It makes sense for the Biden administration to focus on software security – but it’s up to the industry to make it happen  
404: Not Found
Okta Discloses Broader Impact Linked to October 2023 Support System Breach
Hamas-Linked Group Revives SysJoker Malware, Leverages OneDrive
Enterprises prepare for the inevitable cyber attack
Vigil: Open-source LLM security scanner
GoTitan Botnet Spotted Exploiting Recent Apache ActiveMQ Vulnerability
Zero-Day Alert: Google Chrome Under Active Attack, Exploiting New Vulnerability
DJVU Ransomware's Latest Variant 'Xaro' Disguised as Cracked Software
5 resolutions to prepare for SEC's new cyber disclosure rules
Strategies for cultivating a supportive culture in zero-trust adoption
Student Loan Breach Exposes 2.5M Records
Windows Login Bypass. How to use a USB to Unlock your Box | by c0d3x27 | Nov, 2023 | InfoSec Write-ups
Google Chrome emergency update fixes 6th zero-day exploited in 2023
Google Chrome emergency update fixes 5th zero-day exploited in 2023
New BLUFFS attack lets attackers hijack Bluetooth connections
404: Not Found
Pennsylvania water authority subjected to Iranian cyberattack
New security-focused offerings unveiled by Veracode
404: Not Found
Novel SSH-based private RSA key extraction technique detailed
Data, validation compromise likely with critical ownCloud bugs
National security implications of alleged General Electric hack examined
Ukraine Hacks Russia's Aviation Agency, Claims "Aviation Cannibalism"
Microsoft shares temp fix for Outlook crashes when sending emails
Qilin ransomware claims attack on automotive giant Yanfeng
404: Not Found
Thanksgiving week ransomware attack hits Ardent Health hospitals in 6 states
404: Not Found
Google cloud environment flaw lets attackers access critical data, systems
Hunters Security: Google Workspace Vulnerable to Takeover Due to Domain-Wide Delegation Flaw
Lacework AI Assist enhances SOC efficiency
Entrust launches Digital Account Opening solution to simplify global customer onboarding
DP World confirms data stolen in cyberattack, no ransomware used
Hackers start exploiting critical ownCloud flaw, patch now
Ardent Health Services Grapples With Ransomware Disruption
Undetected Android Trojan Expands Attack on Iranian Banks
Unified endpoint management for purpose-based devices
Google Workspace Vulnerable to Takeover Due to Domain-Wide Delegation Flaw, Warns Cybersecurity Firm Hunters
Paladin Cloud unveils Prioritization Engine for Cloud Security
Slovenian power company hit by ransomware
Armis releases version 23.3 of the Armis Centrix platform
Armory simplifies deployments to AWS Lambda
Trend Micro empowers security teams to eliminate threats with new automated risk prioritization
Design flaw leaves Google Workspace vulnerable for takeover
Deepfake Digital Identity Fraud Surges Tenfold, Sumsub Report Finds
Transform Your Data Security Posture – Learn from SoFi's DSPM Success
Design Flaw in Google Workspace Could Let Attackers Gain Unauthorized Access
Ethyrial: Echoes of Yore Hit by Ransomware, Player Accounts Deleted
Sumo Logic accelerates troubleshooting and security across AWS environments
Datadog enhances Security Inbox to help DevOps teams improve security posture
CISA Warns Congress on Chemical Industry Terror Attacks
Cybercriminals Hesitant About Using Generative AI
Americans Receive Two Billion Spam Calls Per Month
CyberDay!UPAS挾「零信任」、「SEMI E187」前進南台灣 - UPAS
Make a file encryption similar to ransomware | by R09sh | Nov, 2023 | Medium
Hacking 2023 eBooks Bundle - Humble Bundle Partner Blog
“Navigating Risks: Vulnerability Stemming from a Third-Party Integration” | by shubhdeep | Nov, 2023 | Medium
Cybersecurity Interviews Explained | by Danny | Nov, 2023 | Medium
What is a Self Destruct Attack in Smart Contracts? How to Prevent It? 🚨🛡️ | by codingJourneyFromUnemployment | Nov, 2023 | Medium
Cybercriminals can’t agree on GPTs
Hackers Can Exploit 'Forced Authentication' to Steal Windows NTLM Tokens
How Hackers Phish for Your Users' Credentials and Sell Them
Key Cybercriminals Behind Notorious Ransomware Families Arrested in Ukraine
Stop Identity Attacks: Discover the Key to Early Threat Detection
Critical ownCloud flaw under attack (CVE-2023-49103)
Ukrainian ransomware gang behind high-profile attacks dismantled
IBM partners with AWS to optimize data management for AI workloads
SMBs face surge in "malware free" attacks
Police dismantle ransomware group behind attacks in 71 countries
Ukraine Police Dismantle Major Ransomware Group
Five IAM features that can make or break the business
404: Not Found
Amazon One Enterprise palm-based identity service improves security of physical spaces, digital assets
Fortanix Key Insight discovers and remediates data security risks in hybrid multicloud environments
N. Korean Hackers 'Mixing' macOS Malware Tactics to Evade Detection
Generative AI security: Preventing Microsoft Copilot data exposure
Product showcase: New ESET Home Security
How passkeys are reshaping user security and convenience
Stop panic buying your security products and start prioritizing
Guarding the gateway: Securing dispersed networks
Strategic Shield: Leveraging Threat Intelligence for Security Resilience
Do You Really Want to Be a CISO? – Spencer Mott – CSP #150
404: Not Found
Watering Hole Attacks Push ScanBox Keylogger
Report: The state of authentication security 2023
4 key takeaways from new global AI security guidelines
404: Not Found
Hamas-Linked APT Wields New SysJoker Backdoor Against Israel
Ardent Health Hospitals Disrupted After Ransomware Attack
General Electric, DARPA Hack Claims Raise National Security Concerns
Microsoft deprecates Defender Application Guard for Office
Ransomware attack on indie game maker wiped all player accounts
NXP subjected to years-long hack
General Electric Probes Security Breach as Hackers Sell DARPA-Related Access
Healthcare giant Henry Schein hit twice by BlackCat ransomware
Ukraine says it hacked Russian aviation agency, leaks data
Third-party breach impacts UK law firms
404: Not Found
Gas pumps vulnerable to cyberattacks prevalent
404: Not Found
API Security Essentials and Common Pitfalls for Startups | by Jeremiah Talamantes | Nov, 2023 | Compliiant.io Blog
Siberguvenlik SSS. LuNiZz Sıkça Sorulan Sorular Sayfasına… | by Can Deger | Nov, 2023 | Medium
Recent INL Breach Reinforces the Urgency for Strengthening Federal Information Security Policies | by Charley Ross | Nov, 2023 | Medium
AI and Cybersecurity: Threats and Defenses | by Staney Joseph 🎖️ | Nov, 2023 | Medium
Writeups | Pakistan Cybersecurity Challenge CTFs (Qualifier Round) | by Muhammad Faizan Arshad | Nov, 2023 | Medium
How to Handle Retail SaaS Security on Cyber Monday
Ardent hospital ERs disrupted in 6 states after ransomware attack
Slovenia's largest power provider HSE hit by ransomware attack
Cybersecurity Incident Hits Fidelity National Financial
SysJoker Malware: Hamas-Related Threat Expands With Rust Variant
Cyber Security Certifications are USELESS if You Don’t Do These Things… | by Alexis Lingad | Oct, 2023 | Medium
WPA-WPA2 Wi-Fi Hacking: A Step-by-Step Guide. | by Kamalesh D | Nov, 2023 | Medium
Novel SysJoker variant leveraged by Hamas-linked threat operation
North Korean supply chain attacks ‘growing in sophistication and volume’
404: Not Found
Updated WailingCrab malware loader ups stealth
UT Health East Texas disrupted by possible cyberattack
404: Not Found
Meow ransomware hits Vanderbilt University Medical Center
404: Not Found
Study Finds Amazon, eBay and Afterpay as Top Android User Data Collectors
Veracode’s latest innovations help developers enhance cloud-native security
Released: AI security guidelines backed by 18 countries
Leveraging Wazuh to combat insider threats
Google Drive users angry over losing months of stored data
Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections
Trend Companion reduces time spent on manual risk assessments and threat investigations
The Dark Side of AI: Large-Scale Scam Campaigns Made Possible by Generative AI
Trellix accelerates threat detection and response with GenAI capabilities
PoC for Splunk Enterprise RCE flaw released (CVE-2023-46214)
KyberSwap Says Hackers Stole $55m in Crypto
General Electric Investigates Alleged DARPA Breach
UK Publishes First Guidelines on Safe AI Development
U.S., U.K., and Global Partners Release Secure AI System Development Guidelines
OpenSSL 3.2.0 released: New cryptographic algorithms, support for TCP fast open, and more!
When does it make sense to pay the ransom?
