Microsoft Vows to Prevent Future CrowdStrike-Like Outages
Rain Technology protects consumers against visual hackers and snoopers at ATM terminals
Nudge Security unveils SSPM capabilities to strengthen SaaS security
New Linux Malware Campaign Exploits Oracle Weblogic to Mine Cryptocurrency
Cyber insurance set for explosive growth
Security measures fail to keep up with rising email attacks
How to make Infrastructure as Code secure by default
New infosec products of the week: September 13, 2024
Organizations still don't know how to handle non-human identities
New Vo1d malware infects 1.3 million Android streaming boxes
Microsoft VS Code Undermined in Asian Spy Attack
Old WHOIS domain could have issued countless fraudulent TLS/SSL certificates
Stability concerns holding back patching practices
New Vo1d malware infects 1.3 million Android TV streaming boxes
Socially Savvy Scattered Spider Traps Cloud Admins in Web
For $20, Researchers Seize Part of Net Infrastructure
'Hadooken' Malware Targets Oracle's WebLogic Servers
Cybersecurity giant Fortinet discloses a data breach
Fortinet Confirms Data Breach After Hacker Leaks 440 GB of Data
FBI: Reported cryptocurrency losses reached $5.6 billion in 2023
Security Testing Market Worth $43.9B by 2029
US Army Selects QuSecure Solution for Research Project
SCADA Market is Set to Reach $18.7B by 2031
Singapore Arrests 6 in West African Cybercrime Case
Percentage of women, minorities in tech workforce unchanged since 2005
Singapore Police arrest six men allegedly involved in cybercrime syndicate
Hackers targeting WhatsUp Gold with public exploit since August
UK arrests teen linked to Transport for London cyber attack
Fortinet confirms data breach after hacker claims to steal 440GB of files
Take Your Endpoint Security to New Heights at Fal.Con 2024
We can try to bridge the cybersecurity skills gap, but that doesn’t necessarily mean more jobs for defenders
Irish Data Protection Regulator to Investigate Google AI
Standing on the Windows platform, waiting for change
New Android Malware 'Ajina.Banker' Steals Financial Data and Bypasses 2FA via Telegram
Transport for London confirms customer data stolen in cyberattack
GitLab warns of critical pipeline execution vulnerability
The Rising Tide of Software Supply Chain Attacks
Schools Face Million-Dollar Bills as Ransomware Rises
TfL Confirms Customer Data Breach, 17-Year-Old Suspect Arrested
Lehigh Valley Health Network to settle breach class-action for $65M
Singapore nabs global cybercrime syndicate members
Asian, European IIS servers subjected to novel DragonRank attack campaign
US utilities facing escalating cyberattacks
Better anti-ransomware defenses touted by new Google backup storage vault utility
How I got started: AI security executive
Urgent: GitLab Patches Critical Flaw Allowing Unauthorized Pipeline Job Execution
Aembit Raises $25 Million in Series A Funding for Non-Human Identity and Access Management
NCA Arrests Teenager in Walsall Over TfL Cyber Attack
Suspect arrested over the Transport for London cyberattack
Ransomware Disguised as a Game: Kransom’s Attack Through DLL Side-Loading
Lazarus Group Targets Developers in Fresh VMConnect Campaign
Mastercard Acquires Global Threat Intelligence Firm Recorded Future
Singapore Police arrest six men allegedly involved in cybercrime syndicate
Beware: New Vo1d Malware Infects 1.3 Million Android TV Boxes Worldwide
Exposed Selenium Grid Servers Targeted for Crypto Mining and Proxyjacking
From Amazon to Target: Hackers Mimic Top Brands in Global Crypto Scam
Adobe completes fix for Reader bug with known PoC exploit (CVE-2024-41869)
Dru Investigate simplifies cyber investigations and helps users uncover data threats
NETSCOUT enhances Omnis Cyber Intelligence platform with MITRE ATT&CK behavioral analytics
Criminal IP Teams Up with IPLocation.io to Deliver Unmatched IP Solutions to Global Audiences
UK Recognizes Data Centers as Critical National Infrastructure
Protect your WiFi from Hackers. Wi-Fi Hacking is much easier than most… | by Vasileiadis A. (CyberKid) | Aug, 2024 | Medium
Decrypting and Replaying VPN Cookies | by James H | Sep, 2024 | Medium
The Brainpool Curves. The P256 curve is used extensively in… | by Prof Bill Buchanan OBE FRSE | ASecuritySite: When Bob Met Alice | Sep, 2024 | Medium
What security teams need to know about HIPAA compliance in the cloud
Top 3 Threat Report Insights for Q2 2024
Iranian Cyber Group OilRig Targets Iraqi Government in Sophisticated Malware Attack
Ireland's Watchdog Launches Inquiry into Google's AI Data Practices in Europe
Losses due to cryptocurrency and BEC scams are soaring
September Patch Tuesday addresses 79 CVEs
Cloudera Private Link Network helps enterprises protect their data
Infostealer Infections Shed Light on FBI’s Most Wanted Criminals
Hackers Proxyjack & Cryptomine Selenium Grid Servers
Open Source Updates Have 75% Chance of Breaking Apps
Business Email Compromise Costs $55bn Over a Decade
Scan the entire web in 45 minutes with Zmap! | by Vasileiadis A. (CyberKid) | Jul, 2024 | Medium
Reinforcing Firewall Security: The Need to Adapt to Persistent Cyber T
Why Django’s [DEBUG=True] is a Goldmine for Hackers | by Very Lazy Tech | Sep, 2024 | Medium
Adobe Patch Tuesday security updates fixed multiple critical issues in company's products
VirtualBox 7.1: This is a major update, here's what's new
Securing Your Move to Hybrid Cloud Infrastructure
Amateurish 'CosmicBeetle' Ransomware Stings Turkish SMBs
WordPress Mandates Two-Factor Authentication for Plugin and Theme Developers
Benefits and best practices of leveraging AI for cybersecurity
Top priorities for federal cybersecurity: Infrastructure, zero trust, and AI-driven defense
Internal disconnects vs. cybersecurity: How connectivity shapes challenges
Dark Reading Expands Coverage to Asia-Pacific Region
Hackers use cloud services to target financial and insurance firms
Detect hidden surveillance cameras with your phone | by Vasileiadis A. (CyberKid) | Aug, 2024 | Medium
Explore topics
Uncovering Critical Financial Bugs in a High-Profile Target - [A Pentester’s Diary] | by Cristi Vlad | Sep, 2024 | Medium
Gallup cross-site scripting error could have led to data theft
Fake password manager coding test used to hack Python developers
Lazarus Group tricks developers to load malware via fake recruiting tests
1.7 Million People Hit in Massive Credit Card Data Breach: What to Do Now? - Security Spotlight
Chinese DragonRank Hackers Exploit Global Windows Servers in SEO Fraud
Adobe fixes Acrobat Reader zero-day with public PoC exploit
WordPress.org to require 2FA for plugin developers by October
Xiphera Develops Hardware Security Solutions for Space
Poppy Gustafsson Step Downs As Darktrace CEO
AppCD Closes $12.3M Seed Round and Rebrands to StackGen
Operational Technology Leaves Itself Open to Cyber-Attack
Quad7 Botnet Expands to Target SOHO Routers and VPN Appliances
Kali Linux 2024.3 released: 11 new tools, Qualcomm Snapdragon SDM845 SoC support
September 2024 Patch Tuesday: Updates and Analysis
Elevating Identity Security at Fal.Con 2024
Vulnerability in Acrobat Reader could lead to remote code execution; Microsoft patches information disclosure issue in Windows API
Defending Against AI-Driven Insider Threats: Best Practices and Strategies
Gallup: Pollster Acts to Close Down Security Threat
Fireside Chat: Implementing NIST's Post-Quantum Cryptographic Standards
Highline Public Schools school district suspended its activities following a cyberattack
DragonRank Black Hat SEO Campaign Targeting IIS Servers Across Asia and Europe
Hackers Use Fake Domains to Trick Trump Supporters in Trading Card Scam
EXPOSED: OnlyFans Hack Gone Wrong – How Cyber Criminals Turn into Victims Overnight 
Malicious mods: the Sims 4 infostealer threatens gamers’ security
Ransomware in the Cloud: Scattered Spider Targeting Insurance and Financial Industries
The silent heist: cybercriminals use information stealer malware to compromise corporate networks
Chinese hackers linked to cybercrime syndicate arrested in Singapore
Criminal IP and IPLocation.io Join Forces for Enhanced IP Analysis
How Law Enforcement's Ransomware Strategies Are Evolving
SOAR Is Dead, Long Live SOAR
Google Updates Cloud Backup, Disaster Recovery Service
Air Gaps Undone by Acoustic Attack via LCD Screens
'Ancient' MSFT Word Bug Anchors Taiwanese Drone-Maker Attacks
What Is the Shared Fate Model?
Remote Access Sprawl Strains Industrial OT Network Security
Crypto Scams Reach New Heights, FBI Reports $5.6bn in Losses
Free Russia Foundation breach under probe
Novel PIXHELL attack could expose air-gapped computer data
OT environments impacted by unrestricted remote access tool utilization
Southeast Asia targeted by new Crimson Palace attack clusters
Threat operation behind Cicada3301 ransomware delivery examined
RansomHub ransomware gang relies on TDSKiller to disable EDR
Singapore Police Arrest Six Hackers Linked to Global Cybercrime Syndicate
Mitiga Cloud MDR detects threats in SaaS and cloud environments
Tenable AI Aware provides exposure insight into AI applications, libraries and plugins
Opus Security empowers organizations to prioritize the most critical vulnerabilities
Poland’s Supreme Court Blocks Pegasus Spyware Probe
Cybersecurity Workforce Gap Rises by 19% Amid Budget Pressures
Reinventing cyber resilience with AI
Why Is It So Challenging to Go Passwordless?
Ivanti fixes critical vulnerabilities in Endpoint Management (CVE-2024-29847)
DragonRank, a Chinese-speaking SEO manipulator service provider
Microsoft Fixes Four Actively Exploited Zero-Days
Microsoft Patch Tuesday security updates for September 2024 addressed four actively exploited zero-days
Ivanti fixed a maximum severity flaw in its EPM software
Developers Beware: Lazarus Group Uses Fake Coding Tests to Spread Malware
Opus Security Elevates Vulnerability Management With its AI-Powered Multi-Layered Prioritization Engine
Trellix strengthens email security with DLP capabilities
Proofpoint expands platform capabilities for broader, adaptive human-centric security controls
Saviynt Intelligence delivers identity security analytics through ML and AI capabilities
Tanium helps organizations automate complex tasks in real-time
UK’s ICO and NCA Sign Memorandum to Boost Reporting and Resilience
Ivanti Releases Urgent Security Updates for Endpoint Manager Vulnerabilities
Microsoft Issues Patches for 79 Flaws, Including 3 Actively Exploited Windows Flaws
P0 Security raises $15 million to govern and secure cloud access for all identities
Cybersecurity jobs available right now: September 11, 2024
DockerSpy: Search for images on Docker Hub, extract sensitive information
How AI and zero trust are transforming resilience strategies
Cybersecurity is a fundamental component of patient care and safety
India Needs Better Cybersecurity for Space Systems
eBook: Keep assets secure after cloud migration
A Brazen Claim from a Cyber Newbie: Hands-On Skills aren’t Enough | by Into Cyber -- Joseph Howard, PhD | Aug, 2024 | Medium
Medium
Microsoft fixes at least four zero-days in September Patch Tuesday
Report: CosmicBeetle ransomware gang may have joined RansomHub
Microsoft September 2024 Patch Tuesday Fixes 79 Flaws, Including 4 Zero-Days
Small Business, Big Threats: INE Security Launches Initiative to Train SMBs to Close a Critical Skills Gap
Microsoft fixes Windows Server performance issues from August updates
How a Centuries-Old Company Reached Security Maturity
Microsoft Discloses 4 Zero-Days in September Update
Disinformation reigns ahead of Harris-Trump presidential debate
Quad7 botnet evolves to more stealthy tactics to evade detection
Four zero-days included in group of 79 vulnerabilities Microsoft discloses, including one with 9.8 severity score
Sophos Firewall v21: Third-party threat feeds
AI Trucks, Solid Concrete, Sonicwall, Progress, Rust, Apple, and more… – SWN #412
Microsoft fixes 4 exploited zero-days and a code defect that nixed earlier security fixes
Ivanti fixes maximum severity RCE bug in Endpoint Management software
New PIXHELL acoustic attack leaks secrets from LCD screen noise
Microsoft fixes Windows Smart App Control zero-day exploited since 2018
RansomHub ransomware abuses Kaspersky TDSSKiller to disable EDR software
Windows 10 KB5043064 update released with 6 fixes, security updates
Cyber Staffing Shortages Remain CISOs' Biggest Challenge
Wix to block Russian users starting September 12
Microsoft September 2024 Patch Tuesday fixes 4 zero-days, 79 flaws
Windows 11 KB5043076 cumulative update released with 19 changes
Highline Public Schools Forced to Close By Cyber-Attack
Demystifying Data Protection in the Cloud
ChatGPT 4 can exploit 87% of one-day vulnerabilities: Really that impressive?
