111 matches found
SPIP Ultimate Auditor – Comprehensive Security Assessment Script
SPIP Ultimate Auditor is a Python-based security assessment script designed to perform a multi-phase audit against a SPIP CMS installation. The tool automates reconnaissance and misconfiguration detection tasks to identify potential security weaknesses in a target deployment...
webguard-scanner
webguard-scanner COMPANY: CODETECH IT SOLUTIONS NAME: KA...
ShadowV2 Botnet Exploits Misconfigured AWS Docker Containers for DDoS-for-Hire Service
Cybersecurity researchers have disclosed details of a new botnet that customers can rent access to conduct distributed denial-of-service DDoS attacks against targets of interest. The ShadowV2 botnet, according to Darktrace, predominantly targets misconfigured Docker containers on Amazon Web...
CVE-2025-57804
CVE-2025-57804 affects the Python package h2 (HTTP/2 protocol stack). Prior to version 4.3.0, it allows HTTP/2 request splitting via CRLF injection in headers when servers downgrade HTTP/2 requests to HTTP/1.1 without validating header names/values. This can enable attackers to manipulate request...
New Malware Campaign Uses Cloudflare Tunnels to Deliver RATs via Phishing Chains
A new campaign is making use of Cloudflare Tunnel subdomains to host malicious payloads and deliver them via malicious attachments embedded in phishing emails. The ongoing campaign has been codenamed SERPENTINECLOUD by Securonix. It leverages "the Cloudflare Tunnel infrastructure and Python-based...
CMU CERT/CC VINCE v2.0.6 Stored XSS
Summary VINCE is the Vulnerability Information and Coordination Environment developed and used by the CERT Coordination Center to improve coordinated vulnerability disclosure. VINCE is a Python-based web platform. Description The framework suffers from an authenticated stored cross-site scripting...
Important: Red Hat Security Advisory: rhc-worker-playbook security update
An update for rhc-worker-playbook is now available for Red Hat Enterprise Linux 9. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...
Exploit for CVE-2023-38646
CVE-2023-38646-PoC-Metabase Proof-of-Concept script for exploi...
N. Korean Hackers Use Fake Interviews to Infect Developers with Cross-Platform Malware
Threat actors with ties to North Korea have been observed targeting job seekers in the tech industry to deliver updated versions of known malware families tracked as BeaverTail and InvisibleFerret. The activity cluster, tracked as CL-STA-0240, is part of a campaign dubbed Contagious Interview tha...
Exploit for CVE-2024-9166
CVE-2024-9166 Vulnerability Scanner A Python-based tool to sca...
CVE-2024-45601 Local file Inclusion via static file serving functionality in Mesop
Mesop is a Python-based UI framework designed for rapid web apps development. A vulnerability has been discovered and fixed in Mesop that could potentially allow unauthorized access to files on the server hosting the Mesop application. The vulnerability was related to insufficient input validatio...
Prompt Injection Flaw in Vanna AI Exposes Databases to RCE Attacks
Cybersecurity researchers have disclosed a high-severity security flaw in the Vanna.AI library that could be exploited to achieve remote code execution vulnerability via prompt injection techniques. The vulnerability, tracked as CVE-2024-5565 CVSS score: 8.1, relates to a case of prompt injection...
New banking trojan “CarnavalHeist” targets Brazil with overlay attacks
Since February 2024, Cisco Talos has been observing an active campaign targeting Brazilian users with a new banking trojan called "CarnavalHeist." Many of the observed tactics, techniques and procedures TTPs are common among other banking trojans coming out of Brazil. This family has also been...
NASA AIT-Core 安全漏洞
NASA AIT-Core is a Python-based software suite organized by NASA. A security vulnerability exists in NASA AIT-Core version 2.5.2 that stems from the use of an unencrypted channel to exchange data over a network, which allows an attacker to perform a man-in-the-middle attack...
NASA AIT-Core 安全漏洞
NASA AIT-Core is a Python-based software suite organized by NASA. A security vulnerability exists in NASA AIT-Core version v2.5.2, which stems from a vulnerability that allows an attacker to execute arbitrary code via a crafted packet...
NASA AIT-Core 安全漏洞
NASA AIT-Core is a Python-based software suite organized by NASA. A security vulnerability exists in NASA AIT-Core version v2.5.2, which stems from a vulnerability that allows an attacker to execute arbitrary commands via a crafted YAML file...
Foxit PDF Reader Flaw Exploited by Hackers to Deliver Diverse Malware Arsenal
Multiple threat actors are weaponizing a design flaw in Foxit PDF Reader to deliver a variety of malware such as Agent Tesla, AsyncRAT, DCRat, NanoCore RAT, NjRAT, Pony, Remcos RAT, and XWorm. "This exploit triggers security warnings that could deceive unsuspecting users into executing harmful...
Palo Alto Networks Outlines Remediation for Critical PAN-OS Flaw Under Attack
Palo Alto Networks has shared remediation guidance for a recently disclosed critical security flaw impacting PAN-OS that has come under active exploitation. The vulnerability, tracked as CVE-2024-3400 CVSS score: 10.0, could be weaponized to obtain unauthenticated remote shell command execution o...
Online Fire Reporting System 1.2 SQL Injection
Exploit Title: Online Fire Reporting System SQL Injection Authentication Bypass Date: 02/10/2024 Exploit Author: Diyar Saadi Vendor Homepage: https://phpgurukul.com/online-fire-reporting-system-using-php-and-mysql/ Software Link:...
NiceGUI allows potential access to local file system
NiceGUI is an easy-to-use, Python-based UI framework. A local file inclusion is present in the NiceUI leaflet component when requesting resource files under the /nicegui/version/resources/key/path:path route. As a result any file on the backend filesystem which the web server has access to can be...