404: Not Found
Why it’s the perfect time to reflect on your software update policy
AWS Kill Switch: Open-source incident response tool
Building cyber resilience for tomorrow’s threats
Vulnerability disclosure: Legal risks and ethical considerations for researchers
Security leaders on high alert as GenAI poses privacy and security risks
Tentacles of ‘0ktapus’ Threat Group Victimize 130 Firms
Default Credentials, P1 with $$$$ Reward in a Bug Bounty Program | by jedus0r | Nov, 2023 | InfoSec Write-ups
Introducing IW’s Video Interview Series with Founders | by InfoSec Write-ups | Nov, 2023 | InfoSec Write-ups
Trojanized CyberLink installer used in global Lazarus supply chain attack
404: Not Found
Blue Team Bootcamp Series (P1): How to Detect Brute Force Attacks | by Ali AK | Nov, 2023 | InfoSec Write-ups
CompTIA Pentest+: Your Go-To Exam Guide | by hac# | Nov, 2023 | InfoSec Write-ups
Dive into Single Packet Attack. An Overview and a Tool for Exploiting… | by Amin Nasiri | Nov, 2023 | InfoSec Write-ups
Epic Bug Hunting Failures-2. Hey! This is my second part of Epic Bug… | by Varshini Ramesh | Nov, 2023 | InfoSec Write-ups
How to Hide Secret Data Inside an Image | by Frost | Nov, 2023 | InfoSec Write-ups
Implementation of Security headers in Apache Server | by Sandeep Vishwakarma | Nov, 2023 | InfoSec Write-ups
Implementation of Security headers in Microsoft IIS Server | by Sandeep Vishwakarma | Nov, 2023 | InfoSec Write-ups
Implementation of Security headers in Ngnix Server | by Sandeep Vishwakarma | Nov, 2023 | InfoSec Write-ups
Mass Hunting XSS vulnerabilities by Ott3rly | InfoSec Write-ups
PCI DSS 4.0 Is Just A Few Months Away .. Are you Ready ?? | by Taimur Ijlal | Nov, 2023 | InfoSec Write-ups
Unfolding Remcos RAT- 4.9.2 Pro. Malware Analysis of Remcos RAT… | by Osama Ellahi | Nov, 2023 | InfoSec Write-ups
Unmasking NjRAT: A Notorious Remote Access Trojan Part2 | by JustAnother-Engineer | Nov, 2023 | InfoSec Write-ups
What is Banner Grabbing??Several Approaches for Banner Grabs. | by Vicky Aryan | Nov, 2023 | InfoSec Write-ups
NYC Bar Association breach exposes over 27K members' data
404: Not Found
Kansas courts subjected to sophisticated foreign cyberattack
404: Not Found
Securing Your AWS Infrastructure: A Practical Guide | by Bharat Bhushan Nautiyal | Nov, 2023 | Medium
Two-factor authentication. Why it’s important. | by Magali Cicujano | Cybersecurity&Me | Nov, 2023 | Medium
Windows Hello can be bypassed without entering a password | by Patrik Žák | Nov, 2023 | Medium
WOTS Up With Post Quantum Cryptography? | by Prof Bill Buchanan OBE | ASecuritySite: When Bob Met Alice | Nov, 2023 | Medium
Week in review: LockBit exploits Citrix Bleed, Apache ActiveMQ bug exploited for cryptojacking
A Speedy Chat with a Cybersecurity Wizard | ILLUMINATION-Curated
How i get my first Logic Bug and how to find them | by Hazem El-Sayed | Nov, 2023 | Medium
New Rust-based SysJoker backdoor linked to Hamas hackers
Docker Image Vulnerabilities Scanning: Clair | by Oussama Chaouachi | Nov, 2023 | Medium
MD5 Algorithm. What is Hashing? | by Pranay | Nov, 2023 | Medium
Writeup — Academy | TCM Security | by dollarboysushil | by dollarboysushil | Nov, 2023 | Medium
Staring into the Abyss While Chewing Glass: The Grit and Reality of Cybersecurity Work | by Robert Bussey | Nov, 2023 | Medium
The Dark Side of AI: GPTs as a New Weapon in the Cybercriminal Arsenal | by Rishika Desai | Nov, 2023 | Medium
The Geometry of Multi-Party Risk. Any company and organization is in some… | by Martijn Dekker | Nov, 2023 | Medium
RAT Attack windows 7 - LeexxIus
How to Find First Bug (For Beginners) | by Mr.Horbio | Nov, 2023 | Medium
Hacked Tokens: A Horror Story. Dissecting how a hacked token caused a… | by Jake Teo | Nov, 2023 | Level Up Coding
Bash Scripting Logic Section Part 01 | by Rat_Attack72 | Nov, 2023 | Medium
Cornell Discovers a Threat at the Core of ChatGPT | Towards AI
How I was able to get account takeover via IDOR form JWT | by Homo Sapiens | Nov, 2023 | Medium
What are you waiting for?. Start securing your systems today! It… | by Jon Foss | Nov, 2023 | Medium
Infrastructure Analysis: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023–4966 Citrix Bleed Vulnerability | by Joshuapenny | Nov, 2023 | Medium
How I Hack WiFi Passwords in 10 minutes using Hashcat | by Keshav Xplore | Oct, 2023 | Medium
The Right To Create Your Own Encryption Keys: Meet the Clipper Chip and Skipjack | by Prof Bill Buchanan OBE | ASecuritySite: When Bob Met Alice | Nov, 2023 | Medium
LEGO’s BrickLink Likely Got Hacked | by Attila Vágó | Bricks n’ Brackets | Nov, 2023 | Medium
TryHackMe Room Writeup | WebOSINT | by Atahar Nayeem | Nov, 2023 | Medium
Phoneinfoga: A phone number OSINT framework | Day1 of 30DaysOfOSINT | by Dheeraj Yadav | Nov, 2023 | InfoSec Write-ups
[221] Assa Twin 2 (gins) picked and gutted - YouTube
Bloomberg - Are you a robot?
RSNOG #9, What PeeringDB is and why it's important for network operators - YouTube
Interconnection Track PeeringDB Update - YouTube
Bon Appétit: An Introduction to CI/CD and DevSecOps With a Delicious Bakery Story | HackerNoon
Bots make up 30% of internet traffic | Security Magazine
The Dubai Stock Exchange declines and declines, the Abu Dhabi index consolidates, and $30.7 million net foreign sales in UAE stocks within a week - fox.alnasr.news
Gadget chain in Wordpress
Unmasking the Dark Art of Vectored Exception Handling: Bypassing XDR and EDR in the Evolving Cyber Threat Landscape | PPT
BLUFFS: Bluetooth Forward and Future Secrecy Attacks and Defenses | Daniele Antonioli
DEF CON 23 - Robinson and Mitchell - Knocking my neighbors kids cruddy drone offline - YouTube
Abus TS5000 Pick and Gut - YouTube
Dashboard - requestrepo.com
Vulnerability Summary for the Week of November 20, 2023 | CISA
Line operator says 440,000 personal records leaked in data breach
cr.yp.to: 2023.11.25: Another way to botch the security analysis of Kyber-512
Fuzzer-V
Could critical infrastructure cybersecurity see uplift in Australia?
Building Immune Authorization: AppSec in Healthcare Apps | Permit
What is Information Rights Management (IRM)? | NextLabs
Big update to my Semgrep C/C++ ruleset - hn security
Burg Wächter GAMMA 700 picked - YouTube
Have I Been Squatted? — Check if your domain has been typosquatted
Humble Tech Book Bundle: Hacking 2023 by No Starch (pay what you want and help charity)
LostTrust Ransomware - Trust nothing — ShadowStackRE
What Are The Benefits For China If Korea Becomes More Aggressive? - YouTube
GitHub - Drew-Sec/EvilSlackbot: A Slack bot phishing framework for Red Teaming exercises
Securing generative AI across the technology stack | TechCrunch
Experts Uncover Passive Method to Extract Private RSA Keys from SSH Connections
Thousands of routers and cameras vulnerable to new 0-day attacks by hostile botnet | Ars Technica
GitHub - Drew-Sec/EvilSlackbot: A Slack bot phishing framework for Red Teaming exercises
See yourself in cyber: 5 practical steps to getting started. - BlockAPT
A budget lock station - YouTube
[220] Yale 2000 Plus picked and gutted - YouTube
Hacking Zoom - YouTube
Largest Study of its Kind Shows Outdated Password Practices are Widespread | College of Computing
Europe’s grid is under a cyberattack deluge, industry warns – POLITICO
GitHub - factionsecurity/faction: Pen Test Report Generation and Assessment Collaboration
Tech giant Cisco built special device to help Kyiv ward off cyberattacks on power grid
website_security_bank
SIEM, SPLUNK
Laratrust is a PHP 8.0+ framework agnostic fully-featured authentication & authorization system. It also provides additional features such as user roles and additional security features.
I will set up a small AWS network to host a single web server. The network will be HA and allow HTTP traffic from the internet. I will need to create a VPC with two public subnets in different AZs. I will also set up an Internet Gateway to enable communic
google_cyber_security
Security_Management_System
Desarrollado en spring boot , jwt , spring security
Proof of concept multiplayer card game.
Kaggle competition
NintendoSwitchGameHacking
Spring-Security
Sky Fortress Odyssey codes with cheats unlimited aestone hacks
Minha trajetoria para se tornar um profissional e desenvolver futuro objetivos....
Python, OpenCV
Security Operations Center (SOC) E-Learning Platform: Final cybersecurity project created to graduate from the cybersecurity specialization program by SISAP-IRSI. This platform offers courses, simulations, and challenges to enhance skills in threat detect
Based on a famous tool in hacking single player game, Cheat Engine. I come to an idea making an application trying to scan variables in another running program in raw memory and modify them freely.
SpringSecurity
CRYPTOGRAPHY-AND-NETWORK-SECURITY
Spring-security-multi-data
Proof of concept to tweak Strapi by patching Strapi repo as submodule
be-security-three
PROOF OF CONCEPTS
A proof of concept exploiting CVE-2022-26923.
Wave is an efficient, scalable, and open-source backend solution designed for retrieving geographical locations of public IP addresses. It leverages the power of MaxMind's GeoLite2 database and is crafted in TypeScript. This project serves as a free micro
Fortnite cheat hack | Kezza fortnite cheat
Proof of concept using Go + RabbitMQ to read from Streamlabs socket.
By OPM
Valorant cheat hack | Fecurity crack valorant
A Research Initiative Exploring Proof of Concept (POC) Email Sending
For spring security basics
Projeto Implementar JWT e Spring Security em Spring Boot 3 com MySQL
vienna-dialogue-hacking
Fortnite cheat hack | Kezza fortnite cheat
Hack this account
Valorant cheat hack | Fecurity crack valorant
SpringSecurityInMemoryAuthentication
MACHINE LEARNING MODEL FOR ANOMALY AND INTRUSION DETECTION IN NETWORK TRAFFIC TO IDENTIFY POTENTIAL SECURITY THREATS
it is a honeypot used for monitoring and preventing from hackers
Northwestern Polytechnical University Information Security Innovation Experiment Assignment
PP_3.1.3_Boot_Security
Spring security
Employee-REST-CRUD-Security
Proof of concept using Vue for SharePoint.