CosmicBeetle Deploys Custom ScRansom Ransomware, Partnering with RansomHub
Small Business, Big Threats: INE Security Launches Initiative to Train SMBs to Close a Critical Skills Gap
LOKKER's consent management solution blocks all unauthorized data collection on websites
Tufin improves security automation on Azure, GCP, and VMware clouds
Adaptiva enables users to instantly control patch rollouts
Proofpoint Nexus: Powering Human-Centric Security
Wix.com to block Russian users starting September 12
Microsoft to start force-upgrading Windows 22H2 systems next month
Platform Engineering Is Security Engineering
Mustang Panda Feeds Worm-Driven USB Attack Strategy
Cybersecurity Pen Test Arrests: 5 Years Later
Tackling Rising Software Vulnerabilities Sustainably
China-Linked Threat Actors Target Taiwan Military Industry
Audit finds shortcomings in FDIC’s cloud security
Data protection firm Own acquired by Salesforce
Poland thwarted cyberattacks that were carried out by Russia and Belarus
Man Faces 20 Years in Prison for First-Ever AI Music Streaming Scam
The Role of VPNs in Protecting Online Privacy
Netskope accelerates cloud networking and security operations
CISA confirms that SonicWall vulnerability is getting exploited (CVE-2024-40766)
Galileo delivers real-time fraud detection for fintechs, banks and businesses
Ketch helps media brands enable privacy-safe data activation
Navigating Endpoint Privilege Management: Insights for CISOs and Admins
The K-12 Conundrum: Mitigating Risk from the Classroom to the C-Suite
Keeping up with the Attackers: Reviewing the Latest Threat Techniques
Novel Quasar RAT variant deployed by Blind Eagle
Russia-, Belarus-linked cyber operation disrupted by Poland
Taiwanese drone makers subjected to TIDRONE APT intrusions
UltraAV acquires almost 1M US Kaspersky clients
Avis breach compromises about 300K
Flipper Zero releases Firmware 1.0 after three years of development
NoName ransomware gang deploying RansomHub malware in recent attacks
Infosecurity Magazine Online Summit Autumn 2024 Day One Sessions
Cybersecurity on a Budget: How SMEs Can Stay Safe Amid Rising Attacks
Fireside Chat: A CERT Insider's Look on Building Jersey's Cyber Resilience
National Public Data breach underscores the need for stronger digital identities
New PIXHELL Attack Exploits Screen Noise to Exfiltrates Data from Air-Gapped Computers
Shining a Light on Shadow Apps: The Invisible Gateway to SaaS Data Breaches
Experts Identify 3 Chinese-Linked Clusters Behind Cyberattacks in Southeast Asia
Stop Chasing Alerts, Start Validating Exposures — Handle Them Like a Pro
Seventh Sense Unveils Revolutionary Privacy-Preserving Face-Based Public Key Infrastructure and eID Solution
Gallup Poll Bugs Open Door to Election Misinformation
The Human Firewall - by Davide Guglielmi
DORA Compliance and your Threat & Vulnerability Management (TVM) Programme. What you need to know
Better-performing “25519” elliptic-curve cryptography - Amazon Science
Threads
Indodax: Inside the $22M Crypto Hack & Temporary Shutdown
Cyber-crook leaks 20GB of data 'stolen' from Capgemini • The Register
Operation WordDrone: How Drone manufacturers are being targeted in Taiwan
Exposed: How Israeli Spies Control Your VPN
Principles of the OpenPGP SEIP (OCFB-MDC) and SE (OCFB) Block Cipher Modes [The Call of the Open Sidewalk]
Fortinet Data Breach: Hacker Leaks 440GB of Stolen Data
AlcaWASM Challenge Writeup - Pwning an In-Browser Lua Interpreter - ~/suidpit/org
Microsoft’s September 2024 Patch: The African Perspective
Microsoft Windows MSI Installer - Repair to SYSTEM - A detailed journey - SEC Consult
Cyber security incident - Transport for London
Mastercard to Acquire Threat Intelligence Firm Recorded Future for $2.6 Billion - SecurityWeek
BT identifying 2,000 signals a second indicating possible cyber-attacks | BT | The Guardian
- YouTube
TfL cyber attack: Thousands of passengers feared to have bank details exposed as teenager arrested | Evening Standard
Adversary Emulation is a Complicated Profession - Intelligent Cyber Adversary Emulation with the Bounty Hunter :: lolcads tech blog
Infostealer Infections Shed Light on FBI’s Most Wanted Criminals | InfoStealers
Cybersecurity Services, Solutions & Products. Global Provider | Group-IB
The biggest cyber attacks of 2024 | BCS
Barely any businesses are really that confident about their security protection | TechRadar
Enigmelo Blog | SSH Keystroke Obfuscation Bypass
GitHub - theowni/EPSS-Calculator: The EPSS Calculator is a user-friendly web application that calculates the EPSS (Exploit Prediction Scoring System) score based on a provided CVE (Common Vulnerabilities and Exposures) identifier.
Rogue WHOIS server gives researcher superpowers no one should ever have | Ars Technica
RaaS: Rise of Ransomware-as-a-Service in Cybercrime  - India Today
Just a moment...
Singapore Police Arrest Six Hackers Linked to Global Cybercrime Syndicate
- YouTube
US raises concerns over alleged Russian sabotage of subsea cables
We Spent $20 To Achieve RCE And Accidentally Became The Admins Of .MOBI
Just a moment...
A new TrickMo saga: from Banking Trojan to Victim's Data Leak | Cleafy Labs
The Security Canary Maturity Model
Feeld dating app - Your nudes and data were publicly available - Cyber Security Services - London
Bytecode :: lolcads tech blog
ImHex - Free and Open Source Hex Editor
- YouTube
Ransomware in the Cloud: Scattered Spider Targeting Insurance and Financial Industries
Iran pays millions in ransom to end massive cyberattack on banks, officials say – POLITICO
Introducing Wiz Code: Transform Your AppSec with Wiz | Wiz Blog
CloudGoat Official Walkthrough Series: ‘glue_privesc’ - Rhino Security Labs
teiss - News - U.S. chipmaker Microchip says hackers stole employees' sensitive personal information
- YouTube
Planned Parenthood: cyber attackers threaten to leak data
Exploiting SQL Server Credentials for Domain Privilege Escalation
- YouTube
Quad7 Botnet Develops New Attack Techniques and Infrastructure
- YouTube
SAP Security Patch Day – September 2024 - SAP Community
Invisible Salamanders Are Not What You Think - Dhole Moments
Python-based model to generate trading signals and optimize risk management using machine learning techniques. The project utilizes unsupervised learning to identify patterns and relationships in financial data, clustering stocks to optimize a portfolio b
AegisAI is a security simulation environment for AI-driven systems. It provides orchestrated security simulations to test and protect AI models from adversarial attacks and other security threats.
以 Spring-Boot 3.3.3、 spring-gateway、spring-security 搭建API 网关例子。包含 路由、自定义认证、自定义鉴权和 OAuth2
llm-security
Тестовое приложение Spring Security
The Library Records Management System (LRMS) automates library tasks with Tkinter and MySQL, handling user authentication, inventory, and transactions efficiently. Scalable and user-friendly, it ensures data integrity and simplifies management. Future enh
Vertex-Cover-Algorithm-for-optimal-security-camera-placement
Project for college computer security class.
Expert Bash Scripting and IT Solutions by Mohammed Alattar. This repository showcases advanced scripts and tools developed over 18 years in IT, specializing in cybersecurity, network management, and automation. Designed to solve complex challenges and enh
Proof-of-concept for an EnforceScript LSP
HackingToys_wups
Hack Pull Request
Diablo 4 IV D4 AI Hack Cheat Auto Loot, ESP, Maphack, Bot auto bot farming Autoskill Triggerbot Noclip silent aimbot esp wallhack wh exploit godmode fly FlickBot Legit SemiRage softaim 2024 inventory skin changer swapper hwid spoofer changer free download
Eazybytes Spring Security 6 and Spring Boot 3.3.3 course from Udemy: spring-security-zero-to-master
AndroidSecurity
This repository contains the privacy policy for "Another Dimension", outlining how user data is collected, used, and protected. The policy is intended to inform users about their privacy rights and the measures taken to ensure data security. This document
This file conatins security alarm system using ultralytics and streamlit application
My security script
Vulkan (and MoltenVK) rendering proof of concept.
(JAVA version) This reproducer is meant to show ContextNotActiveException within SecurityIdentityAugmentor implementation.
Warning: do not execute this Program unless you know what you are doing! This Program is a POC (Proof of Concept) and is not meant for commercial use or to harm anyone.
Network-protocals-and-security
An inventory management system in php, with emphasis on Authentication, Dashboard, Stock Management, Inventory Tracking, Sales and Purchases, Alerts and Notifications, Reporting and Analytics, Search and Filter, Responsive Design, Database Design, Data Im
Your Ultimate Companion for Security Testing and Vulnerability Tracking
proof-of-concept-customer-support-bot-kyl88-y7e1c
Security-Reviews
3 UEFI DXE Modules for Security NVRAM editing by hooking SetVariable function and installing alternative secure protocol to avoid undesirable NVRAM editing (by RU.efi f.e.)
