PCLink 4.1.1 Basic API Exposure / Header Misconfiguration Scanner

This Python script is a lightweight security auditing tool designed to assess a PCLink server for potential exposure of sensitive headers and extension-related API endpoints. It's written to analyze version 4.1.1...

WebADM Security Auditor and Content Exposure Scanner

This Python script is a defensive security auditing tool designed to analyze a target web application for potential information exposure and security misconfigurations, specifically focusing on environments resembling WebADM. This was tested on version 2.4.17-1...

Exploit for Incorrect Privilege Assignment in Litespeedtech Litespeed_Cpanel_Plugin

CVE-2026-48172 - LiteSpeed cPanel Plugin Vulnerability Auditor...

cpython: CPython: Logging Bypass in Legacy .pyc File Handling

A flaw was found in CPython. This vulnerability allows a local user with low privileges to bypass security auditing mechanisms. The issue occurs because the SourcelessFileLoader component, responsible for handling older Python compiled files .pyc, does not properly trigger system audit events. Th...

GoAT-X: A Graph of Auditing Thoughts for Securing Token Transactions in Cross-Chain Contracts

Cross-chain bridges, the critical infrastructure of the multi-chain ecosystem, have become a primary target for attackers, resulting in over $2.8 billion in losses due to subtle implementation flaws. Existing defenses, such as bytecode-level static analysis, are ill-equipped to handle the semanti...

Exploit for Path Traversal in Apache Http_Server

Apache HTTP Server 2.4.49 - Path Traversal & RCE CVE-2021-417...

EUVD-2026-25014

The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows...

CVE-2026-35366 uutils coreutils printenv Security Inspection Bypass via UTF-8 Enforcement

The printenv utility in uutils coreutils fails to display environment variables containing invalid UTF-8 byte sequences. While POSIX permits arbitrary bytes in environment strings, the uutils implementation silently skips these entries rather than printing the raw bytes. This vulnerability allows...

uutils coreutils 代码问题漏洞

uutils coreutils is a cross-platform core command-line tool set developed by Uutils. There is a code vulnerability in uutils coreutils, which arises from the inability of printenv to display environment variables that contain invalid UTF-8 byte sequences. This could allow malicious environment...

📄 WordPress Kali Forms 2.4.9 Remote Code Execution

WordPress Kali Forms plugin version 2.4.9 suffers from a remote code execution vulnerability. ================================================================================================================================== | Title : WordPress Kali Forms 2.4.9 Remote Code Execution Assessment | ...

Fluxion 6.28

Fluxion is a security auditing and social-engineering research tool. It is a remake of linset by vk496 with hopefully fewer bugs and more functionality. The script attempts to retrieve the WPA/WPA2 key from a target access point by means of a social engineering phishing attack. It's compatible wi...

How to Stop AI Data Leaks: A Webinar Guide to Auditing Modern Agentic Workflows

Artificial Intelligence AI is no longer just a tool we talk to; it is a tool that does things for us. These are called AI Agents. They can send emails, move data, and even manage software on their own. But there is a problem. While these agents make work faster, they also open a new "back door" f...

Zabbix Agent Binaries Path Abuse Scanner

This scanner performs automated static analysis of Zabbix Agent binaries to detect hardcoded OpenSSL configuration paths that may enable provider or engine abuse. It identifies embedded OPENSSLDIR, ENGINESDIR, and MODULESDIR values, extracts OpenSSL version information, and checks for dynamic...

Dynamic binary instrumentation (DBI) with DynamoRio

This blog introduces dynamic binary instrumentation DBI and guides you through building your own DBI tool with the open-source DynamoRIO framework on Windows 11. DBI enables powerful runtime analysis and modification of binaries critical for malware analysis, security auditing, reverse engineerin...

EUVD-2016-7987

Malware in sbrugna...

EUVD-2007-1494

Malware in sbrugna...

EUVD-2023-51424

Malicious code in bioql PyPI...

EUVD-2025-21401

Malicious code in bioql PyPI...

AgentSentinel: an End-To-End and Real-Time Security Defense Framework for Computer-Use Agents

Large Language Models LLMs have been increasingly integrated into computer-use agents, which can autonomously operate tools on a user's computer to accomplish complex tasks. However, due to the inherently unstable and unpredictable nature of LLM outputs, they may issue unintended tool commands or...

CVE-2023-47297

A settings manipulation vulnerability in NCR Terminal Handler v1.5.1 allows attackers to execute arbitrary commands, including editing system security auditing configurations...