Automating Function-Level TARA for Automotive Full-Lifecycle Security

As modern vehicles evolve into intelligent and connected systems, their growing complexity introduces significant cybersecurity risks. Threat Analysis and Risk Assessment TARA has therefore become essential for managing these risks under mandatory regulations. However, existing TARA automation...

PEGASUS-NEO - A Comprehensive Penetration Testing Framework Designed For Security Professionals And Ethical Hackers. It Combines Multiple Security Tools And Custom Modules For Reconnaissance, Exploitation, Wireless Attacks, Web Hacking, And More

| \ | \ | | | | / / |/ / | | | / | | | | / / | | | \ \ || \ \ |\ | || |, |,|/,|/| | |/ ███▄ █ ▓█████ ▒█████ ██ ▀█ █ ▓█ ▀ ▒██▒ ██▒ ▓██ ▀█ ██▒▒███ ▒██░ ██▒ ▓██▒ ▐▌██▒▒▓█ ▄ ▒██ ██░ ▒██░ ▓██░░▒████▒░ ████▓▒░ ░ ▒░ ▒ ▒ ░░ ▒░ ░░ ▒░▒░▒░ ░ ░░ ░ ▒░ ░ ░ ░ ░ ▒ ▒░ ░ ░ ░ ░ ░ ░ ░ ▒ ░ ░ ░ ░ ░ PEGASUS-NEO...

Threat Replay Testing: Turning Attackers into Pen Testers

API security is no longer just a concern; it’s a critical priority for businesses. With APIs serving as the backbone of modern applications, they’ve become a primary target for attackers. While automated security testing tools help detect vulnerabilities, their limitations leave organizations...

Exploit for Deserialization of Untrusted Data in Apache Parquet_Java

Canary Exploit for Parquet CVE-2025-30065...

MAL-2025-3421 Malicious code in testing433 (npm)

--- -= Per source details. Do not edit below this line.=-...

CVAD - Published app in windowed mode disappears offscreen when minimized

After launching non-seamless app, if the app gets minimized, the user unable to restore it back. The non-seamless app minimizes and disappears and cannot be retrieved unless the user invokes the task switcher with hotkey combinations. The issue also occurs when using RDP initial app testing...

GHSA-JX4G-3XQM-62VH io.jmix.localfs:jmix-localfs has a Path Traversal in Local File Storage

Impact Attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the application server has the necessary permissions. This can be accomplished either by modifying the FileRef directly in the database or by supplying a harmful...

Ghost-Route - Ghost Route Detects If A Next JS Site Is Vulnerable To The Corrupt Middleware Bypass Bug (CVE-2025-29927)

A Python script to check Next.js sites for corrupt middleware vulnerability CVE-2025-29927. The corrupt middleware vulnerability allows an attacker to bypass authentication and access protected routes by send a custom header x-middleware-subrequest. Next JS versions affected: - 11.1.4 and up...

[SECURITY] Fedora 41 Update: perl-Devel-Cover-1.44-4.fc41

This module provides code coverage metrics for Perl. Code coverage metrics describe how thoroughly tests exercise code. By using Devel::Cover you can discover areas of code not exercised by your tests and determine which tests to create to increase coverage. Code coverage can be considered as an...

Google Chrome < 135.0.7049.114 Vulnerability

The version of Google Chrome installed on the remote Windows host is prior to 135.0.7049.114. It is, therefore, affected by a vulnerability as referenced in the 202504stable-channel-update-for-desktop22 advisory. Note that Nessus has not tested for this issue but has instead relied only on the...

DoomArena: a Framework for Testing AI Agents against Evolving Security Threats

We present DoomArena, a security evaluation framework for AI agents. DoomArena is designed on three principles: 1 It is a plug-in framework and integrates easily into realistic agentic frameworks like BrowserGym for web agents and $τ$-bench for tool calling agents; 2 It is configurable and allows...

Exploit for Authentication Bypass by Primary Weakness in Crushftp

CrushFTP CVE-2025-31161 Exploit Tool 🔓 Advanced detection an...

Exploit for CVE-2025-0054

CVE-2025-0054 – SAP NetWeaver Stored XSS Scanner 🕷 A lightwei...

Exploit for CVE-2025-3102

CVE-2025-3102 🛠️ SureTriggers Exploit Script Script ini diguna...

Oracle Application Testing Suite (April 2025 CPU)

The versions of Oracle Application Testing Suite installed on the remote host are affected by multiple vulnerabilities as referenced in the April 2025 CPU advisory. - Vulnerability in the Oracle Application Testing Suite product of Oracle Enterprise Manager component: Load Testing for Web Apps...

GraphAttack: Exploiting Representational Blindspots in LLM Safety Mechanisms

Large Language Models LLMs have been equipped with safety mechanisms to prevent harmful outputs, but these guardrails can often be bypassed through "jailbreak" prompts. This paper introduces a novel graph-based approach to systematically generate jailbreak prompts through semantic transformations...

GraphQLer: Enhancing GraphQL Security with Context-Aware API Testing

GraphQL is an open-source data query and manipulation language for web applications, offering a flexible alternative to RESTful APIs. However, its dynamic execution model and lack of built-in security mechanisms expose it to vulnerabilities such as unauthorized data access, denial-of-service DoS...

CVE-2024-58096 wifi: ath11k: add srng->lock for ath11k_hal_srng_* in monitor mode

In the Linux kernel, the following vulnerability has been resolved: wifi: ath11k: add srng-lock for ath11khalsrng in monitor mode ath11khalsrng should be used with srng-lock to protect srng data. For ath11kdprxmondestprocess and ath11kdpfullmonprocessrx, they use ath11khalsrng for many times but...

From Searching in the Dark to Seeing Ahead With Hive Pro’s Enhanced BAS

Running short on time but still want to stay in the know? Well, we’ve got you covered! We’ve condensed all the key takeaways into a handy audio summary. Our AI-driven podcasts are fit for on the go. Click right here to hear it all on Hive Pro's Enhanced BAS! During a recent incident response, I...

Drupal Google Optimize 安全漏洞

Drupal Google Optimize is an online split testing tool for the Drupal community. A security vulnerability exists in Drupal Google Optimize. No information about this vulnerability is available at this time, so stay tuned to CNNVD or the vendor announcement...