CVE-2026-41713

A malicious user could craft input that is stored in conversation memory and later interpreted by the model in an unintended way. Applications using the affected advisor with user-controlled input may be susceptible to manipulation of model behavior across conversation turns...

Validating Threat Modeling Results with the Help of Vulnerable Test Applications

Validating threat modeling results remains difficult because completeness is hard to judge without an external oracle. Existing studies often rely on expert-produced reference models and other human baselines, but these can contain omissions or disagreements. This paper evaluates a complementary,...

Exploit for OS Command Injection in Gnu Bash

AppAssault Lab — Attacking Common Applications ╔═════...

XSS-Payloads-to-Bypass-WAFs

PoC exploit for XSS payloads to bypass WAFs, specifically target...

EUVD-2024-38093

Malicious code in bioql PyPI...

awesome-exploit-development

This is a curated list of resources for learning about exploit development, not an exploit itself. It is a collection of books, tutorials, courses, tools, and vulnerable applications for learning about exploit development. The resources include books such as "Hacking - The art of exploitation" an...

CVE-2020-11003

Oasis before version 2.15.0 has a potential DNS rebinding or CSRF vulnerability. If you're running a vulnerable application on your computer and an attacker can trick you into visiting a malicious website, they could use DNS rebinding and CSRF attacks to read/write to vulnerable applications. Thi...

Azure Linux 3.0 Security Update: cert-manager / cf-cli / docker-buildx / docker-compose / moby-compose / moby-engine / packer (CVE-2024-45337)

The version of cert-manager / cf-cli / docker-buildx / docker-compose / moby-compose / moby-engine / packer installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-45337 advisory. - Applications and...

DEBIAN-CVE-2024-26141

Rack is a modular Ruby web server interface. Carefully crafted Range headers can cause a server to respond with an unexpectedly large response. Responding with such large responses could lead to a denial of service issue. Vulnerable applications will use the Rack::File middleware or the...

Rack has possible DoS Vulnerability with Range Header

Possible DoS Vulnerability with Range Header in Rack There is a possible DoS vulnerability relating to the Range request header in Rack. This vulnerability has been assigned the CVE identifier CVE-2024-26141. Versions Affected: = 1.3.0. Not affected: 1.3.0 Fixed Versions: 3.0.9.1, 2.2.8.1 Impact...

GHSA-XJ5V-6V4G-JFW6 Rack has possible DoS Vulnerability with Range Header

Possible DoS Vulnerability with Range Header in Rack There is a possible DoS vulnerability relating to the Range request header in Rack. This vulnerability has been assigned the CVE identifier CVE-2024-26141. Versions Affected: = 1.3.0. Not affected: 1.3.0 Fixed Versions: 3.0.9.1, 2.2.8.1 Impact...

Possible DoS Vulnerability with Range Header in Rack

There is a possible DoS vulnerability relating to the Range request header in Rack. This vulnerability has been assigned the CVE identifier CVE-2024-26141. Versions Affected: = 1.3.0. Not affected: 1.3.0 Fixed Versions: 3.0.9.1, 2.2.8.1 Impact Carefully crafted Range headers can cause a server to...

Ivanti Connect Secure Security Vulnerability

Ivanti Connect Secure is a secure remote network connection tool from Ivanti USA. A security vulnerability exists in versions prior to Ivanti Connect Secure 22.6R2, which stems from an attacker being able to escalate his privileges by exploiting vulnerable installed applications...

Amazon Linux 2 : openssl11 (ALAS-2023-2226)

The version of openssl11 installed on the remote host is prior to 1.1.1g-12. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2023-2226 advisory. Issue summary: Checking excessively long DH keys or parameters may be very slow. Impact summary: Applications that use...

Splunk 注入漏洞

Splunk is a suite of data collection and analysis software from Splunk, Inc. It is used to collect, index, and analyze and the data it generates, including data generated by all IT systems and infrastructures physical, virtual machines, and cloud. Splunk has an injection vulnerability that stems...

SUSE CVE-2004-2320

The default configuration of BEA WebLogic Server and Express 8.1 SP2 and earlier, 7.0 SP4 and earlier, 6.1 through SP6, and 5.1 through SP13 responds to the HTTP TRACE request, which can allow remote attackers to steal information using cross-site tracing XST attacks in applications that are...

vulhub

This repository is an offensive tool for web application security training and testing. It is a collection of vulnerable web applications and tools for testing and training purposes. The repository contains a variety of vulnerable applications, including web servers, databases, and other web-base...

vulhub

This repository is an offensive tool for web application security training and testing. It is a collection of vulnerable web applications, each designed to demonstrate a specific web application security vulnerability. The repository includes various web applications, such as CouchDB, Git, and...

Misconfigured Firebase Databases Exposing Data in Mobile Apps

Thousands of mobile apps – some of which have been downloaded tens of millions of times – are exposing sensitive data from open cloud-based databases due to misconfigured cloud implementations, new research from Check Point has found. Check Point Research CPR found that in three months’ time, 2,1...

vulhub

This is a pre-built vulnerable environment based on Docker-Compose, maintained by the Vulhub project. The repository contains a collection of vulnerable applications and services, including CouchDB, FFmpeg, Git, and more, which can be used for testing and training purposes. The environment is...