97 matches found
EUVD-2013-0929
Malware in sbrugna...
hackingtool-v5.1
All in One Hacking tool For Hackers🥇 !https://img.shields...
CVE-2025-10193
DNS rebinding vulnerability in Neo4j Cypher MCP server allows malicious websites to bypass Same-Origin Policy protections and execute unauthorised tool invocations against locally running Neo4j MCP instances. The attack relies on the user being enticed to visit a malicious website and spend...
CVE-2025-47909
Hosts listed in TrustedOrigins implicitly allow requests from the corresponding HTTP origins, allowing network MitMs to perform CSRF attacks. After the CVE-2025-24358 fix, a network attacker that places a form at http://example.com can't get it to submit to https://example.com because the Origin...
CyberSleuth: Autonomous Blue-Team LLM Agent for Web Attack Forensics
Large Language Model LLM agents are powerful tools for automating complex tasks. In cybersecurity, researchers have primarily explored their use in red-team operations such as vulnerability discovery and penetration tests. Defensive uses for incident response and forensics have received...
CVE-2023-26046
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...
CVE-2025-24361 Opening a malicious website while running a Nuxt dev server could allow read-only access to code
Nuxt is an open-source web development framework for Vue.js. Source code may be stolen during dev when using version 3.0.0 through 3.15.12 of the webpack builder or version 3.12.2 through 3.152 of the rspack builder and a victim opens a malicious web site. Because the request for classic script b...
hackingtool
This is an offensive tool for a comprehensive hacking suite. The primary purpose of this tool is to provide a wide range of functionalities for hackers, including information gathering, exploitation, and post-exploitation activities. The tool is designed to be user-friendly and can be run on...
VulnCheck KEV: CVE-2021-38702
Cyberoam NetGenie C0101B1-20141120-NG11VO devices through 2021-08-14 allow tweb/ft.php?u=XSS attacks...
CVE-2024-33791
A cross-site scripting XSS vulnerability in netis-systems MEX605 v2.00.06 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the getTimeZone function...
IBM CICS TX 跨站请求伪造漏洞
IBM CICS TX is a comprehensive, single transaction runtime package from International Business Machines IBM. IBM CICS TX has a cross-site request forgery vulnerability that stems from the presence of a cross-site request forgery CSRF vulnerability. An attacker could exploit this vulnerability by...
CVE-2023-22047
Vulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft component: Portal. Supported versions that are affected are 8.59 and 8.60. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise PeopleSoft Enterprise...
Cross site scripting
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...
CVE-2023-26046 teler-waf subject to bypass of common web attack threat rule with HTML entities payload
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...
CVE-2023-26046 teler-waf subject to bypass of common web attack threat rule with HTML entities payload
teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. In teler-waf prior to version 0.1.1 is vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...
GHSA-9F95-HHG4-PG4F teler-waf subject to Bypass of Common Web Attack Threat Rule with HTML Entities Payload
Description teler-waf is a Go HTTP middleware that provides teler IDS functionality to protect against web-based attacks. Versions prior to v0.1.1 are vulnerable to bypassing common web attack rules when a specific HTML entities payload is used. This vulnerability allows an attacker to execute...
SUSE CVE-2012-0071
Unspecified vulnerability in the Oracle Imaging and Process Management component in Oracle Fusion Middleware 10.1.3.6.0 allows remote attackers to affect integrity via unknown vectors related to Web, a different vulnerability than CVE-2012-0093...
SUSE CVE-2017-10195
Vulnerability in the Oracle Hospitality Simphony component of Oracle Hospitality Applications subcomponent: Import/Export. The supported version that is affected is 2.8. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Hospitality...
Adobe Experience Manager 跨站脚本漏洞
Adobe Experience Manager AEM is a content management solution from Adobe that can be used to build websites, mobile applications and forms. The solution supports mobile content management, marketing and sales campaign management, and multi-site management, etc. A cross-site scripting vulnerabilit...
[Security Nation] James Kettle of PortSwigger on Advancing Web-Attack Research
!\Security Nation\ James Kettle of PortSwigger on Advancing Web-Attack Researchhttps://blog.rapid7.com/content/images/2022/10/securitynationlogo.jpg In this episode of Security Nation, Jen and Tod talk to James Kettle of PortSwigger. Their discussion includes research for new web-attack technique...