nuclei-templates

This is a GitHub repository for a community-curated list of templates for the Nuclei engine to find security vulnerabilities in applications. The repository contains various templates for the Nuclei scanner, which powers the actual scanning engine. The templates are provided by the project's team...

F5 NGINX Controller API Code Injection Vulnerability

The F5 NGINX Controller is a self-service, API-driven platform for managing NGINIX Plus that can be easily integrated into CI/CD workflows to accelerate application deployment and simplify application lifecycle management. user" or "admin" role access and authenticated attackers can use an...

KNIME has unspecified vulnerabilities

A security vulnerability exists in Knime, the Swiss company's enterprise software for putting data science workflows into production, which stems from the fact that when an administrator password is saved in a file without file access controls, its contents can be read by all local users. No...

PT-2021-24204 · Knime · Knime Analytics Platform

Name of the Vulnerable Software and Affected Versions: KNIME Analytics Platform versions prior to 4.5.0 Description: The issue concerns an external XML entity injection XXE vulnerability. It can be exploited via a crafted workflow file .knwf. Recommendations: For versions prior to 4.5.0, update t...

Stay Ahead of Threats With Cloud Workload Protection

When it comes to cloud-native applications, optimal security requires a modern, integrated, and automated approach that starts in development and extends to runtime protection. Cloud workload protection CWP helps make that goal possible by bringing major structural changes to software development...

KNIME directory traversal vulnerability

A directory traversal vulnerability exists in Knime, the Swiss company's enterprise software for putting data science workflows into production. knime stems from a failure of a networked system or product to properly filter special elements in a resource or file path, which could be exploited by ...

Knime Server 路径遍历漏洞

A directory traversal vulnerability exists in Knime, the Swiss company's enterprise software for putting data science workflows into production. knime stems from a failure of a networked system or product to properly filter special elements in a resource or file path, which could be exploited by ...

JetBrains YouTrack Injection Vulnerability

JetBrains YouTrack is a browser-based bug tracking and project management software from JetBrains Czech Republic. The software has features such as bug tracking, creating workflows, and monitoring project progress.JetBrains YouTrack is vulnerable to an injection vulnerability that stems from...

CVE-2021-40809

An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows...

CVE-2021-40809

An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows...

Authentication flaw

An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows...

CVE-2021-40809

An issue was discovered in Jamf Pro before 10.32.0, aka PI-009921. An account can be granted incorrect privileges in response to authentication that uses specific sign-on workflows...

vulhub

This is an offensive tool repository for vulnerability research and testing, specifically targeting various web applications and services. The repository contains a collection of exploits, proof-of-concept PoC code, and tools for identifying and exploiting vulnerabilities in software and systems...

vulhub1

This is a repository for a project called Vulhub, which appears to be a collection of vulnerable systems and applications for testing and learning purposes. The repository contains various files and directories, including: 1. .gitattributes: A file that specifies which files should be ignored by...

Workshop: AWS S3 Bucket for Malware Scanning

In this workshop, you will learn how to scan your objects that are being uploaded to Amazon S3 buckets for malware and integrate into your custom workflows, by automating with your current resources, directly in your AWS environment...

Workshop: AWS S3 Bucket for Malware Scanning

In this workshop, you will learn how to scan your objects that are being uploaded to Amazon S3 buckets for malware and integrate into your custom workflows, by automating with your current resources, directly in your AWS environment...

Exploit for Improper Encoding or Escaping of Output in F5 Nginx

This is an offensive tool for web application security training. It is a collection of vulnerable web applications, each with its own set of vulnerabilities, designed to help users learn and practice web application security testing. The repository contains a variety of web applications, includin...

CVE-2021-32724 check-spelling workflow vulnerable to GITHUB_TOKEN leakage via symlink attack

check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the check-spelling action enabled that triggers on pullrequesttarget or schedule, an attacker can send a crafted Pull Request that causes a GITHUBTOKEN to be exposed. With the...

Insecure TLS Configuration

github.com/argoproj/argo-workflows uses an insecure TLS configuration. The Argo Server TLS requests can potentially be forged by an attacker with network access...

Energize Your Incident Response and Vulnerability Management With Crowdsourced Automation Workflows

It’s no secret that most organizations need to dramatically improve their incident detection and response and vulnerability management VM programs. How many major security breaches could organizations avert if they could detect and address them at the start, when they’re still just minor incident...