📄 FIFOFox: Windows Named-Pipe Weak Permission and Access Control Validation

This C-based framework analyzes Windows named pipes for insecure permission configurations and weak access controls that could introduce privilege boundary issues. The code collects metadata about target pipes, inspects security descriptors and DACL configurations, checks for potentially unsafe...

CVE-2026-53471 Migration-planner: agent api ignores jwt source_id claim

A flaw was found in migration-planner. The agent-API middleware processes JSON Web Tokens JWTs for authentication, but its UpdateSourceInventory and UpdateAgentStatus handlers fail to validate the sourceid claim within these tokens against the requested source ID. This oversight allows an...

CVE-2026-53469

A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents, and assessments,...

CVE-2026-53469 Migration-planner: unprotected delete endpoint wipes all tenant data

A flaw was found in migration-planner. An authenticated user can exploit this vulnerability by sending a DELETE request to the /api/v1/sources route, which lacks proper authorization and filtering. This allows for the destruction of all customer data, including sources, agents, and assessments,...

PT-2026-48445

Name of the Vulnerable Software and Affected Versions migration-planner affected versions not specified Description The agent-API middleware processes JSON Web Tokens JWTs for authentication, but the UpdateSourceInventory and UpdateAgentStatus handlers do not validate the source id claim within t...

KubeSec V1 Kubernetes Scanner

KubeSec is a Kubernetes security auditing tool designed to identify dangerous RBAC permissions, insecure pod configurations, exposed secrets, privileged workloads, risky host mounts, weak network exposure, and cluster hardening weaknesses across Kubernetes environments. performs automated read-on...

Dark-Moon

The Open-Source AI-...

DarkMoon - the Open-Source AI-Powered Autonomous Penetration Testing Platform

DarkMoon is an automated penetration testing tool that orchestrates complete security assessments using artificial intelligence security agents. Built as an open-source cybersecurity tool, it enables organizations to run professional-grade vulnerability assessments without manual intervention...

PT-2026-32335

Sourcecodester Online Reviewer System v1.0 is vulnerale to SQL Injection in the file /system/system/admins/assessments/examproper/exam-update.php...

CVE-2025-15381

A flaw was found in mlflow/mlflow. When the basic-auth application is enabled, tracing and assessment endpoints lack proper permission validation. This allows any authenticated user, even those without specific permissions on an experiment, to read sensitive trace information and create...

MLFlow allows Tracing + Assessments Access

In the latest version of mlflow/mlflow, when the basic-auth app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with NOPERMISSIONS on the experiment, to read trace information and create assessments for...

Exposure of Sensitive System Information to an Unauthorized Control Sphere

Overview Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere in the tracing and assessment endpoints. An attacker can access sensitive trace metadata and create unauthorized assessments by authenticating with any user...

GHSA-G6PG-52VF-843H MLFlow allows Tracing + Assessments Access

In the latest version of mlflow/mlflow, when the basic-auth app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with NOPERMISSIONS on the experiment, to read trace information and create assessments for...

CVE-2025-15381

In the latest version of mlflow/mlflow, when the basic-auth app is enabled, tracing and assessment endpoints are not protected by permission validators. This allows any authenticated user, including those with NOPERMISSIONS on the experiment, to read trace information and create assessments for...

websec-audit

🔐 websec-audit Professional Web Security Audit Framework...

Microsoft Graph Enterprise Intelligence Collector

This Metasploit auxiliary module interacts with the Microsoft Graph API to perform enterprise intelligence collection. It supports authentication using Azure AD application credentials or an existing access token and enables enumeration of Azure users, SharePoint sites, OneDrive files, and Exchan...

Microsoft Graph Cloud Intelligence Collector

The Microsoft Graph Cloud Intelligence Collector is a Metasploit Auxiliary module designed to interact with the Microsoft Graph API to gather information from Microsoft 365 and Microsoft Azure Active Directory environments. The module authenticates using the OAuth2 Client Credentials flow with a...

How to Maximize DDoS Readiness with Proactive Protection Strategies

Strengthen DDoS Readiness with proactive protection strategies, risk assessments, traffic monitoring, scalable defenses, and rapid response planning...

CVE-2026-2195

A vulnerability has been found in code-projects Online Reviewer System 1.0. This vulnerability affects unknown code of the file /system/system/admins/assessments/pretest/questions-view.php. The manipulation of the argument ID leads to sql injection. The attack is possible to be carried out...

CVE-2026-2223

A security vulnerability has been detected in code-projects Online Reviewer System 1.0. Affected by this issue is some unknown functionality of the file /system/system/students/assessments/pretest/take/index.php. The manipulation of the argument ID leads to sql injection. It is possible to initia...