Network-Security-Groups-NSGs-and-Inspecting-Network-Protocols
Computer-Security-CS338
spring-security-demo
Python-CyberSecurity
Hack Pull Request 2
A Flask web application developed as a proof of concept for FAQ search functionality. The user inputs a question, and the app returns the three most similar FAQs from the dataset. TF-IDF was used for embedding the text, and cosine similarity was employed
Proof-of-concept / exploration of the Vanilla design system as a monorepo
Runescape hacks hack cheat cheats ESP auto-loot god-mode infinite-health infinite-mana speedhack teleport cooldown-hack damage-hack wallhack map-hack auto-farm skill-hack item-ESP mob-ESP auto-dodge auto-heal fly-hack radar-hack
HackingWithSwift
Rust hacks hack cheat cheats aimbot ESP wallhack no-recoil no-spread triggerbot radar-hack silent-aim infinite-ammo speed-hack god-mode instant-respawn rapid-fire infinite-abilities cooldown-hack anti-flash anti-smoke player-ESP health-ESP
WarThunder hacks hack cheat cheats aimbot ESP radar no-recoil wallhack infinite-ammo speedhack god-mode silent-aim auto-pilot infinite-fuel plane-ESP tank-ESP boat-ESP radar-hack auto-reload no-gravity infinite-stamina rapid-fire
Trove hacks hack cheat cheats ESP auto-loot god-mode infinite-health infinite-mana speedhack teleport cooldown-hack damage-hack wallhack map-hack auto-farm skill-hack item-ESP mob-ESP auto-dodge auto-heal fly-hack radar-hack
Vulnerability Research By Security Professionals
TeamFortress2 hacks hack cheat cheats aimbot wallhack ESP no-recoil no-spread triggerbot silent-aim infinite-ammo speed-hack teleport god-mode instant-respawn rapid-fire infinite-abilities cooldown-hack anti-flash anti-smoke player-ESP TF2 TF-2
LostArk hacks hack cheat cheats ESP auto-loot god-mode infinite-health infinite-mana speedhack teleport cooldown-hack damage-hack wallhack map-hack auto-farm skill-hack item-ESP mob-ESP auto-dodge auto-heal fly-hack radar-hack
WorldofTanks hacks hack cheat cheats aimbot ESP wallhack infinite-ammo god-mode speedhack no-recoil radar-hack silent-aim teleport auto-repair auto-reload infinite-fuel tank-ESP no-spread rapid-fire instant-respawn auto-fire WOT
Security
PathofExile hacks hack cheat cheats item-duping speedhack botting god-mode infinite-health infinite-mana teleport-hack map-hack monster-ESP loot-ESP auto-pick-up infinite-gold skill-hack cooldown-hack wallhack damage-hack auto-dodge auto-heal poe
This penetration testing tool scans a host for active services and their versions, then checks these against the Metasploit database to uncover potential vulnerabilities. It’s designed for ease of use and is perfect for swift security assessments.
A lightweight Python tool for scanning websites to discover hidden directories and files. Supports multithreading for faster scans, custom headers, and user-agent options to bypass security protections. Ideal for penetration testing and security assessmen
spring-boot-rest-security
GuildWars2 hacks hack cheat cheats ESP auto-loot god-mode infinite-health infinite-mana speedhack teleport cooldown-hack damage-hack wallhack map-hack auto-farm skill-hack item-ESP mob-ESP auto-dodge auto-heal fly-hack radar-hack GW2
Config files for my GitHub profile.
security-projects
The security check system with unity, use in a offline mode.
Red Insight is a comprehensive repository dedicated to documenting penetration testing techniques, tools, and findings. It serves as a resource for security professionals looking to deepen their understanding of offensive security, vulnerability assessmen
Security-and-Vulnerability-in-Networks-DAT-510
Factory-Management-API-Security
Refactor a Dockerfile following industry best practices to optimize for performance, security, and maintainability
Microsoft Certified: Security Operations Analyst Associate
securities quotation service plugins
API demo desenvolvida em Java usando Spring Boot com uma implementação simples de autenticação, protegendo a página inicial após o login. O projeto utiliza Spring Security para gerenciar a autenticação, com usuário e senha configurados em memória, e inclu
Concept about proof-of-on-chain-work (based on Bitcoin's Proof-of-Work mechanism)
tictactoe proof of concept
Proof of concept for fusing 2 Roboflow AI Models and running completely offline with Python (native GUI)
A proof of concept repository to use Github App authentication in Github API Client using Octokit Go SDK.
Proof of concept spring project demonstrating basic usage of a GraphQL API
An effort to create a comprehensive malware library, aimed at cataloging and analyzing a wide range of malware types. The goal is to create a collaborative space where individuals and teams can contribute their findings, enhance the collective understandi
Proof of concept for end-to-end encryption for files.
EscapefromTarkov hacks hack cheat cheats aimbot ESP wallhack no-recoil no-spread triggerbot radar-hack silent-aim infinite-ammo speed-hack god-mode instant-respawn rapid-fire infinite-abilities cooldown-hack anti-flash anti-smoke player-ESP EFT
Stramlit interface for Reflection2B - a Gemma2-2B-it prompt hack
SeaofThieves hacks hack cheat cheats Sot aimbot ESP wallhack speedhack teleport god-mode infinite-health infinite-ammo no-recoil silent-aim radar-hack auto-loot instant-repair boat-ESP player-ESP chest-ESP fish-ESP infinite-wood auto-bucket sot
Blog para falar sobre Tecnologia
Emilia, Munganga, Renée
ARKSurvivalEvolved hacks hack cheat cheats aimbot ESP wallhack god-mode infinite-health infinite-stamina infinite-items instant-tame teleport no-fall-damage speedhack auto-farm no-clip animal-ESP player-ESP resource-ESP item-ESP
CSE523_SystemSecurity
TheSims4 hacks hack cheat cheats money-hack needs-hack relationship-hack career-hack skill-hack build-mode-hack free-real-estate motive-hack object-modder trait-modder aspiration-modder infinite-satisfaction teleport-hack CAS-hack pregnancy-hack age-modde
Personal site for proof of concept.
Sideral is a design studio for developers and indie-hackers.
FinalFantasy14 hacks hack cheat cheats ESP auto-loot god-mode infinite-health infinite-mana speedhack teleport cooldown-hack damage-hack wallhack map-hack auto-farm skill-hack item-ESP mob-ESP auto-dodge auto-heal fly-hack radar-hack ff14
Smite hacks hack cheat cheats aimbot ESP map-hack no-cooldown god-mode infinite-health auto-farm instant-ability auto-heal speedhack teleport wallhack player-ESP skill-shot-hack auto-aim radar-hack infinite-mana cooldown-hack instant-respawn
GitTRM-Proof-of-Concept
MapleStory hacks hack cheat cheats ESP auto-loot god-mode infinite-health infinite-mana speedhack teleport cooldown-hack damage-hack wallhack map-hack auto-farm skill-hack item-ESP mob-ESP auto-dodge auto-heal fly-hack radar-hack
Valorant hacks hack cheat cheats aimbot wallhack ESP no-recoil no-spread triggerbot silent-aim radar-hack bunny-hop infinite-abilities auto-plant defuse anti-flash anti-smoke player-ESP agent-ESP instant-reload rapid-fire no-sway third-person
LeagueofLegends hacks hack cheat cheats script zoom-hack evade last-hit combo-bot skin-hack cooldown-hack auto-ignite auto-smite vision-hack wall-hack no-CD flash turret-hack auto-heal lane-prediction map-hack ward-ESP skill-shot-dodge lol
portswigger web security academy solutions
FreeBSD security hardening script
Script to make a software proof of concept for measuring PSG
WorldofWarcraft hacks hack cheat cheats wow botting speedhack teleport infinite-health infinite-mana auto-farm quest-hack fly-hack wallhack god-mode instant-respawn auto-loot map-hack mob-ESP resource-ESP cooldown-hack auto-heal skill-hack
Minecraft hacks hack cheat cheats x-ray ESP fly speed auto-build instant-mine god-mode teleport reach noclip fast-place scaffold infinite-health infinite-food radar fullbright anti-knockback chest-ESP player-ESP cave-finder speedmine auto-fish no-fall
Wrapper for Spring Security Implementations
A small proof of concept for part of a Hastings Direct work experience. Find My Car aims to find a persons car by entering a description of the vehicle. It is missing AI and API implementations.
Planetside2 hacks hack cheat cheats aimbot ESP wallhack no-recoil no-spread triggerbot silent-aim infinite-ammo speed-hack teleport god-mode instant-respawn rapid-fire infinite-abilities cooldown-hack anti-flash anti-smoke player-ESP
GenshinImpact hacks hack cheat cheats infinite-stamina ESP speedhack teleport infinite-health god-mode auto-loot cooldown-hack infinite-energy auto-heal item-ESP chest-ESP wallhack fly-hack damage-hack auto-quest auto-kill mob-ESP
Implementation of Springboot security using JWT token
A proof of concept bruteforcer for HTB's The Last Dance challenge
Dota2 hacks hack cheat cheats script map-hack camera-hack auto-last-hit auto-deny skill-shot-hack cooldown-hack gold-hack infinite-health god-mode hero-ESP item-ESP auto-skill-use speedhack teleport-hack invincibility fog-reveal no-cooldown
Spring-Security
multi-tool kit to use usb drive as hacking tool
CallofDutyWarzoneMW3MW2 hacks hack cheat cheats COD Warzone2 MW3 MW2 aimbot ESP radar no-recoil wallhack silent-aim infinite-ammo speed-hack teleport god-mode UAV-hack loot-ESP player-ESP triggerbot auto-fire no-spread rapid-fire anti-aim magic-bullet
Work related proof of concepts
Hacking I'd password
DeadbyDaylight hacks hack cheat cheats ESP no-cooldown speedhack infinite-health god-mode instant-heal teleport wallhack player-ESP killer-ESP infinite-items skill-check-hack auto-escape map-hack infinite-perks auto-repair instant-break dbd
Sample of integrating gcloud managed ALB (provisioned via Gateway API) with nginx proxies and referencing Cloud Armor security policies.
for proof of concept of microservice
ColgateCodersCyberSecurity101
DisGuard Protocol is a security system designed to protect communication and the exchange of moderation information between Discord servers. With a focus on ensuring secure and efficient integration, this protocol enables global server connections, ensuri
This repository contains the development of a Storage Management System using C# and SQL. It includes functionalities for inserting, updating, and querying data, such as products, inventory, and user management, with password hashing for security. The foc
Hack Aichi + 2024 混合 C
Internship - Project
Virtual-SOC-Lab-for-Security-Monitoring-and-Attack-Simulation
PP_3_1_2_Boot_Security
This is an application made with the intention of testing updateed Spring Security + JWT practices.
SpringBootSecurityRestAPI
This project is about learning the fundamentals of Java Spring Security, implementig working JWT, includes detailed documentation.
Azure Security Hub is a CLI tool designed to inspect and monitor the security posture of Azure resources.
SecurityExample
Sol-Security-Module
Plugin de sécurité pour WordPress utilisant l'intelligence artificielle.
security_session_1
SC-Security-Challenges
Calatog: 5k+ Scripts/Hack for any games Exploit Byfron Bypassing and Keyless | Brookhaven TTD Toilet Tower Defense Bedwars Pet Simulator 99 Pet Sim 99 The Strongest Battlegrounds Jujutsu Shenanigans Gym Leauge Grand Piece Online GPO Murder Mystery 2 Attac
Remote cybersecurity internship with Mossé Cyber Security Institute (MCSI)
A proof of concept application that intelligently processes email order requests and customer inquiries for a fashion store. The system categorize emails into product inquiries or order requests and generate appropriate responses based on product catalog
security_engineering
agamo_security
A proof-of-concept VCL Hybrid HTML Editor demo
Obsidian notes from hacking exercises that don't belong in my TIL repository
Spring Boot Expert: JPA, RESTFul API, Security, JWT e Mais
Super powerful plugin and bot for both the pwngotchi and rp4, this is a mini-C2 attacker that automates what the pwngotchi gains
Web3 Security Data Analytics Externship
A proof-of-concept for streaming AI-generated text directly to a Text-to-Speech (TTS) engine in React Native.
시큐리티 공부
ProofOfConcepts
Spring Security project
A proof-of-work driven message forum aiming to be well balanced in difficulty settings.
