278 matches found
web-app-pentest-playbook
Web Application Pentest Playbook A structured methodology and...
Binding to an Unrestricted IP Address
Overview Affected versions of this package are vulnerable to Binding to an Unrestricted IP Address which defaults to 0.0.0.0 when the -port argument is used or the -listen argument is used without specifying a host. An attacker can execute arbitrary code remotely by connecting to the exposed...
MAL-2026-3323 Malicious code in paypal-payouts-bridge (npm)
Malicious npm package published by the microsop threat actor as part of a dependency-confusion campaign that impersonates internal tooling at Microsoft, Google Cloud, and PayPal using inflated semver values e.g. 99.9.x, 100.1.x to win npm resolution against private internal packages. All packages...
What’s new, updated, or recently released in Microsoft Security
New capabilities in Microsoft Agent 365; new Microsoft Defender and GitHub integration At Microsoft, security innovations are purpose-built to help every organization protect end-to-end with the speed and scale of AI. Our vision is simple: security should be ambient and autonomous, just like the ...
h2database-rce-poc
H2 Console RCE Exploit Toolkit Vulnerability exploitation scr...
[SECURITY] Fedora 44 Update: qt6-qtgrpc-6.10.3-1.fc44
Protocol Buffers Protobuf is a cross-platform data format used to serialize structured data. gRPC provides a remote procedure call framework based on Protobuf. Qt provides tooling and classes to use these technologies...
[SECURITY] Fedora 44 Update: rauc-1.15.2-1.fc44
RAUC is a lightweight update client that runs on your Embedded Linux device and reliably controls the procedure of updating your device with a new firmwa re revision. RAUC is also the tool on your host system that lets you create, inspect and modify update artifacts for your device. Service is no...
PT-2026-35643
Name of the Vulnerable Software and Affected Versions LiteLLM versions 1.81.16 through 1.83.6 Description An unauthenticated pre-auth SQL injection exists in the proxy API key verification process. The issue occurs because a database query mixes caller-supplied values directly into the query text...
A Sociotechnical, Practitioner-Centered Approach to Technology Adoption in Cybersecurity Operations: An LLM Case
Technology for security operations centers SOCs has a storied history of slow adoption due to concerns about trust and reliability. These concerns are amplified with artificial intelligence, particularly large language models LLMs, which exhibit issues such as hallucinations and inconsistent...
Bug-Bounty-Hunting-Methodology-2026
██████╗ ██╗ ██╗ ██████╗ ██████╗ ██████╗ ██╗ ██╗███╗...
CVE-2026-40253
openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. In versions 3.26.0 and below, the BER/DER decoding functions in the shared common library asn1.c accept a raw pointer but no buffer length parameter, and trust attacker-controlled BER length fields without validating them...
Security Bulletin: Go-getter may allow to arbitrary filesystem reads through git operations
Summary HashiCorp’s go-getter library up to v1.8.5 may allow arbitrary file reads on the file system during certain git operations through a maliciously crafted URL. This vulnerability, CVE-2026-4660, is fixed in go-getter v1.8.6. This vulnerability does not affect the go-getter/v2 branch and...
CORScanner
CORS Exploiter Automated CORS misconfiguration scanner with...
CVE-2026-32280 vulnerabilities
Vulnerabilities for packages: regclient, kyverno-policy-reporter-ui, ip-masq-agent, gitness, flux-image-automation-controller, chart-testing, terraform-provider-kubernetes, bank-vaults, actions-runner-controller, stakater-reloader, sftpgo-plugin-eventsearch, slsa-verifier,...
CVE-2026-32289 vulnerabilities
Vulnerabilities for packages: k9s-fips, grafana-mimir, kyverno-policy-reporter-fips, omni-fips, prometheus-podman-exporter-fips, prometheus-process-exporter-fips, jobset-fips, blob-csi-fips, crossplane-provider-aws-ecr-fips, crossplane-provider-gitlab, image-factory, kubevela-fips,...
GHSA-M4PR-4J3G-9V7V vulnerabilities
Vulnerabilities for packages: k9s-fips, grafana-mimir, kyverno-policy-reporter-fips, prometheus-nats-exporter, flux-source-watcher, omni-fips, minio-operator-fips, pgtimetable, prometheus-podman-exporter-fips, jobset-fips, prometheus-process-exporter-fips, blob-csi-fips,...
[Video] The TTP Ep. 22: The Collapse of the Patch Window
!\Video\ The TTP Ep. 22: The Collapse of the Patch Windowhttps://storage.ghost.io/c/af/a0/afa04ee3-414f-4481-8d23-7e7c146f192e/content/images/2026/04/YiR2025cover2x1-3.jpg One of the clearest trends in the 2025 Talos Year in Review is just how quickly vulnerabilities are now being turned into...
CVE-2026-35167 Kedro has a path traversal in versioned dataset loading via unsanitized version string
Kedro is a toolbox for production-ready data science. Prior to 1.3.0, the getversionedpath method in kedro/io/core.py constructs filesystem paths by directly interpolating user-supplied version strings without sanitization. Because version strings are used as path components, traversal sequences...
hays-london-azure-platform-2-poc
Hays London Azure Platform Engineer POC — AKS Operations & Pla...
CVE-2026-1496
Vulnerable versions of Coverity Connect lack an error handler in the authentication logic for command line tooling that makes it vulnerable to an authentication bypass. A malicious actor with access to the /token API endpoint that either knows or guesses a valid username, can use this in a...