GHSA-HR2V-4R36-88HR vulnerabilities

Vulnerabilities for packages: nova, harbor, trivy-operator, zot, trivy, kuma, zarf, cerbos, consul-k8s, teleport, flux-source-controller, helm-docs, istio, helm-operator, cert-manager-cmctl, k8ssandra-client, linkerd2, rancher-fleet, chart-testing, helm-push, pluto, kube-arangodb, envoy-gateway,...

CVE-2026-35206 vulnerabilities

Vulnerabilities for packages: nova, harbor, trivy-operator, zot, trivy, kuma, zarf, cerbos, consul-k8s, teleport, flux-source-controller, helm-docs, istio, helm-operator, cert-manager-cmctl, k8ssandra-client, linkerd2, rancher-fleet, chart-testing, helm-push, pluto, kube-arangodb, envoy-gateway,...

GHSA-HR2V-4R36-88HR vulnerabilities

Vulnerabilities for packages: chaos-mesh, tw, chartmuseum, trivy-operator, flux-fips, helm-diff-fips, k8ssandra-client, envoy-gateway, envoy-gateway-fips, chartmuseum-fips, linkerd2-fips, pluto, cluster-api-helm-controller, flux-source-controller, harbor, chart-testing, chaos-mesh-fips,...

Malicious code in gd-auth-sso (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8f23b8545f85df66640646272b028ab4db1032fcb4fd5bbd745971b3438cc4f1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2536 Malicious code in yhaplo1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ea4e6c1525395c0b55d0de437d61b31250561c4901199518e13cd28fe15f232f Dependency confusion attempt. The user identifies themselves as a HackerOne user abusing the PyPI for the purpose of a bug bounty program. This package did not...

Malicious code in bonsaitree1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0c35db41a5cf0a0671b33adf698777ebb63055a4f5ab3076bf3ed563a875cbb6 Dependency confusion attempt. The user identifies themselves as a HackerOne user abusing the PyPI for the purpose of a bug bounty program. This package did not...

MAL-2026-2533 Malicious code in phasedibd (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8d514af72edb0054d9c5ff73f59a8517927dc660a5a58c8a03baf8abc5b22365 Dependency confusion attempt. The user identifies themselves as a HackerOne user abusing the PyPI for the purpose of a bug bounty program. This package did not...

Malicious code in noonhelpers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c2cb54ce39fd435f904d72dbbb5eef46166291adcd5106ea8d74d3c3c66aa3a5 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

Checkmk 安全漏洞

Checkmk is an IT monitoring platform developed by Checkmk Corporation. Versions of Checkmk prior to 2.5.0b4 and 2.4.0p26 contained security vulnerabilities. These vulnerabilities stemmed from Livestatus injection during notification testing modes, allowing authenticated users to inject arbitrary...

Exploit for Path Traversal in Xibosignage Xibo

Xibo CMS CVE-2023-33177 Vulnerability Tester !Python 3.6+...

MAL-2026-2522 Malicious code in st-payment (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 5bcf8605142a71ab3977537d339f48dfc102fcb49ce37c8f6b74c6b8af38988d Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

What Is Threat Hunting? A Complete Guide for Security Teams

What Is Threat Hunting? A Complete Guide for Security Teams Security tools catch a lot. They do not catch everything. Automated detection systems rely on known signatures, predefined rules, and behavioral baselines. Sophisticated adversaries know this and design their operations to slip through t...

LLMtary

LLMtary Elementary — AI-Powered Penetration Testing Platform...

penetration-testing-engagement

Internal Network Penetration Test Overview Conducted a ful...

Anthropic Teams Up With Its Rivals to Keep AI From Hacking Everything

The AI lab's Project Glasswing will bring together Apple, Google, and more than 45 other organizations. They'll use the new Claude Mythos Preview model to test advancing AI cybersecurity capabilities...

dst-engine

DST: Deterministic Security Testing Static analysis that does...

FortiClient EMS 7.4.6 Vulnerability Assessment Tool

CVE-2026-35616 is a pre-authentication API bypass in FortiClient EMS 7.4.5 and 7.4.6 that allows remote, unauthenticated attackers to bypass certificate-based authentication through HTTP header spoofing. The Django application trusts user-controllable HTTP headers X-SSL-CLIENT-VERIFY,...

Hackers or Hallucinators? A Comprehensive Analysis of LLM-Based Automated Penetration Testing

The rapid advancement of Large Language Models LLMs has created new opportunities for Automated Penetration Testing AutoPT, spawning numerous frameworks aimed at achieving end-to-end autonomous attacks. However, despite the proliferation of related studies, existing research generally lacks...

CVE-2026-35199

SymCrypt is the core cryptographic function library currently used by Windows. From 103.5.0 to before 103.11.0, The SymCryptXmssSign function passes a 64-bit leaf count value to a helper function that accepts a 32-bit parameter. For XMSS^MT parameter sets with total tree height = 32 which include...

pentest-agent

Pentest Agent AI-powered penetration testing agent using Clau...