Proof-of-concept software designed to demonstrate how usdt transactions can be modified and reversed, also known as "usdt flashing".
Insecure Web Application
Proof-of-concept software designed to demonstrate how bitcoin transactions can be modified and reversed, also known as "bitcoin flashing".
Security Engineering-Week 1 Exercises
CodeSecuritybyLLM
This project develops a weapon detection system using CNN with SSD and faster R-CNN algorithms. It balances speed and accuracy to enhance security by analyzing video footage. The system utilizes manually and relabeled datasets, ensuring maintainability an
Pentesting With Python Ethical hacking Tools
A repository detailing how to create Virtual private cloud and subnets, Elastic compute clouds, security groups, etc.
password manager with cryptographic encryption
My proof of concept for CVE-2019 Microsoft-Edge
Intro to Cyber Security
IoT-cloud Security Class
Cyber-Security
Security2024
This system applies image recognition, Optical Character Recognition (OCR), and deep learning to enhance campus security by ensuring only registered vehicles access the premises.
The Infosys Responsible AI toolkit incorporates various features including safety, security, explainability, fairness, bias and hallucination detection to ensure AI solutions are trustworthy and transparent.
Node.js, Express, MongoDB MVC Boilerplate – A highly extensible and maintainable boilerplate for building complex microservices. Features modular architecture, JWT authentication, rate limiting, request validation, centralized error handling, and security
security2024
Web-Threat-Analysis-Cyber-Security
ProofOfConcept-SIH
This Burp Suite extension integrates BLACKBIRD Web App Pentesting Suite with Burp Suite, allowing you to seamlessly scan your targets for various security vulnerabilities directly from your Burp Suite interface.
Cyber Security Internship at Prodigy InfoTech, focusing on Python for security tasks. Includes projects like Caesar cipher encryption/decryption and a password strength checker. This repository showcases practical applications of Python in real-world cybe
Proof of concept discord bot that allows you to "proxy" (it's really just embeds) in DMs
android_system_security
This repository contains an implementation of object detection using the Segment Anything Model 2 (SAM2) for product images. The current implementation focuses on detecting 'can_chowder' objects as a proof of concept.
A proof of concept for the cart and checkout pages using Vite, Next, and Tailwind
Wayice is a sleek and efficient Wayland compositor built using Rust and Smithay. It offers a modern, fast, and lightweight window management experience, leveraging the safety and performance benefits of Rust for smooth rendering and enhanced security.
T-Deck based hacking multitool
Microservice about Security where you can Register a new user and log in to the application.
Proof of concept of 20bytes digital engine
Some codes from one of sekurak's courses about basics of hacking with python
Proyecto realizado dentro del curso de hack a boss
LostArk hacks hack cheat cheats ESP auto-loot god-mode infinite-health infinite-mana speedhack teleport cooldown-hack damage-hack wallhack map-hack auto-farm skill-hack item-ESP mob-ESP auto-dodge auto-heal fly-hack radar-hack
JAVA | MYSQL | SPRINGBOOT | JPA | SPRING SECURITY
This project implements a simplified blockchain system in C++, utilizing Docker containers for distributed mining. It demonstrates core blockchain concepts, including block validation, mining with a proof-of-work mechanism, and inter-process communication
4SEG project
This is a personal website following the example from Hack Club
Web crawler using scraping techniques to extract entries from "Hacker News", built with Typescript
GuildWars2 hacks hack cheat cheats ESP auto-loot god-mode infinite-health infinite-mana speedhack teleport cooldown-hack damage-hack wallhack map-hack auto-farm skill-hack item-ESP mob-ESP auto-dodge auto-heal fly-hack radar-hack GW2
Este repositório implementa o backend do Adote na Web. Utiliza Java 17, Spring 3.3.3, Spring Web, Spring Data JPA , PostgreSQL Driver, Lombok, Spring Security, Validation e Swagger.
Proof of concept using Nx Cloud
upskillcampus-CyberSecurity
StarWars:TheOldRepublic hacks hack cheat cheats botting speedhack god-mode infinite-health infinite-mana auto-farm quest-hack fly-hack wallhack god-mode instant-respawn auto-loot map-hack mob-ESP resource-ESP cooldown-hack auto-heal skill-hack
Proof of concept to move to bun with monorepo capabilities
web api documentation for the encore leaderboard proof of concept
rvc_hacking_toolbox
Tool pencari file PDF terkait pembukaan CPNS menggunakan Google Hacking pada domain .go.id
Proof of concept to demonstrate the usability of Micro FrontEnds using React and Vite
mooc-cyber-security-base-2024-project1
Research, CVEs and Hacks
SimpleContract
It belongs to course 2DMI20 - Software Security. This course is offered at TU/e and aimed at students of mathematics and computer science.
Estudo de caso do Hackers do Bem
authentication and security tutorials
Streamlit in Go proof-of-concept
.NET System.Security namespace Extensions
A Spring Boot sample project demonstrating how to implement JWT-based authentication and authorization with Spring Security. The project includes user authentication, JWT token generation, and securing RESTful endpoints. Ideal for learning to secure APIs
Engineered using Spring Security, JWT, Spring-Boot, React.js and Postgresql
security key bot
#超市账单管理系统 #java web #java #毕业设计 #springboot #课程设计 #编程 #vue #mybatis #源代码 ## 基于Vue和SpringBoot的超市账单管理系统 ## 一、系统介绍 管理员: - 系统基础管理:对登入用户、部门、角色、权限进行维护。 - 商品管理:对超市所出售的商品档案进行维护。 - 供应商管理:对超市所合作的供应商档案进行维护。 - 账单管理:对超市所管理的账单档案进行维护。 职员:商品管理、账单管理 经理:商品管理、账单管理、供应商管理 ##
Repo to proof of concept for Cache purpose
A collection of development container templates to help develop more secure code
This is a proof of concept of screen caputuring a CPU baseball game and simulating clicks to hit
Backend for a shopping cart application made in java using Spring Boot, Spring Security, and JWT
This project employs the MobileNetSSD algorithm to detect cars in images. Utilizing the power of deep learning, the model can accurately identify and localize cars within images, making it a useful tool for various applications such as traffic monitoring,
hackingwithswiftui_project2
Terminal based tool designed to help cybersecurity professionals and ethical hackers automate the process of discovering and exploiting vulnerabilities.
This Python script analyzes a Wireshark pcap file and generates a detailed PDF report. The analysis includes protocol statistics, IP address analysis, DNS queries, TCP/UDP port analysis, and identification of potential security risks. The report also feat
This POC implements a secure video streaming platform with a Ruby on Rails backend and a React frontend. It provides a robust solution for uploading, processing, and streaming videos with a focus on security and preventing easy downloads.
hackingwithswiftui_challengeDay19
Tender Hack Perm 13.09.24 - 15.09.24
Landing Page With HTML-CSS-JS Review Topics on JS Object Oriented and Security With Advanced ,Clean Code
This Project is designated for Hacking with Swift. Course of Framework SwiftUI.
SecurityRender
Linux Security Best Practices Project
gatt-security-client
A Williams/Atari/Midway security PIC tool
Security Engineer challenge for CloudWalk
(Under Devlopment) Threat Detection & Response Lab offers a modular and flexible environment for security experts looking to deploy, experiment with, and evaluate security tools and technologies. By utilizing Docker, this lab enables streamlined deploymen
Here’s the This project is the conclusion of the Deep Learning Course at UERJ, in collaboration with Semcon. It aims to develop 'Personal Consul IA,' an AI-powered personal consultant. Using Ollama for security and LangChain for document management, it pr
cloud-9-security.github.io
Proof of concept (POC) project for Privileged Identity Management (PIM)
Simulates the fundamental concepts of a blockchain, including transactions, proof of work, block mining, and wallet management.
This repository is learning spring security fundamental
Combined render engine and display server (proof-of-concept)
Code for the paper "From Inclusive Language to Inclusive AI: A Proof-of-Concept Study into Pre-Trained Models"
This Repository is the Proof of Concept of Open Redirection
small proof of concept of file encryption using rust.
[Hacker Diary] Todas as resoluções das Olimpíadas Brasileiras de Informática que já participei
Network_Security
The Cyber Security program at FAST NUCES Lahore provides knowledge in network security, cryptography, ethical hacking, and threat detection. With hands-on labs and projects, students learn to secure digital assets, prevent cyber attacks, and design robust
"Demo Symfony Project - A sample Symfony web application demonstrating user authentication, CRUD operations, custom login styling, and basic routing."
android note application: security note;
A one-time pad demonstration built for Information Security
The LPU Campus Map application provides an interactive map of the LPU campus, visualizing key locations and incidents to enhance campus security awareness. This React application integrates with Google Maps to display various types of markers and polygons
CyberSecurity
e-bank-spring-security-jwt-angular
vulnerability-monitoring security agents
security-app
SpringSecurity와 jwt를 사용하기 연습
A proof of concept for installing npm packages directly from GitHub
Notes of Cyber Security from HTB
This repository contains everything created by the Bowie State University Cyber Security Club. This ranges from blogs to CTF walkthroughs, scripts, and articles developed and owned by the Bowie State University Cyber Security Club.
A proof-of-concept Maven project utilising Cucumber, JUnit, Restful and Selenium. Supports Chrome and Firefox pages, Android apps, Windows programs and APIs.
Este projeto é um site interativo que lista ferramentas de Ethical Hacking, desenvolvido durante o curso de imersão Alura Gemini.
A list of tools and methods for building trustworthy software following TrustOps principles.
Engineered using Spring Security, JWT, Spring-Boot, React.js and Postgresql
SpringSecuritySimpleProject
ecen522r_security_student
A proof-of-concept for an emotional intelligence tool.
hacking_algorithms_diary
RwandaPay is a secure and user-friendly digital wallet system designed to simplify and streamline money transfers, balance checks, and profile management. Built with the powerful Java Spring Boot framework and backed by a robust PostgreSQL/MySQL database,
Geman app to learn spring security skills
This plugin integrates Secone SAST (Static Application Security Testing) security scanner with Jenkins, allowing you to perform security scans as part of your CI/CD pipeline
method-logging-proof-of-concept
SecurityCode
To make website secure and build robust system.
Nodejs server to upload to aws using Docker, Security groups, load balancer, Ecs, Fargate clouster, task definition and codePipeline (CI/CD))
notes, scripts, writeups for systems security.
Practica CRUD de spring web con una capa de seguridad usando spring security. usando MySQL, como base de datos
This is a scenario as consultancy and a hospital requesting to get a database. The project required designing and selecting appropriate fields and attributes for each table to ensure efficient data management, while also considering ongoing maintenance a
Yet Another Security Scripts Project
A manager for the latest compiled version of futureresore a hacked wrapper of idevicerestore, which allows you to specify SEP and Baseband for restoration
Learn-Spring-Security
Exercícios de Web Security - Livro
This repository is a semi-comprehensive collection of resources, tools, and recommendations to enhance your online privacy and security. Whether you want to secure your internet connection, protect your personal information, or explore privacy technologie
security-accses
Submission for Bay Hacks 2024
How to hack any test on apex learning
Proof-of-concept smart contract implementation that allows users to create and manage their own pension funds using any ERC20 token. This system leverages blockchain technology to provide a transparent, secure, and self-managed pension solution.
This repository tests llm security
Not Boring Company - imagery proof of concept
Ranking de materias
security-synapse-projects
A project made especially to EXPOSE hackers who are trying to get access on my RaspberryPi by brute-forcing the login. I do in fact expose them on Telegram.