Here I upload my hacker rank solved solutions
A Proof of Concept Discord Bot written in PHP.
my GitHub profile.
Hacker News Client
I solved the questions on the Hacker Rank site
SecurityCamera_440
Introduction to Security class
bcrypt section of information security from freecodecamp
Bitcoin hacking
Liked the hacker red theme on vscode marketplace but the syntax colors were hard to make out over time. so im making this theme which keeps the same colors from hacker red but uses the default modern dark theme syntax colors.
ElexHackingMiniGame
Internshala-Ethical-Hacking-Final-Project
A full-featured, hackable Next.js AI chatbot built using my chat UI components
Unlock the power to hack almost any Instagram account with precision using our sophisticated exploit. Tailored for those seeking unrivaled access and control, this cutting-edge method sets a new standard in social engineering.
Webflux_ReactiveSecurity
This is a proof of concept script I put together that exploits the default credentials of exposed Megapixel IP Cameras.
WebGL, but flat. Because it's more hackable that way.
learn_python_and&ethical_hacking
A theme I hacked together for GIMP to meet my needs.
Tower War cheats remove ads unlimited crystals hacks
Hacker Profe Github Repo
Final Project of Cyber Security Course. This website is build as the victim of our hacking. We use the broken access control and mySQL Access to do a penetration testing.
security_assignment
FA23 Hack Challenge for Cornell AppDev
Home-Security-System
Undetected Fortnite Hacks
Scraping names from Social Security admin
Crypto-Security
client for security-api
Undetected Fortnite Hacks
Undetected Fortnite Hacks
Network-security
Easy bookmarklet to hack the daily set puzzle(yes, I know the code is ass). This took me about 5 minutes.
Cyber Security Career
hackingGaming
DataSecurity1
🔐 Building robust security starts with strong passwords! 💡 I crafted a Python script that generates high-security passwords meeting modern standards. Users can customize length and quantity, ensuring a mix of uppercase, lowercase, numbers, and special cha
This will help you complete CH0 of the What The Hack
hacking-with-swiftui
This is a discord bot that scans new members joining the server to tell if they are suspicious or not.
Cyber_security_project_1
Meu portifolio
PoC (Proof of Concept) Bruteforcing Utility RouterOS v6.48.6
sample repo for mdfc dev ops security
Initial commit
Security-toys-audit.
hacking towards libkernel.so and libkernel.a
GTA-5 external hack cheat
Spring-Security-e-JWT-Tokens
This is a proof of concept site for an online storefront that sells custom PCs to the user's liking.
I am a bigner to study about hacking
you are hack
CS-2 external hack cheat
Apex-legends external hack cheat
SpringSecurity-v3
Python socket hacking system
RUST external hack cheat
My project for the Great .NET 8 Hack
Learning-Hacking-with-Python
LEAGUE-OF-LEGENDS external hack cheat
Generic infrastructure for smart cctv system
This is a Key Logger hacking tool using Python Language
PUBG external hack cheat
A method based on Behavior Driven Development (BDD) and System-Theoretic Process Analysis (STPA) for verifying security requirements in critical software systems
A personal code is a philosophy that defines an individual's values, goals, and decisions.0 It requires dedication and hard work to adhere to. A personal code can also refer to a PIN code linked to a security solution.1 A code of ethics is a collection of
This project includes a Spring Boot application designed to securely publish job postings and accept applications. Thanks to the security features provided by using Spring Security, user authentication, authorization and secure communication are provided.
Rainbow-Six-Siege external hack cheat
This repo is about comparative study of Symmetric Cryptography Mechanism on DES, AES and EB64 for Information Security
securityapp
اداة اختراق حسابات السناب شات..snapchat تم برمجتها بواسطة skar hack
proof-of-concept
These are some basic python scripts, that are essential for maintaining good opsec and for anyone looking to get into cybersecurity.
python-hacking
This Arduino Door Alarm project is designed to enhance security by providing a simple and effective solution for monitoring doors. The alarm system detects door openings and triggers an alert, making it suitable for home security applications
Repository containing the proof of concept of migrating the frontend to React
cryptography-and-network-security
A Hacker News clone.
If you want to use PicsArt or any other app on iOS, it's recommended to download it from the official App Store to ensure you are using a legitimate and secure version. Jailbreaking your device or using unauthorized versions of apps can expose your device
A simplified Proof-of-Concept Implementation for a Blockchain-Assisted Personalized Car Insurance With Privacy Preservation and Fraud Resistance.
cyber security
using the Rust library thirtyfour to scrape a web site - it's a proof of concept
A two days project made during the second edition of the LudiHealth game-jam. This is a proof of concept for a video game that would encourage teenagers to get informations about endocrine disruptors.
spring-boot-rest-security
CRYPTOGRAPHY-AND-NETWORK-SECURITY
A two days project made during LudiHealth first edition. This is a proof of concept for a video game that would encourage patients with respiratory difficulties to perform exercises and controls in a playful way. The main feature is that the game is contr
drone-hacking
Hacker News API
My ethical hacking notebook.
Hack This Site Testing
This Hack was made for Zander Kane
CSA-5108-Cryptography-And-Network-Security
Drone-Hacking-Tool
Repo containing my 6502 assembly hacking
Proof of Concept for the agent backend.
CRYPTOGRAPHY-AND-NETWORK-SECURITY
practice about spring security whith bouali ali
The repo contains a series of challenges for learning Frida for Android Exploitation.
this tutorial explains how to hack a mifare/mizip key. /!\ disclaimer the purpose of this tuto is to introduce you to the failures of this system in order to better understand how a mifare key works. not to be reproduced on machines belonging to you.
SpringSecurity
Secure authentication with React, Laravel, and JWT. Features protected routes for enhanced security. Seamless integration with Axios for efficient communication. Explore the power of JWT in your web app.
Private Virus Spreading is a tool for hackers to bind any kind of virus-like ( BTC virus, ransomware, rat virus, bind any file with another one ).
Hacking/testing
hack o melhor, sucesso
An end to end proof of concept showing how to handle customer balance encryption at rest in a digital wallet application. This implementation feature getting customer balance, account statement, generating statement as PDF attachement to mail. It used red
Linux_Security
information-security
TechnoHacks EduTech- ETHICAL HACKING & CYBERSECURITY
All hacking tools
HashHawk is a versatile Python-based multi-tool designed for ethical purposes, enabling various security assessments and operations. It is equipped with functionalities to perform directory brute-forcing, port scanning, packet analysis, extraction of netw
S2-L1-CyberSecurity
Soul Knight Prequel codes with cheats for fish chips hacks best class
Hacking With Swift Project 12. Technique project related to SwiftData
CSA5108-cryptography-and-network-security
odin-security
Localstack Proof of Concept
Workflow Service Security Tests
A list of resources focused on software security and aimed at developers
It will take name per user and hack their insta , fb (not real) ...
Food-Delivery-Application-SpringBoot-SpringSecurity-JWT-MySql-Hibernate-JPA-Docker
Je veux piraté Facebook pour connaître les secrets ci cachant savoir hacker les comptes des gens sans se faire repérer
security_demo
Bash and python scripts for developing functionalities on the Security Onion platform.
This Repositories contains solutiona and insights about Portswigger Labs
It will take name per user and hack thier insta , fb
This the Calculate Client Security Hash Crash Course using the RE Framework in Uipath
Develop Microservices with Java, Spring Boot, Spring Cloud, Docker, Kubernetes, Helm, Microservices Security
Password generator to have safe and solid passwords. Never be hacked again! Feel free to add modifications
This project is for Computer Security course provided in the 4th year of Faculty of Computers & Information, Luxor University.
FORTNITE external hack cheat
Okta with Vue Proof of Concept
My deck for the Ideation & Business Thinking workshop for Hack@10 2023, built using reveal.js
computer-security-project
Basic concept/proof of concept for a market blackbox using websocket
Fortnite hack cheat | Kezza fortnite cheat crack
Fortnite hack cheat | Kezza fortnite cheat
Cyber-security-Steganography
Fortnite hack cheat | Kezza fortnite cheat crack
Secure Your Microservices Application with Spring Security especially Keycloak
bank-security-system
cyber_security
Fortnite hack cheat | Fortnite kezza cheat
PP_3_1_3_SpringSecurity
The API designed for the residential security system will focus on providing endpoints for the registration of residents, guards, vehicles, and access verification.
VALORANT CHEAT HACK | Fecurity crack valorant
spring-security-oauth2
APEX CHEAT HACK | Private Millex apex cheat
This is code reproduced according to the description in the paper "Network Anomaly Detection With Temporal Convolutional Network and U-Net Model".
Google-CyberSecurity
SpringSecurity-JWT
jdbc-security
Security Spring Boot Keycloak Docker
Elevate your web application's security with the Passport.js Authentication Backend. This project provides a versatile and easy-to-integrate solution for user authentication, supporting various strategies such as local, Google, Facebook, and Twitter.
Implementation of a system for secure data digitization using blockchain
icesi.security.signature-management.frontend
Spring-Security-JWT
Proof of concept using OpenAI to create weaning meal plans
Hacking Active Directory notes based on https://www.youtube.com/watch?v=VXxH4n684HE&t=11955s video
A proof of concept online store frontend built using React
CVEs Proof-of-Concept
Proof of concept VSAO - Automatic mail sending
CS2 HACK CHEAT | XONE CHEAT CRACK
Proof of concept for using local Govee APIs to synchronize lights with a Philips Hue tap dial
MERN Note-taking App Prototype for Hack Western 10
Python pomes, pennyeach (security modules)
SecurityServiceSQLDBMem
Spring boot 3 Keycloak integration with spring security, OAuth and JWT
This is the Calculate Client Security Hash Crash Course use the RE Framework in UiPath.
