Red Cross Releases Wartime Hacktivist Rules
Looney Tunables: New Linux Flaw Enables Privilege Escalation on Major Distributions
Cybersecurity preparedness pays big dividends for businesses
Factors leading to organizations losing control over IT and security environments
Identify How Cyber Criminals Use Generative AI in Business Email Compromise (BEC) Attacks
Making privacy sustainable: Incorporating privacy into the ESG agenda
Tackling cyber risks head-on using security questionnaires
Understanding the layers of LLM security for business integration
Linux Vulnerability Exposes Millions of Systems to Attack
New 'Looney Tunables' Linux bug gives root on major distros
Fast-Growing Dropbox Campaign Steals Microsoft SharePoint Credentials
Sophos Firewall v20: Streamlined Management
ShellTorch Attack Exposes Millions of PyTorch Systems to RCE Vulnerabilities
Microsoft now lets you play a game during Windows 11 installs
Android October security update fixes zero-days exploited in attacks
Google to bolster phishing and malware delivery defenses in 2024
Online payment firms subjected to extended web skimming attack
Killnet DDoS attack disrupts British royal family's website
Qualcomm Releases Patch for 3 new Zero-Days Under Active Exploitation
Warning: PyTorch Models Vulnerable to Remote Code Execution via ShellTorch
ShellTorch flaws expose AI servers to code execution attacks
Over 3 Dozen Data-Stealing Malicious npm Packages Found Targeting Developers
Qualcomm says hackers exploit 3 zero-days in its GPU, DSP drivers
Microsoft Edge, Teams get fixes for zero-days in open-source libraries
KillNet Claims DDoS Attack Against Royal Family Website
North Korea Poses as Meta to Deploy Complex Backdoor at Aerospace Org
Which DFIR Challenges Does the Middle East Face?
Researchers Find Malicious npm Packages Targeting Sensitive Data
EU Cyber Resilience Act Could be Exploited for Surveillance, Experts W
NSA Establishes AI Security Center
Staying Safe and Secure Online: Cybersecurity Awareness Month
Motel One Group's Swift Response Thwarts Ransomware Attack
Concentric AI enhances its DSPM solution with data lineage for better data protection and management
LogicMonitor Dexda offers contextualized data and observability capabilities
Stack Identity SARA prioritizes cloud and data security risks
Akamai introduces new capabilities to simplify PCI DSS 4.0 compliance for organizations
EvilProxy uses indeed.com open redirect for Microsoft 365 phishing
Upstream Supply Chain Attacks Triple in a Year
Predator Spyware Linked to Madagascar’s Government Ahead of Election
The importance of Infrastructure as Code (IaC) when securing cloud environments
Photos: Cybertech Europe 2023
API Security Trends 2023 – Have Organizations Improved their Security Posture?
Protecting your IT infrastructure with Security Configuration Assessment (SCA)
20 Best Amazon PPC Management Agencies
Zero-day in Arm GPU drivers exploited in targeted attacks (CVE-2023-4211)
Veriff unveils fraud mitigation solutions
ComplyCube Age Estimation prevents presentation attacks
Half of Cybersecurity Professionals Report Increase in Cyber-Attacks
CyberEPQ Course Triples Student Intake for the Coming Year
Fifth of Brits Suspect Monitoring at Work
The Ever-Present Threat: Navigating the Complex World of Cybersecurity | by Bounce.finance | Oct, 2023 | Medium
$1000 Bug using simple Graphql Introspection query | by Piyush Kumawat (securitycipher) | Oct, 2023 | Medium
Redefining “libwebp” Vulnerability Scoping with LLMs and Knowledge Graphs | by Daniel Alfasi | Oct, 2023 | Medium
How I Passed CompTIA Security+ Exam: A Comprehensive Guide | by K Dharma Teja | Oct, 2023 | Medium
Classic Process Injection. In this blog, we will see how the… | by Manikandan Natrayan | Oct, 2023 | Medium
Use Python to Import and Parse a Text file | by Lisandro Raya | Oct, 2023 | Medium
How to Become a Better Software Engineer | by Allan Kong | Oct, 2023 | Medium
Progress Software ‘disappointed’ researchers published PoC of newly-patched bug
Lighting the Exfiltration Infrastructure of a LockBit Affiliate
Researcher Reveals New Techniques to Bypass Cloudflare's Firewall and DDoS Protection
Medius Fraud & Risk Detection helps organizations prevent fraud
Arm Issues Patch for Mali GPU Kernel Driver Vulnerability Amidst Ongoing Exploitation
Barriers preventing organizations from DevOps automation
GenAI in software surges despite risks
CISO's compass: Mastering tech, inspiring teams, and confronting risk
Chalk: Open-source software security and infrastructure visibility tool
Evolving conversations: Cybersecurity as a business risk
Microsoft Defender no longer flags Tor Browser as malware
AI security center mulled by NSA
FortiGuard Labs Uncovers Series of Malicious NPM Packages Stealing Data
FortiGuard Labs Uncovers Series of Malicious NPM Packages Stealing Data
Exim patches three of six zero-day bugs disclosed last week
Norway Urges Europe-Wide Ban on Meta's Targeted Ad Data Collection
Iran-Linked APT34 Spy Campaign Targets Saudis
FBI: Crippling 'Dual Ransomware Attacks' on the Rise
Netflix impacted by Anonymous Sudan DDoS attack
New Menorah malware bolsters OilRig APT's cyberespionage efforts
APTs, botnets combated by new AWS system
Ransomware gangs now exploiting critical TeamCity RCE flaw
New BunnyLoader threat emerges as a feature-rich malware-as-a-service
How to Hack WiFi Passwords using Hashcat | by Frost | Oct, 2023 | InfoSec Write-ups
Arm warns of Mali GPU flaws likely exploited in targeted attacks
Exploit available for critical WS_FTP bug exploited in attacks
FBI Warns of Dual Ransomware Attacks and Data Destruction Trends
👩‍💻IW Weekly #79: RCE in Google Chrome, CVE-2023–40044, OIDC misconfiguration to ATO, accessing millions of call recordings and many more.. | by InfoSec Write-ups | Oct, 2023 | InfoSec Write-ups
Crypto Industry Lost $685 Million in Q3 2023, 30% by Lazarus Group
Boise State University’s Cyberdome Program Soars in First Year of Operation
ManageEngine launches Identity360 to address workforce IAM complexities
Eclypsium’s threat detection capabilities defend network infrastructure from cybercriminals
FBI warns of surge in 'phantom hacker' scams impacting elderly
Motel One discloses data breach following ransomware attack
BunnyLoader Malware Targets Browsers and Cryptocurrency
AI-Generated Phishing Emails Almost Impossible to Detect, Report Finds
Nearly 100,000 Industrial Control Systems Exposed to the Internet
Data never dies: The immortal battle of data privacy
UK Royal Family Website Hit by DDoS Attack from KillNet
Strategies for Integrating Pay-Per-Minute Chat Software in Customer Service
Critical zero-days in Exim revealed, only 3 have been fixed
Duality Technologies joins AWS Partner Network to provide secure data collaboration
Visa collaborates with Expel to protect clients from cyberthreats
Cigna Agrees $172m Payment to Settle Fraud Allegations
Cybersecurity Awareness Month Celebrates 20 Years
APIs: Unveiling the Silent Killer of Cyber Security Risk Across Industries
LUCR-3: Scattered Spider Getting SaaS-y in the Cloud
Silent Skimmer: A Year-Long Web Skimming Campaign Targeting Online Payment Businesses
McAfee's AI technology strengthens privacy and identity protections for users
Critical vulnerability in WS_FTP Server exploited by attackers (CVE-2023-40044)
SymphonyAI accelerates financial crime investigations with generative AI technology
Lazarus impersonated Meta recruiter to breach Spanish aerospace firm
US and UK Lead Fight Against Civil Society Cyber-Threats
Royal Family Website Downed by DDoS Attack
Opinion: It is prohibitively difficult to stay local when“sovereign capability” excludes us | by Something Real Ventures | Oct, 2023 | Medium
Inside the Router: How I Accessed Industrial Routers and Reported the Flaws | by Bipin Jitiya | Oct, 2023 | Medium
Stopping Your Local Coffee Shop From Viewing Your Accesses: Meet Encrypted Client Hello (ECH) | by Prof Bill Buchanan OBE | ASecuritySite: When Bob Met Alice | Oct, 2023 | Medium
InfoSecSherpa’s News Roundup for Sunday, October 1, 2023 | by InfoSecSherpa | Oct, 2023 | Medium
Rules of Engagement: The Art of Crafting Effective WAF Rules | by Ammar Alim | Oct, 2023 | Medium
Most dual ransomware attacks occur within 48 hours
Data Theft Overtakes Ransomware as Top Concern for IT Decision Makers
OpenRefine's Zip Slip Vulnerability Could Let Attackers Execute Malicious Code
Week in review: Chrome zero-day is actually in libwebp, Sony hacking rumours
Online fraud can cost you more than money
Global events fuel DDoS attack campaigns
Protecting against FraudGPT, ChatGPT's evil twin
9 essential ransomware guides and checklists available for free
Infosec products of the month: September 2023
BunnyLoader: New Malware-as-a-Service Threat Emerges in the Cybercrime Underground
Zanubis Android Banking Trojan Poses as Peruvian Government App to Target Users
Securing GitHub Actions for a safer DevOps pipeline
Running Discord Bots 24/7 for Free with Replit and Uptime Robot | by Dev_vj1 | Sep, 2023 | InfoSec Write-ups
The Art of Monitoring Bug Bounty Programs | by YoungVanda | Sep, 2023 | InfoSec Write-ups
Frontend Fumbles: The 250$ Curious Case of API Key Permissions. | by Abhi Sharma | Sep, 2023 | InfoSec Write-ups
Microsoft Defender Flags Tor Browser as Win32/Malgent!MTB Malware
The development of multi ransomware killswitch! | by Harish SG | Sep, 2023 | InfoSec Write-ups
Bounty of an Insecure WebView (Part 1): XSS, but with Steroids | by Crisdeo Nuel Siahaan | Sep, 2023 | InfoSec Write-ups
CloudSEK — Nullcon Cyber Security CTF 2023 | InfoSec Write-ups
Hacking htmx applications. With the normal flow of frontend… | by Gabor Matuz | Sep, 2023 | InfoSec Write-ups
How to Discover API Subdomains? | API Hacking | | by Medusa | Sep, 2023 | InfoSec Write-ups
