pentest-with-LLM

🛡️ pentest-with-LLM - Run Guided Security Testing !Download...

MCPThreatHive: Automated Threat Intelligence for Model Context Protocol Ecosystems

The rapid proliferation of Model Context Protocol MCP-based agentic systems has introduced a new category of security threats that existing frameworks are inadequately equipped to address. We present MCPThreatHive, an open-source platform that automates the end-to-end lifecycle of MCP threat...

GROWI 安全漏洞

GROWI is an enterprise-level open-source knowledge base/Wiki system built using Node.js and React by GROWI Inc. GROWI versions 7.4.6 and earlier have a security vulnerability that stems from a storage-side cross-site scripting attack, which could allow arbitrary scripts to be executed in the user...

2026-04 .NET 10.0.6 Security Update for ARM64 Client (KB5086095)

2026-04 .NET 10.0.6 Security Update for ARM64 Client KB5086095...

2026-04 .NET 9.0.15 Security Update for x86 Client (KB5086097)

2026-04 .NET 9.0.15 Security Update for x86 Client KB5086097...

2026-04 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809 (KB5084066)

2026-04 Cumulative Update for .NET Framework 3.5, 4.7.2 and 4.8 for Windows 10 Version 1809 KB5084066...

2026-04 Dynamic Cumulative Update for Windows 10 Version 21H2 for x64-based Systems (KB5082200)

2026-04 Dynamic Cumulative Update for Windows 10 Version 21H2 for x64-based Systems KB5082200...

2026-04 Cumulative Update for Windows 10 Version 1809 for x86-based Systems (KB5082123)

2026-04 Cumulative Update for Windows 10 Version 1809 for x86-based Systems KB5082123...

2026-04 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 for x64 (KB5084070)

2026-04 Security and Quality Rollup for .NET Framework 3.5, 4.6.2, 4.7, 4.7.1, 4.7.2, 4.8 for Windows Server 2012 R2 for x64 KB5084070...

2026-04 Cumulative Update for Windows 10 Version 1607 for x86-based Systems (KB5082198)

2026-04 Cumulative Update for Windows 10 Version 1607 for x86-based Systems KB5082198...

2026-04 .NET 9.0.15 Security Update for x64 Client (KB5086097)

2026-04 .NET 9.0.15 Security Update for x64 Client KB5086097...

2026-04 .NET 10.0.6 Security Update for x64 Server (KB5086095)

2026-04 .NET 10.0.6 Security Update for x64 Server KB5086095...

CVE-2026-33892

A vulnerability has been identified in Industrial Edge Management Pro V1 All versions = V1.7.6 = V2.0.0 = V2.2.0 V2.8.0. Affected management systems do not properly enforce user authentication on remote connections to devices. This could facilitate an unauthenticated remote attacker to circumvent...

EUVD-2026-22242

A vulnerability has been identified in Industrial Edge Management Pro V1 All versions = V1.7.6 = V2.0.0 = V2.2.0 V2.8.0. Affected management systems do not properly enforce user authentication on remote connections to devices. This could facilitate an unauthenticated remote attacker to circumvent...

CVE-2026-33710

Chamilo LMS is a learning management system. Prior to 1.11.38 and 2.0.0-RC.3, REST API keys are generated using md5time + userid 5 - rand10000, 10000. The rand10000, 10000 call always returns exactly 10000 min == max, making the formula effectively md5timestamp + userid5 - 10000. An attacker who...

CVE-2026-6106

A vulnerability was detected in 1Panel-dev MaxKB up to 2.2.1. This vulnerability affects the function StaticHeadersMiddleware of the file apps/common/middleware/staticheadersmiddleware.py of the component Public Chat Interface. The manipulation of the argument Name results in cross site scripting...

Beyond RAG for Cyber Threat Intelligence: A Systematic Evaluation of Graph-Based and Agentic Retrieval

Cyber threat intelligence CTI analysts must answer complex questions over large collections of narrative security reports. Retrieval-augmented generation RAG systems help language models access external knowledge, but traditional vector retrieval often struggles with queries that require reasonin...

CVE-2026-5724

The frontend gRPC server's streaming interceptor chain did not include the authorization interceptor. When a ClaimMapper and Authorizer are configured, unary RPCs enforce authentication and authorization, but the streaming AdminService/StreamWorkflowReplicationMessages endpoint accepted requests...

Chamilo LMS 安全特征问题漏洞

Chamilo LMS is an open-source online learning and collaboration system developed by Chamilo. This system supports the creation of teaching content, remote training, and online quizzes. Versions of Chamilo LMS prior to 1.11.38 and 2.0.0-RC.3 contained security vulnerabilities. These vulnerabilitie...

Securing Retrieval-Augmented Generation: A Taxonomy of Attacks, Defenses, and Future Directions

Retrieval-augmented generation RAG significantly enhances large language models LLMs but introduces novel security risks through external knowledge access. While existing studies cover various RAG vulnerabilities, they often conflate inherent LLM risks with those specifically introduced by RAG. I...