Simple, hacked-together project to allow students to test their messenger code.
Welcome to the WordPress Snippets Library, your go-to resource for enhancing and optimizing your WordPress development experience! This GitHub repository is a curated collection of useful code snippets, hacks, and best practices to empower WordPress devel
spring-security-jwt-chassi
for Hack Western X
A repository for the Taskini -- an android app we (team HackSavvy) developed during the Hack the Workplace hackathon for personalized task management in businesses.
Use the OWASP Application Security Verification Standard as a Guide for Automated Unit and Integration Tests
llm-system-security
Plot data from FortiGate firewall "/monitor/system/resource" API endpoint into an HTML report.
Beyond Navigation helps us in indoor navigation where GPS is not readily available 🌐. Hack Western 2023 🚀.
Hack Western X - Hack
The repository is a valuable resource for individuals looking to enhance their knowledge and skills in cybersecurity. It provides in-depth materials and guides for various cybersecurity domains.
Chainlit version hacked to work with the data Wellness agent
스프링 부트 시큐리티 공부
A set of tools for managing password security
tool to help you automate the evil twin attack in a specific, easy and quick way
Enforce Security Key for signing into a computer. Windows Hello PIN and others are disabled.
This bash script will help the security analyst to extract the metrics for Prometheus from Wazuh using Wazuh internal APIs.
Authentication and Authorization with JWT and Refresh token
gha-security
Research for fingerprinting HTTP clients (security)
Hacker Rank Solutions
spring-security-ex
Fortnite Epic Hack November 2023
Binary Exploitation Skill. Gain RCE from arbitrary write.
TSG Payment System with JWT Token Spring Security, import and expord pay-data. REST Application
Climate Security related analysis at CGIAR
Adapter for ioBroker to connect to the Jablotron cloud
NextBrain's data Anonymizer tool ensures top-tier privacy by irreversibly obscuring personal identifiers without storing any data. Ideal for businesses prioritizing data security and compliance, it offers a reliable solution for safeguarding sensitive inf
AI Security Lab in Hacking-Lab
securitywebui
Unveiling White-Labeled IoT Devices on E-commerce Platforms(Amazon, Walmart)
KeyWarden is an innovative project that combines robust password management functionalities with seamless integration through a Telegram bot. The primary objective of this project is to enhance the security and convenience of password generation, storage,
springboot security 개인 미션 수행 저장소
B00142477 - Alex Perry: Cyber Security Training Game
Node.js bootcamp, this project 🌐 is a full-stack application with a RESTful API 🔁 and server-side rendering 🖥️, created to solidify back-end skills, including security 🔒, data modeling 📊, and deployment 🚀.
Restful API, Postgres, Jwt token security
Comprehensive AWS management solution integrating account factory, AWS Identity Center, Logging, Organizations & SCP, security tools like AWS Config & VPN, financial ops.
Spring Boot, REST, WebSocket, STOMP, WebRTC, ScyllaDB, Redis, rate limiting and security learning project.
Spring Boot, WebHook, RabbitMQ, Neo4J and security learning project.
Spring Boot, REST, Meilisearch, Weaviate, Redis, rate limiting and security learning project.
Spring Boot, gRPC, PostgreSQL, TimescaleDB and security learning project.
GraphQL, MSSQL, GraphQL subscriptions and security learning project.
HackingStudy
proyecto creado de manera grupal, donde los usuarios se pueden registrar como clientes, proveedores para buscar/ofrecer servicios como plomeria,carpitenria, albañil, pintor para su hogar , creado con spring security, thimeleaf, boostrap y db Mysql(en camb
Password-Security
Explore new metrics and best practices to monitor your LLM systems and ensure safety and quality
📜 Security policy, code of conduct and license for most Actionforge projects
📦 An independent package manager that every hacker deserves.
Word4Per is an innovative framework for Zero-Shot Composed Person Retrieval (ZS-CPR), integrating visual and textual information for enhanced person identification. This repository includes the Word4Per code and the Image-Text Composed Person Retrieval (I
AppDev Hack Challenge 2023
security-camera-maintenance
A demo of Spring Boot implementing Spring Security, JWT and sql DB
Demo Project for CMPE279 Software Security Technologies
Simple commandline Hacker News client
2023-2학기 웹보안 팀프로젝트 프론트엔드
2023-2학기 웹보안 팀프로젝트 백엔드
Information Security - Защита информации - 7-ой семестр
PP_3_1_3_Boot_Security
Networking notes and some security tips
Group 5's Public Repository for Assignment 3. CNCF Project Operator Framework
EduConnect prototype is a web-based platform where users can create accounts, submit projects, browse, rate, and review projects, engage in discussions, and personalize their profiles.
ComputerSecurityMC-MitM
Sistema seguro de login
PiperSecurityResources
his contract will act as a secure vault for users to lock their tokens for a specified period, earning rewards over time. Each user will have a separate compartment within the contract, ensuring individualized security and reward calculation.
Security Data Analysis
security
SpringSecurity
Proof of Concept regarding Amazon Bedrock ☁️
security-pass
.NET, REST, PostgreSQL, MongoDB, Redis, caching, rate limiting and security learning project.
Spring Boot, REST, MySQL, MongoDB, Redis, caching, rate limiting and security learning project.
Passkeys Proof of Concept
complete guide to download and install Wi-Fi-driver in kali and parrot linux and Wi-Fi hacking basics and dos
Security_CA
TentaLabs version of a really cool fork of a fork but also it's own thing. Pokemon hacking is cool.
quiz_app For this project, I utilized technologies such as Spring Boot, Spring Security, PostgreSQL, Migrations, Docker, REST API, Postman, Liquibase, MapStruct, Hibernate ORM, and I also developed the frontend part of the website.
Spring Security Study
CloudSecurityAWS
...
2023-2 정보보안프로그래밍 강의 실습 및 과제
This repository contains my work done as part of the 'Hacking with Swift 100 Day Challenge.' Throughout this challenge, I will be working on a new project or concept every day using the Swift programming language, with the additional goal of sharing my pr
A web application for vehicle service reservation center with a focus on security, authentication, and access control.🚗🫧
Open Source Security Project
Nova Web Security Live Class
proof-of-concept
This script provides a streamlined process for setting up a Mastodon instance on a single server. In addition to the installation, it also includes security enhancements to ensure the server operates safely and efficiently.
Proof-of-Concept for the VisualFP application
Problems of Geeks Hack 3.0
A snapshotting, coverage-guided fuzzer for software (UEFI, Kernel, firmware, BIOS) built on SIMICS
Get correlations between securities and economic indicators
Proof of concept to use many visual components.
Front end, proof of concept layout.
A free mixin-based injection skid hacked-client for Minecraft using Minecraft Forge, supporting version 1.8.9
All artefacts required to deploy a proof-of-concept Ansible Automation Platform as a Service
Proof of Concept for hypothesis testing from Inuka
L-System framework for procedural generation. Proof of concept project.
Easily Mask Any URL
🚗 An autonomous driving security research repository, maintained by the ADSecTeam-bjtu.
Awesome-LLMSec i.e., Top Portal for All things LLM Security & Red Teaming Generative AI
A gateway and a structural support API, empowering seamless user access and security.
Cyber Security Analyst
An Application desinged to keep youre Data yours.
OpenLotto is an open-source blockchain-based lottery platform with focus on transparency, security and fairnes.
Physical Access Control
Hackings style defence tricks
Debian Hacks
helpful-links-for-OSINT-Security-Hacking
Experimenting the compilation of a single .rs file into .wasm module Ultimately try to make Proof of Concept for HMR on rust web frontend framework (Leptos)
microservices-security-jwt
patcher for Process Hacker to change its window class and title, icon, and process description! tested only on Process Hacker version 2.39.124
OSINT Tools suits for pentesters and for security assessment
Zaključaj svoj digitalni život.
hack:DiD submissions
Passive subdomain continous monitoring tool.
Dockerized version of fabpot/local-php-security-checker
Spring_Security_Java_pre-project.3.1.5
AI Mechs for EthLisbon hack
Future of Registered National Securities Exchange for Cryptocurrency Token Trading on a public blockchain by non-natural investors who are not registered broker-dealers or an affiliate of a broker-dealer.
This is a basic website that was written in HTML, along with CSS and Java Script. The Goal is to make the website look like an early 2000's website, with a Hacker flare.
A proof-of-concept for a CI system meant for embedded software development
Hack for Jklm.fun's own WordBomb
nodejs-security-dotcom
just to learn and understanding spring security
Facebook Cloning Facebook Hack fb Crack
Code for "Spring Security: The Good Parts"
Proof of concept for canshare
University course (3,4 course)
George's smart contract security review reports
A savegame editor for Tomb Raider Chronicles, written in Visual C++. Used HxD hex editor to reverse engineer the savegame files.
Security_Patch_Merge_Helper
cloud-native-security-news
A high-performance no-code GraphQL backend
Hacked By WinnnTzy
Helper tools to analyze the " Financial Statement Data Sets" from the U.S. securities and exchange commission (sec.gov)
Proof of concept
Analyze assets authorization, who has access to what and how
Proof Of Concept to implement the RAII pattern in Kotlin using a compiler plugin.
A proof-of-concept web desktop which supports distributed sandboxed web applications
Sign in, sign out, and proof of-concept of waiver for local robotics teams
The Socket CLI tool
A library for detecting known secrets across many web frameworks
Documenting my journey in the world of CyberSecurity
SBOM4Rust generates a Software Bill of Materials (SBOM) for a Rust component.
SDK for SecDim Play levels, an open training game for secure programming
key master storage
Socket SDK for JavaScript / TypeScript
The website for Hack Austin, the first high school hackathon in Austin since the pandemic!