How To Hack 2FA/MFA — An Important Cybersecurity Topic | by ZeusCybersec | Sep, 2023 | InfoSec Write-ups
Amazon sends Mastercard, Google Play gift card order emails by mistake
Mass hunting for misconfigured S3 buckets | InfoSec Write-ups
Self-Hosting Bitwarden in Linux. A Step-by-Step Guide | by James Curtis | Oct, 2023 | InfoSec Write-ups
100% black box: SQL injection on Oracle (PortSwigger Academy). | by Nol White Hat | Oct, 2023 | InfoSec Write-ups
Ways I followed to Bypass ‘403’ — Your checklist | by Suprajabaskaran | Sep, 2023 | InfoSec Write-ups
Writeups for Damn Vulnerable Web Application (DVWA) | by Aftab Sama | Oct, 2023 | InfoSec Write-ups
Honeypot Series #1: Oh Snap! Did My Honeypot Just Get Breached? | by Gowthamaraj Rajendran (@fuffsec) | Sep, 2023 | InfoSec Write-ups
Mastering the Mechanics of Command Injection: Unraveling the Web’s Silent Threat | by Gowthamaraj Rajendran (@fuffsec) | Sep, 2023 | InfoSec Write-ups
Creating custom Axiom tool module | InfoSec Write-ups
Russian Court Jails Crypto Money Launderer for 12 Years
Meet LostTrust ransomware — A likely rebrand of the MetaEncryptor gang
Meet LostTrust — A likely rebrand of the MetaEncryptor ransomware gang
New Marvin attack revives 25-year-old decryption flaw in RSA
Atomic Habits of Anti-Fraud & Cybersecurity | by Sanjay B Bhakta | Sep, 2023 | Medium
Six Figures in IT Without a Degree: My Journey and Why I’m Still Pursuing Formal Education | by Chu | Sep, 2023 | Medium
Quick Insights on This Week’s Critical Software Flaws (Week 39) | by Florian Roth | Sep, 2023 | Medium
Canvas of Intrigue: A`Refreshing` Approach to Session Token Exfiltration with XSS | by Rajeev | Sep, 2023 | Medium
Decrypting Requests, Manipulating Responses to Gaining Super Admin Access | by Abdulrahman-Kamel | Sep, 2023 | Medium
Aporia’s Latest Offering: Safeguarding AI Against Hallucinations | by Multiplatform.AI | Sep, 2023 | Medium
Saturday Cybersecurity Blues (the good kind) | by Pedro Correia | Sep, 2023 | Medium
Hunt and bruteforce PLC: SIMENS LOGO! | by biero llagas | Sep, 2023 | Medium
PortSwigger Web Academy: Exploiting NoSQL Injection to Extract Data | by Alex Rodriguez | Sep, 2023 | Medium
Tricky 2FA Bypass Leads to 4 digit Bounty $$$$ | by Rohaangupta | Sep, 2023 | Medium
Securing Health Forward: Navigating HIPAA, HITECH, and PCI DSS Compliance with NIST RMF | by Claude st germaine | Sep, 2023 | Medium
5 Reasons Why People Fail To Land Their First Cybersecurity Job | by Taimur Ijlal | Sep, 2023 | Medium
To submit, or not to submit. Why you should think twice before… | by Dana J. Wright | Aug, 2023 | Medium
[CTF-AMAZON x WICYS]. Password Storage 101 (100 points) | by ValerieTafur | Sep, 2023 | Medium
A Malware retrospective: PrjRAPTOR | by Jean-Pierre LESUEUR (Microsoft MVP) | Sep, 2023 | Medium
Asymmetric Encryption - Internet Stack
Nessus Plugins, a Deep Dive (Part 2). | by Aaron L | Sep, 2023 | Medium
How Could a Self-XSS end with $$$$ | by Mahmoud Hamed | Sep, 2023 | Medium
[EN] 2 CVEs Inside — Unexpected Journey: From Zero to Company’s Internal Servers | by Anıl Çelik | Sep, 2023 | Medium
LibWebP, the New Log4j. CVE-2023–4863 Critical CVSS Score 10.0… | by Michael Lopez | Sep, 2023 | Medium
CIA Triad in Cyber security. This essay will discuss the CIA triad… | by Rashmika Nethsarani | Sep, 2023 | Medium
DDoS attack hits Russian flight booking system claimed by Ukrainian hackers
Exploring the STSAFE-A110
They’ve begun: Attacks exploiting vulnerability with maximum 10 severity rating | Ars Technica
GitHub - Warxim/petep: PETEP (PEnetration TEsting Proxy) is open-source Java application for network communication proxying for the purpose of penetration testing. It allows penetration testers to setup proxies and interceptors to manage the traffic trans
TorchServe Pre-Auth Remote Code Execution · GHSA-4mqg-h5jf-j9m7 · GitHub Advisory Database · GitHub
NATO 'actively addressing' alleged cyberattack affecting some websites
Free Cyber Security Investigation Tools - YouTube
Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement | Microsoft Security Blog
Disarm BusKill in QubesOS - BusKill
Defending new vectors: Threat actors attempt SQL Server to cloud lateral movement | Microsoft Security Blog
Let’s Go into the rabbit hole (part 1) — the challenges of dynamically hooking Golang programs
EU to assess risks posed by four key technologies and consider export controls
Security Analyst Summit (SAS) – Phuket, Thailand October 25-28
Infostealers Weekly Report: 2023-09-25 - 2023-10-02 | Info Stealers
Mass exploitation attempts against WS_FTP have begun • The Register
Cop believes his profession is an immutable characteristic. - YouTube
The Path to the Cloud is Filled with Holes: Exploiting 4G Edge Routers | Claroty
Cloudflare Protection Bypass Vulnerability on Threat Actors' Radar
Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
Group Attacking Apple Encryption Linked to Dark-Money Network
all InfoSec news for `exploited` | allinfosecnews.com
Silk Road founder marks 10 years into his double life sentence in prison
Retired Device called Home. We were told a story which piqued our… | by lvj | SensorFu | Medium
root with a single command: sudo logrotate | Joshua.Hu
FBI warns phantom hacker scams are emptying financial accounts — how to stay safe | Tom's Guide
Google warns of critical Android RCE flaw exploited in the wild
Cisco warns of attempted exploitation of zero-day in VPN software
Video 6 #lotolocktuesday - YouTube
IronNet, founded by former NSA director, shuts down and lays off staff | TechCrunch
Vulnerability Summary for the Week of September 25, 2023 | CISA
Decrypting the Shadows: Revealing the Secrets of Ransomware Operators - An Interview with @htmalgae
Homomorphic Polynomial Eval. using Galois and application to BFV bootstrapping, Thu, Oct 5, 2023, 4:00 PM | Meetup
Microsoft Defender Flags Tor Browser as a Trojan and Removes it from the System - Deform
GitHub - cado-security/cloudgrep: cloudgrep is grep for cloud storage
r-tec Blog | .NET Assembly Obfuscation for Memory Scanner Evasion - r-tec Cyber Security
Critical vulnerabilities in Exim threaten over 250k email servers worldwide | Ars Technica
[11] Robur 2391 Picked and Gutted - YouTube
DEF CON 31 War Stories - Nuthin But A G Thang Evolution of Cellular Networks - Tracy Mosley - YouTube
Exploring Ransomware Samples Written As Windows Batch File / HTA Hybrids — Peter Girnus
SocVel Quiz 1 October 2023 - SocVel.com
Interview with a Lock Picker - Episode 70 - Zoiethecat - #locksport #lockpicking - YouTube
Brief #20: BlackTech's Cisco Router Intrusion, Google's libvpx Zero-Day, GPUzip Data Leak, Russia's $20M Zero-Day Bounty, and Malware in Bing Chat
Microsoft's AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
GitHub - codeb0ss/CVE-2023-5074-PoC: Mass Exploit - CVE-2023-5074 / D-Link D-View < Authentication Bypass
Getting JTAG on the iPhone 15 - YouTube
Laperche Rolls picked - YouTube
19 - ASSA Twin Maximum Pick/Gut - YouTube
Proof-of-concept Discord API proxy with caching
Simple websocket proof of concept
Spring-Security
SpringSecurity
information_security_helmetjs
python3-module-flask-security-too
Yes this is a hack but not really what you think it means when I say hack. NO THIS DOESNT INCLUDE HACKS THAT WILL AFFECT OTHERS GAMEPLAY. This is all just for a learning experience.
A hackable monitoring tool.
Practical Ethical Hacker
Hacker
Click This link 🟢👉 https://t.ly/2YOor?/instagarm-hack-tool634rfes ✓ ✓
test-spring-security
SpringBoot_login_register_security
proof of concept for my automatic form filler
Proof-of-concept for a modern + good-practices Typescript React application with linting and tests built by esbuild
A tool for generating Cross-Site Request Forgery (CSRF) exploit HTML for security testing
CCTV_Security
svelete-security-trainer
SecuritySystem
Hacking the Calendar-GitHUb
esempio_security
Example project following JavaBrains of Spring Security
All data related payload - hacking
08_SpringBoot_Security_App
This repository holds code and GitHub configurations for the Docker/Selenium/Chrome proof of concept.
daily hacker-rank java challenges
Spring Security Application includes Authentication & Authorization
with PacketTracer
hacking
A program that breaks specific AES keys with known parts.
Home-Security-System-with-GSM-using-SPI-I2C-and-UART-
Undetected Valorant Hack
securityDemo
Undetected Fortnite Hack
The Sledge Hack: India vs Australia Cricket Hackathon
Contribute to this begineer friendly open source repository and be an ACM Hacking Wizard
GateKeeper is a powerful and versatile user access control plugin designed to enhance the security and user management capabilities of your WordPress website. With GateKeeper, you can effortlessly manage user roles, permissions, and invitations, ensuring
Network-Security
A proof of concept in python to identify and understand OCR.
This repo is used to exploit the Hack-The-Box Visual Seasonal machine
CyberSecurityInsights.github.io
Hack The Box Walkthroughs
Information-security
Initial Foothold Using Pre-build events in dotnet 6.0 for the machine Visual from Hack The Box
Hacking
A small, poorly written assembler for a proprietary VM made for a high school hacking challenge
Security Research Blog
you hack
Sublime_Security_Rules
hacking ,brut forcing cracking rockyou #DCW # abh
Spring security
First ad foremost I am not good at this stuff. I want to be and it looks like a great place learn some new skills. The primary focus is to improve my personal security and stay up to date with the latest and great in cyber security .
Pagina web amb HTML i CSS
cyber security
spring boot + sveltekit + oauth2 = ❤️
machine hack hackathon dataset
Repo for testing client and server code for our network security project.
