Exploit for HTTP Request Smuggling in Microsoft

CVE-2025-55315 Vulnerability Scanner and TLS Proxy This repos...

Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Penetration Testing & Vulnerability Research Cheatsheet 🛡️ !...

CVE-2025-62169

OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks...

CVE-2025-62169 OctoPrint-SpoolManager Plugin APIs do not enforce authentication

OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks...

EUVD-2025-35702

OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks...

CVE-2025-62169 OctoPrint-SpoolManager Plugin APIs do not enforce authentication

OctoPrint-SpoolManager is a plugin for managing spools and all their usage metadata. In versions 1.8.0a2 and older of the testing branch and versions 1.7.7 and older of the stable branch, the APIs of the OctoPrint-SpoolManager plugin do not correctly enforce authentication or authorization checks...

Xss-Wordlist

It is an offensive tool for web application security testing. Th...

primilinary-exploit-searching-dork

primilinary-exploit-searching-dork This file contains an exten...

Vulnerabilities fixed in Oracle Commerce

Oracle has fixed vulnerabilities in several subcomponents of Oracle Commerce products, including Oracle Middleware Common Libraries, Oracle Documaker, Oracle WebCenter Forms Recognition, Oracle WebLogic Server, and Oracle Application Testing Suite. The vulnerabilities allow unauthenticated...

On the Cybersecurity of LoRaWAN-Based System: A Smart-Lighting Case Study

Cyber-physical systems and the Internet of Things IoT are key technologies in the Industry 4.0 vision. They incorporate sensors and actuators to interact with the physical environment. However, when creating and interconnecting components to form a heterogeneous smart systems architecture, these...

EUVD-2025-35590

MeterSphere is an open source continuous testing platform. Prior to version 2.10.25-lts, a logic flaw allows retrieval of arbitrary user information. This allows an unauthenticated attacker to log in to the system as any user. This issue has been patched in version 2.10.25-lts...

MeterSphere 信息泄露漏洞

MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. An information disclosure vulnerability exists in versions prior to MeterSphere 2.10.25-lts that stems from a logic flaw that could lead to the disclosure of arbitrary user information and an unauthenticate...

CLSA-2025-1761082098 Fix CVE(s): CVE-2022-0547

SECURITY UPDATE: Authentication bypass in external authentication plug-ins with only partially correct credentials - debian/patches/CVE-2022-0547.patch: disallow multiple deferred authentication plug-ins - CVE-2022-0547 Update sample keys for testing - debian/sample-keys/ - debian/rules -...

Independent Results Confirm Rapid7’s NGAV Delivers Strong, Reliable Protection

At Rapid7, we measure success by how well we protect our customers in the real world. That’s why independent testing like the AV-Comparatives Business Security Test matters. It’s a trusted benchmark for how endpoint security products perform against today’s constantly evolving threats, and how th...

Malicious Package

Overview ab-testing-for-wp is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this package...

Protected with Opera Neon: Understanding agentic browser security

Security Protected with Opera Neon: Understanding agentic browser security Share October 21st, 2025 Hi Opera users, If you were hanging out around these parts in the past few weeks, you might have noticed that we launched Opera Neon – an AI agentic browser that can browse with you or for you, tak...

MAL-2025-191776 Malicious code in klsosdoids2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 d72d2891383419bc38738c4c3be786e31a5000e46d5b3064bacf11561ad69af8 Package simulates malicious activity during installation and has no other purpose --- Category: PROBABLYPENTEST - Packages looking like typical pentest package...

Towards a Blockchain-Based CI/CD Framework to Enhance Security in Cloud Environments

Security is becoming a pivotal point in cloud platforms. Several divisions, such as business organisations, health care, government, etc., have experienced cyber-attacks on their infrastructures. This research focuses on security issues within Continuous Integration and Deployment CI/CD pipelines...

CVE-2025-62413 MQTTX vulnerable to cross-site scripting via improper message payload rendering

MQTTX is an MQTT 5.0 desktop client and MQTT testing tool. A Cross-Site Scripting XSS vulnerability was introduced in MQTTX v1.12.0 due to improper handling of MQTT message payload rendering. Malicious payloads containing HTML or JavaScript could be rendered directly in the MQTTX message viewer. ...

Beware the Hidden Costs of Pen Testing

Penetration testing helps organizations ensure IT systems are secure, but it should never be treated in a one-size-fits-all approach. Traditional approaches can be rigid and cost your organization time and money – while producing inferior results. The benefits of pen testing are clear. By...