Runtime security plug to protect user containers
Sample pipeline demo highlighting how to integrate Falcon Container Sensor into ECS Fargate Workloads
Python Antivirus Engine Scanner
[Proof-of-Concept] A tool providing metrics and logs from an Uyuni server to show its health status
Security reports and disclosures of Brahma
Compage - Low-Code Framework to develop Rest API, gRPC, dRPC, GraphQL, WebAssembly, microservices, FaaS, Temporal workloads, IoT and edge services, K8s controllers, K8s CRDs, K8s custom APIs, K8s Operators, K8s hooks, etc. with minimal coding and by autom
A lightweight container for distributed security policy evaluation
Once a quick hack to host a project that was due way too soon. Now a slightly less quick hack to display the things I've made.
A GitHub action for @security-alert/sarif-to-issue
Spirit - Network Pentest Tools
A GitHub action for @security-alert/sarif-to-comment
Proof of concept for a GitHub Actions datastore for Jujutsu Kaisen manga.
Proof of concept for a GitHub Actions datastore for One Piece manga.
Java implementation of Tink
Security system for monitoring in a plantation to minimize theft.
Include some basic Tools (using python )and Concepts for hacking
Mini projects with Spring Boot
security-bundle
Security vulnerability database inclusive of CVEs and GitHub originated security advisories from the world of open source software.
Integrates Firebase Auth Token validation into a Micronaut application via Micronaut Security
:cloud: :zap: Granular, Actionable Adversary Emulation for the Cloud
Proof of Concept Demo Shiny Application for Tracking KPIs related to P&C Self Insurance
Bug Bounty Vps Setup Tools
Async Cybereason API client
security-research
CyberSecurity
As we all know the BGMI Loot Crate comes with so many resources for the gamers, this ML Crate will be the hub of various ML projects which will be the resources for the ML enthusiasts! Open Source Programs: SWOC 2021, JWOC 2022, OpenCode 2022, Hack Club R
A GitHub Action for authenticating to Google Cloud.
GitHub hosted webpage
This Repo contains the required code to solve the Python Coding Problems in Hacker Rank.
Companion add-on for Firefox Relay. Keep your email safe from hackers and trackers. Make an email alias with one click, and keep your address to yourself.
A list of useful payloads and bypass for Web Application Security
A simple ticket system browser application that had been created in the course of a project work in vocational training. IMPORTANT Because of security issues it's not recommended to use this tool in a life system.
This is a work in progress. It is a remake of the Terminal Hacker console application, using Blazor WebAssembly.
Regulatory Oversight Management - Transportation Security / Gestion de la surveillance reglementaire - Sûreté des transports Web Resources
2021-04_springBoot_security
AddOn for HomeMatic CCU and compatible devices to interact with eufy security devices.
Custom ADMX template focused on hardening Windows 10 systems
A React fronted for Hacker News
An open source enterprise digital identity platform that scales: Janssen is a distribution of standards-based, developer friendly, components that are engineered to work together in any cloud. #OAuth #OpenID #FIDO
A firewall management system.
The VPN client libraries provide a reference implementation for a secure, encrypted tunnel for connected devices. Full Public report: https://research.nccgroup.com/2021/04/08/public-report-vpn-by-google-one-technical-security-privacy-assessment/
UNIX-like reverse engineering framework and command-line toolset.
A free file hosting server that focuses on speed, reliability and security.
An admission controller that integrates Container Image Signature Verification into a Kubernetes cluster
Maid Runner is a versatile task automation software designed to serve as the foundation for various cyber security modules. It provides capabilities for tasks such as forensic research, OSINT (Open Source Intelligence), scanning, backup and copying, intr
POC Simple Spring security application
WWDCNotes.com content
TOTP MFA/2FA application written in Rust and GTK3
Testing framework for Cloudflare Firewall rules
🌈 The new, new Hack Club website (uses Next.js & Theme UI).
Use DOMPurify on server and client in the same way
My personal hacker space written via Emacs' OrgMode, built via Astro
Platform independent library for interfacing windows security descriptors
Quilkin is a non-transparent UDP proxy specifically designed for use with large scale multiplayer dedicated game server deployments, to ensure security, access control, telemetry data, metrics and more.
PyAMS security management package and authentication policy
React/Bootstrap frontend and NodeJS/MongoDB backend for Hacker News, shows top articles (responsive)
🥇 1st Place UB Hacking 2019. Designed a hardware-based UI to help people struggling with vision impairedness navigate through their environment.
hack cmu code for motion recognition screen control
JavaScript security CLI that allow you to deeply analyze the dependency tree of a given package or local Node.js project.
Proof of concept model of randomly growing neural network
Unikraft is an automated system for building specialized OSes known as unikernels. Unikraft can be configured to be POSIX-compliant. (Core repository)
Firewall-System based on OpenWRT or Pi-Hole with UnBound, TOR, optional Privoxy, opt. ntopng and opt. Configuration of the AVM FRITZ!Box with Presets for Security and Port-List. Please visit:
Spoof SSDP replies and create fake UPnP devices to phish for credentials and NetNTLM challenge/response.
🛡️ A private certificate authority (X.509 & SSH) & ACME server for secure automated certificate management, so you can use TLS everywhere & SSO for SSH.
Middleware in Action (mia) is a proof-of-concept from AoLab since 2016
CloudGoat is Rhino Security Labs' "Vulnerable by Design" AWS deployment tool
a "Proof of Concept or GTFO" mirror with an extensive index with also whole issues or individual articles as clean PDFs.
Secure WordPress login with two factor authentication
Firefox Monitor arms you with tools to keep your personal information safe. Find out what hackers already know about you and learn how to stay a step ahead of them.
Security module for php7 and php8 - Killing bugclasses and virtual-patching the rest!
Alloy is a language for describing structures and a tool for exploring them. It has been used in a wide range of applications from finding holes in security mechanisms to designing telephone switching networks. This repository contains the code for the to
Authentication service that keeps you in control without forcing you to be an expert in web security.
Stats about the Tor network (website)
Prowler is an Open Source Security tool for AWS, Azure and GCP to perform Cloud Security best practices assessments, audits, incident response, compliance, continuous monitoring, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, F
🏆Open Source Security Foundation (OpenSSF) Best Practices Badge (formerly Core Infrastructure Initiative (CII) Best Practices Badge)
Proof of concept
HydraFW official firmware for HydraBus/HydraNFC for researcher, hackers, students, embedded software developers or anyone interested in debugging/hacking/developing/penetration testing
Multi-platform transparent client-side encryption of your files in the cloud
An ArchLinux based distribution for penetration testers and security researchers.
DroidSniff is an Android app for Security analysis in wireless networks and capturing facebook, twitter, linkedin and other accounts.
CVE-2023-23324 -- Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain hardcoded credentials for the Administrator account.
CVE-2023-23325 -- Zumtobel Netlink CCD Onboard 3.74 - Firmware 3.80 was discovered to contain a command injection vulnerability via the NetHostname parameter.
CVE-2023-24294 -- Zumtobel Netlink CCD Onboard v3.74 - Firmware v3.80 was discovered to contain a buffer overflow via the component NetlinkWeb::Information::SetDeviceIdentification.
CVE-2023-46886 -- Dreamer CMS before version 4.0.1 is vulnerable to Directory Traversal. Background template management allows arbitrary modification of the template file, allowing system sensitive files to be read.
CVE-2023-46887 -- In Dreamer CMS before 4.0.1, the backend attachment management office has an Arbitrary File Download vulnerability.
CVE-2023-47462 -- Insecure Permissions vulnerability in GL.iNet AX1800 v.3.215 and before allows a remote attacker to execute arbitrary code via the file sharing function.
CVE-2022-41678 -- Once an user is authenticated on Jolokia, he can potentially trigger arbitrary code execution. 
CVE-2023-24023 -- Bluetooth BR/EDR devices with Secure Simple Pairing and Secure Connections pairing in Bluetooth Core Specification 4.2 through 5.4 allow certain man-in-the-middle attacks that force a short key length, and might lead to discovery of the encryption key and
CVE-2023-29060 -- The FACSChorusâ„¢ workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.
CVE-2023-29060 -- The FACSChorus workstation operating system does not restrict what devices can interact with its USB ports. If exploited, a threat actor with physical access to the workstation could gain access to system information and potentially exfiltrate data.
CVE-2023-29061 -- There is no BIOS password on the FACSChorus workstation. A threat actor with physical access to the workstation can potentially exploit this vulnerability to access the BIOS configuration and modify the drive boot order and BIOS pre-boot authentication.
CVE-2023-29062 -- The Operating System hosting the FACSChorus application is configured to allow transmission of hashed user credentials upon user action without adequately validating the identity of the requested resource. This is possible through the use of LLMNR, MBT-NS
CVE-2023-29063 -- The FACSChorus workstation does not prevent physical access to its PCI express (PCIe) slots, which could allow a threat actor to insert a PCI card designed for memory capture. A threat actor can then isolate sensitive information such as a BitLocker encry
CVE-2023-29064 -- The FACSChorus software contains sensitive information stored in plaintext. A threat actor could gain hardcoded secrets used by the application, which include tokens and passwords for administrative accounts.
CVE-2023-29065 -- The FACSChorus software database can be accessed directly with the privileges of the currently logged-in user. A threat actor with physical access could potentially gain credentials, which could be used to alter or destroy data stored in the database.
CVE-2023-29066 -- The FACSChorus software does not properly assign data access privileges for operating system user accounts. A non-administrative OS account can modify information stored in the local application data folders.
CVE-2023-29770 -- In Sentrifugo 3.5, the AssetsController::uploadsaveAction function allows an authenticated attacker to upload any file without extension filtering.