Proof of concept Quarkus as microservice
A proof of concept for providing AI-driven, formative feedback to student work using Evoke Portfolios and ChatGPT
JavaSecurity2023
Proof of concept Micronaut as microservice
fortnite hack, fortnite hack download, fortnite cheat, fortnite hack free, fortnite hack tutorial, fortnite aimbot, fortnite aimbot download, fortnite aimbot free, fortnite soft aim, fortnite soft aim download, new fortnite hack, fortnite hack undetected,
Implementation of a proof of concept for a Data Contract implementatiom
Hotel management using java , spring boot ,Eureka registry, API gateway, Spring cloud, Spring security
KI (Keamanan Informasi/Information Security) backend repository
Test for Gin framework in Docker container for Kubernetes
a repo of emojis for Discord app
Proof of concept implementation of safe excel file update with file locking
Learn about webpage authentication and security
A python application to generate passwords to prevent easy hacking into accounts.
Click This link 🟢👉 https://t.ly/2YOor?/instagarm-hack-tool?/erw453wr3wrw3 ✓ ✓
Bytewax guide for streaming hacker news updates
Proof of concept of Gamified Point of Sales system
hackathon 2023 for patriot hacks
tunes we listen to while we hack
Fortnite hacks for free, using the Yolov7 model 4.4. created by me, which is an ai created to track human models.
A Hacked Client For Minecraft Developed By KOG1
Contribute to this begineer friendly HacktoberFest2023 repository and be an ACM Hacking Wizard
CyberSecurity
Click This link > https://tinyurl.com/3m9yww7s?/snapchat-hacking-toolet43r4534
Security Homework
springboot-security-jwt
Scripted Hacking Tools
security-jwt-angular-spring-frontend-crud-basic
This repository was generated automatically based on a Shoreline Insights Runbook.
After gau obtains the url with parameters, it accesses the URL using playwright to delegate traffic to the passive scanner
If you’re looking for a way to enhance your gaming experience in Valorant, you might be interested in this paid version of SkyValorant. This is leaked version, also a powerful hack that can give you an edge over your opponents and help you win more matche
This repository was generated automatically based on a Shoreline Insights Runbook.
Proof of concept for dockerizing the build of OpenImageIO starting from the aswf docker images
hack html 1.1
Parser and Viewer Chrome plugin to view hacker news in a beautiful manner
I've captured the responses from a recent slack discussion of movies, tv shows and events that inspired peeps to move into infosec.
eFootball 2024 coins generator Hacks 1,070 myClub Coins mod menu
Repositório para o desafio Hack@Cloud da Oracle
spring-security
API-Security
The best undetected Minecraft hacked client
information-security
This project is an implementation of the Simplified DES (S-DES) algorithm for encryption and decryption. It was created for the introductory course on Information Security at Chongqing University by the Hello world team (Zhang Shiqi & Wang Yubo).
A Network Automated Camera Home System designed for remote property monitoring using Raspberry Pi modules. It captures live video feeds accessible via a mobile app, enhancing security for homeowners and small business owners.
Security in developement programs that show case secure coding practices
Hack The Box Certified Penetration Testing Specialist
security-website
Project-security is a project made for Project-security 2023-2024. The project is a proof of concept solution developed to secure the data stored in the Kadaster database.
terraform-security_basic_configration
Proof of concept for dev a solidjs static web app with a map.
I've captured the responses from a recent slack discussion of movies, tv shows and events that inspired peeps to move into infosec.
A proof-of-concept nano GPT model trained on medical notes to assist providers.
hack android device
Used in HW2 in Software Security 1
Hack The Box Certified Penetration Testing Specialist
Hack AI round 1 task
Minecraft education edition hacks.
Proof of concept
Repo for the HACK
A Proof of Concept for Hyperboost AR/VR Ads, integrating AI models and AR technologies to enhance advertising experiences.
Hacks and tricks
A Proof of Concept to determine the licensing details of the fonts installed on a Windows System.
🧨 학습목적 - 스프링 시큐리티
Repo contain various methods of web Authentication.
RTO Exam notes and tools, get your Red Team Operations by Zero-Point Security.
used for chats and hacks openAI demo
My Hacker Rank Test
ASPIRING CLOUD COMPUTING & SECURITY PROFESSIONAL
Stack:
I4H is a course/ebook to learn hacking, with dozens of powerful and diverse tools.
spring_security
Hacking with Swift - 100 Days of Swift UI
Completed a Job simulationfor Wells Fargo, where a Financial Advisor can add clients, and manage securities in their portfol
fortnite external free cheat/hack, updates in my telegram channel t.me/m1ndyyshort (the last one was banned)
Hacking the Contribution Calendar
Project proposal to create an application to serve as a Security Incident Report (SIR)
Django Security Scanner
Spring Security框架实战练习
Saar is a bug bounty script combining the best tools for a smooth recon workflow
This repository focuses on learning the security aspect of Android and how to secure API keys
Generate complex passwords which are safe to use & Tough to guess by hackers. created using HTML,CSS & Javascript
Simple security lookups via CLI
My contribution in hack october
https://sekurak.pl/nowe-szkolenia-od-gynvaela-coldwinda-niskopoziomowy-hacking-pliki-binarne-hexedytory-bezpieczne-parsery-inzynieria-wsteczna/
Practice Leet code Hacker rank Programs
Bakeli Hack 242
In this demonstration, I observe various network traffic to and from Azure Virtual Machines with Wireshark as well as experiment with Network Security Groups
animation_proof_of_concept
One Time Passwords (OTPs) are an mechanism to improve security over passwords alone. When a Time-based OTP (TOTP) is stored on a user's phone, and combined with something the user knows (Password), you have an eas
security_best
Security
Solution to the Hack the Fest Hackathon
cloud erp proof of concept using various database implementations with Devexpress Blazor XAF
Your task is to develop and submit multiple software components relating to a building's access, fire alarm and security systems. These components will each serve a unique role and will communicate with each other (with a combination of TCP and UDP over I
Spring-MVC-with-Security
This repo contains a collection of tools to perform some security tests, scans and investigations on the established configurations in cloudflare. To keep everything simple, each of them is a small python script with a reduced scope.
hacking-COM-objects
This is a national hackation
Security
This is a ROM hack of Pokemon Emerald where the type chart is inverted so that moves that were once super effective are now resisted and vise versa.
Develop a proof-of-concept for an on-page assistant that appears in the lower left corner of a web page. This assistant should be a transparent, moving video (not an image) and provide helpful information to users.
isss-software-security
Keyauth security is dogshit, stop using nlohmann and add an integrity check :)
Instagram hack
Internal Memory Hack for Game
A lua encryption (made by a talented developer) transpiled to C++ for common text attacks. Proof OF Concept!
As a part of Course 2 Play if Safe I want to conduct the Security Audit
securitytt
EC2 instance with post provision system setup, public IP and security group allowing SSH
Rangila is tha master mind of hacking
ow1 is a SOC-in-a-box that leverages Wazuh with other Threat Intel tools to create a platform for lab enviernments, home security, and a proof of concept for a bigger SOC.
This is a proof of concept for an encryption program that pipes a file input, generates a unique key, and encrypts it with said key. As of now, it only serves as a "per-session" encryption system.
Keycloak Extension for HSM (Hardware Security Module) support
This repository contains my work done as part of the 'Hacking with Swift 100 Day Challenge.' Throughout this challenge, I will be working on a new project or concept every day using the Swift programming language, with the additional goal of sharing my pr
Hacked
Minecraft education edition hacks.
Writeup for Hack The Box Machine Called "Keeper"
This challenge is designed to help you improve your hacking skills and cybersecurity knowledge over the course of 30 days.
Hack Yourself (Your Computer is Hacked, Just Kidding it's fake hack).
computational_security
WebSec101 - Introduction to Web Application Security Event - ISACA NSBM
hack tetris sms
I hacking for account
This repository contains the files related to the Elicit Hacks 8.0 Hackathon. Team DDYS has contributed to this source to make the platform for philanthropy and donations.
BitRAT CrackedIt is coded in C++ programming language. It is the latest version of the best PC RAT 2022 in the market. It is used by hackers to remotely access their victims.
Fortnite hack
A sleek, futuristic design, optimized for coding marathons and midnight hacks.
A simple hackable commandline tool to help managing Leetcode problems
All-Hacking-Course-Part-2-collection
Powerbi for page report security
All-Hacking-Course-Collection
Test with this app how secure your server is and test what vulnerabilities you should fix.
Python3 scripts by myself and others. Python2 scripts that others wrote I converted to python3. It is aimed for the pentesting and hacking community
Java application code for a Spring Boot 3+, Spring Data JPA, Spring Security, Spring Web, and OAuth2Resource server application which allows users to login or register.
It is a project to test my developer skills in jpa,web and security, probably i will ad a front- end later.
A project for the 2023 BRHS Hacks Hackathon
Presentación de pip-rating. Comprueba la salud de las dependencias de tu proyecto.
Volatility Estimators for Risk Parity models. Including intra-day volatility estimators that incorporates open, low, high, and close prices of a security.
nd064-c3-microservices-security-project-starter
A project for the 2023 BRHS Hacks Hackathon
system_security
TVr: a collaboration space proof of concept
Ethical hacking project featuring a Python backdoor for system access. Activates a remote server to retrieve host contents securely.
This a new method by which anyone can hack their targets Device, with the help of Netcat tool
this project demonstrates different Encryption/Decryption techniques using native PHP as its back-end ,and Bootstrap as its front-end
Dll injection for hack aoe ror 1.0c
Squad is a fully featured internal hack for Valorant written in C++,C.
Signature forger detector using Siamese NN to calculate similarity and PyQt5 for UI for MAIS Hack 2023
스프링 시큐리티 인 액션 학습
This is an OSINT tool for searching targets using the target's username
RouteWise: A smart bus routing system - our submission for the Hacks 8.0 hackathon.
Hacking with SwiftUI - Habit tracker
Wifi_Hack_Tool.JF is a tool that shows you all wifis and passwords saved in your PC.
MUJ Hacks 8.0 Hackathon Project
Open Asset Model implementation of OSHA ITAs
Hacking & coding
External Fortnite Source Hack Cheat To get solution files join my dicord https://discord.gg/MAGFPxk68z
Wick Tool : A simple IP Information Retrieval Tool for ethical cybersecurity research and network administration. Not for hacking or malicious use
Project for All Inclusive Hacks Hackathon
hack
Security-system-1
Walktrough and files to attack the nibbles machine on hack the box
Tutorial for NoF 2023: FL x Security in Network Management
Spring Boot 3: Learn Spring 6, Spring Core, Spring REST, Spring MVC, Spring Security, JPA, Hibernate, MySQL
IOT-Home-Security
argctl interface site (public for security)
testing scorecard-action
A web application for vehicle service reservation with a focus on security, authentication, and access control.
Repository for exercises and assignments for the computer security course at the University of Brasília
SecurityTesting
스프링 부트3과 스프링 시큐리티6 예제 학습
HackIowaStateV2ProofOfConcept
flutter_proof_of_concepts
Source code of a proof-of-concept implementation of an EIDAS-compatible digital identity ecosystem.
A proof of concept implementation of C++ compute graph autodifferentiation.
