kiro-cybersecurity-skills

CyberSecurity Skills A collection of 15 security workflows co...

CVE-2026-42866

Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's writetxt, writecsv, writejson, and commented-but-shipping scanfile helpers open their output as openf"user.", where user comes unsanitized from the -u CLI flag or any line of a -U usernames file. A userna...

CVE-2026-42158

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, an adversary with knowledge of an investigation ID, could update the metadata of an investigation of another user. This vulnerability is fixed in 1.2.3...

PT-2026-40948

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised...

EUVD-2026-29873

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Prior to 1.2.3, a remote attacker can create a node with a malicious type that can escape an existing Cypher query and an adversary can execute an arbitrary Cypher...

CVE-2026-44352

Flowsint, an open-source OSINT graph exploration tool, has a Broken Access Control vulnerability prior to version 1.2.3 that allows reading of sketch logs by any user. The issue is fixed in 1.2.3. Available records (CVE-2026-44352) cite a base score of 5.3 (Medium) with network access and low att...

PT-2026-40470

Name of the Vulnerable Software and Affected Versions Flowsint versions prior to 1.2.3 Description Broken Access Control allows unauthorized reading of sketch logs from any user. This issue affects an open-source OSINT graph exploration tool used for cybersecurity investigation, transparency, and...

CVE-2026-42866

Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's writetxt, writecsv, writejson, and commented-but-shipping scanfile helpers open their output as openf"user.", where user comes unsanitized from the -u CLI flag or any line of a -U usernames file. A userna...

CVE-2026-42866 Tookie: Arbitrary file write via path traversal in -u username / -U userfile output filename

Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's writetxt, writecsv, writejson, and commented-but-shipping scanfile helpers open their output as openf"user.", where user comes unsanitized from the -u CLI flag or any line of a -U usernames file. A userna...

EUVD-2026-29183

Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's writetxt, writecsv, writejson, and commented-but-shipping scanfile helpers open their output as openf"user.", where user comes unsanitized from the -u CLI flag or any line of a -U usernames file. A userna...

CVE-2026-42866 Tookie: Arbitrary file write via path traversal in -u username / -U userfile output filename

Tookie is a advanced OSINT information gathering tool. Prior to 4.1fix, modules/modules.py's writetxt, writecsv, writejson, and commented-but-shipping scanfile helpers open their output as openf"user.", where user comes unsanitized from the -u CLI flag or any line of a -U usernames file. A userna...

CVE-2026-42866

Tookie OSINT prior to version 4.1fix is vulnerable to path traversal when producing output files. In modules/modules.py (functions write_txt, write_csv, write_json, and the shipped but commented scan_file), the output filename is formed as open(f"{user}."), where user is unsanitized from -u or -U...

Tookie-OSINT 路径遍历漏洞

Tookie-OSINT is a cross-platform username discovery tool developed by Alfredredbird. Versions prior to Tookie-OSINT 4.1fix contained a path traversal vulnerability. This vulnerability stemmed from the use of user-input directly as file names in the auxiliary functions writetxt, writecsv, writejso...

ethical-hacking-portfolio

Ethical Hacking Portfolio - CS4069 | Spring 2026 Course:...

clan-nxt-toolkit

🔴 CLAN NXT Toolkit ██████╗██╗ █████╗ ███╗ ██╗...

EUVD-2026-23946

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised of nodes and...

CVE-2026-32311

Flowsint is an open-source OSINT graph exploration tool designed for cybersecurity investigation, transparency, and verification. Flowsint allows a user to create investigations, which are used to manage sketches and analyses. Sketches have controllable graphs, which are comprised of nodes and...

LROO Rug Pull Detector: A Leakage-Resistant Framework Based on On-Chain and OSINT Signals

Smart contract-based ecosystems enable decentralized applications without trusted intermediaries, but their immutability and permissionless design also facilitate large-scale fraud. One of the most prevalent attacks is the rug pull, where project operators abruptly withdraw liquidity after...

ARGUS

ARGUS - All-seeing Recon & General Unified Security...

Djena_Bertrand

Description This the writeup on the challenges we solved duri...