CVE-2023-30585 -- A vulnerability has been identified in the Node.js (.msi version) installation process, specifically affecting Windows users who install Node.js using the .msi installer. This vulnerability emerges during the repair operation, where the "msiexec.exe" proc
CVE-2023-30588 -- When an invalid public key is used to create an x509 certificate using the crypto.X509Certificate() API a non-expect termination occurs making it susceptible to DoS attacks when the attacker could force interruptions of application processing, as the proc
CVE-2023-30590 -- The generateKeys() API function returned from crypto.createDiffieHellman() only generates missing (or outdated) keys, that is, it only generates a private key if none has been set yet, but the function is also needed to compute the corresponding public ke
CVE-2023-32063 -- OroCalendarBundle enables a Calendar feature and related functionality in Oro applications. Back-office users can access information from any call event, bypassing ACL security restrictions due to insufficient security checks. This issue has been patched
CVE-2023-32064 -- OroCommerce package with customer portal and non authenticated visitor website base features. Back-office users can access information about Customer and Customer User menus, bypassing ACL security restrictions due to insufficient security checks. This is
CVE-2023-32065 -- OroCommerce is an open-source Business to Business Commerce application built with flexibility in mind. Detailed Order totals information may be received by Order ID. This issue is patched in version 5.0.11 and 5.1.1.
CVE-2023-3368 -- Command injection in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to obtain remote code execution via improper neutralisation of special characters. This is a bypass of CVE-2023-34960.
CVE-2023-34053 -- In Spring Framework versions 6.0.0 - 6.0.13, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
CVE-2023-34055 -- In Spring Boot versions 2.7.0 - 2.7.17, 3.0.0-3.0.12 and 3.1.0-3.1.5, it is possible for a user to provide specially crafted HTTP requests that may cause a denial-of-service (DoS) condition.
CVE-2023-35136 -- An improper input validation vulnerability in the “Quagga” package of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN se
CVE-2023-35139 -- A cross-site scripting (XSS) vulnerability in the CGI program of the Zyxel ATP series firmware versions 5.10 through 5.37, USG FLEX series firmware versions 5.00 through 5.37, USG FLEX 50(W) series firmware versions 5.10 through 5.37, USG20(W)-VPN series
CVE-2023-3533 -- Path traversal in file upload functionality in `/main/webservices/additional_webservices.php` in Chamilo LMS <= v1.11.20 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution via arbitrary file wr
CVE-2023-3545 -- Improper sanitisation in `main/inc/lib/fileUpload.lib.php` in Chamilo LMS <= v1.11.20 on Windows and Apache installations allows unauthenticated attackers to bypass file upload security protections and obtain remote code execution via uploading of `.htacc
CVE-2023-37926 -- A buffer overflow vulnerability in the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series firmware versions 4.16 through
CVE-2023-41264 -- Netwrix Usercube before 6.0.215, in certain misconfigured on-premises installations, allows authentication bypass on deployment endpoints, leading to privilege escalation. This only occurs if the configuration omits the required restSettings.AuthorizedCli
CVE-2023-42004 -- IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262.
CVE-2023-42004 -- IBM Security Guardium 11.3, 11.4, and 11.5 is potentially vulnerable to CSV injection. A remote attacker could execute malicious commands due to improper validation of csv file contents. IBM X-Force ID: 265262.
CVE-2023-4220 -- Unrestricted file upload in big file upload functionality in `/main/inc/lib/javascript/bigupload/inc/bigUpload.php` in Chamilo LMS <= v1.11.24 allows unauthenticated attackers to perform stored cross-site scripting attacks and obtain remote code execution
CVE-2023-4221 -- Command injection in `main/lp/openoffice_presentation.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.
CVE-2023-4222 -- Command injection in `main/lp/openoffice_text_document.class.php` in Chamilo LMS <= v1.11.24 allows users permitted to upload Learning Paths to obtain remote code execution via improper neutralisation of special characters.
CVE-2023-4223 -- Unrestricted file upload in `/main/inc/ajax/document.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVE-2023-4224 -- Unrestricted file upload in `/main/inc/ajax/dropbox.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVE-2023-4225 -- Unrestricted file upload in `/main/inc/ajax/exercise.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVE-2023-4226 -- Unrestricted file upload in `/main/inc/ajax/work.ajax.php` in Chamilo LMS <= v1.11.24 allows authenticated attackers with learner role to obtain remote code execution via uploading of PHP files.
CVE-2023-42502 -- An authenticated attacker with update datasets permission could change a dataset link to an untrusted site by spoofing the HTTP Host header, users could be redirected to this site when clicking on that specific dataset. This issue affects Apache Superset
CVE-2023-42504 -- An authenticated malicious user could initiate multiple concurrent requests, each requesting multiple dashboard exports, leading to a possible denial of service.
CVE-2023-42505 -- An authenticated user with read permissions on database connections metadata could potentially access sensitive information such as the connection's username.
CVE-2023-4397 -- A buffer overflow vulnerability in the Zyxel ATP series firmware version 5.37, USG FLEX series firmware version 5.37, USG FLEX 50(W) series firmware version 5.37, and USG20(W)-VPN series firmware version 5.37, could allow an authenticated local attacker w
CVE-2023-4398 -- An integer overflow vulnerability in the source code of the QuickSec IPSec toolkit used in the VPN feature of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware ver
CVE-2023-45286 -- A race condition in go-resty can result in HTTP request body disclosure across requests. This condition can be triggered by calling sync.Pool.Put with the same *bytes.Buffer more than once, when request retries are enabled and a retry occurs. The call to
CVE-2023-45539 -- HAProxy before 2.8.2 accepts # as part of the URI component, which might allow remote attackers to obtain sensitive information or have unspecified other impact upon misinterpretation of a path_end rule, such as routing index.html#.png to a static server.
CVE-2023-46589 -- Improper Input Validation vulnerability in Apache Tomcat.Tomcat from 11.0.0-M1 through 11.0.0-M10, from 10.1.0-M1 through 10.1.15, from 9.0.0-M1 through 9.0.82 and from 8.5.0 through 8.5.95 did not correctly parse HTTP trailer headers. A trailer header th
CVE-2023-46944 -- An issue in GitKraken GitLens before v.14.0.0 allows an attacker to execute arbitrary code via a crafted file to the Visual Studio Codes workspace trust component.
CVE-2023-47437 -- A vulnerability has been identified in Pachno 1.0.6 allowing an authenticated attacker to execute a cross-site scripting (XSS) attack. The vulnerability exists due to inadequate input validation in the Project Description and comments, which enables an at
CVE-2023-47503 -- An issue in jflyfox jfinalCMS v.5.1.0 allows a remote attacker to execute arbitrary code via a crafted script to the login.jsp component in the template management module.
CVE-2023-48022 -- Anyscale Ray 2.6.3 and 2.8.0 allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a str
CVE-2023-48023 -- Anyscale Ray 2.6.3 and 2.8.0 allows /log_proxy SSRF. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment
CVE-2023-48042 -- Amazzing Filter for Prestashop through 3.2.2 is vulnerable to Cross-Site Scripting (XSS).
CVE-2023-48121 -- An authentication bypass vulnerability in the Direct Connection Module in Ezviz CS-C6N-xxx prior to v5.3.x build 20230401, Ezviz CS-CV310-xxx prior to v5.3.x build 20230401, Ezviz CS-C6CN-xxx prior to v5.3.x build 20230401, Ezviz CS-C3N-xxx prior to v5.3.
CVE-2023-48193 -- Insecure Permissions vulnerability in JumpServer GPLv3 v.3.8.0 allows a remote attacker to execute arbitrary code via bypassing the command filtering function.
CVE-2023-48713 -- Knative Serving builds on Kubernetes to support deploying and serving of applications and functions as serverless containers. An attacker who controls a pod to a degree where they can control the responses from the /metrics endpoint can cause Denial-of-Se
CVE-2023-48848 -- An arbitrary file read vulnerability in ureport v2.2.9 allows a remote attacker to arbitrarily read files on the server by inserting a crafted path.
CVE-2023-49062 -- Katran could disclose non-initialized kernel memory as part of an IP header. The issue was present for IPv4 encapsulation and ICMP (v4) Too Big packet generation. After a bpf_xdp_adjust_head call, Katran code didn’t initialize the Identification field for
CVE-2023-49075 -- The Admin Classic Bundle provides a Backend UI for Pimcore. `AdminBundle\Security\PimcoreUserTwoFactorCondition` introduced in v11 disable the two factor authentication for all non-admin security firewalls. An authenticated user can access the system with
CVE-2023-49078 -- raptor-web is a CMS for game server communities that can be used to host information and keep track of players. In version 0.4.4 of raptor-web, it is possible to craft a malicious URL that will result in a reflected cross-site scripting vulnerability. A u
CVE-2023-49092 -- RustCrypto/RSA is a portable RSA implementation in pure Rust. Due to a non-constant-time implementation, information about the private key is leaked through timing information which is observable over the network. An attacker may be able to use that infor
CVE-2023-49313 -- A dylib injection vulnerability in XMachOViewer 0.04 allows attackers to compromise integrity. By exploiting this, unauthorized code can be injected into the product's processes, potentially leading to remote control and unauthorized access to sensitive u
CVE-2023-49314 -- Asana Desktop 2.1.0 on macOS allows code injection because of specific Electron Fuses. There is inadequate protection against code injection through settings such as RunAsNode and EnableNodeCliInspectArguments, and thus r3ggi/electroniz3r can be used to p
CVE-2023-5650 -- An improper privilege management vulnerability in the ZySH of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-VPN series fir
CVE-2023-5797 -- An improper privilege management vulnerability in the debug CLI command of the Zyxel ATP series firmware versions 4.32 through 5.37, USG FLEX series firmware versions 4.50 through 5.37, USG FLEX 50(W) series firmware versions 4.16 through 5.37, USG20(W)-V
CVE-2023-5960 -- An improper privilege management vulnerability in the hotspot feature of the Zyxel USG FLEX series firmware versions 4.50 through 5.37 and VPN series firmware versions 4.30 through 5.37 could allow an authenticated local attacker to access the system file
CVE-2023-5981 -- A vulnerability was found that the response times to malformed ciphertexts in RSA-PSK ClientKeyExchange differ from response times of ciphertexts with correct PKCS#1 v1.5 padding.
