2884 matches found
EUVD-2021-29102
Malicious code in bioql PyPI...
EUVD-2023-3016
Malicious code in bioql PyPI...
EUVD-2024-18622
Malicious code in bioql PyPI...
gauntlt
This is an offensive tool for web application security testing. It is a ruggedization framework that enables security testing that is usable by devs, ops, and security. The tool is called Gauntlt. The target product/service or framework is not explicitly stated, but based on the examples provided...
xss.yaml
It is an offensive tool for web application security testing. Th...
[SECURITY] Fedora 42 Update: perl-Catalyst-Plugin-Session-0.44-1.fc42
This plugin is the base of two related parts of functionality required for session management in web applications. The first part, the State, is getting the browser to repeat back a session key, so that the web application can identify the client and logically string several requests together int...
PocCollect
This repository is an offensive tool for vulnerability scanning and exploitation, specifically targeting various web applications and services. The primary vulnerability class targeted is SQL injection, with specific examples of exploits for Struts2, 08CMS, and ASPCMS. The tool is written in Pyth...
anti-xss
It is an offensive tool for PHP. The primary CVE ID is not explicitly mentioned in the provided context, but the tool is designed to prevent Cross-site scripting XSS attacks. The target product/service is PHP, and the vulnerability class/vector is XSS. The probable entry points are not explicitly...
CVE
It is an offensive tool for web applications. The repository app...
TPSQLi: Test Prioritization for SQL Injection Vulnerability Detection in Web Applications
The rapid proliferation of network applications has led to a significant increase in network attacks. According to the OWASP Top 10 Projects report released in 2021, injection attacks rank among the top three vulnerabilities in software projects. This growing threat landscape has increased the...
Aspect-Oriented Programming in Secure Software Development: a Case Study of Security Aspects in Web Applications
Security remains a critical challenge in modern web applications, where threats such as unauthorized access, data breaches, and injection attacks continue to undermine trust and reliability. Traditional Object-Oriented Programming OOP often intertwines security logic with business functionality,...
XSSVulnerabilityScanner
It is an offensive tool for web application security testing. Th...
SUSE SLES15: tomcat10 / tomcat10-admin-webapps / tomcat10-doc / etc (SUSE-SU-2025:03006-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:03006-1 advisory. Updated to Tomcat 10.1.44: - CVE-2025-48989: Fixed 'MadeYouReset' DoS in HTTP/2 due to client triggered stream reset bsc12438...
Security update for tomcat10
This update for tomcat10 fixes the following issues: Updated to Tomcat 10.1.44: CVE-2025-48989: Fixed "MadeYouReset" DoS in HTTP/2 due to client triggered stream reset bsc1243895 Other fixes: Catalina Fix: Fix bloom filter population for archive indexing when using a packed WAR containing one or...
SUSE-SU-2025:03006-1 Security update for tomcat10
This update for tomcat10 fixes the following issues: Updated to Tomcat 10.1.44: - CVE-2025-48989: Fixed 'MadeYouReset' DoS in HTTP/2 due to client triggered stream reset bsc1243895 Other fixes: - Catalina + Fix: Fix bloom filter population for archive indexing when using a packed WAR containing o...
SUSE SLES15: tomcat11 / tomcat11-admin-webapps / tomcat11-doc / etc (SUSE-SU-2025:02992-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:02992-1 advisory. Updated to Tomcat 11.0.10 - CVE-2025-48989: Fixed 'MadeYouReset' DoS in HTTP/2 due to client triggered stream reset bsc124389...
RHEL 9 : mod_security (RHSA-2025:13716)
The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:13716 advisory. ModSecurity is an open source intrusion detection and prevention engine for web applications. Security Fixes: modsecurity: ModSecurity Denial of...
VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting (XSS)
VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting XSS - Exploit Title: VMware vSphere Client 8.0.3.0 - Reflected Cross-Site Scripting XSS - Date: 2025-08-08 - Exploit Author: Imraan Khan Lich-Sec - Vendor Homepage: https://www.vmware.com - Version: vSphere Client 8.0.3.0 - Tested On:...
commix
This is an automated all-in-one OS command injection exploitation tool. It is designed to automate the detection and exploitation of command injection vulnerabilities. The tool is written in Python and is available on GitHub under the GPLv3 license. It can be installed by cloning the official Git...
PT-2025-32003 · Fiber · Fiber
Name of the Vulnerable Software and Affected Versions: Fiber versions 2.52.8 and below Description: Fiber is an Express inspired web framework written in Go. When using Fiber's Ctx.BodyParser to parse form data containing a large numeric key that represents a slice index e.g., test.18446744073704...