AI Is Transforming Cybersecurity Adversarial Testing - Pentera Founder's Vision

When Technology Resets the Playing Field In 2015 I founded a cybersecurity testing software company with the belief that automated penetration testing was not only possible, but necessary. At the time, the idea was often met with skepticism, but today, with 1200+ of enterprise customers and...

Tenable Identity Exposure < 3.77.13(LTS) / 3.93.2 Vulnerable Nodejs (TNS-2025-16)

The version of Tenable Identity Exposure formerly Tenable.ad installed on the remote host is prior to 3.77.13LTS or 3.93.2. It therefore contains a version of Nodejs that could be vulnerable. Tenable has upgrade these components to address the potential impact of the issues. Note that Nessus has...

Prompt Injection Vulnerability of Consensus Generating Applications in Digital Democracy

Large Language Models LLMs are gaining traction as a method to generate consensus statements and aggregate preferences in digital democracy experiments. Yet, LLMs may introduce critical vulnerabilities in these systems. Here, we explore the impact of prompt-injection attacks targeting consensus...

GLSA-202508-02 : GPL Ghostscript: Multiple Vulnerabilities

The remote host is affected by the vulnerability described in GLSA-202508-02 GPL Ghostscript: Multiple Vulnerabilities Multiple vulnerabilities have been discovered in GPL Ghostscript. Please review the CVE identifiers referenced below for details. Tenable has extracted the preceding description...

Centralized Dynamic State Estimation Algorithm for Detecting and Distinguishing Faults and Cyber Attacks in Power Systems

As power systems evolve with increased integration of renewable energy sources, they become more complex and vulnerable to both cyber and physical threats. This study validates a centralized Dynamic State Estimation DSE algorithm designed to enhance the protection of power systems, particularly...

Experimental Evaluation of Post-Quantum Homomorphic Encryption for Privacy-Preserving V2X Communication

Intelligent Transportation Systems ITS fundamentally rely on vehicle-generated data for applications such as congestion monitoring and route optimization, making the preservation of user privacy a critical challenge. Homomorphic Encryption HE offers a promising solution by enabling computation on...

VWAttacker: a Systematic Security Testing Framework for Voice over WiFi User Equipments

We present VWAttacker, the first systematic testing framework for analyzing the security of Voice over WiFi VoWiFi User Equipment UE implementations. VWAttacker includes a complete VoWiFi network testbed that communicates with Commercial-Off-The-Shelf COTS UEs based on a simple interface to test...

Exploit for Use of Hard-coded Cryptographic Key in Gladinet Centrestack

CVE-2025-30406 ViewState Exploit PoC Overview This is a Pr...

Go Assembly Mutation Testing

While maintaining and developing the Go cryptography standard library, we often spend significantly more time on testing than on implementation. That’s good and an important part of how we achieve our excellent security track record. Ideally, this would be especially true for the least safe parts...

CVE-2025-51044

phpgurukul Nipah virus NiV Testing Management System 1.0 contains a SQL injection vulnerability in the /new-user-testing.php file, due to insufficient validation of user input for the " govtissuedid" parameter...

CBL Mariner 2.0 Security Update: jq (CVE-2025-48060)

"The version of jq installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-48060 advisory. - jq is a command-line JSON processor. In versions up to and including 1.7.1, a heap-buffer-overflow is present i...

Oracle Linux 10 : unbound (ELSA-2025-12064)

The remote Oracle Linux 10 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-12064 advisory. 1.20.0-12 - Fix CVE-2025-5994 Tenable has extracted the preceding description block directly from the Oracle Linux security advisory. Note that Nessus has not...

CVE-2025-51044

phpgurukul Nipah virus NiV Testing Management System 1.0 contains a SQL injection vulnerability in the /new-user-testing.php file, due to insufficient validation of user input for the " govtissuedid" parameter...

CVE-2025-51044

phpgurukul Nipah virus NiV Testing Management System 1.0 contains a SQL injection vulnerability in the /new-user-testing.php file, due to insufficient validation of user input for the " govtissuedid" parameter...

CVE-2025-51044

CVE-2025-51044 concerns the phpgurukul Nipah virus (NiV) Testing Management System 1.0. The vulnerability is a SQL injection in the web path “/new-user-testing.php” triggered by insufficient validation of the input parameter “govtissuedid.” The issue is evidenced by multiple connected sources, wh...

CVE-2025-51044

phpgurukul Nipah virus NiV Testing Management System 1.0 contains a SQL injection vulnerability in the /new-user-testing.php file, due to insufficient validation of user input for the " govtissuedid" parameter...

PHPGurukul Nipah virus Testing Management System 安全漏洞

PHPGurukul Nipah virus Testing Management System is an online virus diagnostic platform from PHPGurukul Inc. A security vulnerability exists in PHPGurukul Nipah Virus Testing Management System version 1.0, which stems from insufficient validation of the govtissuedid parameter and could lead to an...

Exploit for CVE-2025-2294

CVE-2025-2294 - WordPress Kubio AI Page Builder Request/Res...

URLCrazy Domain Name Typo Tool 0.8.2

URLCrazy is a tool that can generate and test domain typos and variations to detect and perform typo squatting, URL hijacking, phishing, and corporate espionage. It generates 15 types of domain variants, knows over 8000 common misspellings, supports multiple keyboard layouts, can check if a typo ...

Dictionary-Of-Pentesting

This repository is an offensive tool for bug bounty hunting and penetration testing, specifically a dictionary collection project for various types of attacks, including Pentesing, Fuzzing, Bruteforce, and BugBounty. The primary target product/service is not explicitly stated, but the repository...