How to Create a Scan in Perl to Identify Vulnerable POP3 Servers

This paper, written in Brazilian Portuguese, explains how to create a Perl script to identify vulnerable POP3 servers. In the context of application security, the author provides mitigation recommendations...

Exploit for Deserialization of Untrusted Data in Apache Tomcat

CVE-2025-24813-PoC === CVE-2025-24813 affects Apache Tomcat - i...

Exploit for CVE-2025-26055

CVE-2025-26055 CVE Description Author : Rohan Deshpande...

Linux Distros Unpatched Vulnerability : CVE-2024-42090

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - pinctrl: fix deadlock in createpinctrl when handling -EPROBEDEFER In createpinctrl, pinctrlmapsmutex is acquired before calling addsetting. If addsetting return...

CVE-2025-27090

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the...

CVE-2025-27090 Server-Side Request Forgery (SSRF) in sliver teamserver

Sliver is an open source cross-platform adversary emulation/red team framework, it can be used by organizations of all sizes to perform security testing. The reverse port forwarding in sliver teamserver allows the implant to open a reverse tunnel on the sliver teamserver without verifying if the...

CVE-2025-27090

CVE-2025-27090 pertains to Sliver, an open-source adversary emulation framework. The issue is in the reverse port forwarding feature of the Sliver teamserver: the implant can open a reverse tunnel without verifying operator intent. The documented impact is the exposure of the server’s IP address ...

Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security

It is an exploit module targeting a vulnerability in a specific...

Scaling Dynamic Application Security Testing (DAST)

Introduction Microsoft engineering teams use the Security Development Lifecycle to ensure our products are built in alignment with Microsoft’s Secure Future Initiative security principles: Secure by Design, Secure by Default, and Secure Operations. A key component of the Security Development...

Cisco Releases Patch for Critical URWB Vulnerability in Industrial Wireless Systems

Cisco has released security updates to address a maximum severity security flaw impacting Ultra-Reliable Wireless Backhaul URWB Access Points that could permit unauthenticated, remote attackers to run commands with elevated privileges. Tracked as CVE-2024-20418 CVS score: 10.0, the vulnerability...

Qualys Web Application Scanning (WAS) Recognized as a Leader in 2024 GigaOm Radar Report for Application Security Testing (AST)

In the ever-evolving cybersecurity landscape, securing web applications and APIs is no longer an option—it’s a necessity. As organizations face increasingly complex threats, ensuring the integrity of these digital assets has become paramount. However, it’s easy to feel overwhelmed by the sheer...

Exploit for Missing Authentication for Critical Function in Cyberpanel

CVE-2024-51567 Exploit Script CVE-2024-51567 is a Python...

Exploit for CVE-2024-27954

⚠️ CVE-2024-27954 💀 Automatic Remote code Execution Exploit...

Exploit for Cross-site Scripting in Wondercms

CVE-2023-41425 Description A Cross Site Scripting vulnerab...

Exploit for SQL Injection in Bplugins Html5_Video_Player

EN A PoC exploit scanner for CVE-2024-5522 vulnerability in Wo...

xmlsec1 bug fix update

An update is available for xmlsec1. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list XML Security Library is a C library based on LibXML2 and OpenSSL. The library...

libuser bug fix and enhancement update

An update is available for libuser. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The libuser library implements a standardized interface for manipulating and...

3DSecure 2.0 3DS Authorization Challenge Cross Site Scripting

Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Authorization Challenge Tested Versions: 3DSecure 2.0 3DS Authorization Challenge Vulnerability Type: Cross-Site Scripting XSS Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17...

3DSecure 2.0 3DS Method Authentication Cross Site Scripting

Product: 3DSecure 2.0 Manufacturer: Redsys Affected Versions: 3DSecure 2.0 3DS Method Authentication Tested Versions: 3DSecure 2.0 3DS Method Authentication Vulnerability Type: Cross-Site Scripting XSS Risk Level: Medium Solution Status: Not yet fixed Manufacturer Notification: 2024-01-17 Solutio...

CVE-2024-44931

In the Linux kernel, the following vulnerability has been resolved: gpio: prevent potential speculation leaks in gpiodevicegetdesc Userspace may trigger a speculative read of an address outside the gpio descriptor array. Users can do that by calling gpioioctl with an offset out of range. Offset i...