Open-Source Computer Security Textbook | SQL
Reverse engineering tool for ELF and PE
Improve your recon with this list of the most used subdomains for each TLD.
One-liners framework for offensive security and penetration testing.
Proofs of some short theorems in Lean 4 to ensure correctness. If I'm lost while learning some new concepts in math, I'd like to be able to check that I'm at least headed in the right direction.
Enhancing_social_media_security_using_Hate_meme_classification
django_security_questions
DeFiHackLabs-Web3-Security-Bootcamp-HW
Altaro / Hornet Security VM Backup Exporter
A secure password manager built with KivyMD, featuring password encryption, biometric authentication, two-factor authentication via SMS/email, and TOTP-based authentication for enhanced security.
This project demonstrate how to use Splunk as a Security Information and Event Management (SIEM) tool to monitor and analyze security event.
Actividades de Seguridad de la Informacion
security-frontend-demo
A database solution that focuses on data access level security.
🪼 Medusa is a compilation of several multipurpose hacking tools
Spring-Security
hacker rank questions of c language
The application implements Spring Boot for the backend and MongoDB as the primary database for persistence. It incorporates authentication and role-based access control using Spring Security, allowing users to securely access, create, edit, and delete jou
robust s3 security tool designed to help detect sensitive files at AWS public S3 buckets.
Intrusion detection on IoT devices
SecurityHub
A proof of concept whole exome analysis pipeline
spring-security-basic
This repository contains all outputs of Project SENSYN. Project SENSYN aims to make synthetic data usage accessible to a broader audience, by a guidebook on synthetic data, a web application and a proof-of-concept of synthetic homicide data.
API de uma livraria feito utilizando algumas ferramentas como: JAVA, SPRING BOOT, SPRING SECURITY, etc
Company management system. Built using Java, Spring Boot, Spring Security, Hibernate, PostgreSQL.
This project is for educational purposes of learning cpp and game hacking.
RoboMate-Cloud-Automation
This is a repository for UW to work on a project for CSDE/NOAA hosted D4 hack week at UW (September 2024).
Api REST with Spring Security and JWT
Network-Security
GSG Wallet is a secure cold wallet app, expertly crafted in Swift. It provides offline storage for your cryptocurrency, ensuring maximum security against online threats. With a focus on user safety and a sleek interface, GSG Wallet offers a seamless exper
A perpetual protocol project from Gateway's web3 security course
Project for AI. Model to check password security with five classes: "Too weak", "Weak", "Moderate", "Strong", "Very strong". Developed in 2024 with @sasyxk
github pages hosting a demo of security tips
A work-in-progress Typescript Playwright test automation proof of concept containing various demonstrations of Playwright's capabilities.
This repository details my journey in building a 16-bit Hack Computer as part of the "NAND to Tetris" course. I began with basic logic gates and advanced to complex components like the ALU, sequential logic circuits, and machine language. The project culm
The FLB project aims to integrate Federated Learning (FL) with protocol technology to enhance data privacy and security in machine learning applications.
NIST-compliant Security solutions
Learning security, CTF challenge writeups and HTB challenges whilst studying and prepping for CPTS will be documented here
Subdomain Discovery and Security Analysis Toolkit
Security configs and deployment tips for a secure Shopware 6 setup.
Developed ConvoFlow and PeerMeet, React.js and WebRTC-based video conferencing apps. Supported 50 concurrent streams within a 50GB bandwidth limit. Automated AWS deployment with CI/CD and Docker, achieving 50% faster deployments. Enhanced security by impl
The code "A Dual-Level Cancelable Framework for Palmprint Verification and Hack-Proof Data Storage" (Accepted by TIFS)
Application designed to evaluate the strength of passwords using various password strength algorithms. It provides users with a score for each entered password, helping them understand how secure their chosen passwords are in different security contexts.
“Security Model Cards” for Reporting the Security Posture of Internally Developed Machine Learning Models or Systems
Proof of Concept that the Stock Market is not entirely unpredictable.
Implementing Microsoft Copilot for Security
Proof-of-concept of using Merkle proof to import EVM events from other blockchains using AWM.
Security Anomaly Forecasting Engine for Memphis-V
An example Next.js application showing Arcjet security functionality - signup form abuse protection, bot detection, rate limiting & attack protection.
Center for Internet Security (CIS) Benchmarks
Hack The Box Walkthroughs
llm-ai-security-demo
Koobiq is an open-source Angular design system for designers and developers, focused on designing products related to information security.
Suite tools for Monitoring Optimism Superchains 🔴 to offer real-time detection and Incident response capabilities ✨
Defraud is a tool to help you identify and avoid scams
It belongs to course 2MS30 - Advanced Network Security. This course is offered at TU/e and aimed at students of mathematics and computer science.
This GitHub repository hosts comprehensive audit reports for Dusk, ensuring transparency and security for its users and stakeholders
Nuxt API Rate Limiter / Brute Force Protection
IOT_Security
Proof of concept of library system for education purpose
A Flutter application consisting of TCP Port Scanner, Route Tracer, Pinger, File Hash Calculator, String Hash Calculator, String Encoder, Series URI Crawler, DNS Record Retriever, and WHOIS Retriever.
Proof of Concept for a Master's thesis, Computer Science and Engineering MSc in Instituto Superior de Engenharia de Lisboa.
This nextcloud app aims to provide an additional layer of security to your Nextcloud instance by enabling automatic and manual scanning of files for malicious content powered by G DATA Verdict-as-a-Service.
Ethical-Hacking-Scripts
The app is built using Java, Spring Boot, Maven, Spring Security, Open Api, Liquibase, Docker
Developed the Blogging API Service, a robust backend project enabling users to sign up, log in, post blogs, and engage in discussions by commenting on others' posts. Implemented RESTful API endpoints for seamless interaction using SpringBoot Framework. Ut
Astro integration to enhance your website's security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques.
Provides various options to improve the security of Backdrop web sites.
The Most Advanced Client-Side Prototype Pollution Scanner
🥰🥰A free chat platform that encrypts conversation information throughout the process to protect your security and privacy. No information is collected from you and no permissions are required from you.End of chat Clear all records✨✨
Equinox is one of the fastest-growing and top-notch web proxies built to prioritize security, speed, and a commitment to safe and smooth browsing.
🚀 Hackable & Self-hosted Open-Source alternative to Vercel, Heroku, Netlify, etc. All your applications, just in one place. Develop and deploy with your favorite tools, and enjoy continuous deployment with GitHub.
Realtime secret and configuration management tool, with the best in class security and seamless integration support
Kibo Webhook to Narvar Order Proof of Concept
Secure DOM trees isolation and encapsulation leveraging ShadowDOM
desktop-security-center
Arcjet JS SDKs. Rate limiting, bot protection, email verification & attack defense for Node.js, Next.js, Bun & SvelteKit.
My personal profile site - CV
HACK KNIGHTS EVA
A web application that allows the users to check whether their SPF, DMARC and DKIM configuration is set up correctly.
Injection of malicious code into legitimate Windows processes for evasion and simple malware to gain unauthorized access, using the Windows API. Serves as proof of concept or intrusion detection exercises.
A Rollup plugin to lint your HTML for Content Security Policy Violations.
Harness the security superpowers of your cloud asset inventory
Proof of concept for a low-code Flutter app.
Investigating the security, optimisation and performance of guard-band postselection in continuous-variable quantum key distribution.
A curated set of offensive security notes on vulnerabilities, techniques, and tools
An integration that enables using Password Safe secrets management capabilities with GitHub
WebApplicationSecurityBasicsLab
Proof Of Concept of defer for federation subgraphs
Security Research Knowledge Base [SRKB] created by b0ydC.
Hacking
Welcome to the Rust Stellar SDK repository! This project aims to empower developers with a robust Rust SDK for the Stellar cryptocurrency network. Leverage Rust's performance and security advantages to build efficient and scalable applications on Stellar.
Main website for ACM Hack at UCSD
SecureVault: Your Data, Your Fortress.
The Security Reference Architecture (SRA) implements typical security features as Terraform Templates that are deployed by most high-security organizations, and enforces controls for the largest risks that customers ask about most often.
PwNixOS - A Productivity Focused and Hacking-Oriented NixOS Flake
Terraform module to create an AWS Security Hub
Creates a 3P out-of-band security appliance deployment
Proof of Concept of a simple Digital Asset Management built on top of the Event Sourced Content Repository
A proof of concept for a new way that data can get into the API.
OWASP ASVS Security Evaluation Templates with Nuclei
Nest.js TypeScript written REST API for personal blog application. Backend of the place where I share my thoughts and knowledge.
Simple clustering by consensus protocol proof of concept library in Python
Aftab's Personal Website.
AxoSyslog - the scalable security data processor
一个基于✨HOOK机制的微信机器人,支持🌱安全新闻定时推送【FreeBuf,先知,安全客,奇安信攻防社区】,👯Kfc文案,⚡备案查询,⚡手机号归属地查询,⚡WHOIS信息查询,🎉星座查询,⚡天气查询,🌱摸鱼日历,⚡微步威胁情报查询, 🐛美女视频,⚡美女图片,👯帮助菜单。📫 支持积分功能,⚡支持自动拉人,⚡检测广告,🌱自动群发,👯Ai回复,😄自定义程度丰富,小白也可轻松上手!
An all-in-one hackathon judging platform, created with modern technologies aimed at optimizing the user experience of hackers, judges, and organizers.
Hacker Stories
Kexa's simple rules (Open Source) make it easy to monitoring and manage alerting of your entire cloud. With various monitoring and alerting options, instant and detailed alerts, easy-to-deploy and low in infrastructure costs, in turns complexity into simp
Hardened Anonymized DNSCrypt Proxy - Wipe Snoopers Out Of Your Networks
Ethical Hacking Ebooks
Customer data, cash movements, invoicing and statistics are managed via a RESTful API developed using Express and TypeScript. It provides robust and efficient CRUD operations, ensuring scalability and data security.
Real-world infosec wordlists, updated regularly
A large number of free HTTP proxies updated every 10 minutes.Keep http/s proxies fresh at all times.
A proof of concept implementation of a Data Aware Neural Architecture Search.
Security Vulnerability Repair via Concolic Execution and Code Mutations
Java implementation of Requirement as Code concept. STIG requiremeents testing for Windows 10 platform
This repository contains the scripts and data necessary to reproduce Food Security analysis
CetusGuard is a tool that protects the Docker daemon socket by filtering calls to its API endpoints.
Information Security and Data Privacy with some examples
Debricked's command line interface. It brings open source security, compliance and health to your project via the command prompt.
Network egress filtering and runtime security for GitHub-hosted and self-hosted runners
Study project for all things cloud. Spin-offs will happen when detailing
Various Scripts and Tools for Microsoft Technologies Professionals
Seiso's Grand Opinionated AutoTester (GOAT)
Aya is an eBPF library for the Rust programming language, built with a focus on developer experience and operability.
Sonic ERaZor and various other hacks I've developed over the years
Information Gathering tool - DNS / Subdomains / Ports / Directories enumeration
Find security vulnerabilities, compliance issues, and infrastructure misconfigurations early in the development cycle of your infrastructure-as-code with KICS by Checkmarx.
The Python Authress SDK provides authorization as a service with fully compatible REST apis.
Fix Inventory consolidates user, resource, and configuration data from your cloud environments into a unified, graph-based asset inventory.
Project implementing an application for the Persistence Core chain that all the other chains in the ecosystem connect to as a raised and open moderator for interoperability, shared security, and as a gateway to other ecosystems and chains.