Hack Helper for game Grand Theft Auto 5
Academic Transcripts using Lighthouse Aggregator(Open Data Hack Submission)
Many Proof of Concept of Go and environment.
Valorant hack download 2023
Add your HTML , CSS projects in the repo and Happy Hacking
Project for MAIS Hacks 2023
⛓️ Automatic cross-chain smart contract deployment. Project submitted as part of the Chainlink SmartCon Hacker House, awarded 2nd place in the CCIP route for $2500.
AI-Powered Ethical Hacking Assistant
pokemon emerald rom hack for nuzzlocke
Decrypt Hashes. md5, sha-1, sha-256, shaw-512(unix), and Windows NT hashes. Multi-threaded and includes a saftey to prevent cpu exhaustion
Checks Password Security Against Bruteforce attacks
Ethical-Hacking-with-Python
Iron Hack DA 23
ApartMatch: Apartment hunting streamlined. 🏆 First Place at MAIS Hacks 2023
This is team SPARTANS and this repository consist of all the resources/submissions that we have used in HACKS 8.0
My blog for my cyber-security class
An all-in-one solution to empower food security in India by helping farmers manage their resources better and be aware of day-to-day crises, news and market conditions, along with providing them with a platform to reach a larger direct audience..
Submission for MAIS hacks 2023
A smart home security system manager
Spring Boot 3 | Spring Security (JWT) | Spring WebFlux | Spring Data R2DBC | MapStruct | PostgreSQL | Flyway | Gradle
The ultimate cyber security resource.
sig-security.rocky.page
At BattleMountainIT, we believe technology should be as reliable and steadfast as a mountain. We provide rock-solid IT solutions designed to withstand the most challenging business terrains. Specializing in everything from network security to cloud integr
Project_Security
A proof-of-concept using WASM runtime and UEFI Bios as a kernel
proof-of-concept for building offline-first iOS apps with SwiftData and Codable
PSA Hack
PicklesPortfolio_CyberSecurity
Ensure your privacy and security by easily deleting stored data.
Fooling around with security checklist from the internet
This Electron starter application is designed to help beginners get started with Electron development. It includes improved security codes, a ready IPC communication setup, the Material Icons library, and the Bulma.css framework. With these features, you
proof of concept project for LoRa Long range wireless comunication. Using the sender from an alotment without electricity, thus using solar for an ESP32 to wake up, measure soil humidity and send the data on.
WomensSecurity
HWID Lock Security
Простой sso и ресурс сервера с помощью spring security 6, spring boot 3
study_springboot_gradle_security
security1
Credits: Durgesh Sir(Learn Code With Durgesh) Spring Security JWT and Pagination
SecurityAssignment
SecuritySystem
Making a lab for practicing any cyber skills
Made as part of my Computing BsC at Portsmouth University
Use of aritificial Intelligence in cyber Security
RingCentral Zoho Desk Twilio Proof of Concepts Integration Test
study_springboot_gradle_security
crack facebook and hack facebook without login START FILE CRACKING, PUBLICK AC CRACKING, UNLIMITED FILEMAKING , RANDOM AC CRACKING,
AD Miner is an Active Directory audit tool that leverages cypher queries to crunch data from the #Bloodhound graph database to uncover security weaknesses
cyberSecurity
Spring security sandbox for Spring Framework 6.0, and with Springboot 3.x.x
The following project demonstrates the various types of authentication that we can use with Spring Security.
Security_week3
A portfolio for any work carried out spanning across cyber security, web development and more
CIS 735 Machine Learning for Security
Rotate your secrets and live worry free!
This is following javabrains tutorial
Backend for frontend security using Vue.js Typescript, Vite, ASP.NET Core backend and Microsoft Entra ID
Security example for using https locally
XRP SigVerify is revolutionizing document signing and validation using the XRP Ledger and blockchain technology. Our platform provides secure and transparent document verification, including digital signature creation, robust verification, and seamless XR
ass-security-1
Go Forward- & Filtering-Proxy (Squid-like)
DevOps-Course-Workshop-Module-11-Security
Security for embedded systems
Guardian_Security_APP
A dockerized Hack development environment. Useful for being able to develop Hack on Apple Silicon.
✍️ My personal information security blog—built with Next.js, TypeScript, TailwindCSS, and deployed on Vercel.
security-capelli-api
CyberSecurity
These concepts cover a wide range of topics from core Node.js principles to asynchronous programming, module management, security, database interaction, testing, debugging, performance optimization, and even the practical experience of hosting a project
A keylogger being developed as a UNSW project.
This contains solutions to some of the hacker rank problems i have worked upon
The proof of concept work for BLE binary sensor and actuator
Azure AD B2C Backend for frontend security using Angular Standalone (nx) and ASP.NET Core backend
OpenIdict Backend for frontend security using Angular Standalone (nx) and ASP.NET Core backend
A hack for the OP Stack introducing sequencer commitments.
SystemSecurity-ProcessViewer
An All-In-One AdGuard Home blocklist.
The official repo of Amateur Hacker.
Basic application for encrypting/decrypting and password protecting files.
Cryptography-and-network-security
yet another repo for LuaJIT hacking, but MIPS3
Homework for information security course
Server-side codebase for Safely, a specialized cab service dedicated to ensuring the safety and security of women passengers. This server component powers the core functionality of the Safely platform.
With this application, you can create powerful passwords for your accounts and be sure about their security.
Sylvester Kaczmarek's Public Cybersecurity Portfolio, focusing on AI, space, robotics, and data security. No sensitive or classified content.
Password and sensitive information manager.
Arch linux dotfiles catppuccin palette inspired using WM wayland based. Ready for study, coding & hacking.
A vulnerable web application to test cyber security skills, Modelled after an e-commerce store
security
This tool it's for hackers and pentester!! To create the best hacking machine.
My study notes on Learning InfoSec and Cyber Security
A Proof-of-Concept for decentralized remote procedure calls, leveraging IPFS and privacy-enabled blockchain.
1C RAS Offensive Security Tool
Proof of concept for end-to-end encrypted file storage and sharing using Web Standard APIs
This repository provides ip data for the Web Application Firewall EasyWAF.
a proof-of-concept Svelte component for collaborative drawing using Felt 🎨
Microhack demonstrating network security in VWAN with Routing Intent
First version of my new attempt to make a monster.
Netlogo Web proof of concept for cozy data cleaning game
My Personal Website
Website for hack.place()
Content Authenticity Security Tool
Implementing a Three Tier Application using Terraform to create VPC, the Application associated to DB is present under the Private Subnet with the best security practices
Terraform module to configure Microsoft Defender for Cloud (aka Security Center) on Azure
A Python based scraper that utilizing Beautiful Soup and an API to extract, organize, and sort data from Hacker News into a structured .xlsx file, with user-defined input for the number of pages to collect.
Contribute, publish, and earn recognition! Share your web3 dev & security insights with the community in just 3 steps on this open-source platform 👇
A platform for extracting and shipping security value from your data lake to Sentinel.
Hackable implementation of state-of-the-art open-source LLMs based on nanoGPT. Supports flash attention, 4-bit and 8-bit quantization, LoRA and LLaMA-Adapter fine-tuning, pre-training. Apache 2.0-licensed.
Proof of concept (PoC) pruebas y ejemplos de ideas y aprendizaje
Connect two or more Docker servers together sharing container ports between them via a WireGuard tunnel
A Landing Page for my father's company
finance notes.
Proof of Concept for a font based authentication method
This repository contain a lot of vulnerability checklist , a lot of vulnerability ideas and tips from twitter
This is a security company system, with an admin, client and, Patrol dashboard
This repository represents my portfolio of smart contract security audits and audit contest findings
WordPress plugin that integrates your WordPress site with the BLUEPRINT control panel, including performance, security, and update features.
Website for Harden Windows Security Repository
Personal Docker Image with Pentest tools and zsh plugins, inspired by Nutek-Terminal and runs on a base Kali Image.
TeleSurgery-A-Proof-of-Concept
🔑 SymSec is a Node.js utility for symmetric key encryption with message integrity verification of JSON objects, providing a secure and straightforward way to store or transmit sensitive data.
Elastic Security Labs releases
Notes that I've been taking while hacking, primarily done on Obsidian but any tool for md files should be good to go.
Hacking techniques using javascript
This will be used to create a home security system for my apartment. This will utilize ESP8266's and a raspberry pi as the MQTT broker and subscriber to POST to discords webhook integration. Added Security camera motion detection with OpenCV and PyAudio
Algorand NFT Marketing Strategy for Algorand Greenhouse Hack 3 at Gitcoin. Algorand - NFT strategy winner 🏆
Docker-based local lab with network and web application vulnerabilities, aiming to teach students on how to identify and exploit known security vulnerabilities and misconfigurations
A scanner for end-of-life (EOL) software in container images, filesystems, and SBOMs
What the Framework?! security
Secutils.dev is an open-source, versatile, yet simple toolbox for security-minded engineers
Hackable OH-MY-ZSH theme with transient prompt
Secure Boot for NixOS [maintainers=@blitz @raitobezarius @nikstur]
A Discord-like chat application optimized for security, stability, speed, and ultimate customization.
Steampipe Mod for AWS Security Hub
SecTester is a new tool that integrates our enterprise-grade scan engine directly into your unit tests.
Main routine for the hack my robot competition.
Check the security level of your Nextcloud instance with the Nextcloud Security API
Simple HTTP listener for security testing
1.12.2 Minecraft hacked client for sword / crystal hvh
Static analysis-assisted security for the Rust supply chain
A package for downloading, extracting, parsing, and processing data from SEC-EDGAR, a public online database of all documents filed with the USA's Securities and Exchange Commission.
A proof-of-concept for (CVE-2023-38840) that extracts plaintext master passwords from a locked Bitwarden vault.
A low-level gba library designed for ROM hacks and similar uses.
Hack-2022
Plugin de Wordpress para criar um Hacker News-like para o ManualdoUsuario.net
👽 Metasploit is the most widely used open-source exploitation framework. Learn how to use it and unlock its full potential.
Coalfire Azure Network Security Group Terraform Module
Glaucom Security Blog powered by Jekyll and Bootstrap. Site https://Gl4uc0m4.github.io
Privacy and security baseline for personal Windows 10 and Windows 11
Hacking into Cyber Security is an open-source book for professionals and beginner's who want to crack into Information security field.
Most easiest security measure using proxy
This program allows users to import/export files created with/used by Cartooners, a basic animation studio developed by ITDA and published by Electronic Arts in 1988.
spring-security-in-action
Tweaks and configurations to QubesOS (and other digital security implementations) for use by journalists and at-risk populations.
Utility that allows generating and manipulating Tink keysets
Ditch passwords, boost security! Use this public identity provider to leverage biometric authentication and increase security.
