Lucene search
+L

461 matches found

The Hacker News
The Hacker News
added 2024/02/09 10:58 a.m.68 views

Hands-on Review: Myrror Security Code-Aware and Attack-Aware SCA

Introduction The modern software supply chain represents an ever-evolving threat landscape, with each package added to the manifest introducing new attack vectors. To meet industry requirements, organizations must maintain a fast-paced development process while staying up-to-date with the latest...

9.8CVSS9.7AI score0.12661EPSS
Exploits0
Wallarm Lab
Wallarm Lab
added 2024/01/29 2:7 p.m.25 views

Introducing the Wallarm 2024 API ThreatStatsTM Report

The Wallarm Security Research team is pleased to share the latest version of our API ThreatStats report. This report serves as a key resource for API, Application security practitioners. It emphasizes the need for a proactive stance in API security, advocating for continuous monitoring, regular...

8.3AI score
Exploits0
GithubExploit
GithubExploit
added 2024/01/28 11:16 p.m.1592 views

Exploit for Deserialization of Untrusted Data in Wpengine Better_Search_Replace

PoC exploit for CVE-2023-6933, a vulnerability in a web applicat...

9.8CVSS9.2AI score0.68047EPSS
Exploits2
Circl
Circl
added 2024/01/04 7:51 a.m.6 views

CVE-2023-6932

creationtimestamp| type| source ---|---|--- 2024-01-04 07:51:57+00:00| seen| https://t.me/ctinow/162812 2024-01-12 16:11:20+00:00| seen| https://t.me/ctinow/167349 2025-01-07 23:00:00+00:00| seen| https://u1f383.github.io/linux/2025/01/08/two-network-related-vulnerabilities-analysis.html 2025-01-...

7.8CVSS6AI score0.00367EPSS
Exploits0References7
Positive Technologies
Positive Technologies
added 2023/10/27 12:0 a.m.10 views

PT-2023-13421 · Vermeg · Vermeg Agilereporter

Name of the Vulnerable Software and Affected Versions: VERMEG AgileReporter version 21.3 Description: An issue was discovered in VERMEG AgileReporter where XXE can occur via an XML document to the Analysis component. Recommendations: For VERMEG AgileReporter version 21.3, consider restricting...

6.5CVSS6.4AI score0.0066EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2023/10/07 12:0 a.m.3 views

PT-2023-36059 · Git +1 · Radare2

Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a crash type of UNKNOWN READ. The crash state involves several functions: r str ncpy, Elf64 load symbols from, and Elf64 load...

6.9AI score
Exploits0References2
CVE
CVE
added 2023/09/21 12:0 a.m.57 views

CVE-2023-41614

The CVE-2023-41614 entry describes a stored XSS in Zoo Management System v1.0, specifically in the Add Animal Details function where an attacker can inject a payload via the Description of Animal parameter. Affected component: Add Animal Details (Description of Animal). Impact per sources: arbitr...

4.8CVSS4.9AI score0.00362EPSS
Exploits0References1Affected Software1
Kitploit
Kitploit
added 2023/09/20 11:30 a.m.26 views

Callisto - An Intelligent Binary Vulnerability Analysis Tool

Callisto is an intelligent automated binary vulnerability analysis tool. Its purpose is to autonomously decompile a provided binary and iterate through the psuedo code output looking for potential security vulnerabilities in that pseudo c code. Ghidra's headless decompiler is what drives the bina...

7.4AI score
Exploits0References4
Kitploit
Kitploit
added 2023/08/17 12:30 p.m.80 views

HackBot - A Simple Cli Chatbot Having Llama2 As Its Backend Chat AI

Welcome to HackBot, an AI-powered cybersecurity chatbot designed to provide helpful and accurate answers to your cybersecurity-related queries and also do code analysis and scan analysis. Whether you are a security researcher, an ethical hacker, or just curious about cybersecurity, HackBot is her...

7.4AI score
Exploits0References5
GithubExploit
GithubExploit
added 2023/08/01 6:12 p.m.193 views

Exploit for Missing Authentication for Critical Function in F5 Big-Ip_Access_Policy_Manager

Refresh This container emulates the vulnerable functionality o...

