[SECURITY] Fedora 43 Update: nix-2.31.4-1.fc43

Nix is a purely functional package manager. It allows multiple versions of a package to be installed side-by-side, ensures that dependency specifications are complete, supports atomic upgrades and rollbacks, allows non-root users to install software, and has many other features. It is the basis o...

[SECURITY] Fedora 44 Update: nix-2.34.5-1.fc44

Nix is a purely functional package manager. It allows multiple versions of a package to be installed side-by-side, ensures that dependency specifications are complete, supports atomic upgrades and rollbacks, allows non-root users to install software, and has many other features. It is the basis o...

VulnHive-AI

Pentest Agent AI-powered penetration testing agent using Clau...

Exploit for CVE-2025-4664

CVE-2025-4664 This repository contains a PoC for exploiting CV...

Exploit for CVE-2025-29775

SAMLStorm CVE-2025-29775 Lab Environment !Educationalhtt...

Exploit for Cross-site Scripting in Humansignal Label_Studio

CVE-2025-25296 Proof of Concept POC Description This pr...

Nemesis - An Offensive Data Enrichment Pipeline

Nemesis is an offensive data enrichment pipeline and operator support system. Built on Kubernetes with scale in mind, our goal with Nemesis was to create a centralized data processing platform that ingests data produced during offensive security assessments. Nemesis aims to automate a number of...

Bitwarden: Biometric key is stored in Windows Credential Manager, accessible to other local unprivileged processes

A vulnerability in Bitwarden Desktop for Windows allowed a local attacker to access the biometric master key used for unlocking the vault through Windows Hello. The key was stored in plaintext in the Windows Credential Manager, accessible to any local unprivileged process. This allowed an attacke...

InsightIDR Launches Integration With New AWS Security Data Lake Service

It has been an action-packed day at AWS re:Invent. For security professionals, one of the most exciting announcements has to be the launch of Amazon Security Lake. We see a lot of potential for this new service, which is why Rapid7 is proud to announce the immediate availability of an integration...

crAPI - Completely Ridiculous API

c ompletely r idiculous API crAPI will help you to understand the ten most critical API security risks. crAPI is vulnerable by design, but you'll be able to safely run it to educate/train yourself. crAPI is modern, built on top of a microservices architecture. When time has come to buy your first...

Pi-hole 4.4.0 - Remote Code Execution (Authenticated)

Exploit Title: Pi-hole 4.4.0 - Remote Code Execution Authenticated Date: 2020-05-22 Exploit Author: Photubias Vendor Advisory: 1 https://github.com/pi-hole/AdminLTE Version: Pi-hole . Based and improved on: https://github.com/Frichetten/CVE-2020-11108-PoC/blob/master/cve-2020-11108-rce.py File na...

CVE-2019-13559

GE Mark VIe Controller is shipped with pre-configured hard-coded credentials that may allow root-user access to the controller. A limited application of the affected product may ship without setup and configuration instructions immediately available to the end user. The bulk of controllers go int...

Hardcoded credentials

GE Mark VIe Controller is shipped with pre-configured hard-coded credentials that may allow root-user access to the controller. A limited application of the affected product may ship without setup and configuration instructions immediately available to the end user. The bulk of controllers go int...

Firmware Analysis Toolkit - Toolkit To Emulate Firmware And Analyse It For Security Vulnerabilities

FAT is a toolkit built in order to help security researchers analyze and identify vulnerabilities in IoT and embedded device firmware. This is built in order to use for the "Offensive IoT Exploitation " training conducted by Attify. Download AttifyOS Note: As of now, it is simply a script to...

App Layering: Getting AppSense and WebSense to work

You may find that AppSense is not personalizing applications properly or otherwise not functioning. Here are the directions for installing AppSense and/or WebSense in a layer,...

EAPHammer - Targeted Evil Twin Attacks Against WPA2-Enterprise Networks [Indirect Wireless Pivots Using Hostile Portal Attacks]

EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such, focus is placed on providing an easy-to-use interface that can be leveraged to execute powerful wirele...

Targeted WPA2-Enterprise Evil Twin Attacks: eaphammer

Targeted WPA2-Enterprise Evil Twin Attacks EAPHammer is a toolkit for performing targeted evil twin attacks against WPA2-Enterprise networks. It is designed to be used in full scope wireless assessments and red team engagements. As such, focus is placed on providing an easy-to-use interface that...

bug vulnerability handling mechanism system-bugtracker-bug warning-the black bar safety net

For the company configured a Bug tracking system, 找到BugTracker.NET,read a bit, the translation of which is configuration. After a research experience then put up to share. A friend in need can be the following URL to download http://sourceforge.net/project/showfiles.php?groupid=66812 BugTracker...