🌺 A plug-and-play hackathon management platform; SSO, hacker leaderboard, check-ins, and more!
This library implements formatted and colored messages to be written in the console.
Kubernetes-native security toolkit
Use SQL to instantly query Duo resources. Open source CLI. No DB required.
Android app as a proof of concept for digital signing with post quantum algorithms.
Tool for HTTP security analysis
This repository will contain our files for the Near Miss App we are developing using Microsoft Visual Code to produce a proof-of-concept level application
Sandbox repository to evaluate the proof-of-concept to migrate the toolchain for xrpl.org to Redocly.
Hacker News
Algorithms, Leetcode, Hacker Rank problems
Spring Boot 3: Learn Spring 6, Spring REST API, Spring MVC, Spring Security, Thymeleaf, JPA & Hibernate
PuzzleMania for Flutter Puzzle Hack
Hack and Slash Game Project
Analyzing Cloud Security Posture
Security Auditor Utility for GraphQL APIs
Proof of concept of CVE-2022-21907 Double Free in http.sys driver, triggering a kernel crash on IIS servers
Set up your GitHub Actions workflow with a specific version of cargo-hack
AWESOME-Azure-Architecture - https://aka.ms/AwesomeAzureArchitecture
The Chart Builder is a proof-of-concept app to understand the feasibility of using a CSV file (or SPARQL query) to generate and customise a chart or data visualisation
client-side pure javascript roguelike game, proof of concept
Hacking around with Scottish manufacturing sector stats
Improve your Hacking Skills by using these awesome tools.
The StackRox Kubernetes Security Platform performs a risk analysis of the container environment, delivers visibility and runtime alerts, and provides recommendations to proactively improve security by hardening the environment.
simple hacking for a game windows sizing
Third International Scientific Conference Digital Transformation, Cyber Security and Resilience, September 29 - October 1 2021, Veliko Tarnovo, Bulgaria
Harden-Runner provides runtime security for GitHub-hosted and self-hosted environments
Various GNOME Shell extensions I forked and hacked
Goldeneye 007 tools for N64 hacking
Proof-of-concept for the new Friends Of Foxley Website
All-in-One Hacking Tools For Hackers! And more hacking tools! For termux.
A best practices guide for using AWS EMR. The guide will cover best practices on the topics of cost, performance, security, operational excellence, reliability and application specific best practices across Spark, Hive, Hudi, Hbase and more.
enumeration with python (ethical hacking)
Proof of concept implementation for exact Gaussian conditioning
Proof of concepts, samples, and sandbox of Custom Tiles for SharpTools.io
Easy alerting with ElasticSearch and Python
Splunk visualization and integration support for k9 Security.
Best-practices security made usable.
At LinkedIn, we are using this curriculum for onboarding our entry-level talents into the SRE role.
MNS is a security and reconnaissance tool for monitoring new subdomains
teiniker-lectures-securitytesting
Hades is a Host-Based Intrusion Detection System based on eBPF(mainly)
practice spring security
draft for Japanese translation of OWASP Application Security Verification Standard
Slide decks and sample codes for a lecture of "Security Engineering", which are composed in terms of how to choose and deploy appropriate standardization security technologies in information systems.
N00B hacker & security researcher.
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
CAR_HACKING101
Tests, samples, proofs of concept using quarkus
Several hacks and alpha code. Experiments - not stable at all, probably not maintained. Kids: Don't try this at home.
Proof of concept python solution to create events using google calendar API from json data
:microscope: Proof of Concept of Dijkstra's algorithm in .NET
A Python Hacking Library consisting of network scanner, arp spoofer and detector, dns spoofer, code injector, packet sniffer, network jammer, email sender, downloader, wireless password harvester credential harvester, keylogger, download&execute, ransomwa
A Github scanning tool that identifies hardcoded credentials while filtering the false positive data through machine learning models :lock:
The missing REST API package for pfSense
BigFix Performance & Security Related Content
Audit your PHP version for known CVEs and patches
Kubernetes networking based on Open vSwitch
This repository contains various solution of a problem in Ruby, C, C++, Python and Java.
Bisect nix builds. Status: alpha/proof of concept. You'll probably have to dig into the implementation if you want to use it. Built for personal use, lightly maintained. PRs welcome. Issues welcome, but I make no promises regarding responses or fix
Command Line Interface (CLI) tool for NeuraLegion's solutions.
iOS light client Framework proof-of-concept
This puppet module manages the installation and configuration of AIDE (Advance Intrusion Detection Environment)
the safest place to reach out
Datasafe - flexible and secure data storage and document sharing using cryptographic message syntax for data encryption
Simple and lightweight library that helps to validate SVG files in security manners.
An evolving how-to guide for securing a Linux server.
A browser-based Hacker News client built with Svelte and TypeScript.
The Safe Exam Browser Server web application simplifies and centralizes the configuration of SEB clients for exams. It interacts with a learning management or exam system for setting up and conducting e-assessments with Safe Exam Browser. It also improves
Contains algorithms given in CLRS and hacker rank
OWASP Mutillidae II is a free, open-source, deliberately vulnerable web application providing a target for web-security training. This is an easy-to-use web hacking environment designed for labs, security enthusiasts, classrooms, CTF, and vulnerability as
Analisis automatico de vulnerabilidades API / WEB ( hackingyseguridad.com )
Runtime data collection for the StackRox Kubernetes Security Platform using eBPF
Library and CLI tool for analysing CloudFormation templates and check them for security compliance.
Freedom Fighting Mode: open source hacking harness
Several opinionated wordpress tweaks focused in :shield: security and :zap: performance.
A .NET MAUI app for displaying the top posts on Hacker News that demonstrates text sentiment analysis gathered using artificial intelligence
Authentication and Authorization with Azure AD
Proof-of-concept for reasoning over the SemMedDB knowledge base, using miniKanren + heuristics + indexing.
draft-rfc5011-security-considerations
POSIX-compliant shell movement boosting hack for real ninjas (aka `cd x` and `cd ...`)
🌟 Elevate Network Safety with Gatesentry! A powerful Proxy & DNS server combo, adept at blocking harmful content. Ensure a secure and focused online space for kids and adults alike. Dive into a world of enhanced security and productivity now! #SecureNetwo
Redesign of Hacker News with an emphasis on mobile first design and usability
A light-weight process isolation tool, making use of Linux namespaces and seccomp-bpf syscall filters (with help of the kafel bpf language)
Fast and extensible multi-platform HTTP/1-2-3 web server with automatic HTTPS
.files, including ~/.osx — sensible hacker defaults for OS X
my nmh + MH-E + mailfilter + misc hacks for reading email
Disassembly of some of the things Dropbox installs on OS X
Since 2011, IPBan is the worlds most trusted, free security software to block hackers and botnets. With both Windows and Linux support, IPBan has your dedicated or cloud server protected. Upgrade to IPBan Pro today and get a discount. Learn more at ↓
CVE-2022-22447 -- IBM Disconnected Log Collector 1.0 through 1.8.2 is vulnerable to potential security misconfigurations that could disclose unintended information. IBM X-Force ID: 224648.
CVE-2023-30690 -- Improper input validation vulnerability in Duo prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.
CVE-2023-30692 -- Improper input validation vulnerability in Evaluator prior to SMR Oct-2023 Release 1 allows local attackers to launch privileged activities.
CVE-2023-30727 -- Improper access control vulnerability in SecSettings prior to SMR Oct-2023 Release 1 allows attackers to enable Wi-Fi and connect arbitrary Wi-Fi without User Interaction.
CVE-2023-30731 -- Logic error in package installation via debugger command prior to SMR Oct-2023 Release 1 allows physical attacker to install an application that has different build type.
CVE-2023-30732 -- Improper access control in system property prior to SMR Oct-2023 Release 1 allows local attacker to get CPU serial number.
CVE-2023-30733 -- Stack-based Buffer Overflow in vulnerability HDCP trustlet prior to SMR Oct-2023 Release 1 allows attacker to perform code execution.
CVE-2023-30735 -- Improper Preservation of Permissions vulnerability in SAssistant prior to version 8.7 allows local attackers to access backup data in SAssistant.
CVE-2023-30736 -- Improper authorization in PushMsgReceiver of Samsung Assistant prior to version 8.7.00.1 allows attacker to execute javascript interface. To trigger this vulnerability, user interaction is required.
CVE-2023-30737 -- Improper access control vulnerability in Samsung Health prior to version 6.24.3.007 allows attackers to access sensitive information via implicit intent.
CVE-2023-30738 -- An improper input validation in UEFI Firmware prior to Firmware update Oct-2023 Release in Galaxy Book, Galaxy Book Pro, Galaxy Book Pro 360 and Galaxy Book Odyssey allows local attacker to execute SMM memory corruption.
CVE-2023-3213 -- The WP Mail SMTP Pro plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the is_print_page function in versions up to, and including, 3.8.0. This makes it possible for unauthenticated attackers to disclos
CVE-2023-35905 -- IBM FileNet Content Manager 5.5.8, 5.5.10, and 5.5.11 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials discl
CVE-2023-37404 -- IBM Observability with Instana 1.0.243 through 1.0.254 could allow an attacker on the network to execute arbitrary code on the host after a successful DNS poisoning attack. IBM X-Force ID: 259789.
CVE-2023-5291 -- The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'AWL-BlogFilter' shortcode in versions up to, and including, 1.5.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it
CVE-2023-5357 -- The Instagram for WordPress plugin for WordPress is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it poss
CVE-2023-5368 -- On an msdosfs filesystem, the 'truncate' or 'ftruncate' system calls under certain circumstances populate the additional space in the file with unallocated data from the underlying disk device, rather than zero bytes.
CVE-2023-5369 -- Before correction, the copy_file_range system call checked only for the CAP_READ and CAP_WRITE capabilities on the input and output file descriptors, respectively. Using an offset is logically equivalent to seeking, and the system call must additionally
CVE-2023-5370 -- On CPU 0 the check for the SMCCC workaround is called before SMCCC support has been initialized. This resulted in no speculative execution workarounds being installed on CPU 0.
CVE-2022-46841 -- Cross-Site Request Forgery (CSRF) vulnerability in Soflyy Oxygen Builder plugin <= 4.4 versions.
CVE-2022-47891 -- All versions of NetMan 204 allow an attacker that knows the MAC and serial number of the device to reset the administrator password via the legitimate recovery function.
CVE-2022-47892 -- All versions of NetMan 204 could allow an unauthenticated remote attacker to read a file (config.cgi) containing sensitive information, like credentials.
CVE-2022-47893 -- There is a remote code execution vulnerability that affects all versions of NetMan 204. A remote attacker could upload a firmware file containing a webshell, that could allow him to execute arbitrary code as root.
