18 matches found
GRC-demo-poc-oscal
GRC-OSCAL — continuous compliance, demonstrated A working pro...
EUVD-2026-4740
gmrtd is a Go library for reading Machine Readable Travel Documents MRTDs. Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile can consume an extended TLV with lengths well...
CVE-2026-24738 gmrtd ReadFile Vulnerable to Denial of Service via Excessive TLV Length Values
gmrtd is a Go library for reading Machine Readable Travel Documents MRTDs. Prior to version 0.17.2, ReadFile accepts TLVs with lengths that can range up to 4GB, which can cause unconstrained resource consumption in both memory and cpu cycles. ReadFile can consume an extended TLV with lengths well...
Toward greater transparency: Introducing machine-readable Vulnerability Exploitability Xchange (VEX) for Azure Linux and beyond
Microsoft is now publishing standard attestations about third-party CVEs through the Vulnerability Exploitability eXchange VEX standard including vulnerabilities in embedded open-source software in Microsoft products and services and starting with the Azure Linux Distribution formerly CBL-Mariner...
CISA: 2025 Minimum Elements for a Software Bill of Materials (SBOM)
CISA is requesting public comment on its updated guidance on Software Bill of Materials SBOM to reflect the current state of maturity in software transparency and supply chain security. Building on the 2021 NTIA SBOM Minimum Elements, this update aims to help agencies and organizations to manage...
Toward greater transparency: Publishing machine-readable CSAF files
Welcome to the third installment in our series on transparency at the Microsoft Security Response Center MSRC. In this ongoing discussion, we talk about our commitment to providing comprehensive vulnerability information to our customers. At MSRC, our mission is to protect our customers,...
Structured logging in Spring Boot 3.4
Logging is a long established part of troubleshooting applications and one of the three pillars of observability, next to metrics and traces. No one likes flying blind in production, and when incidents happen, developers are happy to have log files. Logs are often written out in a human-readable...
HardeningMeter - Open-Source Python Tool Carefully Designed To Comprehensively Assess The Security Hardening Of Binaries And Systems
HardeningMeter is an open-source Python tool carefully designed to comprehensively assess the security hardening of binaries and systems. Its robust capabilities include thorough checks of various binary exploitation protection mechanisms, including Stack Canary, RELRO, randomizations ASLR, PIC,...
Moderate: Red Hat Security Advisory: RHUI 4.5.0 release - Security, Bug Fixes, and Enhancements
An updated version of Red Hat Update Infrastructure RHUI is now available. RHUI 4.5 fixes several security and operational bugs and also adds several new features. Red Hat Update Infrastructure RHUI offers a highly scalable, highly redundant framework that enables you to manage repositories and...
AiCEF - An AI-assisted cyber exercise content generation framework using named entity recognition
AiCEF is a tool implementing the accompanying framework 1 in order to harness the intelligence that is available from online resources, as well as threat groups' activities, arsenal eg. MITRE, to create relevant and timely cybersecurity exercise content. This way, we abstract the events from the...
[SECURITY] Fedora 36 Update: butane-0.15.0-2.fc36
Butane translates human-readable Butane Configs into machine-readable Ignition configs for provisioning operating systems that use Ignition...
Socid-Extractor - Extract Accounts Info From Personal Pages On Various Sites For OSINT Purpose
Extract information about a user from profile webpages / API responses and save it in machine-readable format. Usage As a command-line tool: $ socidextractor --url https://www.deviantart.com/muse1908 country: France createdat: 2005-06-16 18:17:41 gender: female username: Muse1908 website:...
Krane - Kubernetes RBAC Static Analysis And Visualisation Tool
Krane is a simple Kubernetes RBAC static analysis tool. It identifies potential security risks in K8s RBAC design and makes suggestions on how to mitigate them. Krane dashboard presents current RBAC security posture and lets you navigate through its definition. Features RBAC Risk rules - Krane...
Open Distributed Threat Intelligence: Yeti
Yeti is a platform meant to organize observables, indicators of compromise, TTPs, and knowledge on threats in a single, unified repository. Yeti will also automatically enrich observables e.g. resolve domains, geolocate IPs so that you don’t have to. Yeti provides an interface for humans shiny...
explo - Human And Machine Readable Web Vulnerability Testing Format
explo is a simple tool to describe web security issues in a human and machine readable format. By defining a request/condition workflow, explo is able to exploit security issues without the need of writing a script. This allows to share complex vulnerabilities in a simple readable and executable...
SSH Combined Host Command Logging (Plugin Debugging)
If plugin debugging is enabled, this plugin writes the SSH commands run on the host to a combined log file in a machine readable format. This log file resides on the scanner host itself. TRUSTED...
New Oil and Natural Gas ONG-ISAC Launches
Energy utilities certainly have not been spared by hackers who for years have targeted vulnerabilities in process control systems and networks with alarming success. In a move to close the gap and keep that corner of the U.S.’ critical infrastructure secure, a new information sharing group popped...
Microsoft Adopts CVRF Format for Security Bulletins
Since the beginning of recorded time, security researchers, software vendors and hackers have been issuing security advisories in all kinds of nutty formats. Some feature excellent ASCII art, some have clever inside jokes and some come from Microsoft. Now, there’s a effort underway, called the...