awesome-exploit-development

This is a curated list of resources for learning about exploit development, not an exploit itself. It is a collection of books, tutorials, courses, tools, and vulnerable applications for learning about exploit development. The resources include books such as "Hacking - The art of exploitation" an...

Beebeeto-framework

This is a Python framework for building and executing proof-of-concept POC exploits, specifically targeting the HttpFileServer HFS vulnerability. The framework is called Beebeeto and is maintained by the n0tr00t security team. The framework provides a set of tools and libraries for creating and...

scripts

This repository contains a collection of scripts written by AverageSecurityGuy for use in penetration testing engagements. The scripts are categorized into various folders, each containing a specific type of script, such as password brute forcing, cloud interaction, database testing, enumeration,...

pwntools

This is a CTF Capture The Flag framework and exploit development library. It is written in Python and provides a set of tools for developing and executing exploits. The library is designed to be extensible and customizable, allowing users to easily add new functionality and plugins. The library i...

pwntools

This is a CTF Capture The Flag framework and exploit development library. It is a Python library that provides a set of tools for developing exploits and performing penetration testing. The library is designed to be extensible and customizable, allowing users to easily add new features and plugin...

pwntools

This is a CTF framework and exploit development library. It is a Python library for exploit development and reverse engineering. The library provides a set of tools for creating and executing exploits, as well as for analyzing and debugging binary files. The library is designed to be extensible a...

peda

This repository is an offensive tool for exploit development. It is a Python Exploit Development Assistance for GDB PED A, which is a script that helps speed up the exploit development process on Linux/Unix. The tool is designed to work with GDB 7.x and Python 2.6+. The tool has various features,...

wazuh

This repository is an issue template for Wazuh, a free and open-source platform for threat prevention, detection, and response. The repository contains various templates for reporting bugs, making feature requests, and testing integration and component tests. The templates are organized by...

kernel-devel-6.16.6-1.1 on GA media (moderate)

kernel-devel-6.16.6-1.1 on GA media Announcement ID: openSUSE-SU-2025:15544-1 Rating: moderate Cross-References: CVE-2024-53093 CVE-2025-38216 CVSS scores: CVE-2024-53093 SUSE : 5.5 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H CVE-2025-38216 SUSE : 3.3 CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L...

OPENSUSE-SU-2025:15544-1 kernel-devel-6.16.6-1.1 on GA media

These are all security issues fixed in the kernel-devel-6.16.6-1.1 package on the GA media of openSUSE Tumbleweed...

ROS-20250911-02

Vulnerability of the rterawcksummbuf function of the vhost library of the DPDK suite of libraries and drivers for fast packet processing is related to the operation exceeding the memory buffer boundary while processing the len parameter. DPDK packet processing is related to the operation exceedin...

ExploitNotes

It is an offline collection of notes and examples for exploit...

The Time-Saving Guide for Service Providers: Automating vCISO and Compliance Services

Introduction Managed service providers MSPs and managed security service providers MSSPs are under increasing pressure to deliver strong cybersecurity outcomes in a landscape marked by rising threats and evolving compliance requirements. At the same time, clients want better protection without...

Linux Distros Unpatched Vulnerability : CVE-2024-37676

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in htop-dev htop v.2.20 allows a local attacker to cause an out-of-bounds access in the HeaderpopulateFromSettings function. CVE-2024-37676 Note that...

NVIDIA Networking Bluefield, ConnectX and Mellanox DPDK - September 2025 - Lenovo Support US

No description provided...

Establishing a Baseline of Software Supply Chain Security Task Adoption by Software Organizations

Software supply chain attacks have increased exponentially since 2020. The primary attack vectors for supply chain attacks are through: 1 software components; 2 the build infrastructure; and 3 humans a.k.a software practitioners. Software supply chain risk management frameworks provide a list of...

You Didn't Get Phished — You Onboarded the Attacker

When Attackers Get Hired: Today's New Identity Crisis What if the star engineer you just hired isn't actually an employee, but an attacker in disguise? This isn't phishing; it's infiltration by onboarding. Meet "Jordan from Colorado," who has a strong resume, convincing references, a clean...

Vite 访问控制错误漏洞

Vite is a new front-end build tool from Vite Open Source. An access control error vulnerability exists in Vite versions prior to 7.1.5, prior to 7.0.7, prior to 6.3.6, and prior to 5.4.20, which stems from explicitly exposing the Vite development server to the network resulting in arbitrary HTML...

OPENSUSE-SU-2025:15533-1 kernel-devel-6.16.5-1.1 on GA media

These are all security issues fixed in the kernel-devel-6.16.5-1.1 package on the GA media of openSUSE Tumbleweed...

ROS-20250908-05

A vulnerability in Oracle GraalVM Enterprise Edition virtual machines, Oracle GraalVM for JDK and Oracle Java SE software platform is related to incorrect input data validation in the 2D component of Oracle GraalVM. Oracle Java SE platform is related to incorrect input data validation in...