Beyond the Zero-Day: See Your Network Like an Attacker | Webinar with HD Moore

Assume the breach. Zero-days keep shipping, AI is writing exploits faster than anyone patches, and "patch everything in time" stopped working years ago. Stop betting the org on winning that race. You don't control which bug lands. You control what it can reach once it does. That is a question abo...

EUVD-2026-33260

A flaw was found in the Quay config-tool's LDAP and SMTP validation functions. An attacker with config editor access can exploit these functions, which make outbound connections to user-supplied endpoints without proper IP or host filtering. This allows the attacker to perform internal network...

Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

CVE-2023-27163 — request-baskets SSRF Exploit I wrote this ex...

CVE-2025-55276 HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability

HCL Aftermarket DPC is affected by Internal IP Disclosure vulnerability will give attackers a clearer map of the organization’s network layout...

CVE-2025-55276

CVE-2025-55276 concerns HCL Aftermarket DPC and an Internal IP Disclosure issue. Public documents describe an ability for an attacker to obtain a clearer map of an organization’s network layout, potentially aiding further attacks. NVD lists CVSS v3.1 base score 5.3 (Network vector, Low confidenti...

EUVD-2026-12762

A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing certain client configuration requests. This behavior allows an attacker to trick the server into making unintended requests to internal or restricted resources...

CVE-2026-4366

CVE-2026-4366 affects Keycloak, where improper handling of HTTP redirects during specific client configuration requests allows an attacker to induce the server to reach internal/restricted resources. The impact described is potential information disclosure and the ability to map internal network ...

CVE-2026-4366 Keycloak-services: blind server-side request forgery (ssrf) via http redirect handling in keycloak

A flaw was identified in Keycloak, an identity and access management solution, where it improperly follows HTTP redirects when processing certain client configuration requests. This behavior allows an attacker to trick the server into making unintended requests to internal or restricted resources...

Keycloak 代码问题漏洞

Keycloak is an open-source identity and access management solution developed by Keycloak itself. Keycloak has code-related vulnerabilities; these vulnerabilities stem from improper handling of client configuration requests through HTTP redirection, which may lead to information leaks and internal...

CVE-2026-31974

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, OpenProject SMTP test endpoint POST /admin/settings/mailnotifications accepts arbitrary host and port values and exhibits measurable differences in response behaviour depending on whether the target IP exists a...

CVE-2026-31974 Blind SSRF on OpenProject instance via webhooks

OpenProject is an open-source, web-based project management software. Prior to 17.2.0, OpenProject SMTP test endpoint POST /admin/settings/mailnotifications accepts arbitrary host and port values and exhibits measurable differences in response behaviour depending on whether the target IP exists a...

EUVD-2026-9317

A vulnerability was detected in PhialsBasement nmap-mcp-server up to bee6d23547d57ae02460022f7c78ac0893092e38. Affected by this issue is the function childprocess.exec of the file src/index.ts of the component Nmap CLI Command Handler. The manipulation results in command injection. The attack may...

Exploit for CVE-2023-12345

Shadow-Scan - Advanced Security Audit Framework 🔥 Overview...

EUVD-2024-29838

Malicious code in bioql PyPI...

CVE-2024-31991

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safescrapehtml function utilizes a user-controlled URL to issue a request to a remote server. Based on the content of the response, it will either parse the content or disregard it. This function, nor those that call it,...

Charting the Uncharted: the Landscape of Monero Peer-To-Peer Network

The Monero blockchain enables anonymous transactions through advanced cryptography in its peer-to-peer network, which underpins decentralization, security, and trustless interactions. However, privacy measures obscure peer connections, complicating network analysis. This study proposes a method t...

CRYSTALRAY Hackers Infect Over 1,500 Victims Using Network Mapping Tool

A threat actor that was previously observed using an open-source network mapping tool has greatly expanded their operations to infect over 1,500 victims. Sysdig, which is tracking the cluster under the name CRYSTALRAY, said the activities have witnessed a tenfold surge, adding it includes "mass...

CVE-2024-31991 Mealie vulnerable to a GET-based SSRF in recipe importer (GHSL-2023-225)

Mealie is a self hosted recipe manager and meal planner. Prior to 1.4.0, the safescrapehtml function utilizes a user-controlled URL to issue a request to a remote server. Based on the content of the response, it will either parse the content or disregard it. This function, nor those that call it,...

Nextcloud: Mail app - Blind SSRF via Sierve server fonctionnality and sieveHost parameter

A blind SSRF vulnerability was discovered in the Nextcloud Mail application, allowing an attacker to map the server and internal network by sending a crafted request to an unexpected destination. The vulnerability was found in the sieveHost parameter when adding a filter via a sieve filter server...

Arsenal - Recon Tool installer

Arsenal is a Simple shell script Bash used to install the most important tools and requirements for your environment and save time in installing all these tools. Tools in Arsenal Name | description ---|--- Amass | The OWASP Amass Project performs network mapping of attack surfaces and external...