Some of my security-related coding projects for OpenBSD: A kernel-based user-profile intrusion detection system (FUPIDS) and an ICMP-based "port-knocking" service (openportd).
ai-security.github.io
Scripts of the Hardened Linux (HL) distribution: hardening scripts (HLHS) and package system (cpfos)
A proof of concept demonstrating how browser automation can be used to monitor and detect magecart-style web skimming attacks
🔌 Main plugin for the Hack Club Minecraft server
In each local agent, the control plane is responsible for programmability, i.e., changing the behaviour of the data plane at run-time.
A curated list of graph-based fraud, anomaly, and outlier detection papers & resources
Hubble - Network, Service & Security Observability for Kubernetes using eBPF
Hacker Rank Solutions written in JS :)
Privacy and Security focused Segment-alternative, in Golang and React
awesome-hacking
16 bit RISC-V proof of concept
Microsoft Threat Intelligence Security Tools
The `nmap` security scanner packaged as a snap.
End to End testing of Web, API, Cloud, Events and Security
First I would like to thank, Rajeev Kumar Singh. He created amazing tutorial with SpringBoot and React. I have extended this project and added few more functionaleties to this projects. You just need to setup your own properties in mysql database and down
Acra-based example projects: check how easy it is to deploy data security in typical web infrastructures.
A naive forwarding protocol. This is a proof of concept (PoC).
❄️ Firmware and simulator for Coldcard Hardware Wallet
temp shellcode
A powerful hack for Terraria
Java全栈工程师学习笔记;Spring、shiro、CAS、oauth2单点登录;cache 、Redis; web 安全及解决思路;redis、mq、quartz、docker;Docker各种组件实践等;mybatis、spring、spring boot实践;分布式锁;基于分库分表等等;Java full-stack engineer study notes; Spring, shiro, CAS, oauth2 single sign-on; cache, Redis; web security
Mirror repository for open-source OPC-UA Toolkit designed with security and embedded devices in mind. Main repository is on gitlab:
Practicing Programming
Paseto implementation for Java
Ultralight, security-first service mesh for Kubernetes. Main repo for Linkerd 2.x.
happy hacking.
:arrow_up: Hacker News ranked by Comment/Score ratio
Switchboard Security & Privacy Plug
Easily improve site security with WordPress Hardening, Two-Factor Authentication (2FA), Login Protection, Vulnerability Detection and SSL certificate generation.
appscan-plugin
Base Docker image for simpleSAMLphp
Wazuh - Puppet module
:lock: Chromium's HSTS preload list submission website.
Official OpenMage LTS codebase | Migrate easily from Magento Community Edition in minutes! Download the source code for free or contribute to OpenMage LTS | Security vulnerability patches, bug fixes, performance improvements and more.
Apache Ranger - To enable, monitor and manage comprehensive data security across the Hadoop platform and beyond
Libtpms-based TPM emulator with socket, character device, and Linux CUSE interface.
wolfSSH is a small, fast, portable SSH implementation, including support for SCP and SFTP.
Graphical application for generating different color variations of Oomox (Numix-based) and Materia (ex-Flat-Plat) themes (GTK2, GTK3, Cinnamon, GNOME, Openbox, Xfwm), Archdroid, Gnome-Color, Numix, Papirus and Suru++ icon themes. Have a hack for HiDPI in
sensible hacker defaults managed with chezmoi
A virtual machine for executing programs written in Hack.
CVE-2024-43180 -- IBM Concert 1.0 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent t
CVE-2024-8656 -- The WPFactory Helper plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 1.7.0. This makes it possible for unauthenticated attac
CVE-2024-8762 -- A vulnerability was found in code-projects Crud Operation System 1.0. It has been classified as critical. This affects an unknown part of the file /updatedata.php. The manipulation of the argument sid leads to sql injection. It is possible to initiate the
CVE-2020-24061 -- Cross Site Scripting (XSS) Vulnerability in Firewall menu in Control Panel in KASDA KW5515 version 4.3.1.0, allows attackers to execute arbitrary code and steal cookies via a crafted script
CVE-2021-22518 -- A vulnerability identified in OpenText™
CVE-2021-22532 -- Possible NLDAP Denial of Service attack Vulnerability
CVE-2021-38131 -- Possible Cross-Site Scripting (XSS) Vulnerability
CVE-2021-38133 -- Possible
CVE-2022-26322 -- Possible Insertion of Sensitive Information into Log File Vulnerability
CVE-2024-2010 -- Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in TE Informatics V5 allows Reflected XSS.This issue affects V5: before 6.2.
CVE-2024-20430 -- A vulnerability in Cisco Meraki Systems Manager (SM) Agent for Windows could allow an authenticated, local attacker to execute arbitrary code with elevated privileges. 
CVE-2024-25270 -- An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data.
CVE-2024-27320 -- An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its classification tasks handle provided CSV files. If a victim user creates a classification task using a maliciously crafted
CVE-2024-27321 -- An arbitrary code execution vulnerability exists in versions 0.0.8 and newer of the Refuel Autolabel library because of the way its multilabel classification tasks handle provided CSV files. If a user creates a multilabel classification task using a malic
CVE-2024-2743 -- An issue was discovered in GitLab-EE starting with version 13.3 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2 that would allow an attacker to modify an on-demand DAST scan without permissions and leak variables.
CVE-2024-28981 -- Hitachi Vantara Pentaho Data Integration & Analytics versions before 10.1.0.0 and 9.3.0.8, including 8.3.x, discloses database passwords when searching metadata injectable fields.
CVE-2024-28990 -- SolarWinds Access Rights Manager (ARM) was found to contain a hard-coded credential authentication bypass vulnerability. If exploited, this vulnerability would allow access to the RabbitMQ management console.
CVE-2024-28991 -- SolarWinds Access Rights Manager (ARM) was found to be susceptible to a remote code execution vulnerability. If exploited, this vulnerability would allow an authenticated user to abuse the service, resulting in remote code execution.
CVE-2024-29847 -- Deserialization of untrusted data in the agent portal of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to achieve remote code execution.
CVE-2024-3163 -- The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack
CVE-2024-3163 -- The Easy Property Listings WordPress plugin before 3.5.4 does not have CSRF check when deleting contacts in bulk, which could allow attackers to make a logged in admin delete them via a CSRF attack
CVE-2024-3305 -- Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data.This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.
CVE-2024-3306 -- Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.
CVE-2024-34334 -- ORDAT FOSS-Online before v2.24.01 was discovered to contain a SQL injection vulnerability via the forgot password function.
CVE-2024-34335 -- ORDAT FOSS-Online before version 2.24.01 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login page.
CVE-2024-34336 -- User enumeration vulnerability in ORDAT FOSS-Online before v2.24.01 allows attackers to determine if an account exists in the application by comparing the server responses of the forgot password functionality.
CVE-2024-34785 -- An unspecified SQL injection in Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote authenticated attacker with admin privileges to achieve remote code execution.
CVE-2024-36066 -- The CMP CLI client in KeyFactor EJBCA before 8.3.1 has only 6 octets of salt, and is thus not compliant with the security requirements of RFC 4211, and might make man-in-the-middle attacks easier. CMP includes password-based MAC as one of the options for
CVE-2024-37397 -- An External XML Entity (XXE) vulnerability in the provisioning web service of Ivanti EPM before 2022 SU6, or the 2024 September update allows a remote unauthenticated attacker to leak API secrets.
CVE-2024-38222 -- Microsoft Edge (Chromium-based) Information Disclosure Vulnerability
CVE-2024-40457 -- No-IP Dynamic Update Client (DUC) v3.x uses cleartext credentials that may occur on a command line or in a file. NOTE: the vendor's position is that cleartext in /etc/default/noip-duc is recommended and is the intentional behavior.
CVE-2024-41629 -- An issue in Texas Instruments Fusion Digital Power Designer v.7.10.1 allows a local attacker to obtain sensitive information via the plaintext storage of credentials
CVE-2024-42483 -- ESP-NOW Component provides a connectionless Wi-Fi communication protocol. An replay attacks vulnerability was discovered in the implementation of the ESP-NOW because the caches is not differentiated by message types, it is a single, shared resource for al
CVE-2024-42484 -- ESP-NOW Component provides a connectionless Wi-Fi communication protocol. An Out-of-Bound (OOB) vulnerability was discovered in the implementation of the ESP-NOW group type message because there is no check for the addrs_num field of the group type messag
CVE-2024-44459 -- A memory allocation issue in vernemq v2.0.1 allows attackers to cause a Denial of Service (DoS) via excessive memory consumption.
CVE-2024-44460 -- An invalid read size in Nanomq v0.21.9 allows attackers to cause a Denial of Service (DoS).
CVE-2024-4472 -- An issue was discovered in GitLab CE/EE affecting all versions starting from 16.5 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, where dependency proxy credentials are retained in graphql Logs.
CVE-2024-45181 -- An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70. An improper bounds check allows crafted packets to cause an arbitrary address write, resulting in kernel memory corruption.
CVE-2024-45182 -- An issue was discovered in WibuKey64.sys in WIBU-SYSTEMS WibuKey before v6.70 and fixed in v.6.70 An improper bounds check allows specially crafted packets to cause an arbitrary address read, resulting in Denial of Service.
CVE-2024-45303 -- Discourse Calendar plugin adds the ability to create a dynamic calendar in the first post of a topic to Discourse. Rendering event names can be susceptible to XSS attacks. This vulnerability only affects sites which have modified or disabled Discourse’s d
CVE-2024-45383 -- A mishandling of IRP requests vulnerability exists in the HDAudBus_DMA interface of Microsoft High Definition Audio Bus Driver 10.0.19041.3636 (WinBuild.160101.0800). A specially crafted application can issue multiple IRP Complete requests which leads to
CVE-2024-45607 -- whatsapp-api-js is a TypeScript server agnostic Whatsapp's Official API framework. It's possible to check the payload validation using the WhatsAppAPI.verifyRequestSignature and expect false when the signature is valid. Incorrect Access Control, anyone us
CVE-2024-45624 -- Exposure of sensitive information due to incompatible policies issue exists in Pgpool-II. If a database user accesses a query cache, table data unauthorized for the user may be retrieved.
CVE-2024-45823 -- CVE-2024-45823 IMPACT
CVE-2024-45824 -- CVE-2024-45824 IMPACT
CVE-2024-45825 -- CVE-2024-45825 IMPACT
CVE-2024-45826 -- CVE-2024-45826 IMPACT
CVE-2024-45846 -- An arbitrary code execution vulnerability exists in versions 23.10.3.0 up to 24.7.4.1 of the MindsDB platform, when the Weaviate integration is installed on the server. If a specially crafted ‘SELECT WHERE’ clause containing Python code is run against a d
CVE-2024-45847 -- An arbitrary code execution vulnerability exists in versions 23.11.4.2 up to 24.7.4.1 of the MindsDB platform, when one of several integrations is installed on the server. If a specially crafted ‘UPDATE’ query containing Python code is run against a datab
CVE-2024-45848 -- An arbitrary code execution vulnerability exists in versions 23.12.4.0 up to 24.7.4.1 of the MindsDB platform, when the ChromaDB integration is installed on the server. If a specially crafted ‘INSERT’ query containing Python code is run against a database
CVE-2024-45851 -- An arbitrary code execution vulnerability exists in versions 23.10.5.0 up to 24.7.4.1 of the MindsDB platform, when the Microsoft SharePoint integration is installed on the server. For databases created with the SharePoint engine, an ‘INSERT’ query can be
CVE-2024-45852 -- Deserialization of untrusted data can occur in versions 23.3.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded model to run arbitrary code on the server when interacted with.
CVE-2024-45853 -- Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when used for a prediction.
