28 matches found
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
CVE-2026-31431 Copy Fail A pre-compiled exploit for CVE-2026-...
Anthropic Agent Skills Support in Spring AI
In this blog, we show how using Spring AI, we can integrate with Anthropic's Native Skills API for Cloud-Based Document Generation and Custom Skills. Spring AI adds support for Anthropic's Agent Skills — modular capabilities that let Claude generate actual files rather than text descriptions. Wit...
CVE-2024-11436 Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! <= 1.4.19 - Reflected Cross-Site Scripting
The Drag & Drop Builder, Human Face Detector, Pre-built Templates, Spam Protection, User Email Notifications & more! plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 1.4.19 due to insufficient input sanitization an...
How to Set up an Automated SMS Analysis Service with AI in Tines
The opportunities to use AI in workflow automation are many and varied, but one of the simplest ways to use AI to save time and enhance your organization's security posture is by building an automated SMS analysis service. Workflow automation platform Tines provides a good example of how to do it...
Unveiling Nebula's Report 2.0: A new approach to security reporting
We're excited to announce Report 2.0, a major upgrade to our report system in Nebula. Report 2.0 is not just a cosmetic touch up--it's a completely revamped security reporting solution designed to cater to your diverse business requirements, allowing for a more dynamic, data-driven approach to IT...
GHSA-7CGC-FJV4-52X6 Malware in pre-build binaries of bignum
Impact bignum releases from v0.12.2 to v0.13.0 inclusive used node-pre-gyp to optionally download pre-built binary versions of the addon. These binaries were published on a now-expired S3 bucket which has since been claimed by a malicious third party which is now serving binaries containing malwa...
HTTPLoot - An Automated Tool Which Can Simultaneously Crawl, Fill Forms, Trigger Error/Debug Pages And "Loot" Secrets Out Of The Client-Facing Code Of Sites
An automated tool which can simultaneously crawl, fill forms, trigger error/debug pages and "loot" secrets out of the client-facing code of sites. Usage To use the tool, you can grab any one of the pre-built binaries from the Releases section of the repository. If you want to build the source cod...
Nightingale - Docker Environment For Pentesting Which Having All The Required Tool For VAPT
In today's technological era, docker is the most powerful technology in each and every domain, whether it is Development, cyber security, DevOps, Automation, or Infrastructure. Considering the demand of the industry, I would like to introduce my idea to create a NIGHTINGALE: docker image for...
SAP Business Technology Platform信息泄露漏洞
SAP Business Technology Platform is a business technology platform from SAP Germany that integrates intelligent enterprise applications with database and data management, analytics, integration and extension capabilities into a single platform for cloud and hybrid environments, including hundreds...
Msldap - LDAP Library For Auditing MS AD
msldap LDAP library for MS AD Documentation Awesome documentation here! Features Comes with a built-in console LDAP client All parameters can be conrolled via a conveinent URL see below Supports integrated windows authentication SSPI both with NTLM and with KERBEROS Supports channel binding for...
Httpx - A Fast And Multi-Purpose HTTP Toolkit Allows To Run Multiple Probers Using Retryablehttp Library, It Is Designed To Maintain The Result Reliability With Increased Threads
httpx is a fast and multi-purpose HTTP toolkit allow to run multiple probers using retryablehttp library, it is designed to maintain the result reliability with increased threads. Features Simple and modular code base making it easy to contribute. Fast And fully configurable flags to probe mutipl...
Cloudlist - A Tool For Listing Assets From Multiple Cloud Providers
Cloudlist is a multi-cloud tool for getting Assets Hostnames, IP Addresses from Cloud Providers. This is intended to be used by the blue team to augment Attack Surface Management efforts by maintaining a centralized list of assets across multiple clouds with very little configuration efforts...
vulhub
It is an offensive tool for web application security testing. The repository contains a collection of pre-built vulnerable docker environments, allowing users to test web application security without requiring prior knowledge of docker. The tool is designed to be easy to use, with a simple...
vulhub
It is an offensive tool for Docker environments. The repository contains a collection of pre-built vulnerable Docker environments, allowing users to easily set up and test various vulnerabilities without requiring prior knowledge of Docker. The environments are designed to be simple to use, with...
vulhub
It is an offensive tool for web application security training. The primary target is not explicitly stated, but based on the provided code and metadata, it appears to be a collection of vulnerable environments based on Docker-Compose. The tool includes various vulnerable environments, such as Fla...
2021 Detection and Response Planning, Part 2: Driving SOC Efficiency With a Detections-First Approach to SIEM
This is the second installment of our series around 2021 security planning. In part one, Rapid7 Detection and Response Practice Advisor Jeffrey Gardner offered tips and advice for ramping up annual security planning. In this installment, we’ll explore the importance of reliable and comprehensive...
vulhub
It is an offensive tool for vulnerable environments. The repository contains a collection of pre-built vulnerable docker environments, including a Flask SSTI Server-Side Template Injection vulnerability environment. The tool is designed to be easy to use, requiring only two simple commands to...
vulhub
It is an open-source collection of pre-built vulnerable docker environments. The primary vulnerability class/vector is not specified, but the environments are designed to be vulnerable to various attacks. The probable entry points are not explicitly stated, but the environments are likely to be...
vulhub
This is an open-source collection of pre-built vulnerable docker environments. It is not a PoC exploit for a specific CVE, but rather a toolkit for testing and learning about various vulnerabilities. The primary purpose of Vulhub is to provide a simple way to create and run vulnerable environment...
vulhub
It is an offensive tool for Docker environments. The repository contains a collection of pre-built vulnerable Docker environments, including Flask SSTI Server-Side Template Injection and other vulnerabilities. The tool is designed to help users test and demonstrate vulnerabilities in a controlled...