However, we have not yet confirm...
Analysis of active exploitation of SolarWinds Web Help Desk
The Microsoft Defender Research Team observed a multi‑stage intrusion where threat actors exploited internet‑exposed SolarWinds Web Help Desk WHD instances to get an initial foothold and then laterally moved towards other high-value assets within the organization. However, we have not yet confirm...
WeKan 安全漏洞
WeKan is an open-source dashboard application developed by WeKan. Versions of WeKan prior to 8.19 contained security vulnerabilities. These vulnerabilities stemmed from the card movement logic, where users could specify target dashboards, lists, or channels without proper authorization checks, an...