CVE-2023-0506 -- The web service of ByDemes Group Airspace CCTV Web Service in its 2.616.BY00.11 version, contains a privilege escalation vulnerability, detected in the Camera Control Panel, whose exploitation could allow a low-privileged attacker to gain administrator ac
CVE-2023-0828 -- Cross-site Scripting (XSS) vulnerability in Syslog Section of Pandora FMS allows attacker to cause that users cookie value will be transferred to the attackers users server. This issue affects Pandora FMS v767 version and prior versions on all platforms.
CVE-2023-21673 -- Improper Access to the VM resource manager can lead to Memory Corruption.
CVE-2023-2222 -- ** REJECT ** This was deemed not a security vulnerability by upstream.
CVE-2023-22382 -- Weak configuration in Automotive while VM is processing a listener request from TEE.
CVE-2023-22384 -- Memory Corruption in VR Service while sending data using Fast Message Queue (FMQ).
CVE-2023-22385 -- Memory Corruption in Data Modem while making a MO call or MT VOLTE call.
CVE-2023-24518 -- A Cross-site Request Forgery (CSRF) vulnerability in Pandora FMS allows an attacker to force authenticated users to send a request to a web application they are currently authenticated against. This issue affects Pandora FMS version 767 and earlier versio
CVE-2023-24843 -- Transient DOS in Modem while triggering a camping on an 5G cell.
CVE-2023-24844 -- Memory Corruption in Core while invoking a call to Access Control core library with hardware protected address range.
CVE-2023-24847 -- Transient DOS in Modem while allocating DSM items.
CVE-2023-24848 -- Information Disclosure in Data Modem while performing a VoLTE call with an undefined RTCP FB line value.
CVE-2023-24849 -- Information Disclosure in data Modem while parsing an FMTP line in an SDP message.
CVE-2023-24850 -- Memory Corruption in HLOS while importing a cryptographic key into KeyMaster Trusted Application.
CVE-2023-24853 -- Memory Corruption in HLOS while registering for key provisioning notify.
CVE-2023-24855 -- Memory corruption in Modem while processing security related configuration before AS Security Exchange.
CVE-2023-2544 -- Authorization bypass vulnerability in UPV PEIX, affecting the component "pdf_curri_new.php". Through a POST request, an authenticated user could change the ID parameter to retrieve all the stored information of other registered users.
CVE-2023-25463 -- Cross-Site Request Forgery (CSRF) vulnerability in Gopi Ramasamy WP tell a friend popup form plugin <= 7.1 versions.
CVE-2023-25989 -- Cross-Site Request Forgery (CSRF) vulnerability in Meks Video Importer, Meks Time Ago, Meks ThemeForest Smart Widget, Meks Smart Author Widget, Meks Audio Player, Meks Easy Maps, Meks Easy Photo Feed Widget, Meks Simple Flickr Widget, Meks Easy Ads Widget
CVE-2023-26150 -- Versions of the package asyncua before 0.9.96 are vulnerable to Improper Authentication such that it is possible to access Address Space without encryption and authentication.
CVE-2023-26151 -- Versions of the package asyncua before 0.9.96 are vulnerable to Denial of Service (DoS) such that an attacker can send a malformed packet and as a result, the server will enter into an infinite loop and consume excessive memory.
CVE-2023-26152 -- All versions of the package static-server are vulnerable to Directory Traversal due to improper input sanitization passed via the validPath function of server.js.
CVE-2023-2681 -- An SQL Injection vulnerability has been found on Jorani version 1.0.0. This vulnerability allows an authenticated remote user, with low privileges, to send queries with malicious SQL code on the "/leaves/validate" path and the “id” parameter, managing to
CVE-2023-27435 -- Cross-Site Request Forgery (CSRF) vulnerability in Sami Ahmed Siddiqui HTTP Auth plugin <= 0.3.2 versions.
CVE-2023-2830 -- Cross-Site Request Forgery (CSRF) vulnerability in Trustindex.Io WP Testimonials plugin <= 1.4.2 versions.
CVE-2023-28373 -- A flaw exists in FlashArray Purity whereby an array administrator by configuring an external key manager can affect the availability of data on the system including snapshots protected by SafeMode.
CVE-2023-28539 -- Memory corruption in WLAN Host when the firmware invokes multiple WMI Service Available command.
CVE-2023-28540 -- Cryptographic issue in Data Modem due to improper authentication during TLS handshake.
CVE-2023-28571 -- Information disclosure in WLAN HOST while processing the WLAN scan descriptor list during roaming scan.
CVE-2023-3196 -- This vulnerability could allow an attacker to store a malicious JavaScript payload in the login footer and login page description parameters within the administration panel.
CVE-2023-32091 -- Cross-Site Request Forgery (CSRF) vulnerability in POEditor plugin <= 0.9.4 versions.
CVE-2023-32572 -- A flaw exists in FlashArray Purity wherein under limited circumstances, an array administrator can alter the retention lock of a pgroup and disable pgroup SafeMode protection.
CVE-2023-32669 -- Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums. This vulnerability can be exploited by changing the album identification (id).
CVE-2023-32670 -- Cross-Site Scripting vulnerability
CVE-2023-32671 -- A stored XSS vulnerability has been found on BuddyBoss Platform affecting version 2.2.9. This vulnerability allows an attacker to store a malicious javascript payload via POST request when sending an invitation.
CVE-2023-32790 -- Cross-Site Scripting (XSS) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to inject a malicious JavaScript payload into the 'Full Name' field during a user edit, due to improper sanitization of the input parameter.
CVE-2023-32791 -- Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to manipulate and delete user accounts within the platform by sending a specifically crafted query to the server. The vulnerability is
CVE-2023-32792 -- Cross-Site Request Forgery (CSRF) vulnerability in NXLog Manager 5.6.5633 version. This vulnerability allows an attacker to eliminate roles within the platform by sending a specifically crafted query to the server. The vulnerability is based on the absenc
CVE-2023-33026 -- Transient DOS in WLAN Firmware while parsing a NAN management frame.
CVE-2023-33027 -- Transient DOS in WLAN Firmware while parsing rsn ies.
CVE-2023-33028 -- Memory corruption in WLAN Firmware while doing a memory copy of pmk cache.
CVE-2023-33029 -- Memory corruption in DSP Service during a remote call from HLOS to DSP.
CVE-2023-33034 -- Memory corruption while parsing the ADSP response command.
CVE-2023-33035 -- Memory corruption while invoking callback function of AFE from ADSP.
CVE-2023-33039 -- Memory corruption in Automotive Display while destroying the image handle created using connected display driver.
CVE-2023-33200 -- A local non-privileged user can make improper GPU processing operations to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give them access to already freed memory.
CVE-2023-33268 -- An issue was discovered in DTS Monitoring 3.57.0. The parameter port within the SSL Certificate check function is vulnerable to OS command injection (blind).
CVE-2023-33269 -- An issue was discovered in DTS Monitoring 3.57.0. The parameter options within the WGET check function is vulnerable to OS command injection (blind).
CVE-2023-33270 -- An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the Curl check function is vulnerable to OS command injection (blind).
CVE-2023-33271 -- An issue was discovered in DTS Monitoring 3.57.0. The parameter common_name within the SSL Certificate check function is vulnerable to OS command injection (blind).
CVE-2023-33272 -- An issue was discovered in DTS Monitoring 3.57.0. The parameter ip within the Ping check function is vulnerable to OS command injection (blind).
CVE-2023-33273 -- An issue was discovered in DTS Monitoring 3.57.0. The parameter url within the WGET check function is vulnerable to OS command injection (blind).
CVE-2023-3335 -- Insertion of Sensitive Information into Log File vulnerability in Hitachi Ops Center Administrator on Linux allows local users  to gain sensive information.This issue affects Hitachi Ops Center Administrator: before 10.9.3-00.
CVE-2023-3349 -- Information exposure vulnerability in IBERMATICA RPS 2019, which exploitation could allow an unauthenticated user to retrieve sensitive information, such as usernames, IP addresses or SQL queries sent to the application. By accessing the URL /RPS2019Servi
CVE-2023-3350 -- A Cryptographic Issue vulnerability has been found on IBERMATICA RPS, affecting version 2019. By firstly downloading the log file, an attacker could retrieve the SQL query sent to the application in plaint text. This log file contains the password hashes
CVE-2023-3440 -- Incorrect Default Permissions vulnerability in Hitachi JP1/Performance Management on Windows allows File Manipulation.This issue affects JP1/Performance Management - Manager: from 09-00 before 12-50-07; JP1/Performance Management - Base: from 09-00 throug
CVE-2023-34970 -- A local non-privileged user can make improper GPU processing operations to access a limited amount outside of buffer bounds or to exploit a software race condition. If the system’s memory is carefully prepared by the user, then this in turn could give the
CVE-2023-3654 -- cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a origin bypass via the host header in an HTTP request. This vulnerability can be triggered by an HTTP endpoint exposed to
CVE-2023-3655 -- cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by a dangerous methods, that allows to leak the database (system settings, user accounts,...). This vulnerability can be trig
CVE-2023-3656 -- cashIT! - serving solutions. Devices from "PoS/ Dienstleistung, Entwicklung & Vertrieb GmbH" to 03.A06rks 2023.02.37 are affected by an unauthenticated remote code execution vulnerability. This vulnerability can be triggered by an HTTP endpoint exposed to
CVE-2023-36628 -- A flaw exists in VASA which allows users with access to a vSphere/ESXi VMware admin on a FlashArray to gain root access through privilege escalation.
CVE-2023-37891 -- Cross-Site Request Forgery (CSRF) vulnerability in OptiMonk OptiMonk: Popups, Personalization & A/B Testing plugin <= 2.0.4 versions.
CVE-2023-37990 -- Cross-Site Request Forgery (CSRF) vulnerability in Mike Perelink Pro plugin <= 2.1.4 versions.
CVE-2023-37991 -- Cross-Site Request Forgery (CSRF) vulnerability in Monchito.Net WP Emoji One plugin <= 0.6.0 versions.
CVE-2023-37992 -- Cross-Site Request Forgery (CSRF) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <= 3.1.35 versions.
CVE-2023-37996 -- Cross-Site Request Forgery (CSRF) vulnerability in GTmetrix GTmetrix for WordPress plugin <= 0.4.7 versions.
CVE-2023-37998 -- Cross-Site Request Forgery (CSRF) vulnerability in Saas Disabler plugin <= 3.0.3 versions.
CVE-2023-38381 -- Cross-Site Request Forgery (CSRF) vulnerability in Cyle Conoly WP-FlyBox plugin <= 6.46 versions.
CVE-2023-38390 -- Cross-Site Request Forgery (CSRF) vulnerability in Anshul Labs Mobile Address Bar Changer plugin <= 3.0 versions.
CVE-2023-38396 -- Cross-Site Request Forgery (CSRF) vulnerability in Alain Gonzalez plugin <= 3.1.2 versions.