9.8CVSS10AI score0.99956EPSS
Exploits63
Kitploit
Kitploit
added 2023/07/29 12:30 p.m.34 views

Artemis - APK Infrastructure Investigator

Overview A tools for Find APK Infrastructure . HADESS performs offensive cybersecurity services through infrastructures and software that include vulnerability analysis, scenario attack planning, and implementation of custom integrated preventive projects. We organized our activities around the...

7.4AI score
Exploits0References1
OSV
OSV
added 2023/07/13 8:15 p.m.4 views

CVE-2023-30563

A malicious file could be uploaded into a System Manager User Import Function resulting in a hijacked session...

8.2CVSS5.8AI score0.00439EPSS
Exploits0References1
Hacker One
Hacker One
added 2023/07/06 10:8 p.m.12 views

U.S. Dept Of Defense: RCE via File Upload with a Null Byte Truncated File Extension at https://██████/

A remote code execution vulnerability via file upload with a null byte truncated file extension was found on a website. By uploading a file with .asp%00.png extension, malicious ASP code could be executed on the server. This allowed an attacker to run arbitrary system commands. The issue was...

8.1AI score
Exploits0
Wordfence Blog
Wordfence Blog
added 2023/07/06 4:37 p.m.19 views

Open-Source Projects Use the Wordfence Vulnerability Data Feed API and You Can Too!

Prior to joining the Wordfence Threat Intelligence team, I spent several years as a vulnerability analyst, responsible for collecting, analyzing, and curating every publicly disclosed vulnerability. This meant collecting vulnerability information from almost a hundred different, disparate sources...

7AI score
Exploits0
Github Security Blog
Github Security Blog
added 2023/07/05 9:38 p.m.50 views

1Panel vulnerable to command injection when adding container repositories

Impact The authenticated attacker can craft a malicious payload to achieve command injection when adding container repositories. 1. Vulnerability analysis. backend\app\api\v1\imagerepo.gocreate backend\app\service\imagerepo.goCheckConn 2. vulnerability reproduction. POST /api/v1/containers/repo...

8.8CVSS7.3AI score0.02313EPSS
Exploits1References4Affected Software1
GithubExploit
GithubExploit
added 2023/06/20 12:38 a.m.392 views

Exploit for Improper Privilege Management in Sudo_Project Sudo

CVE-2023-22809 Analysis & Exploit Basic Information V...

7.8CVSS7.1AI score0.55367EPSS
Exploits20
Packet Storm
Packet Storm
added 2023/06/16 12:0 a.m.459 views

WordPress Abandoned Cart Lite For WooCommerce 5.14.2 Authentication Bypass

Entering the URL in browser will give you access to the respective users account. If the wordpress admin user himself...

9.8CVSS7.1AI score0.41077EPSS
Exploits5
GithubExploit
GithubExploit
added 2023/06/13 6:13 p.m.305 views

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Gvectors Wpforo_Forum

Original Proof of Concept for CVE-2023-2249 - Proof of Concep...

8.8CVSS9.2AI score0.60809EPSS
Exploits1
Vulnrichment
Vulnrichment
added 2023/05/09 1:20 a.m.8 views

CVE-2022-48234

In FM service , there is a possible missing params check. This could lead to local denial of service in FM service...

5.3AI score0.00088EPSS
Exploits0References1
Exploit DB
Exploit DB
added 2023/04/25 12:0 a.m.322 views

Sophos Web Appliance 4.3.10.4 - Pre-auth command injection

!/bin/bash Exploit Title: Sophos Web Appliance 4.3.10.4 - Pre-auth command injection Exploit Author: Behnam Abasi Vanda Vendor Homepage: https://www.sophos.com Version: Sophos Web Appliance older than version 4.3.10.4 Tested on: Ubuntu CVE : CVE-2023-1671 Shodan Dork: title:"Sophos Web Appliance"...

9.8CVSS9.8AI score0.99999EPSS
Exploits10
Rows per page
Query Builder