Faraday 5.15.2

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...

Fedora 42 : cef (2025-828bc3d3f5)

The remote Fedora 42 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-828bc3d3f5 advisory. Update to cef-138.0.25+g251e1c1/chromium138.0.7204.157 rhbz2380429 ---- Update to cef-138.0.21+g54811fe rhbz2379500 Tenable has extracted the preceding...

BACFuzz: Exposing the Silence on Broken Access Control Vulnerabilities in Web Applications

Broken Access Control BAC remains one of the most critical and widespread vulnerabilities in web applications, allowing attackers to access unauthorized resources or perform privileged actions. Despite its severity, BAC is underexplored in automated testing due to key challenges: the lack of...

Realistic Vulnerabilities of Decoy-State Quantum Key Distribution

We analyze realistic vulnerabilities of decoy-state quantum key distribution QKD arising from the combination of laser damage attack LDA and unambiguous state discrimination USD. While decoy-state QKD is designed to protect against photon-number-splitting and beam-splitting attacks by accurately...

Exploit for Authentication Bypass by Primary Weakness in Crushftp

CVE-2025-31161 - CrushFTP Authentication Bypass Exploit This...

Exploit for CVE-2025-49113

CVE-2025-49113 Roundcube Exploit A Python exploit for CVE-202...

Oracle Application Testing Suite (July 2025 CPU)

The versions of Oracle Application Testing Suite installed on the remote host are affected by a vulnerability as referenced in the July 2025 CPU advisory. - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps Apache Commo...

Malicious code in @ivy-shared-components/testing (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=-...

Oracle GoldenGate for Big Data Multiple Vulnerabilities 21.x < 21.19.0.0.0 (July 2025 CPU)

According to its self-reported version number, the Oracle GoldenGate for Big Data application located on the remote host is affected by multiple vulnerabilities: - Security-in-Depth issue in the Oracle GoldenGate Big Data and Application Adapters product of Oracle GoldenGate component: GoldenGate...

Faraday 5.15.0

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...

AlmaLinux 9 : tomcat (ALSA-2025:11335)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:11335 advisory. tomcat: Incomplete fix for CVE-2024-50379 - RCE due to TOCTOU issue in JSP compilation CVE-2024-56337 tomcat: Apache Tomcat: DoS via malformed HTTP/2...

MAL-2025-191893 Malicious code in testcatplzignore (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c3cde630e4fbb39749856eccaa8f1afb813c865152bcf6d2eb0a639f71f2b4cb Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Exploit for Link Following in Git-Scm Git

PoC for CVE-2025-48384 This proof-of-concept demonstrates Git...

be.atbash.test:integration-testing (=2.2.0), be.atbash.test:integration-testing-database (=2.2.0) +643 more potentially affected by CVE-2025-48795 via org.apache.cxf:cxf-core (>=4.0.0 <=4.0.6)

org.apache.cxf:cxf-core MAVEN version =4.0.0, =1.0.0, =12.1-7-21, =0.0.1, =2.70.0, =2.71.1 - com.codbex.kronos:codbex-kronos-commons =2.70.0 - com.codbex.kronos:codbex-kronos-components-api-parent =2.69.0 - com.codbex.kronos:codbex-kronos-components-engine-xsjob =2.69.0 and more Source cves:...

MT4DP: Data Poisoning Attack Detection for DL-Based Code Search Models Via Metamorphic Testing

Recently, several studies have indicated that data poisoning attacks pose a severe security threat to deep learning-based DL-based code search models. Attackers inject carefully crafted malicious patterns into the training data, misleading the code search model to learn these patterns during...

Metasploit Wrap-Up 07/11/2025

Active Directory LDAP Library This week Metasploit added a library for working with Active Directory Domain Controllers over LDAP. The library consolidates common functionality and implements a caching mechanism to support common operations such as looking up objects by their DN, sAMAccountName, ...

Key Takeaways from the Take Command Summit 2025: Outpacing the Adversary – Red Teaming in a Complex Threat Landscape

The evolving complexity of modern infrastructures calls for more than traditional pen testing. In this session from the Take Command 2025 Virtual Cybersecurity Summit, red team experts shared how organizations are using continuous testing to outpace attackers — and better prepare their teams to...

Vulnerability Mitigation System (VMS): LLM Agent and Evaluation Framework for Autonomous Penetration Testing

As the frequency of cyber threats increases, conventional penetration testing is failing to capture the entirety of todays complex environments. To solve this problem, we propose the Vulnerability Mitigation System VMS, a novel agent based on a Large Language Model LLM capable of performing...

MAL-2025-191807 Malicious code in package-346234294 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c9741d027897445cdd34a40de0f592a42641170b88a9cbab6cee3dbaaeeedb39 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

[SECURITY] Fedora 42 Update: python3.6-3.6.15-47.fc42

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...