MAL-2026-4626 Malicious code in omnius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2aceac0879b587bc711c3f156bf0de4bab90f3774816a6cbeb36a2cf9bb03e12 The package's postinstall lifecycle hook launches dist/postinstall-daemon.cjs, which combines childprocess.execSync, os.userInfo, filesystem probes,...

Malicious code in omnius (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 2aceac0879b587bc711c3f156bf0de4bab90f3774816a6cbeb36a2cf9bb03e12 The package's postinstall lifecycle hook launches dist/postinstall-daemon.cjs, which combines childprocess.execSync, os.userInfo, filesystem probes,...

CVE-2026-40348 Movary has Authenticated SSRF via Jellyfin Server URL Verification that Allows Internal Network Probing

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can trigger server-side requests to arbitrary internal targets through POST /settings/jellyfin/server-url-verify. The endpoint accepts a user-controlled URL, appends...

PT-2026-33540

Movary is a self hosted web app to track and rate a user's watched movies. Prior to version 0.71.1, an ordinary authenticated user can trigger server-side requests to arbitrary internal targets through POST /settings/jellyfin/server-url-verify. The endpoint accepts a user-controlled URL, appends...

pentest-with-LLM

🛡️ pentest-with-LLM - Run Guided Security Testing !Download...

CVE-2026-31974

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, OpenProject SMTP test endpoint POST /admin/settings/mailnotifications accepts arbitrary host and port values and exhibits measurable differences in response behaviour depending on whether the target IP exists a...

CVE-2026-31974

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, OpenProject SMTP test endpoint POST /admin/settings/mailnotifications accepts arbitrary host and port values and exhibits measurable differences in response behaviour depending on whether the target IP exists a...

CVE-2026-31974

OpenProject prior to 17.2.0 is affected by an SSRF vulnerability via the SMTP test endpoint (POST /admin/settings/mail_notifications) and via webhooks, where arbitrary host/port values enable timing and error differences to map internal hosts and reachable services/ports. Root cause: improper han...

smb-exp-scanner

Routes Discovery Script Discovering vulnerabilities within a...

DEM-Bravo

DEM — Docker Exploit Mapper Welcome to DEM, a fully cont...

ThreatExploiter

🔴 ThreatExploiter Automated Network Penetration Testing & E...

Docker-Exploit-Mapper

DEM — Docker Exploit Mapper Welcome to DEM, a fully con...

sparta

This is a network infrastructure penetration testing tool called SPARTA. It is a Python GUI application that simplifies the scanning and enumeration phase of penetration testing by providing point-and-click access to various tools and displaying all tool output in a convenient way. The tool...

Microsoft Windows SMB Direct Session Takeover Exploit

This Metasploit module will intercept direct SMB authentication requests to another host, gaining access to an authenticated SMB session if successful. If the connecting user is an administrator and network logins are allowed to the target machine, this module will execute an arbitrary payload. T...

Netenum - A Tool To Passively Discover Active Hosts On A Network

Network reconnaisance tool that sniffs for active hosts Introduction Netenum passively monitors the ARP traffic on the network. It extracts basic data about each active host, such as IP address, MAC address and manufacturer. The main objective of this tool is to find active machines without...

Astsu - A Network Scanner Tool

How it works Scan common ports Send a TCP Syn packet to the destination on the defined port, if the port is open, use an nmap scan to check the service running on the port and prints all the ports found. Discover hosts in network Uses as a base the router's ip to map all possible ips. It then sen...

NetAss2 - Network Assessment Assistance Framework

Easier network scanning with NetAss2 Network Assessment Assistance Framework. Make it easy for Pentester to do penetration testing on network. Dependencies nmap tool zmap tool Installation git clone https://github.com/zerobyte-id/NetAss2.git cd NetAss2 sudo chmod +x install.bash sudo ./install.ba...

Goscan - Interactive Network Scanner

GoScan is an interactive network scanner client, featuring auto-completion, which provides abstraction and automation over nmap. Although it started as a small side-project I developed in order to learn @golang, GoScan can now be used to perform host discovery, port scanning, and service...

Goscan - Interactive Network Scanner

GoScan is an interactive network scanner client, featuring auto-completion, which provides abstraction and automation over nmap. Although it started as a small side-project I developed in order to learn @golang, GoScan can now be used to perform host discovery, port scanning, and service...

fw-host-discovery (>=1.0.0 <=1.0.5) potentially affected by CVE-2018-16461 via libnmap (=0.2.33)

libnmap NPM version =0.2.33 is affected by a known vulnerability. The following packages have a transitive dependency on libnmap and may be impacted: - fw-host-discovery =1.0.0, =1.0.5 Source cves: CVE-2018-16461 Source advisory: OSV:GHSA-7G2W-6R25-2J7P...