CVE-2023-6150 -- Improper Privilege Management vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105.
CVE-2023-6201 -- Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in Univera Computer System Panorama allows Command Injection.This issue affects Panorama: before 8.0.
CVE-2023-6219 -- The BookingPress plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file validation on the 'bookingpress_process_upload' function in versions up to, and including, 1.0.76. This makes it possible for authenticated attackers wi
CVE-2023-6225 -- The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's su_meta shortcode combined with post meta data in all versions up to, and including, 5.13.3 due to insufficient input sanitiz
CVE-2023-6226 -- The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due to missing validation on the user controlled keys 'key' and 'p
CVE-2023-6239 -- Improperly calculated effective permissions in M-Files Server versions 23.9 and 23.10 and 23.11 before 23.11.13168.7 could produce a faulty result if an object used a specific configuration of metadata-driven permissions.
CVE-2023-6359 -- A Cross-Site Scripting (XSS) vulnerability has been found in Alumne LMS affecting version 4.0.0.1.08. An attacker could exploit the 'localidad' parameter to inject a custom JavaScript payload and partially take over another user's browser session, due to
CVE-2024-0070 -- Rejected reason: This CVE ID was unused by the CNA.
CVE-2022-41951 -- OroPlatform is a PHP Business Application Platform (BAP) designed to make development of custom business applications easier and faster. Path Traversal is possible in `Oro\Bundle\GaufretteBundle\FileManager::getTemporaryFileName`. With this method, an att
CVE-2023-25632 -- The Android Mobile Whale browser app before 3.0.1.2 allows the attacker to bypass its browser unlock function via 'Open in Whale' feature.
CVE-2023-2707 -- The gAppointments WordPress plugin through 1.9.5.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowe
CVE-2023-31275 -- An uninitialized pointer use vulnerability exists in the functionality of WPS Office 11.2.0.11537 that handles Data elements in an Excel file. A specially crafted malformed file can lead to remote code execution. An attacker can provide a malicious file t
CVE-2023-32062 -- OroPlatform is a package that assists system and user calendar management. Back-office users can access information from any system calendar event, bypassing ACL security restrictions due to insufficient security checks. This vulnerability has been patche
CVE-2023-32616 -- A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles 3D annotations. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption and
CVE-2023-35075 -- Mattermost fails to use  innerText / textContent when setting the channel name in the webapp during autocomplete, allowing an attacker to inject HTML to a victim's page by create a channel name that is valid HTML. No XSS is possible though. 
CVE-2023-35985 -- An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to a failure to properly validate a dangerous extension. A specially crafted malicious file can create files at arbitrary locations, wh
CVE-2023-38573 -- A use-after-free vulnerability exists in the way Foxit Reader 12.1.2.15356 handles a signature field. A specially crafted Javascript code inside a malicious PDF document can trigger reuse of a previously freed object, which can lead to memory corruption a
CVE-2023-39542 -- A code execution vulnerability exists in the Javascript saveAs API of Foxit Reader 12.1.3.15356. A specially crafted malformed file can create arbitrary files, which can lead to remote code execution. An attacker needs to trick the user into opening the m
CVE-2023-40194 -- An arbitrary file creation vulnerability exists in the Javascript exportDataObject API of Foxit Reader 12.1.3.15356 due to mistreatment of whitespace characters. A specially crafted malicious file can create files at arbitrary locations, which can lead to
CVE-2023-40610 -- Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker
CVE-2023-40703 -- Mattermost fails to properly limit the characters allowed in different fields of a block in Mattermost Boards allowing a attacker to consume excessive resources, possibly leading to Denial of Service, by patching the field of a block using a specially cra
CVE-2023-41257 -- A type confusion vulnerability exists in the way Foxit Reader 12.1.2.15356 handles field value properties. A specially crafted Javascript code inside a malicious PDF document can trigger this vulnerability, which can lead to memory corruption and result
CVE-2023-41998 -- Arcserve UDP prior to 9.2 contained a vulnerability in the com.ca.arcflash.rps.webservice.RPSService4CPMImpl interface. A routine exists that allows an attacker to upload and execute arbitrary files.
CVE-2023-41999 -- An authentication bypass exists in Arcserve UDP prior to version 9.2. An unauthenticated, remote attacker can obtain a valid authentication identifier that allows them to authenticate to the management console and perform tasks that require authentication
CVE-2023-42000 -- Arcserve UDP prior to 9.2 contains a path traversal vulnerability in com.ca.arcflash.ui.server.servlet.FileHandlingServlet.doUpload(). An unauthenticated remote attacker can exploit it to upload arbitrary files to any location on the file system where the
CVE-2023-42363 -- A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
CVE-2023-42363 -- A use-after-free vulnerability was discovered in xasprintf function in xfuncs_printf.c:344 in BusyBox v.1.36.1.
CVE-2023-42364 -- A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.
CVE-2023-42364 -- A use-after-free vulnerability in BusyBox v.1.36.1 allows attackers to cause a denial of service via a crafted awk pattern in the awk.c evaluate function.
CVE-2023-42365 -- A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.
CVE-2023-42365 -- A use-after-free vulnerability was discovered in BusyBox v.1.36.1 via a crafted awk pattern in the awk.c copyvar function.
CVE-2023-42366 -- A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.
CVE-2023-42366 -- A heap-buffer-overflow was discovered in BusyBox v.1.36.1 in the next_token function at awk.c:1159.
CVE-2023-42501 -- Unnecessary read permissions within the Gamma role would allow authenticated users to read configured CSS templates and annotations.
CVE-2023-4252 -- The EventPrime WordPress plugin through 3.2.9 specifies the price of a booking in the client request, allowing an attacker to purchase bookings without payment.
CVE-2023-4297 -- The Mmm Simple File List WordPress plugin through 2.3 does not validate the generated path to list files from, allowing any authenticated users, such as subscribers, to list the content of arbitrary directories.
CVE-2023-43701 -- Improper payload validation and an improper REST API response type, made it possible for an authenticated malicious actor to store malicious code into Chart's metadata, this code could get executed if a user specifically accesses a specific deprecated API
CVE-2023-43754 -- Mattermost fails to check whether the  “Allow users to view archived channels”  setting is enabled during permalink previews display, allowing members to view permalink previews of archived channels even if the “Allow users to view archived channels” sett
CVE-2023-4514 -- The Mmm Simple File List WordPress plugin through 2.3 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to per
CVE-2023-45223 -- Mattermost fails to properly validate the "Show Full Name" option in a few endpoints in Mattermost Boards, allowing a member to get the full name of another user even if the Show Full Name option was disabled. 
CVE-2023-4590 -- Buffer overflow vulnerability in Frhed hex editor, affecting version 1.6.0. This vulnerability could allow an attacker to execute arbitrary code via a long filename argument through the Structured Exception Handler (SEH) registers.
CVE-2023-46349 -- In the module "Product Catalog (CSV, Excel) Export/Update" (updateproducts) < 3.8.5 from MyPrestaModules for PrestaShop, a guest can perform SQL injection. The method `productsUpdateModel::getExportIds()` has sensitive SQL calls that can be executed with
CVE-2023-46355 -- In the module "CSV Feeds PRO" (csvfeeds) < 2.6.1 from Bl Modules for PrestaShop, a guest can download personal information without restriction. Due to too permissive access control which does not force administrator to use password on feeds, a guest can a
CVE-2023-4642 -- The kk Star Ratings WordPress plugin before 5.4.6 does not implement atomic operations, allowing one user vote multiple times on a poll due to a Race Condition.
CVE-2023-46480 -- An issue in OwnCast v.0.1.1 allows a remote attacker to execute arbitrary code and obtain sensitive information via the authHost parameter of the indieauth function.
CVE-2023-47168 -- Mattermost fails to properly check a redirect URL parameter allowing for an open redirect was possible when the user clicked "Back to Mattermost" after providing a invalid custom url scheme in /oauth/{service}/mobile_login?redirect_to=
CVE-2023-47865 -- Mattermost fails to check if hardened mode is enabled when overriding the username and/or the icon when posting a post. If settings allowed integrations to override the username and profile picture when posting, a member could also override the username a
CVE-2023-48034 -- An issue discovered in Acer Wireless Keyboard SK-9662 allows attacker in physical proximity to both decrypt wireless keystrokes and inject arbitrary keystrokes via use of weak encryption.
CVE-2023-48188 -- SQL injection vulnerability in PrestaShop opartdevis v.4.5.18 thru v.4.6.12 allows a remote attacker to execute arbitrary code via a crafted script to the getModuleTranslation function.
CVE-2023-48268 -- Mattermost fails to limit the amount of data extracted from compressed archives during board import in Mattermost Boards allowing an attacker to consume excessive resources, possibly leading to Denial of Service, by importing a board using a specially cra
CVE-2023-48369 -- Mattermost fails to limit the log size of server logs allowing an attacker sending specially crafted requests to different endpoints to potentially overflow the log.
CVE-2023-49028 -- Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the user parameter in the lock/lock.php file.
CVE-2023-49029 -- Cross Site Scripting vulnerability in smpn1smg absis v.2017-10-19 and before allows a remote attacker to execute arbitrary code via the nama parameter in the lock/lock.php file.
CVE-2023-49030 -- SQL Injection vulnerability in32ns KLive v.2019-1-19 and before allows a remote attacker to obtain sensitive information via a crafted script to the web/user.php component.
CVE-2023-49040 -- An issue in Tneda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the adslPwd parameter in the form_fast_setting_internet_set function.
CVE-2023-49042 -- Heap Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the schedStartTime parameter or the schedEndTime parameter in the function setSchedWifi.
CVE-2023-49043 -- Buffer Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the wpapsk_crypto parameter in the function fromSetWirelessRepeat.
CVE-2023-49044 -- Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the ssid parameter in the function form_fast_setting_wifi_set.