CVE-2024-45854 -- Deserialization of untrusted data can occur in versions 23.10.3.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when a ‘describe’ query is run on it.
CVE-2024-45855 -- Deserialization of untrusted data can occur in versions 23.10.2.0 and newer of the MindsDB platform, enabling a maliciously uploaded ‘inhouse’ model to run arbitrary code on the server when using ‘finetune’ on it.
CVE-2024-45856 -- A cross-site scripting (XSS) vulnerability exists in all versions of the MindsDB platform, enabling the execution of a JavaScript payload whenever a user enumerates an ML Engine, database, project, or dataset containing arbitrary JavaScript code within th
CVE-2024-45857 -- Deserialization of untrusted data can occur in versions 2.4.0 or newer of the Cleanlab project, enabling a maliciously crafted datalab.pkl file to run arbitrary code on an end user’s system when the data directory is loaded.
CVE-2024-4612 -- An issue has been discovered in GitLab EE affecting all versions starting from 12.9 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. Under certain conditions an open redirect vulnerability could allow for an account takeover by breaking the OAut
CVE-2024-4660 -- An issue has been discovered in GitLab EE affecting all versions starting from 11.2 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2. It was possible for a guest to read the source code of a priva
CVE-2024-5435 -- An issue has been discovered discovered in GitLab EE/CE affecting all versions starting from 15.10 before 17.1.7, all versions starting from 17.2 before 17.2.5, all versions starting from 17.3 before 17.3.2 will disclose user password from repository mirr
CVE-2024-5799 -- The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks.
CVE-2024-5799 -- The CM Pop-Up Banners for WordPress plugin before 1.7.3 does not sanitise and escape some of its popup fields, which could allow high privilege users such as Contributors to perform Cross-Site Scripting attacks.
CVE-2024-6017 -- The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
CVE-2024-6017 -- The Music Request Manager WordPress plugin through 1.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack
CVE-2024-6018 -- The Music Request Manager WordPress plugin through 1.3 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
CVE-2024-6019 -- The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators
CVE-2024-6019 -- The Music Request Manager WordPress plugin through 1.3 does not sanitise and escape incoming music requests, which could allow unauthenticated users to perform Cross-Site Scripting attacks against administrators
CVE-2024-6077 -- A denial-of-service vulnerability exists in the Rockwell Automation affected products when specially crafted packets are sent to the CIP Security Object. If exploited the device will become unavailable and require a factory reset to recover.
CVE-2024-6389 -- An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permi
CVE-2024-6446 -- An issue has been discovered in GitLab affecting all versions starting from 17.1 to 17.1.7, 17.2 prior to 17.2.5 and 17.3 prior to 17.3.2. A crafted URL could be used to trick a victim to trust an attacker controlled application.
CVE-2024-6510 -- Local Privilege Escalation in AVG Internet Security v24 on Windows allows a local unprivileged user to escalate privileges to SYSTEM via COM-Hijacking.
CVE-2024-6658 -- Improper Input Validation vulnerability of Authenticated User in Progress LoadMaster allows OS Command Injection.This issue affects:
CVE-2024-6678 -- An issue was discovered in GitLab CE/EE affecting all versions starting from 8.14 prior to 17.1.7, starting from 17.2 prior to 17.2.5, and starting from 17.3 prior to 17.3.2, which allows an attacker to trigger a pipeline as an arbitrary user under certai
CVE-2024-6700 -- Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with App name.
CVE-2024-6701 -- Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an XSS issue with case type.
CVE-2024-6702 -- Pega Platform versions 8.1 to Infinity 24.1.2 are affected by an HTML Injection issue with Stage.
CVE-2024-6840 -- An improper authorization flaw exists in the Ansible Automation Controller. This flaw allows an attacker using the k8S API server to send an HTTP request with a service account token mounted via `automountServiceAccountToken: true`, resulting in privilege
CVE-2024-6887 -- The Giveaways and Contests by RafflePress WordPress plugin before 1.12.16 does not sanitise and escape some of its Giveaways settings, which could allow high privilege users such as editor and above to perform Stored Cross-Site Scripting attacks even whe
CVE-2024-7766 -- The Adicon Server WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
CVE-2024-7766 -- The Adicon Server WordPress plugin through 1.2 does not sanitize and escape a parameter before using it in a SQL statement, allowing admins to perform SQL injection attacks
CVE-2024-7816 -- The Gixaw Chat WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
CVE-2024-7816 -- The Gixaw Chat WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
CVE-2024-7817 -- The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF checks in some places, which could allow attackers to make logged in users delete arbitrary albums via a CSRF attack
CVE-2024-7818 -- The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
CVE-2024-7818 -- The Misiek Photo Album WordPress plugin through 1.4.3 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
CVE-2024-7820 -- The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-7820 -- The ILC Thickbox WordPress plugin through 1.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-7822 -- The Quick Code WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
CVE-2024-7859 -- The Visual Sound WordPress plugin through 1.03 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-7860 -- The Simple Headline Rotator WordPress plugin through 1.0 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
CVE-2024-7861 -- The Misiek Paypal WordPress plugin through 1.1.20090324 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
CVE-2024-7862 -- The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-7862 -- The blogintroduction-wordpress-plugin WordPress plugin through 0.3.0 does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF attack
CVE-2024-7960 -- The Rockwell Automation affected product contains a vulnerability that allows a threat actor to view sensitive information and change settings. The vulnerability exists due to having an incorrect privilege matrix that allows users to have access to functi
CVE-2024-7961 -- A path traversal vulnerability exists in the Rockwell Automation affected product. If exploited, the threat actor could upload arbitrary files to the server that could result in a remote code execution.
CVE-2024-8054 -- The MM-Breaking News WordPress plugin through 0.7.9 does not have CSRF check in some places, and is missing sanitisation as well as escaping, which could allow attackers to make logged in admin add Stored XSS payloads via a CSRF attack.
CVE-2024-8056 -- The MM-Breaking News WordPress plugin through 0.7.9 does not escape the $_SERVER['REQUEST_URI'] parameter before outputting it back in an attribute, which could lead to Reflected Cross-Site Scripting in old web browsers
CVE-2024-8124 -- An issue was discovered in GitLab CE/EE affecting all versions starting from 16.4 prior to 17.1.7, starting from 17.2 prior to 17.2.5, starting from 17.3 prior to 17.3.2 which could cause Denial of Service via sending a large `glm_source` parameter.
CVE-2024-8311 -- An issue was discovered with pipeline execution policies in GitLab EE affecting all versions from 17.2 prior to 17.2.5, 17.3 prior to 17.3.2 which allows authenticated users to bypass variable overwrite protection via inclusion of a CI/CD template.
CVE-2024-8522 -- The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_only_fields' parameter of the /wp-json/learnpress/v1/courses REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping on
CVE-2024-8529 -- The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to SQL Injection via the 'c_fields' parameter of the /wp-json/lp/v1/courses/archive-course REST API endpoint in all versions up to, and including, 4.2.7 due to insufficient escaping
CVE-2024-8533 -- A privilege escalation vulnerability exists in the Rockwell Automation affected products. The vulnerability occurs due to improper default file permissions allowing users to exfiltrate credentials and escalate privileges.
CVE-2024-8622 -- The amCharts: Charts and Maps plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'amcharts_javascript' parameter in all versions up to, and including, 1.4.4 due to the ability to supply arbitrary JavaScript a lack of nonce valida
CVE-2024-8631 -- A privilege escalation issue has been discovered in GitLab EE affecting all versions starting from 16.6 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. A user assigned the Admin Group Member custom role could have escalated thei
CVE-2024-8635 -- A server-side request forgery issue has been discovered in GitLab EE affecting all versions starting from 16.8 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It was possible for an attacker to make requests to internal resource
CVE-2024-8640 -- An issue has been discovered in GitLab EE affecting all versions starting from 16.11 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. Due to incomplete input filtering, it was possible to inject commands into a connected Cube ser
CVE-2024-8641 -- An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.7 prior to 17.1.7, from 17.2 prior to 17.2.5, and from 17.3 prior to 17.3.2. It may have been possible for an attacker with a victim's CI_JOB_TOKEN to obtain a GitLab ses
CVE-2024-8695 -- A remote code execution (RCE) vulnerability via crafted extension description/changelog could be abused by a malicious extension in Docker Desktop before 4.34.2.
CVE-2024-8696 -- A remote code execution (RCE) vulnerability via crafted extension publisher-url/additional-urls could be abused by a malicious extension in Docker Desktop before 4.34.2.
CVE-2024-8706 -- A vulnerability was found in JFinalCMS up to 20240903. It has been classified as problematic. This affects the function update of the file /admin/template/update of the component com.cms.util.TemplateUtils. The manipulation of the argument fileName leads
CVE-2024-8707 -- A vulnerability was found in ?????????? Yunke Online School System up to 3.0.6. It has been declared as problematic. This vulnerability affects the function downfile of the file application/admin/controller/Appadmin.php. The manipulation of the argument u
CVE-2024-8708 -- A vulnerability was found in SourceCodester Best House Rental Management System 1.0. It has been rated as problematic. This issue affects some unknown processing of the file categories.php. The manipulation leads to cross site scripting. The attack may be
CVE-2024-8709 -- A vulnerability classified as critical has been found in SourceCodester Best House Rental Management System 1.0. Affected is the function delete_user/save_user of the file /admin_class.php. The manipulation of the argument id leads to sql injection. It is
CVE-2024-8710 -- A vulnerability classified as critical was found in code-projects Inventory Management 1.0. Affected by this vulnerability is an unknown functionality of the file /model/viewProduct.php of the component Products Table Page. The manipulation of the argumen
CVE-2024-8711 -- A vulnerability, which was classified as problematic, has been found in SourceCodester Food Ordering Management System 1.0. Affected by this issue is some unknown functionality of the file /includes/. The manipulation leads to exposure of information thro
CVE-2024-8749 -- SQL injection vulnerability in idoit pro version 28. This vulnerability could allow an attacker to send a specially crafted query to the ID parameter in /var/www/html/src/classes/modules/api/model/cmdb/isys_api_model_cmdb_objects_by_relation.class.php and
CVE-2024-8750 -- Cross-site Scripting (XSS) vulnerability in idoit pro version 28. This vulnerability allows an attacker to retrieve session details of an authenticated user due to lack of proper sanitization of the following parameters (id,lang,mNavID,name,pID,treeNode,t
CVE-2024-8751 -- A vulnerability in the MSC800 allows an unauthenticated attacker to modify the product’s IP
CVE-2024-8754 -- An issue has been discovered in GitLab EE/CE affecting all versions from 16.9.7 prior to 17.1.7, 17.2 prior to 17.2.5, and 17.3 prior to 17.3.2. An improper input validation error allows attacker to squat on accounts via linking arbitrary unclaimed provid
CVE-2019-25212 -- The video carousel slider with lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id' parameter in all versions up to, and including, 1.0.6 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation o
CVE-2024-1656 -- Affected versions of Octopus Server had a weak content security policy.
CVE-2024-20304 -- A vulnerability in the multicast traceroute version 2 (Mtrace2) feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to exhaust the UDP packet memory of an affected device.
CVE-2024-20317 -- A vulnerability in the handling of specific Ethernet frames by Cisco IOS XR Software for various Cisco Network Convergence System (NCS) platforms could allow an unauthenticated, adjacent attacker to cause critical priority packets to be dropped, resulting
CVE-2024-20343 -- A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to read any file in the file system of the underlying Linux operating system. The attacker must have valid credentials on the affected device.
