584 matches found
Astra Linux – Vulnerability in Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: HID: intel-ish-hid: Fixed a NULLptrderef issue in ishtpbusremoveallclients. During a warm reset process, the cl-device pointer may become NULL if the reset occurs while clients are still being enumerated. Accessing...
Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12
In the Linux kernel, the following vulnerability has been resolved: fs/buffer: An alert is added in trytofreebuffers for folios without buffers. trytofreebuffers can be called on folios with no buffers attached when filemapreleasefolio is invoked on a folio that belongs to a mapping, and...
GHSA-WFPW-MMFH-QQ69 Nokogiri: Possible Use-After-Free in XInclude Processing
Summary XInclude substitution performed by Nokogiri::XML::Nodedoxinclude replaced each in place, freeing the include node along with its children such as and its descendants and any namespaces declared on them. If an application had already exposed one of those nodes or namespaces to Ruby, the...
AzeoTech DAQFactory (Update A)
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow an attacker to upload malicious .ctl files that may lead to arbitrary code execution. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of these vulnerabilities...
Exploit for UNIX Symbolic Link Following in Litespeedtech Litespeed_Cpanel_Plugin
CVE-2026-54420 Mitigation Toolkit !Licensehttps://img.shie...
Exploit for Unchecked Input for Loop Condition in Isc Bind
CVE-2026-5950 - BIND 9 Resolver DoS Research notes and defens...
kiro-cybersecurity-skills
CyberSecurity Skills A collection of 15 security workflows co...
Palo Alto GlobalProtect TLS Posture Scanner
This Metasploit auxiliary module is structured as a defensive assessment tool focused on TLS posture analysis and service identification for GlobalProtect deployments...
Exploit for Use After Free in Linux Linux_Kernel
CVE-2026-23111 nftables LPE: exposure check and safe lab Def...
Malicious code in getd-eslint-rules (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 17328047b2ec8dce82cfbdfd5b16c8f862d51dca26b02c9801587c220a48975a On npm install, postinstall.js collects host identifiers os.hostname, os.userInfo username, os.platform, current working directory, CI environment...
Malicious code in getd-typescript-eslint-rules (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector caed4b0db34232c4ef920817b6087cee9ac0610ec4ec2e49edbb5f167342f42f On npm install, the postinstall.js script collects the installer's hostname, OS username, platform, current working directory, CI environment markers...
MAL-2026-5470 Malicious code in getd-typescript-eslint-rules (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector caed4b0db34232c4ef920817b6087cee9ac0610ec4ec2e49edbb5f167342f42f On npm install, the postinstall.js script collects the installer's hostname, OS username, platform, current working directory, CI environment markers...
📄 Python-Multipart Path Traversal
This code bundle contains two separate components related to the path traversal vulnerability affecting Python-Multipart versions prior to 0.0.22. ================================================================================================================================== | Title :...
ProjeQtor 12.4.3 SQL Injection Validator for Login Endpoints
This Python script is a defensive validation tool designed to identify potential SQL injection indicators in login functionality without modifying database contents or attempting exploitation...
NAVTOR NavBox
ADVISORY SUMMARY Successful exploitation of this vulnerability could allow a local attacker to gain unauthorized access to SOAP methods, resulting in a disruption of operations. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this...
Next.js Concurrent Version Exposure / Vulnerability Audit Tool
This Python script is a lightweight defensive auditing utility designed to identify websites running Next.js and determine whether their detected version falls within predefined potentially vulnerable version ranges...
MCPJam Inspector 1.4.2 Defensive API Security Assessment Tool
This Python-based defensive auditing tool evaluates the exposure and security posture of MCP-related API endpoints in a controlled and authorized environment. It is designed to assist security teams in identifying insecure API configurations, exposed execution interfaces, and potential operationa...
Exploit for Out-of-bounds Write in Linux Linux_Kernel
Fragnesia CVE-2026-46300 - Defensive Study Toolkit A self-c...
CVE-2026-44740 go-billy: Lack of depth and cycle detection in symlink resolution may lead to infinite loops and resource exhaustion
Billy is an interface filesystem abstraction for Go. Prior to versions 5.9.0 and 6.0.0-alpha.1, multiple components may improperly handle crafted or malformed input, resulting in panics, infinite loops, uncontrolled recursion, or excessive resource consumption. These issues arise from insufficien...
Exploit for CVE-2025-66478
CVE-2025-66478-Research-Proof-of-Concept Overview This re...