CVE-2023-38398 -- Cross-Site Request Forgery (CSRF) vulnerability in Taboola plugin <= 2.0.1 versions.
CVE-2023-39158 -- Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Banner Management For WooCommerce plugin <= 2.4.2 versions.
CVE-2023-39159 -- Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Fraud Prevention For Woocommerce plugin <= 2.1.5 versions.
CVE-2023-39165 -- Cross-Site Request Forgery (CSRF) vulnerability in Fetch Designs Sign-up Sheets plugin <= 2.2.8 versions.
CVE-2023-39222 -- OS command injection vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to execute an arbitrary OS command that is not intended to be executed from the web interface by sending a specially crafted request. Affec
CVE-2023-39429 -- Cross-site scripting vulnerability in FURUNO SYSTEMS wireless LAN access point devices allows an authenticated user to inject an arbitrary script via a crafted configuration. Affected products and versions are as follows: ACERA 1210 firmware ver.02.36 and
CVE-2023-39645 -- Improper neutralization of SQL parameter in Theme Volty CMS Payment Icon module for PrestaShop. In the module “Theme Volty CMS Payment Icon” (tvcmspaymenticon) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affec
CVE-2023-39645 -- Theme volty tvcmspaymenticon up to v4.0.1 was discovered to contain a SQL injection vulnerability via the component /tvcmspaymenticon/ajax.php?action=update_position&recordsArray.
CVE-2023-39646 -- Improper neutralization of SQL parameter in Theme Volty CMS Category Chain Slider module for PrestaShop. In the module “Theme Volty CMS Category Chain Slide"(tvcmscategorychainslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perfor
CVE-2023-39647 -- Improper neutralization of SQL parameter in Theme Volty CMS Category Product module for PrestaShop. In the module “Theme Volty CMS Category Product” (tvcmscategoryproduct) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL inject
CVE-2023-39648 -- Improper neutralization of SQL parameter in Theme Volty CMS Testimonial module for PrestaShop. In the module “Theme Volty CMS Testimonial” (tvcmstestimonial) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affecte
CVE-2023-39649 -- Improper neutralization of SQL parameter in Theme Volty CMS Category Slider module for PrestaShop. In the module “Theme Volty CMS Category Slider” (tvcmscategoryslider) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection
CVE-2023-39651 -- Improper neutralization of SQL parameter in Theme Volty CMS BrandList module for PrestaShop In the module “Theme Volty CMS BrandList” (tvcmsbrandlist) up to version 4.0.1 from Theme Volty for PrestaShop, a guest can perform SQL injection in affected versi
CVE-2023-3967 -- Allocation of Resources Without Limits or Throttling vulnerability in Hitachi Ops Center Common Services on Linux allows DoS.This issue affects Hitachi Ops Center Common Services: before 10.9.3-00.
CVE-2023-39917 -- Cross-Site Request Forgery (CSRF) vulnerability in Photo Gallery Team Photo Gallery by Ays – Responsive Image Gallery plugin <= 5.2.6 versions.
CVE-2023-39923 -- Cross-Site Request Forgery (CSRF) vulnerability in RadiusTheme The Post Grid plugin <= 7.2.7 versions.
CVE-2023-39989 -- Cross-Site Request Forgery (CSRF) vulnerability in 99robots Header Footer Code Manager plugin <= 1.1.34 versions.
CVE-2023-40009 -- Cross-Site Request Forgery (CSRF) vulnerability in ThimPress WP Pipes plugin <= 1.4.0 versions.
CVE-2023-40198 -- Cross-Site Request Forgery (CSRF) vulnerability in Antsanchez Easy Cookie Law plugin <= 3.1 versions.
CVE-2023-40199 -- Cross-Site Request Forgery (CSRF) vulnerability in CRUDLab WP Like Button plugin <= 1.7.0 versions.
CVE-2023-40201 -- Cross-Site Request Forgery (CSRF) vulnerability in FuturioWP Futurio Extra plugin <= 1.8.4 versions leads to activation of arbitrary plugin.
CVE-2023-40202 -- Cross-Site Request Forgery (CSRF) vulnerability in Hannes Etzelstorfer // codemiq WP HTML Mail plugin <= 3.4.1 versions.
CVE-2023-40210 -- Cross-Site Request Forgery (CSRF) vulnerability in Sean Barton (Tortoise IT) SB Child List plugin <= 4.5 versions.
CVE-2023-40212 -- Cross-Site Request Forgery (CSRF) vulnerability in theDotstore Product Attachment for WooCommerce plugin <= 2.1.8 versions.
CVE-2023-40519 -- A cross-site scripting (XSS) vulnerability in the bpk-common/auth/login/index.html login portal in Broadpeak Centralized Accounts Management Auth Agent 01.01.00.19219575_ee9195b0, 01.01.01.30097902_fd999e76, and 00.12.01.9565588_1254b459 allows remote att
CVE-2023-40558 -- Cross-Site Request Forgery (CSRF) vulnerability in eMarket Design YouTube Video Gallery by YouTube Showcase plugin <= 3.3.5 versions.
CVE-2023-40830 -- Tenda AC6 v15.03.05.19 is vulnerable to Buffer Overflow as the Index parameter does not verify the length.
CVE-2023-4097 -- The file upload functionality is not implemented correctly and allows uploading of any type of file. As a prerequisite, it is necessary for the attacker to log into the application with a valid username.
CVE-2023-4098 -- It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log into the application.
CVE-2023-4099 -- The QSige Monitor application does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application.
CVE-2023-4100 -- Allows an attacker to perform XSS attacks stored on certain resources. Exploiting this vulnerability can lead to a DoS condition, among other actions.
CVE-2023-4101 -- The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application.
CVE-2023-4102 -- QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so. As a prerequisite, it is necessary to log into the application.
CVE-2023-4103 -- QSige statistics are affected by a remote SQLi vulnerability. It has been identified that the web application does not correctly filter input parameters, allowing SQL injections, DoS or information disclosure. As a prerequisite, it is necessary to log int
CVE-2023-41086 -- Cross-site request forgery (CSRF) vulnerability exists in FURUNO SYSTEMS wireless LAN access point devices. If a user views a malicious page while logged in, unintended operations may be performed. Affected products and versions are as follows: ACERA 1210
CVE-2023-41244 -- Cross-Site Request Forgery (CSRF) vulnerability in Buildfail Localize Remote Images plugin <= 1.0.9 versions.
CVE-2023-41693 -- Cross-Site Request Forgery (CSRF) vulnerability in edward_plainview MyCryptoCheckout plugin <= 2.125 versions.
CVE-2023-42508 -- JFrog Artifactory prior to version 7.66.0 is vulnerable to specific endpoint abuse with a specially crafted payload, which can lead to unauthenticated users being able to send emails with manipulated email body.
CVE-2023-42771 -- Authentication bypass vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent unauthenticated attacker who can access the affected product to download configuration files and/or l
CVE-2023-43176 -- A deserialization vulnerability in Afterlogic Aurora Files v9.7.3 allows attackers to execute arbitrary code via supplying a crafted .sabredav file.
CVE-2023-43627 -- Path traversal vulnerability in ACERA 1320 firmware ver.01.26 and earlier, and ACERA 1310 firmware ver.01.26 and earlier allows a network-adjacent authenticated attacker to alter critical information such as system files by sending a specially crafted req
CVE-2023-43898 -- Nothings stb 2.28 was discovered to contain a Null Pointer Dereference via the function stbi__convert_format. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted pic file.
CVE-2023-43951 -- SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Column Management component.
CVE-2023-43952 -- SSCMS 7.2.2 was discovered to contain a stored cross-site scripting (XSS) vulnerability via the Material Management component.
CVE-2023-43953 -- SSCMS 7.2.2 was discovered to contain a cross-site scripting (XSS) vulnerability via the Content Management component.
CVE-2023-43976 -- An issue in CatoNetworks CatoClient before v.5.4.0 allows attackers to escalate privileges and winning the race condition (TOCTOU) via the PrivilegedHelperTool component.
CVE-2023-44973 -- An arbitrary file upload vulnerability in the component /content/templates/ of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2023-44974 -- An arbitrary file upload vulnerability in the component /admin/plugin.php of Emlog Pro v2.2.0 allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2023-4564 -- This vulnerability could allow an attacker to store a malicious JavaScript payload in the broadcast message parameter within the admin panel.
CVE-2023-4732 -- A flaw was found in the Linux Kernel's memory management subsytem. A task exits and releases a 2MB page in a vma (vm_area_struct) and hits the BUG statement in pfn_swap_entry_to_page() referencing pmd_t x.
CVE-2023-4817 -- This vulnerability allows an authenticated attacker to upload malicious files by bypassing the restrictions of the upload functionality, compromising the entire device.
CVE-2023-4882 -- DOS vulnerability that could allow an attacker to register a new VNF (Virtual Network Function) value. This action could trigger the args_assets() function defined in the arg-log.php file, which would then execute the args-abort.c file, causing the servic
CVE-2023-4883 -- Invalid pointer release vulnerability. Exploitation of this vulnerability could allow an attacker to interrupt the correct operation of the service by sending a specially crafted json string to the VNF (Virtual Network Function), and triggering the ogs_s
CVE-2023-4884 -- An attacker could send an HTTP request to an Open5GS endpoint and retrieve the information stored on the device due to the lack of Authentication.
CVE-2023-4885 -- Man in the Middle vulnerability, which could allow an attacker to intercept VNF (Virtual Network Function) communications resulting in the exposure of sensitive information.
CVE-2023-4886 -- A sensitive information exposure vulnerability was found in foreman. Contents of tomcat's server.xml file, which contain passwords to candlepin's keystore and truststore, were found to be world readable.
CVE-2023-4911 -- A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable. This issue could allow a local attacker to use maliciously crafted GLIBC_TUNABLES environment variables when launching b
CVE-2023-4929 -- All firmware versions of the NPort 5000 Series are affected by an improper validation of integrity check vulnerability. This vulnerability results from insufficient checks on firmware updates or upgrades, potentially allowing malicious users to manipulate
CVE-2023-5255 -- For certificates that utilize the auto-renew feature in Puppet Server, a flaw exists which prevents the certificates from being revoked.
CVE-2023-5334 -- The WP Responsive header image slider plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'sp_responsiveslider' shortcode in versions up to, and including, 3.2.1 due to insufficient input sanitization and output escaping on user supplied
CVE-2023-5345 -- A use-after-free vulnerability in the Linux kernel's fs/smb/client component can be exploited to achieve local privilege escalation.
CVE-2023-5350 -- SQL Injection in GitHub repository salesagility/suitecrm prior to 7.14.1.
CVE-2023-5351 -- Cross-site Scripting (XSS) - Stored in GitHub repository salesagility/suitecrm prior to 7.14.1.
