CVE-2025-53657

Jenkins ReadyAPI Functional Testing Plugin 1.11 and earlier does not mask SLM License Access Keys, client secrets, and passwords displayed on the job configuration form, increasing the potential for attackers to observe and capture them...

CVE-2025-53547 vulnerabilities

Vulnerabilities for packages: pluto, chart-testing, kots, chartmuseum, envoy-gateway, flux-helm-controller, linkerd2-fips, trivy-fips, k9s, tw, cerbos-fips, trivy-operator-fips, flux-fips, chartmuseum-fips, chart-testing-fips, cloudbeat-fips, flux-source-controller-fips, helm-operator-fips, zot,...

GHSA-557J-XG8C-Q2MM vulnerabilities

Vulnerabilities for packages: pluto, chart-testing, kots, chartmuseum, envoy-gateway, flux-helm-controller, linkerd2-fips, trivy-fips, k9s, tw, cerbos-fips, trivy-operator-fips, flux-fips, chartmuseum-fips, chart-testing-fips, cloudbeat-fips, flux-source-controller-fips, helm-operator-fips, zot,...

CVE-2025-38238

CVE-2025-38238 : In the Linux kernel, the SCSI fnic driver (fnic_wq_cmpl_handler) crashes when both FDMI RHBA and RPA requests time out due to reusing the same frame to send ABTS for both. The root cause is the double-free of a frame on send completion. The fix allocates separate frames for RHBA ...

Unifying Re-Identification, Attribute Inference, and Data Reconstruction Risks in Differential Privacy

Differentially private DP mechanisms are difficult to interpret and calibrate because existing methods for mapping standard privacy parameters to concrete privacy risks -- re-identification, attribute inference, and data reconstruction -- are both overly pessimistic and inconsistent. In this work...

Jenkins plugin ReadyAPI Functional Testing 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

Jenkins plugin ReadyAPI Functional Testing 安全漏洞

Jenkins and Jenkins plugin are both Jenkins open source products.Jenkins is an application software. An open source automation server Jenkins provides hundreds of plugins to support building, deploying and automating any project.Jenkins plugin is an application software plugin. A security...

Automated Attack Testflow Extraction from Cyber Threat Report Using BERT for Contextual Analysis

In the ever-evolving landscape of cybersecurity, the rapid identification and mitigation of Advanced Persistent Threats APTs is crucial. Security practitioners rely on detailed threat reports to understand the tactics, techniques, and procedures TTPs employed by attackers. However, manually...

AI Agent Smart Contract Exploit Generation

We present A1, an agentic execution driven system that transforms any LLM into an end-to-end exploit generator. A1 has no hand-crafted heuristics and provides the agent with six domain-specific tools that enable autonomous vulnerability discovery. The agent can flexibly leverage these tools to...

Malicious code in playwright-e2e-testing (npm)

The package communicates with a domain associated with malicious activity. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 1947219a5f6bf4374f28676075008bd3dc532f9ffde90b285e73fcd418a198c4 Any computer that has this package installed or running should be considered...

Exploit for CVE-2024-9014

CVE-2024-9014 - pgAdmin 4 OAuth2 Authentication Bypass Exploit...

Approach to mainframe penetration testing on z/OS. Deep dive into RACF

In our previous article we dissected penetration testing techniques for IBM z/OS mainframes protected by the Resource Access Control Facility RACF security package. In this second part of our research, we delve deeper into RACF by examining its decision-making logic, database structure, and the...

Malicious code in mark-testing (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware d23383a480fcca63e03f17e636f2b8b0ac1605237d730c7ccf159e9ea082f39d Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Enter, Exit, Page Fault, Leak: Testing Isolation Boundaries for Microarchitectural Leaks

CPUs provide isolation mechanisms like virtualization and privilege levels to protect software. Yet these focus on architectural isolation while typically overlooking microarchitectural side channels, exemplified by Meltdown and Foreshadow. Software must therefore supplement architectural defense...

PT-2025-30867

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.16.0-rc4-syzkaller-00108-g17bbde2e1716 Description The Linux kernel contains a flaw in the io uring/msg ring subsystem related to the freeing of io kiocb requests. Specifically, the freeing of requests was not...

WordPress A/B Testing for WordPress plugin cross-site scripting vulnerability

WordPress A/B Testing for WordPress plugin is a plugin for A/B testing in WordPress websites, which is mainly used to help optimize website conversions by comparing the effects of different page elements such as titles, button colors, content, etc.. The WordPress A/B Testing for WordPress plugin...

Exploit for Out-of-bounds Read in Citrix Netscaler_Application_Delivery_Controller

CitrixBleed-2-CVE-2025-5777 checker checker.py httphttps...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Sudo_Project Sudo

CVE-2025-32463 – Privilege Escalation via Sudo chroot 📝 Ov...

OSCP-Prep

This is a comprehensive guide for information security infosec professionals, particularly those preparing for the OSCP Offensive Security Certified Professional exam. The guide is a collection of various files, including a PDF document, a text file, and a set of cheat sheets. The PDF document,...

sas-top-10

This is an educational guide for organizations adopting serverless architectures. The document, curated by top industry practitioners and security researchers, provides information on the top 10 security risks for serverless applications. The guide aims to assist organizations in building robust,...