CVE-2026-27477 Mastodon has SSRF via unvalidated FASP Provider base_url

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, an unauthenticated attacker can register a FASP with an attacker-chosen baseurl that includes or...

CVE-2026-27468

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, actions performed by a FASP to subscribe to account/content lifecycle events or to backfill content...

ai-security-toolkit

...

VibeCode-injectproof

🛡️ VibeCode-InjectProof Deep SQLi verification engine for...

A Lightweight Defense Mechanism against Next Generation of Phishing Emails Using Distilled Attention-Augmented BiLSTM

The current generation of large language models produces sophisticated social-engineering content that bypasses standard text screening systems in business communication platforms. Our proposed solution for mail gateway and endpoint deception detection operates in a privacy-protective manner whil...

ICSSPulse: A Modular LLM-Assisted Platform for Industrial Control System Penetration Testing

It is well established that industrial control systems comprise the operational backbone of modern critical infrastructures, yet their increasing connectivity exposes them to cyber threats that are difficult to study and remedy safely under real-time operational conditions. In this paper, we...

Linux Kernel 7.x Safe Verification of XFS Scrub ioctl Support

This tool provides a safe and non-exploitative way to verify whether a mount point uses the XFS file system and whether the system kernel supports the ioctl interface for XFS metadata cleanup XFSIOCSCRUBMETADATA. The tool performs verification of the file system type to confirm it is XFS, safely...

Exploit for Incorrect Privilege Assignment in Themewinter Eventin

CVE-2025-47539 Exploit Overview This repository contains a...

bottegram

b...

Malicious code in npm-security-testing (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bf7ca4cfc33128c3d392d0df3b413365624b0e28a8215a7f0226ca4ec459730 The package npm-security-testing was found to contain malicious code. Source: ghsa-malware...

Malicious Package

Overview npm-security-testing is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

MAL-2026-997 Malicious code in npm-security-testing (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7bf7ca4cfc33128c3d392d0df3b413365624b0e28a8215a7f0226ca4ec459730 The package npm-security-testing was found to contain malicious code. Source: ghsa-malware...

CodeHacker: Automated Test Case Generation for Detecting Vulnerabilities in Competitive Programming Solutions

The evaluation of Large Language Models LLMs for code generation relies heavily on the quality and robustness of test cases. However, existing benchmarks often lack coverage for subtle corner cases, allowing incorrect solutions to pass. To bridge this gap, we propose CodeHacker, an automated agen...

Mass FortiGate Symlink Bypass Scanner

FortiGate mass symlink bypass scanner that adds structured validation, impact assessment, and reporting logic. It first verifies whether the target actually appears to be a FortiGate device from Fortinet using fingerprinting heuristics, which reduces false positives. Instead of testing a single...

watchtower

!WatchTower Bannerhttps://github.com/0xS4r4n9/watchtower/blob...

Exploit for OS Command Injection in Beyondtrust Privileged_Remote_Access

BeyondTrust CVE-2026-1731 Scanner Professional Python scanner...

OSV-2026-272 Heap-use-after-free in vcardproperty_get_value

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=485932113 Crash type: Heap-use-after-free READ 8 Crash state: vcardpropertygetvalue vcardpropertygetversion parsevcard...

CVE-2026-25378

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Blind SQL Injection.This issue affects Nelio AB Testing: from n/a through = 8.2.4...

Can AI Lower the Barrier to Cybersecurity? A Human-Centered Mixed-Methods Study of Novice CTF Learning

Capture-the-Flag CTF competitions serve as gateways into offensive cybersecurity, yet they often present steep barriers for novices due to complex toolchains and opaque workflows. Recently, agentic AI frameworks for cybersecurity promise to lower these barriers by automating and coordinating...

Exploit for Code Injection in Ivanti Endpoint_Manager_Mobile

Ivanti EPMM pre-auth RCE Dummy Target A simple demo applicati...