GHSA-7X63-XV5R-3P2X OAuth2 Proxy has an Authentication Bypass via X-Forwarded-Uri Header Spoofing

Impact A configuration-dependent authentication bypass exists in OAuth2 Proxy. Deployments are affected when all of the following are true: OAuth2 Proxy is configured with --reverse-proxy and at least one rule is defined with --skipauthroutes or the legacy --skip-auth-regex OAuth2 Proxy may trust...

n8n Webhooks Abused Since October 2025 to Deliver Malware via Phishing Emails

Threat actors have been observed weaponizing n8n, a popular artificial intelligence AI workflow automation platform, to facilitate sophisticated phishing campaigns and deliver malicious payloads or fingerprint devices by sending automated emails. "By leveraging trusted infrastructure, these...

PT-2026-33224

Name of the Vulnerable Software and Affected Versions OAuth2 Proxy versions prior to 7.15.2 Description A configuration-dependent authentication bypass occurs when OAuth2 Proxy is configured with --reverse-proxy and has at least one rule defined using --skip auth routes or --skip-auth-regex. In...

Challenges and Future Directions in Agentic Reverse Engineering Systems

Agentic systems built on large language models LLMs are increasingly being used for complex security tasks, including binary reverse engineering RE. Despite recent growth in popularity and capability, these systems continue to face limitations in realistic settings. Cutting-edge systems still fai...

coruna-exploit-kit-analysis

Coruna iOS Exploit Kit — Reverse Engineering Analysis Def...

📄 WebRemoteControl Unauthenticated Remote Code Execution

WebRemoteControl suffers from an unauthenticated remote code execution vulnerability. Exploit Title: WebRemoteControl - Unauthenticated Remote Code Execution Date: 2026-04-14 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/wolfgangasdf/WebRemoteControl Software Link:...

Exploit for Code Injection in Flowiseai Flowise

CVE-2025-59528 - FlowiseAI CustomMCP Remote Code Execution...

Exploit for Path Traversal in Gogs

CVE-2025-8110-Authenticated-Remote-Code-Execution-on-Gogs-v0.1...

Exploit for Path Traversal in Gogs

Gogs RCE Exploit CVE-2025-8110 !Pythonhttps://img.shield...

infosec-notebook

infosec-notebook Personal cybersecurity notes and references...

📄 Horilla 1.3 Remote Command Execution

Horilla versions 1.3 and below suffer from a remote command execution vulnerability. Exploit Title: Horilla v1.3 - RCE Date: 2025-05-29 Exploit Author: Raghad Abdallah Al-syouf Version: = 1.3 Tested on: Ubuntu / Docker CVE: CVE-2025-48868 Description: This script exploits the authenticated RCE...

Exploit for CVE-2026-34197

Fixed the issue...

reverse_proxy_logger_xss

No d...

Exploit for Eval Injection in Langflow

CVE-2026-33017 - Langflow Unauthenticated RCE...

EUVD-2026-19998

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are...

CVE-2026-1343

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are...

CVE-2026-1343 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are...

CVE-2026-1343 Security Vulnerabilities have been found in IBM Verify Identity Access and IBM Security Verify Access

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 allows an attacker to contact internal authentication endpoints which are...

CVE-2026-1343

IBM Security Verify Access/Identity Access products are affected by CVE-2026-1343 (SSRF) in which an attacker could contact internal authentication endpoints protected by the Reverse Proxy. Affected: IBM Verify Identity Access Container 11.0–11.0.2; IBM Security Verify Access Container 10.0–10.0....

IBM多款产品 代码问题漏洞

IBM Security Verify Access ISAM is a product of the American multinational company International Business Machines IBM. IBM Security Verify Access is a service that enhances user access security. IBM Verify Identity Access Container is a containerized software that provides authentication and...