19421 matches found
exploit-tool
Exploit-Tool Single-console pentest platform built on authori...
CLEANSTART-2026-QW08095 Moby is an open source container framework
Multiple security vulnerabilities affect the pulumi package. Moby is an open source container framework. See references for individual vulnerability details...
PT-2026-36162
Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes POST /api/chart/:chart id/query without authentication. The endpoint only checks team.allowReportRefresh and does not verify that the...
Malicious code in @breezeai-frontend/tailwind-config (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 93dd597412bdae22d265ee51f76a40cefa637f09bdf73cb7ede9ac63daf05ac8 The package @breezeai-frontend/tailwind-config was found to contain malicious code. Source: ghsa-malware...
security-advisories
Security Advisories Public write-ups and PoCs for CVEs I've d...
EUVD-2026-26268
Wazuh is a free and open source platform used for threat prevention, detection, and response. From version 4.0.0 to before version 4.14.4, Wazuh's server API brute-force protection for POST /security/user/authenticate can be bypassed by sending concurrent authentication requests. Although the...
MAL-2026-3187 Malicious code in apple-appstore-full-library-utility (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c81abc0b0ca85dceebddbddb78e6e2d6d05f87331f11b9a1190ad29d10adb4a The package apple-appstore-full-library-utility was found to contain malicious code. Source: ghsa-malware...
Malicious code in react-video-canvas (npm)
Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...
Malicious code in @saif777/codemirror5 (npm)
Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...
MAL-2026-3189 Malicious code in react-video-canvas (npm)
Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...
Malicious code in secrets-manager-wrapper (npm)
Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...
MAL-2026-3195 Malicious code in secrets-manager-wrapper (npm)
Dependency confusion and typosquatting campaign by threat actor "saif777". Packages use inflated version numbers 9999.9999.9999, 9999.9999.10000, 50.50.50, 7.66.5 to win version resolution in environments with private registries. All active packages execute a postinstall hook "node index.js" that...
SourceCodester Pharmacy Sales and Inventory System 注入漏洞
SourceCodester Pharmacy Sales and Inventory System is an open-source medication sales and inventory management system developed by SourceCodester. Version 1.0 of the SourceCodester Pharmacy Sales and Inventory System has a SQL injection vulnerability. This vulnerability arises from improper...
xhs-mcp 代码问题漏洞
xhs-mcp is an open-source tool developed by Algovate for automated publication and content management of REDnote. Version xhs-mcp 0.8.11 contains a code vulnerability. This vulnerability arises from the mediapaths parameter operation in the xhspublishcontent function within the...
angr 9.2.213
angr is an open-source binary analysis platform for Python. It combines both static and dynamic symbolic "concolic" analysis, providing tools to solve a variety of tasks...
MAL-2026-3140 Malicious code in fivem-monitor (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46a604a0acf84f672e7a3235e103f365f9d9f704c96faa12dcb5b9b0a9806004 The package fivem-monitor was found to contain malicious code. Source: ghsa-malware bea91e9a2c853e88f029684fb53cecc15f1960b1ccafb583b1da52a754f9ee4d...
[SECURITY] Fedora 42 Update: firefox-150.0-1.fc42
Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability...
OpenClaw 访问控制错误漏洞
OpenClaw is an open-source intelligent artificial assistant developed by OpenClaw. Versions of OpenClaw prior to 2026.3.31 contained a access control vulnerability. This vulnerability stemmed from a bypass of the allowlist in the Matrix thread root and in the handling of reply contexts, resulting...
Threat-Oriented Digital Twinning for Security Evaluation of Autonomous Platforms
Open, unclassified research on secure autonomy is constrained by limited access to operational platforms, contested communications infrastructure, and representative adversarial test conditions. This paper presents a threat-oriented digital twinning methodology for cybersecurity evaluation of...
PT-2026-35817
Name of the Vulnerable Software and Affected Versions django-s3file versions prior to 7.0.2 Description S3FileMiddleware is susceptible to relative path traversal, allowing an attacker to use a modified request to escape pre-signed upload locations. This enables the Django application to load fil...