Cyber Threat Hunting: Non-Parametric Mining of Attack Patterns from Cyber Threat Intelligence for Precise Threats Attribution

With the ever-changing landscape of cyber threats, identifying their origin has become paramount, surpassing the simple task of attack classification. Cyber threat attribution gives security analysts the insights they need to device effective threat mitigation strategies. Such strategies empower...

fimap

fimap is a Python tool designed to find, prepare, audit, exploit, and even automatically Google for local and remote file inclusion LFI/RFI bugs in web applications. It can identify and exploit file inclusion bugs, including include, includeonce, require, and requireonce functions. The tool has a...

CVE-2025-59046

The npm package interactive-git-checkout is an interactive command-line tool that allows users to checkout a git branch while it prompts for the branch name on the command-line. It is available as an npm package and can be installed via npm install -g interactive-git-checkout. Versions up to and...

Arbitrary Command Injection

Overview interactive-git-checkout is a CLI for simple branch switching Affected versions of this package are vulnerable to Arbitrary Command Injection due to using exec function without proper input validation or sanitization. An attacker can execute arbitrary system commands by supplying special...

GHSA-4WCM-7HJF-6XW5 interactive-git-checkout has a Command Injection vulnerability

The npm package interactive-git-checkout is an interactive command-line tool that allows users to checkout a git branch while it prompts for the branch name on the command-line. It is available as an npm package and can be installed via npm install -g interactive-git-checkout. Resources: Project'...

CVE-2025-59046

The CVE-2025-59046 entry concerns the npm package interactive-git-checkout. Affected versions (up to and including 1.1.4) are vulnerable because the code passes the user-provided branch name directly to git checkout via Node.js child_process.exec() without input validation or sanitization, enabli...

CVE-2025-59046 interactive-git-checkout has Command Injection vulnerability

The npm package interactive-git-checkout is an interactive command-line tool that allows users to checkout a git branch while it prompts for the branch name on the command-line. It is available as an npm package and can be installed via npm install -g interactive-git-checkout. Versions up to and...

interactive-git-checkout 命令注入漏洞

interactive-git-checkout is a branch switching software by the individual developer Nino Filiu. A command injection vulnerability exists in interactive-git-checkout 1.1.4 and earlier versions, which stems from a failure to validate input or clean up branch names, which could lead to a command...

A Decade-Long Landscape of Advanced Persistent Threats: Longitudinal Analysis and Global Trends

An advanced persistent threat APT refers to a covert, long-term cyberattack, typically conducted by state-sponsored actors, targeting critical sectors and often remaining undetected for long periods. In response, collective intelligence from around the globe collaborates to identify and trace...

Exploit for Improper Handling of Parameters in Fortinet Fortiweb

CVE-2025-52970 FortiWeb Authentication Bypass to Remote Code E...

Exploit for Path Traversal in Apache Http_Server

!bannerhttps://img.shields.io/badge/ApachePathTraversal-RCEC...

RCE-Foryou

RCE-Foryou Python tool for safely testing and exploiting RCE v...

SUSE-SU-2025:03037-1 Security update for git

This update for git fixes the following issues: Updated to 2.43.7 jscPED-13447: - CVE-2025-27613: Fixed arbitrary writable file creation and truncation in Gitk bsc1245938 - CVE-2025-27614: Fixed arbitrary script execution via repo clonation in Gitk bsc1245939 - CVE-2025-46835: Fixed arbitrary...

Wireshark Analyzer 4.4.9

Wireshark is a GTK+-based network protocol analyzer that lets you capture and interactively browse the contents of network frames. The goal of the project is to create a commercial-quality analyzer for Unix and Win32 and to give Wireshark features that are missing from closed-source sniffers. Thi...

graph-rag-poc

Graph RAG Pipeline - Proof of Concept A locally-executable Gr...

Picklescan has a missing detection when calling built-in python code.InteractiveInterpreter

Summary Using code.InteractiveInterpreter.runcode, which is a built-in python library function to execute remote pickle file. Details The attack payload executes in the following steps: First, the attacker craft the payload by calling to code.InteractiveInterpreter.runcode function in reduce meth...

Linux Distros Unpatched Vulnerability : CVE-2007-3719

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The process scheduler in the Linux kernel 2.6.16 gives preference to interactive processes that perform voluntary sleeps, which allows local users to cause a...

Malicious code in la-interactive-readerui (npm)

The package la-interactive-readerui was found to contain malicious code...

Malicious code in ivr (npm)

The package ivr was found to contain malicious code...

Malicious code in rinobot-plugin-interactive-heatmap (npm)

The package rinobot-plugin-interactive-heatmap was found to contain malicious code...