2755 matches found
projeto-conexoes-seguras
Projeto Conexões Seguras Faculdade de Tecnologia SENAI Feli...
Brave Desktop 1.90.121 Security Fixes
Changed IPFS gateway usage from "ipfs.io" to "inbrowser.link" for IPFS domain resolution. - Fixed broken address bar layout for narrow window widths. - Updated body-sniffing to respect "Content-Disposition: attachment" in de-AMP as reported on HackerOne by newfunction. Upgraded Chromium to...
GHSA-RR73-568V-28F8 Grav Vulnerable to Administrative Account Disruption and Privilege De-escalation via User Overwrite Logic
Summary A business logic vulnerability in the Grav Admin Panel allows a low-privileged user with only user creation permissions to overwrite existing accounts, including the primary administrator. By creating a new user with a username that already exists, the system updates the existing account'...
osint-automation-engine
🛡️ OSINT Framework V6.1 !Bashhttps://img.shields.io/badge...
web-app-attacks-avengers
web-app-attacks-avengers Ataque a aplicación web: SQL Injectio...
vuln-scanner
🛡️ Vulnerability Scanner & Exploitation Framework Herramienta...
Unity Linux 20.1070a Security Update: kernel (UTSA-2026-013099)
"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013099 advisory. In the Linux kernel, the following vulnerability has been resolved: fs/proc: fix uaf in procreaddirde Pde is erased from subdir rbtree through rberase, but not set...
Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-011398)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-011398 advisory. In the Linux kernel, the following vulnerability has been resolved: nilfs2: fix OOB in nilfssetdetype The size of the nilfstypebymode array in the fs/nilfs2/dir.c fi...
CVE-2026-40286 WeGIA has Cross-Site Scripting in Controle de Contribuição
WeGIA is a web manager for charitable institutions. In versions prior to 3.6.10, a Stored Cross-Site Scripting XSS vulnerability was identified in the 'Member Registration' Cadastrar Sócio function. By injecting a payload into the 'Member Name' Nome Sócio field, the script is persistently stored ...
CVE-2026-40286
Summary: CVE-2026-40286 affects WeGIA, a web manager for charitable institutions. In versions before 3.6.10, a Stored XSS vulnerability exists in the Subject/Member Registration workflow. An attacker can inject a payload into the Member Name field, which is persistently stored in the database and...
SQLi
Blind SQLi - Status Code & Time Based Herramienta de Blind SQ...
WordPress Gerador de Certificados - DevApps plugin <= 1.3.6 - Authenticated (Administrator+) Arbitrary File Upload vulnerability
WordPress Gerador de Certificados - DevApps plugin = 1.3.6 - Authenticated Administrator+ Arbitrary File Upload vulnerability discovered by Legion Hunter in WordPress Plugin Gerador de Certificados – DevApps versions = 1.3.6...
vulnerability-payload-atlas
🚩 Atlas de Vulnerabilidades & Payloads 📖 Sobre o Repositório Est...
Exploit_SPIP_-CTF-
ExploitS...
Exploit for Classic Buffer Overflow in Freefloat Freefloat_Ftp_Server
Análisis de la vulnerabilidad CVE-2025-5548 Este repositorio...
poc-opencode-dev-agents
opencode-dev-agents Agentes AI y comandos personalizados pa...
kernel: Linux kernel: Use-after-free in proc_readdir_de() can lead to privilege escalation or denial of service.
A flaw was found in the Linux kernel. This use-after-free UAF vulnerability occurs in the procreaddirde function within the /proc filesystem. A local attacker with low privileges can exploit this by concurrently traversing specific directories while network devices are unregistered. This can lead...
langextract-poc
LangExtract POC - Arquitectura Hexagonal Sistema de extracció...
Exploits
Exploits Educativos Repositorio orientado al aprendizaje pr...
CVE-2026-26048
The Wi-Fi router is vulnerable to de-authentication attacks due to the absence of management frame protection, allowing forged deauthentication and disassociation frames to be broadcast without authentication or encryption. An attacker can use this to cause unauthorized disruptions and create a...