Lucene search
K

105 matches found

GithubExploit
GithubExploit
added 2024/11/19 10:7 a.m.561 views

Exploit for Missing Authentication for Critical Function in Really-Simple-Plugins Really_Simple_Security

wordpress-really-simple-security-authn-bypass-exploit This is...

9.8CVSS7.1AI score0.81722EPSS
Exploits21
Wallarm Lab
Wallarm Lab
added 2024/10/18 10:29 a.m.9 views

Beyond Passwords: Advanced API Authentication Strategies for Enhanced Security

Passwordless authentication for end users is taking the world by storm, offering organizations and individuals alike unprecedented security, user experience, and efficiency benefits. By all indications, the next generation of authentication for end users has finally arrived, sending the password...

8AI score
Exploits0
Wiz blog
Wiz blog
added 2024/09/10 12:50 p.m.11 views

Introducing Wiz Code: transform your AppSec with Wiz

Cloud-native security starts with your code...

7.3AI score
Exploits0
OSSF Malicious Packages
OSSF Malicious Packages
added 2024/07/26 4:53 p.m.3 views

Malicious code in appsec-script-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 41394b4e398c9e82b5b97d5800a6304490350b988e3f053bb6ff9f4f0a5731f9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.3AI score
Exploits0References1
OSV
OSV
added 2024/07/26 4:53 p.m.6 views

MAL-2024-11523 Malicious code in appsec-script-py (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 41394b4e398c9e82b5b97d5800a6304490350b988e3f053bb6ff9f4f0a5731f9 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

7.2AI score
Exploits0References1
The Hacker News
The Hacker News
added 2024/07/18 11:45 a.m.18 views

AppSec Webinar: How to Turn Developers into Security Champions

Let's face it: AppSec and developers often feel like they're on opposing teams. You're battling endless vulnerabilities while they just want to ship code. Sound familiar? It's a common challenge, but there is a solution. Ever wish they proactively cared about security? The answer lies in a proven...

7.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2024/01/17 7:3 a.m.15 views

lacerdopolis.sc.gov.br Cross Site Scripting vulnerability OBB-3836434

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/12/31 7:56 a.m.10 views

inrca.it Cross Site Scripting vulnerability OBB-3826983

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.2AI score
Exploits0
The Hacker News
The Hacker News
added 2023/12/18 10:31 a.m.40 views

Unmasking the Dark Side of Low-Code/No-Code Applications

Low-code/no-code LCNC and robotic process automation RPA have gained immense popularity, but how secure are they? Is your security team paying enough attention in an era of rapid digital transformation, where business users are empowered to create applications swiftly using platforms like Microso...

7.2AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/12/12 6:21 p.m.23 views

Building an AppSec Program with Qualys WAS – Additional Configurations and Review & Confirm

Part 4 - Configuring a Web Application or API: Additional Configurations Now that we have completed the basic information, crawl settings, and default scan configurations, we can shift our attention to additional configurations designed to optimize scanning and provide granular control over how...

8AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/12/07 8:21 p.m.18 views

Vulnerability Researchers: Check out The Critical Thinking Podcast

Today, The Wordfence Bug Bounty Program was featured on an episode of the Critical Thinking Podcast, a top resource and community for bug bounty researchers. Critical Thinking is a podcast focused on ethical hacking and security analysis and is described as a “by Hackers for Hackers podcast focus...

7.2AI score
Exploits0
Wallarm Lab
Wallarm Lab
added 2023/10/27 2:4 p.m.23 views

Unlocking API Security Excellence: Wallarm at OWASP Global AppSec DC 2023

If you're involved in securing APIs, applications and web applications, or looking to learn about these, then the OWASP Global AppSec DC Conference next week is a must-attend event. Wallarm, the experts in API and application security, will be there, and we're excited to connect with you on Octob...

6.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/10/17 5:5 p.m.18 views

Building an AppSec Program with Qualys WAS – Introduction

Part 1 - Introduction and Configuring a Web Application or API: Basic Information Welcome to our introductory series of blogs where we will take you step-by-step through your application security journey with Qualys Web Application Scanning WAS to build and deploy secure web applications and APIs...

6.8AI score
Exploits0
Openbugbounty
Openbugbounty
added 2023/07/12 10:5 a.m.16 views

axialadventure.com Cross Site Scripting vulnerability OBB-3507643

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

6.1AI score
Exploits0
The Hacker News
The Hacker News
added 2023/06/19 11:51 a.m.5 views

Introducing AI-guided Remediation for IaC Security / KICS

While the use of Infrastructure as Code IaC has gained significant popularity as organizations embrace cloud computing and DevOps practices, the speed and flexibility that IaC provides can also introduce the potential for misconfigurations and security vulnerabilities. IaC allows organizations to...

6.9AI score
Exploits0
The Coalfire Blog
The Coalfire Blog
added 2023/06/05 6:8 p.m.26 views

Leveraging AppSec vendors amidst layoffs

The tech sector has been hit hard with layoffs and cutbacks, driving more companies to outsource their IT needs. Is it time for your organization to make the transition?...

7AI score
Exploits0
The Hacker News
The Hacker News
added 2023/05/24 10:51 a.m.31 views

What to Look for When Selecting a Static Application Security Testing (SAST) Solution

If you're involved in securing the applications your organization develops, there is no question that Static Application Security Testing SAST solutions are an important part of a comprehensive application security strategy. SAST secures software, supports business more securely, cuts down on...

7.2AI score
Exploits0
Kitploit
Kitploit
added 2023/04/05 12:30 p.m.141 views

Grepmarx - A Source Code Static Analysis Platform For AppSec Enthusiasts

Grepmarx is a web application providing a single platform to quickly understand, analyze and identify vulnerabilities in possibly large and unknown code bases. Features SAST Static Analysis Security Testing capabilities: Multiple languages support: C/C++, C, Go, HTML, Java, Kotlin, JavaScript,...

7.8AI score
Exploits0References9
Openbugbounty
Openbugbounty
added 2023/04/03 8:40 a.m.12 views

forbesjapan.com Cross Site Scripting vulnerability OBB-3245134

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

5.9AI score
Exploits0
Qualys Blog
Qualys Blog
added 2023/03/16 2:16 p.m.28 views

A New Approach to Discover, Monitor, and Reduce Your Modern Web Attack Surface

Web applications reign the internet universe, but also bring new risks that let attackers poke holes in an ever-expanding attack surface. Stolen credentials have been the historical culprit. Recent analysis saw a spike in exploits targeting web applications directly through specially-crafted...

0.4AI score
Exploits0
Rows per page
Query Builder