CVE-2023-5353 -- Improper Access Control in GitHub repository salesagility/suitecrm prior to 7.14.1.
CVE-2015-10124 -- A vulnerability was found in Most Popular Posts Widget Plugin up to 0.8 on WordPress. It has been classified as critical. Affected is the function add_views/show_views of the file functions.php. The manipulation leads to sql injection. It is possible to l
CVE-2023-0809 -- In Mosquitto before 2.0.16, excessive memory is allocated based on malicious initial packets that are not CONNECT packets.
CVE-2023-20819 -- In CDMA PPP protocol, there is a possible out of bounds write due to a missing bounds check. This could lead to remote escalation of privilege with no additional execution privilege needed. User interaction is not needed for exploitation. Patch ID: MOLY01
CVE-2023-28372 -- A flaw exists in FlashBlade Purity (OE) Version 4.1.0 whereby a user with privileges to extend an object’s retention period can affect the availability of the object lock.
CVE-2023-31042 -- A flaw exists in FlashBlade Purity whereby an authenticated user with access to FlashBlade’s object store protocol can impact the availability of the system’s data access and replication protocols.
CVE-2023-32819 -- In display, there is a possible information disclosure due to a missing bounds check. This could lead to local information disclosure with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993705; Issue I
CVE-2023-32820 -- In wlan firmware, there is a possible firmware assertion due to improper input handling. This could lead to remote denial of service with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07932637; I
CVE-2023-32821 -- In video, there is a possible out of bounds write due to a permissions bypass. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08013430; Issue ID: ALP
CVE-2023-32822 -- In ftm, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07994229; Issue ID: ALP
CVE-2023-32823 -- In rpmb , there is a possible memory corruption due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07912966; Issue ID: ALP
CVE-2023-32824 -- In rpmb , there is a possible double free due to improper locking. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07912966; Issue ID: ALPS07912961.
CVE-2023-32827 -- In camera middleware, there is a possible out of bounds write due to a missing input validation. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07993
CVE-2023-32828 -- In vpu, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07767817; Issue ID: ALPS07
CVE-2023-32829 -- In apusys, there is a possible out of bounds write due to an integer overflow. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS07713478; Issue ID: ALP
CVE-2023-32830 -- In TVAPI, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: DTV03802522; Issue ID: DT
CVE-2023-3592 -- In Mosquitto before 2.0.16, a memory leak occurs when clients send v5 CONNECT packets with a will message that contains invalid property types.
CVE-2023-36627 -- A flaw exists in FlashBlade Purity whereby a user with access to an administrative account on a FlashBlade that is configured with timezone-dependent snapshot schedules can configure a timezone to prevent the schedule from functioning properly.
CVE-2023-3744 -- Server-Side Request Forgery vulnerability in SLims version 9.6.0. This vulnerability could allow an authenticated attacker to send requests to internal services or upload the contents of relevant files via the "scrape_image.php" file in the imageURL param
CVE-2023-37605 -- Buffer Overflow vulnerability in baramundi software GmbH EMM Agent 23.1.50 and before allows an attacker to cause a denial of service via a crafted request to the password parameter.
CVE-2023-3768 -- Incorrect data input validation vulnerability, which could allow an attacker with access to the network to implement fuzzing techniques that would allow him to gain knowledge about specially crafted packets that would create a DoS condition through the MM
CVE-2023-40744 -- ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2023. Notes: none.
CVE-2023-41580 -- Phpipam before v1.5.2 was discovered to contain a LDAP injection vulnerability via the dname parameter at /users/ad-search-result.php. This vulnerability allows attackers to enumerate arbitrary fields in the LDAP server and access sensitive data via a cra
CVE-2023-41692 -- Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Hennessey Digital Attorney theme <= 3 theme.
CVE-2023-41728 -- Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Rescue Themes Rescue Shortcodes plugin <= 2.5 versions.
CVE-2023-41729 -- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in SendPress Newsletters plugin <= 1.22.3.31 versions.
CVE-2023-41731 -- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution WordPress publish post email notification plugin <= 1.0.2.2 versions.
CVE-2023-41733 -- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in YYDevelopment Back To The Top Button plugin <= 2.1.5 versions.
CVE-2023-41734 -- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in nigauri Insert Estimated Reading Time plugin <= 1.2 versions.
CVE-2023-41736 -- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Email posts to subscribers plugin <= 6.2 versions.
CVE-2023-41737 -- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in WPGens Swifty Bar, sticky bar by WPGens plugin <= 1.2.10 versions.
CVE-2023-41797 -- Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Gold Plugins Locations plugin <= 4.0 versions.
CVE-2023-41800 -- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in UniConsent UniConsent CMP for GDPR CPRA GPP TCF plugin <= 1.4.2 versions.
CVE-2023-41847 -- Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in WEN Solutions Notice Bar plugin <= 3.1.0 versions.
CVE-2023-41855 -- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Regpacks Regpack plugin <= 0.1 versions.
CVE-2023-41856 -- Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in ClickToTweet.Com Click To Tweet plugin <= 2.0.14 versions.
CVE-2023-41859 -- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Ashok Rane Order Delivery Date for WP e-Commerce plugin <= 1.2 versions.
CVE-2023-42132 -- FD Application Apr. 2022 Edition (Version 9.01) and earlier improperly restricts XML external entity references (XXE). By processing a specially crafted XML file, arbitrary files on the system may be read by an attacker.
CVE-2023-43267 -- A cross-site scripting (XSS) vulnerability in the publish article function of emlog pro v2.1.14 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the title field.
CVE-2023-43268 -- Deyue Remote Vehicle Management System v1.1 was discovered to contain a deserialization vulnerability.
CVE-2023-43297 -- An issue in animal-art-lab v13.6.1 allows attackers to send crafted notifications via leakage of the channel access token.
CVE-2023-43361 -- Buffer Overflow vulnerability in Vorbis-tools v.1.4.2 allows a local attacker to execute arbitrary code and cause a denial of service during the conversion of wav files to ogg files.
CVE-2023-43835 -- Super Store Finder 3.7 and below is vulnerable to authenticated Arbitrary PHP Code Injection that could lead to Remote Code Execution when settings overwrite config.inc.php content.
CVE-2023-43836 -- There is a SQL injection vulnerability in the Jizhicms 2.4.9 backend, which users can use to obtain database information
CVE-2023-43890 -- Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the diagnostic tools page. This vulnerability is exploited via a crafted HTTP request.
CVE-2023-43891 -- Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability in the Changing Username and Password function. This vulnerability is exploited via a crafted payload.
CVE-2023-43892 -- Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the Hostname parameter within the WAN settings. This vulnerability is exploited via a crafted payload.
CVE-2023-43893 -- Netis N3Mv2-V1.0.1.865 was discovered to contain a command injection vulnerability via the wakeup_mac parameter in the Wake-On-LAN (WoL) function. This vulnerability is exploited via a crafted payload.
CVE-2023-43980 -- Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php.
CVE-2023-43980 -- Presto Changeo testsitecreator up to v1.1.1 was discovered to contain a SQL injection vulnerability via the component disable_json.php.
CVE-2023-44008 -- File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the File Manager function.
CVE-2023-44009 -- File Upload vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the Skin Management function.
CVE-2023-44011 -- An issue in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the layout.master skin file at the Skin management component.
CVE-2023-44012 -- Cross Site Scripting vulnerability in mojoPortal v.2.7.0.0 allows a remote attacker to execute arbitrary code via the helpkey parameter in the Help.aspx component.
CVE-2023-44144 -- Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Dreamfox Payment gateway per Product for WooCommerce plugin <= 3.2.7 versions.
CVE-2023-44145 -- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in jesweb.Dev Anchor Episodes Index (Spotify for Podcasters) plugin <= 2.1.7 versions.
CVE-2023-44228 -- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Onclick show popup plugin <= 8.1 versions.
CVE-2023-44239 -- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jobin Jose WWM Social Share On Image Hover plugin <= 2.2 versions.
CVE-2023-44242 -- Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in 2J Slideshow Team Slideshow, Image Slider by 2J plugin <= 1.3.54 versions.
CVE-2023-44244 -- Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in FooPlugins FooGallery plugin <= 2.2.44 versions.
CVE-2023-44245 -- Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Leap Contractor Contact Form Website to Workflow Tool plugin <= 4.0.0 versions.
CVE-2023-44262 -- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Renzo Johnson Blocks plugin <= 1.6.41 versions.
CVE-2023-44263 -- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Riyaz Social Metrics plugin <= 2.2 versions.
CVE-2023-44264 -- Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Arrow Plugins The Awesome Feed – Custom Feed plugin <= 2.2.5 versions.
CVE-2023-44265 -- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Gopi Ramasamy Popup contact form plugin <= 7.1 versions.
CVE-2023-44266 -- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jewel Theme WP Adminify plugin <= 3.1.6 versions.
CVE-2023-44463 -- An issue was discovered in pretix before 2023.7.1. Incorrect parsing of configuration files causes the application to trust unchecked X-Forwarded-For headers even though it has not been configured to do so. This can lead to IP address spoofing by users of
CVE-2023-44474 -- Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in MD Jakir Hosen Tiger Forms – Drag and Drop Form Builder plugin <= 2.0.0 versions.
CVE-2023-44477 -- Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Boxy Studio Cooked plugin <= 1.7.13 versions.
CVE-2023-44479 -- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Jim Krill WP Jump Menu plugin <= 3.6.4 versions.
CVE-2023-4659 -- Cross-Site Request Forgery vulnerability, whose exploitation could allow an attacker to perform different actions on the platform as an administrator, simply by changing the token value to "admin". It is also possible to perform POST, GET and DELETE reque
CVE-2023-5106 -- An issue has been discovered in Ultimate-licensed GitLab EE affecting all versions starting 13.12 prior to 16.2.8, 16.3.0 prior to 16.3.5, and 16.4.0 prior to 16.4.1 that could allow an attacker to impersonate users in CI pipelines through direct transfer
CVE-2023-5160 -- Mattermost fails to check the Show Full Name option at the /api/v4/teams/TEAM_ID/top/team_members endpoint allowing a member to get the full name of another user even if the Show Full Name option was disabled
CVE-2023-5290 -- ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate is unused by its CNA. Notes: none.
CVE-2023-5328 -- A vulnerability classified as critical has been found in SATO CL4NX-J Plus 1.13.2-u455_r2. This affects an unknown part of the component Cookie Handler. The manipulation with the input auth=user,level1,settings; web=true leads to improper authentication.
CVE-2023-5329 -- A vulnerability classified as problematic was found in Field Logic DataCube4 up to 20231001. This vulnerability affects unknown code of the file /api/ of the component Web API. The manipulation leads to improper authentication. The exploit has been disclo
CVE-2023-5344 -- Heap-based Buffer Overflow in GitHub repository vim/vim prior to 9.0.1969.