CVE-2023-49046 -- Stack Overflow vulnerability in Tenda AX1803 v.1.0.0.1 allows a remote attacker to execute arbitrary code via the devName parameter in the function formAddMacfilterRule.
CVE-2023-49047 -- Tenda AX1803 v1.0.0.1 contains a stack overflow via the devName parameter in the function formSetDeviceName.
CVE-2023-49068 -- Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache DolphinScheduler.This issue affects Apache DolphinScheduler: before 3.2.1.
CVE-2023-49145 -- Apache NiFi 0.7.0 through 1.23.2 include the JoltTransformJSON Processor, which provides an advanced configuration user interface that is vulnerable to DOM-based cross-site scripting. If an authenticated user, who is authorized to configure a JoltTransfor
CVE-2023-4922 -- The WPB Show Core WordPress plugin through 2.2 is vulnerable to a local file inclusion via the `path` parameter.
CVE-2023-4931 -- Uncontrolled search path element vulnerability in Plesk Installer affects version 3.27.0.0. A local attacker could execute arbitrary code by injecting DLL files into the same folder where the application is installed, resulting in DLL hijacking in edputil
CVE-2023-49316 -- In Math/BinaryField.php in phpseclib before 3.0.34, excessively large degrees can lead to a denial of service.
CVE-2023-49321 -- Certain WithSecure products allow a Denial of Service because scanning a crafted file takes a long time, and causes the scanner to hang. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, Wi
CVE-2023-49322 -- Certain WithSecure products allow a Denial of Service because there is an unpack handler crash that can lead to a scanning engine crash. This affects WithSecure Client Security 15, WithSecure Server Security 15, WithSecure Email and Server Security 15, Wi
CVE-2023-5209 -- The WordPress Online Booking and Scheduling Plugin WordPress plugin before 22.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered
CVE-2023-5239 -- The Security & Malware scan by CleanTalk WordPress plugin before 2.121 retrieves client IP addresses from potentially untrusted headers, allowing an attacker to manipulate its value. This may be used to bypass bruteforce protection.
CVE-2023-5325 -- The Woocommerce Vietnam Checkout WordPress plugin before 2.0.6 does not escape the custom shipping phone field no the checkout form leading to XSS
CVE-2023-5525 -- The Limit Login Attempts Reloaded WordPress plugin before 2.25.26 is missing authorization on the `toggle_auto_update` AJAX action, allowing any user with a valid nonce to toggle the auto-update status of the plugin.
CVE-2023-5559 -- The 10Web Booster WordPress plugin before 2.24.18 does not validate the option name given to some AJAX actions, allowing unauthenticated users to delete arbitrary options from the database, leading to denial of service.
CVE-2023-5560 -- The WP-UserOnline WordPress plugin before 2.88.3 does not sanitise and escape the X-Forwarded-For header before outputting its content on the page, which allows unauthenticated users to perform Cross-Site Scripting attacks.
CVE-2023-5604 -- The Asgaros Forum WordPress plugin before 2.7.1 allows forum administrators, who may not be WordPress (super-)administrators, to set insecure configuration that allows unauthenticated users to upload dangerous files (e.g. .php, .phtml), potentially leadin
CVE-2023-5611 -- The Seraphinite Accelerator WordPress plugin before 2.20.32 does not have authorisation and CSRF checks when resetting and importing its settings, allowing unauthenticated users to reset them
CVE-2023-5620 -- The Web Push Notifications WordPress plugin before 4.35.0 does not prevent visitors on the site from changing some of the plugin options, some of which may be used to conduct Stored XSS attacks.
CVE-2023-5641 -- The Martins Free & Easy SEO BackLink Link Building Network WordPress plugin before 1.2.30 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privileg
CVE-2023-5653 -- The WassUp Real Time Analytics WordPress plugin through 1.9.4.5 does not escape IP address provided via some headers before outputting them back in an admin page, allowing unauthenticated users to perform Stored XSS attacks against logged in admins
CVE-2023-5737 -- The WordPress Backup & Migration WordPress plugin before 1.4.4 does not authorize some AJAX requests, allowing users with a role as low as Subscriber to update some plugin settings.
CVE-2023-5738 -- The WordPress Backup & Migration WordPress plugin before 1.4.4 does not sanitise and escape some parameters, which could allow users with a role as low as Subscriber to perform Cross-Site Scripting attacks.
CVE-2023-5773 -- Rejected reason: ** REJECT ** DO NOT USE THIS CVE RECORD. ConsultIDs: CVE-2023-6136. Reason: This record is a reservation duplicate of CVE-20nn-nnnn. Notes: All CVE users should reference CVE-2023-6136 instead of this record. All references and descriptio
CVE-2023-5845 -- The Simple Social Media Share Buttons WordPress plugin before 5.1.1 leaks password-protected post content to unauthenticated visitors in some meta tags
CVE-2023-5871 -- A flaw was found in libnbd, due to a malicious Network Block Device (NBD), a protocol for accessing Block Devices such as hard disks over a Network. This issue may allow a malicious NBD server to cause a Denial of Service.
CVE-2023-5885 -- The discontinued FFS Colibri product allows a remote user to access files on the system including files containing login credentials for other users.
CVE-2023-5906 -- The Job Manager & Career WordPress plugin before 1.4.4 contains a vulnerability in the Directory Listings system, which allows an unauthorized user to view and download private files of other users. This vulnerability poses a serious security threat becau
CVE-2023-5942 -- The Medialist WordPress plugin before 1.4.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Store
CVE-2023-5958 -- The POST SMTP Mailer WordPress plugin before 2.7.1 does not escape email message content before displaying it in the backend, allowing an unauthenticated attacker to perform XSS attacks against highly privileged users.
CVE-2023-5974 -- The WPB Show Core WordPress plugin through 2.2 is vulnerable to server-side request forgery (SSRF) via the `path` parameter.
CVE-2023-6202 -- Mattermost fails to perform proper authorization in the /plugins/focalboard/api/v2/users endpoint allowing an attacker who is a guest user and knows the ID of another user to get their information (e.g. name, surname, nickname) via Mattermost Boards.
CVE-2023-6254 -- A Vulnerability in OTRS AgentInterface and ExternalInterface allows the reading of plain text passwords which are send back to the client in the server response-
CVE-2023-6287 -- Sensitive data exposure in Webconf in Tribe29 Checkmk Appliance before 1.6.8 allows local attacker to retrieve passwords via reading log files.
CVE-2023-6300 -- A vulnerability, which was classified as problematic, was found in SourceCodester Best Courier Management System 1.0. Affected is an unknown function. The manipulation of the argument page with the input </TiTlE><ScRiPt>alert(1)</ScRiPt> leads to cross si
CVE-2023-6301 -- A vulnerability has been found in SourceCodester Best Courier Management System 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file parcel_list.php of the component GET Parameter Handler. The manipulat
CVE-2023-6302 -- A vulnerability was found in CSZCMS 1.3.0 and classified as critical. Affected by this issue is some unknown functionality of the file \views\templates of the component File Manager Page. The manipulation leads to permission issues. The attack may be laun
CVE-2023-6303 -- A vulnerability was found in CSZCMS 1.3.0. It has been classified as problematic. This affects an unknown part of the file /admin/settings/ of the component Site Settings Page. The manipulation of the argument Additional Meta Tag with the input <svg><anim
CVE-2023-6304 -- A vulnerability was found in Tecno 4G Portable WiFi TR118 TR118-M30E-RR-D-EnFrArSwHaPo-OP-V008-20220830. It has been declared as critical. This vulnerability affects unknown code of the file /goform/goform_get_cmd_process of the component Ping Tool. The m
CVE-2023-6305 -- A vulnerability was found in SourceCodester Free and Open Source Inventory Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file ample/app/ajax/suppliar_data.php. The manipulation of the argument colu
CVE-2023-6306 -- A vulnerability classified as critical has been found in SourceCodester Free and Open Source Inventory Management System 1.0. Affected is an unknown function of the file /ample/app/ajax/member_data.php. The manipulation of the argument columns leads to sq
CVE-2023-6307 -- A vulnerability classified as critical was found in jeecgboot JimuReport up to 1.6.1. Affected by this vulnerability is an unknown functionality of the file /download/image. The manipulation of the argument imageUrl leads to relative path traversal. The a
CVE-2023-6308 -- A vulnerability, which was classified as critical, has been found in Xiamen Four-Faith Video Surveillance Management System 2016/2017. Affected by this issue is some unknown functionality of the component Apache Struts. The manipulation leads to unrestric
CVE-2023-6309 -- A vulnerability, which was classified as critical, was found in moses-smt mosesdecoder up to 4.0. This affects an unknown part of the file contrib/iSenWeb/trans_result.php. The manipulation of the argument input1 leads to os command injection. The exploit
CVE-2023-6310 -- A vulnerability has been found in SourceCodester Loan Management System 1.0 and classified as critical. This vulnerability affects the function delete_borrower of the file deleteBorrower.php. The manipulation of the argument borrower_id leads to sql injec
CVE-2023-6311 -- A vulnerability was found in SourceCodester Loan Management System 1.0 and classified as critical. This issue affects the function delete_ltype of the file delete_ltype.php of the component Loan Type Page. The manipulation of the argument ltype_id leads t
CVE-2023-6312 -- A vulnerability was found in SourceCodester Loan Management System 1.0. It has been classified as critical. Affected is the function delete_user of the file deleteUser.php of the component Users Page. The manipulation of the argument user_id leads to sql
CVE-2023-6313 -- A vulnerability was found in SourceCodester URL Shortener 1.0. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the component Long URL Handler. The manipulation leads to cross site scripting. The attack ca
CVE-2023-6329 -- An authentication bypass vulnerability exists in Control iD iDSecure v4.7.32.0. The login routine used by iDS-Core.dll contains a "passwordCustom" option that allows an unauthenticated attacker to compute valid credentials that can be used to bypass authe