CVE-2026-45767

creationtimestamp| type| source ---|---|--- 2026-05-20 14:15:32+00:00| seen| https://bsky.app/profile/o2cloud.bsky.social/post/3mmc3qtiaud2c...

CVE-2026-40261 Composer has Command Injection via Malicious Perforce Reference

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

CVE-2026-40261

Composer is a dependency manager for PHP. Versions 1.0 through 2.2.26 and 2.3 through 2.9.5 contain a command injection vulnerability in the Perforce::syncCodeBase method, which appends the $sourceReference parameter to a shell command without proper escaping, and additionally in the...

Command Injection

Overview composer/composer is a Dependency Manager for PHP. Composer helps you declare, manage and install dependencies of PHP projects. It ensures you have the right stack everywhere. Affected versions of this package are vulnerable to Command Injection via the Perforce::syncCodeBase and...

Malicious Package

Overview cms-site-api-js-client is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this packag...

CVE-2026-5812

creationtimestamp| type| source ---|---|--- 2026-04-09 00:55:12+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mizlvzfkmx2z...

CVE-2026-28815

creationtimestamp| type| source ---|---|--- 2026-04-03 04:20:28+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3mikulke5wj2d 2026-04-03 15:23:03+00:00| seen| Telegram/DMrtbPbyVuvJyzUNlrr2TA99ljgvsTw1ZTHgoXyjyFD12Ec 2026-04-04 07:00:31+00:00| seen|...

melange 操作系统命令注入漏洞

Melange is a software developed by Chainguard for building APKs from source code. Versions of Melange prior to 0.40.3 contained a vulnerability related to operating system command injection. This vulnerability stemmed from improper escaping of variables in the working directory field, which could...

CVE-2025-46270

creationtimestamp| type| source ---|---|--- 2026-01-20 15:30:28+00:00| seen| https://infosec.place/objects/ae4f32d6-c695-46c5-a4c4-270bb8d7cfee...

Linux Distros Unpatched Vulnerability : CVE-2025-11233

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 Cygwin target x8664-pc-cygwin didn't correctly handle path separators, causing the standard library...

CVE-2025-11233

Starting from Rust 1.87.0 and before Rust 1.89.0, the tier 3 Cygwin target x8664-pc-cygwin didn't correctly handle path separators, causing the standard library's Path API to ignore path components separated by backslashes. Due to this, programs compiled for Cygwin that validate paths could...

GHSA-H4GH-QQ45-VH27 pyca/cryptography has a vulnerable OpenSSL included in cryptography wheels

pyca/cryptography's wheels include a statically linked copy of OpenSSL. The versions of OpenSSL included in cryptography 37.0.0-43.0.0 are vulnerable to a security issue. More details about the vulnerability itself can be found in https://openssl-library.org/news/secadv/20240903.txt. If you are...

Astra Linux – Vulnerability in Composer

Composer is a dependency manager for PHP. On the 2.x branch, prior to versions 2.2.24 and 2.7.7, the status, reinstall, and remove commands, when used with packages installed from sources via Git that contain specially crafted branch names in the repository, could allow for the execution of...

Caracal - Static Analyzer For Starknet Smart Contracts

Caracal is a static analyzer tool over the SIERRA representation for Starknet smart contracts. Features Detectors to detect vulnerable Cairo code Printers to report information Taint analysis Data flow analysis framework Easy to run in Scarb projects Installation Precompiled binaries Precompiled...

Cloudfox - Automating Situational Awareness For Cloud Penetration Tests

CloudFox helps you gain situational awareness in unfamiliar cloud environments. It’s an open source command line tool created to help penetration testers and other offensive security professionals find exploitable attack paths in cloud infrastructure. CloudFox helps you answer the following commo...

Git-Dumper - A Tool To Dump A Git Repository From A Website

A tool to dump a git repository from a website. Install This can be installed easily with pip: pip install git-dumper Usage usage: git-dumper options URL DIR Dump a git repository from a website. positional arguments: URL url DIR output directory optional arguments: -h, --help show this help...

Sigurlfind3R - A Reconnaissance Tool, It Fetches URLs From AlienVault's OTX, Common Crawl, URLScan, Github And The Wayback Machine

sigurlfind3r is a passive reconnaissance tool, it fetches known URLs from AlienVault's OTX , Common Crawl , URLScan , Github and the Wayback Machine. DiSCLAIMER: fetching urls from github is a bit slow. Usage sigurlfind3r -h This will display help for the tool. | |/ | | / / | |/ | | | | '| | || |...

Gowitness - A Golang, Web Screenshot Utility Using Chrome Headless

gowitness is a website screenshot utility written in Golang, that uses Chrome Headless to generate screenshots of web interfaces using the command line. Both Linux and macOS is supported, with Windows support 'partially working'. Inspiration for gowitness comes from Eyewitness. If you are looking...

SCShell - Fileless Lateral Movement Tool That Relies On ChangeServiceConfigA To Run Command

Fileless lateral movement tool that relies on ChangeServiceConfigA to run command. The beauty of this tool is that it doesn't perform authentication against SMB everything is performed over DCERPC. The utility can be used remotely WITHOUT registering a service or creating a service. It also doesn...

CVE-2019-0227

A Server Side Request Forgery SSRF vulnerability affected the Apache Axis 1.4 distribution that was last released in 2006. Security and bug commits commits continue in the projects Axis 1.x Subversion repository, legacy users are encouraged to build from source. The successor to Axis 1.x is Axis2...