CVE-2024-20381 -- A vulnerability in the JSON-RPC API feature in ConfD that is used by the web-based management interfaces of Cisco Crosswork Network Services Orchestrator (NSO), Cisco Optical Site Manager, and Cisco RV340 Dual WAN Gigabit VPN Routers could allow an authen
CVE-2024-20390 -- A vulnerability in the Dedicated XML Agent feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) on XML TCP listen port 38751.
CVE-2024-20398 -- A vulnerability in the CLI of Cisco IOS XR Software could allow an authenticated, local attacker to obtain read/write file system access on the underlying operating system of an affected device.
CVE-2024-20406 -- A vulnerability in the segment routing feature for the Intermediate System-to-Intermediate System (IS-IS) protocol of Cisco IOS XR Software could allow an unauthenticated, adjacent attacker to cause a denial of service (DoS) condition on an affected devic
CVE-2024-20483 -- Multiple vulnerabilities in Cisco Routed PON Controller Software, which runs as a docker container on hardware that is supported by Cisco IOS XR Software, could allow an authenticated, remote attacker with Administrator-level privileges on the PON Manager
CVE-2024-20489 -- A vulnerability in the storage method of the PON Controller configuration file could allow an authenticated, local attacker with low privileges to obtain the MongoDB credentials.
CVE-2024-21529 -- Versions of the package dset before 3.1.4 are vulnerable to Prototype Pollution via the dset function due improper user input sanitization. This vulnerability allows the attacker to inject malicious object property using the built-in Object property __pro
CVE-2024-23716 -- In DevmemIntPFNotify of devicemem_server.c, there is a possible use-after-free due to a race condition. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for explo
CVE-2024-23906 -- Improper Neutralization of Input During Web Page Generation (CWE-79) in the Controller 6000 and Controller 7000 diagnostic webpage allows an attacker to modify Controller configuration during an authenticated Operator's session.
CVE-2024-24972 -- Buffer Copy without Checking Size of Input (CWE-120) in the Controller 6000 and Controller 7000 diagnostic web interface allows an authorised and authenticated operator to reboot the Controller, causing a Denial of Service. Gallagher recommend the diagnos
CVE-2024-27112 -- A unauthenticated SQL Injection has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database. The vulnerability has been remediated in versio
CVE-2024-27113 -- An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. An attacker could use this vulnerability to gain access to the underlying database by ex
CVE-2024-27114 -- A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. If the public view setting is enabled, a attacker can upload a PHP-file that will be available for execution for a few milliseconds before it is
CVE-2024-27115 -- A unauthenticated Remote Code Execution (RCE) vulnerability is found in the SO Planning online planning tool. With this vulnerability, an attacker can upload executable files that are moved to a publicly accessible folder before verifying any requirements
CVE-2024-31336 -- In PVRSRVBridgeRGXKickTA3D2 of server_rgxta3d_bridge.c, there is a possible arbitrary code execution due to improper input validation. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User inte
CVE-2024-31336 -- Imagination PowerVR-GPU in Android before 2024-09-05 has a High Severity Vulnerability, aka A-337949672.
CVE-2024-31336 -- N/A
CVE-2024-3899 -- The Gallery Plugin for WordPress WordPress plugin before 1.8.15 does not sanitise and escape some of its image settings, which could allow users with post-writing privilege such as Author to perform Cross-Site Scripting attacks.
CVE-2024-3899 -- The Gallery Plugin for WordPress WordPress plugin before 1.8.15 does not sanitise and escape some of its image settings, which could allow users with post-writing privilege such as Author to perform Cross-Site Scripting attacks.
CVE-2024-39378 -- Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must
CVE-2024-39808 -- Incorrect Calculation of Buffer Size (CWE-131) in the Controller 6000 and Controller 7000 OSDP message handling, allows an attacker with physical access to Controller wiring to instigate a reboot leading to a denial of service.
CVE-2024-40650 -- In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FRP state. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2024-40652 -- In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app while the device is provisioning due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges n
CVE-2024-40654 -- In multiple locations, there is a possible permission bypass due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2024-40655 -- In bindAndGetCallIdentification of CallScreeningServiceHelper.java, there is a possible way to maintain a while-in-use permission in the background due to a permissions bypass. This could lead to local escalation of privilege with no additional execution
CVE-2024-40656 -- In handleCreateConferenceComplete of ConnectionServiceWrapper.java, there is a possible way to reveal images across users due to a confused deputy. This could lead to local information disclosure with no additional execution privileges needed. User intera
CVE-2024-40657 -- In addPreferencesForType of AccountTypePreferenceLoader.java, there is a possible way to disable apps for other users due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interacti
CVE-2024-40658 -- In getConfig of SoftVideoDecoderOMXComponent.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for ex
CVE-2024-40659 -- In getRegistration of RemoteProvisioningService.java, there is a possible way to permanently disable the AndroidKeyStore key generation feature by updating the attestation keys of all installed apps due to improper input validation. This could lead to loc
CVE-2024-40662 -- In scheme of Uri.java, there is a possible way to craft a malformed Uri object due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitati
CVE-2024-41868 -- Audition versions 24.4.1, 23.6.6 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. An attacker could leverage this vulnerability to bypass mitigations such as ASLR. Exploitation of this issu
CVE-2024-42760 -- SQL Injection vulnerability in Ellevo v.6.2.0.38160 allows a remote attacker to obtain sensitive information via the /api/mob/instrucao/conta/destinatarios component.
CVE-2024-43690 -- Inclusion of Functionality from Untrusted Control Sphere(CWE-829) in the Command Centre Server and Workstations may allow an attacker to perform Remote Code Execution (RCE).
CVE-2024-43793 -- Halo is an open source website building tool. A security vulnerability has been identified in versions prior to 2.19.0 of the Halo project. This vulnerability allows an attacker to execute malicious scripts in the user's browser through specific HTML and
CVE-2024-44466 -- COMFAST CF-XR11 V2.7.2 has a command injection vulnerability in function sub_424CB4. Attackers can send POST request messages to /usr/bin/webmgnt and inject commands into parameter iface.
CVE-2024-44541 -- evilnapsis Inventio Lite Versions v4 and before is vulnerable to SQL Injection via the "username" parameter in "/?action=processlogin."
CVE-2024-44570 -- RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a code injection vulnerability via the getParams function in phpinf.php.
CVE-2024-44571 -- RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain incorrect access control in the mService function at phpinf.php.
CVE-2024-44572 -- RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_mgmt function.
CVE-2024-44573 -- A stored cross-site scripting (XSS) vulnerability in the VLAN configuration of RELY-PCIe v22.2.1 to v23.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
CVE-2024-44574 -- RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the sys_conf function.
CVE-2024-44575 -- RELY-PCIe v22.2.1 to v23.1.0 does not set the Secure attribute for sensitive cookies in HTTPS sessions, which could cause the user agent to send those cookies in cleartext over an HTTP session.
CVE-2024-44577 -- RELY-PCIe v22.2.1 to v23.1.0 was discovered to contain a command injection vulnerability via the time_date function.
CVE-2024-4465 -- An access control vulnerability was discovered in the Reports section due to a specific access restriction not being properly enforced for users with limited privileges.
CVE-2024-44851 -- A stored cross-site scripting (XSS) vulnerability in the Discussion section of Perfex CRM v1.1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the Content parameter.
CVE-2024-45327 -- An improper authorization vulnerability [CWE-285] in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users
CVE-2024-45786 -- This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API request URL which could lead
CVE-2024-45787 -- This vulnerability exists in Reedos aiM-Star version 2.0.1 due to transmission of sensitive information in plain text in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by manipulating a parameter through API reque
CVE-2024-45788 -- This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing rate limiting on OTP requests in certain API endpoints. An authenticated remote attacker could exploit this vulnerability by sending multiple OTP request through vulnerable API endp
CVE-2024-45789 -- This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper validation of the ‘mode’ parameter in the API endpoint used during the registration process. An authenticated remote attacker could exploit this vulnerability by manipulating param
CVE-2024-45790 -- This vulnerability exists in Reedos aiM-Star version 2.0.1 due to missing restrictions for excessive failed authentication attempts on its API based login. A remote attacker could exploit this vulnerability by conducting a brute force attack against legit
CVE-2024-5416 -- The Elementor Website Builder – More than Just a Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the url parameter of multiple widgets in all versions up to, and including, 3.23.4 due to insufficient input sanitization a
CVE-2024-5760 -- The Samsung Universal Print Driver for Windows is potentially vulnerable to escalation of privilege allowing the creation of a reverse shell in the tool. This is only applicable for products in the application released or manufactured before 2018.
CVE-2024-6091 -- A vulnerability in significant-gravitas/autogpt version 0.5.1 allows an attacker to bypass the shell commands denylist settings. The issue arises when the denylist is configured to block specific commands, such as 'whoami' and '/bin/whoami'. An attacker c
CVE-2024-7312 -- URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Payara Platform Payara Server (REST Management Interface modules) allows Session Hijacking.This issue affects Payara Server: from 6.0.0 before 6.18.0, from 6.2022.1 before 6.2024.9, from
CVE-2024-7609 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Vidco Software VOC TESTER allows Path Traversal.This issue affects VOC TESTER: before 12.34.8.
CVE-2024-7626 -- The WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) plugin for WordPress is vulnerable to arbitrary file movement and reading due to insufficient file path validation in the save_edit_profile_details() function in all versions
CVE-2024-7716 -- The Logo Slider WordPress plugin before 3.6.9 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (f
CVE-2024-7721 -- The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_password' function in all versions up to, and including, 2.5.34. This makes i
CVE-2024-7727 -- The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5vp_ajax_handler' ajax action in all versions up to, and
CVE-2024-7890 -- Local privilege escalation allows a low-privileged user to gain SYSTEM privileges in Citrix Workspace app for Windows
CVE-2024-8045 -- The Advanced WordPress Backgrounds plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘imageTag’ parameter in all versions up to, and including, 1.12.3 due to insufficient input sanitization and output escaping. This makes it possib
CVE-2024-8096 -- When curl is told to use the Certificate Status Request TLS extension, often referred to as OCSP stapling, to verify that the server certificate is valid, it might fail to detect some OCSP problems and instead wrongly consider the response as fine. If th
CVE-2024-8097 -- Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Payara Platform Payara Server (Logging modules) allows Sensitive credentials posted in plain-text on the server log.This issue affects Payara Server: from 6.0.0 before 6.18.0, fro
CVE-2024-8253 -- The Post Grid and Gutenberg Blocks plugin for WordPress is vulnerable to privilege escalation in all versions 2.2.87 to 2.2.90. This is due to the plugin not properly restricting what user meta values can be updated and ensuring a form is active. This mak
CVE-2024-8277 -- The WooCommerce Photo Reviews Premium plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including, 1.3.13.2. This is due to the plugin not properly validating what user transient is being used in the login() function a
CVE-2024-8306 -- CWE-269: Improper Privilege Management vulnerability exists that could cause unauthorized
CVE-2024-8440 -- The Essential Addons for Elementor – Best Elementor Templates, Widgets, Kits & WooCommerce Builders plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Fancy Text widget in all versions up to, and including, 6.0.3 due to ins
CVE-2024-8636 -- Heap buffer overflow in Skia in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-8637 -- Use after free in Media Router in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-8638 -- Type Confusion in V8 in Google Chrome prior to 128.0.6613.137 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-8639 -- Use after free in Autofill in Google Chrome on Android prior to 128.0.6613.137 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-8642 -- In Eclipse Dataspace Components, from version 0.5.0 and before version 0.9.0, the ConsumerPullTransferTokenValidationApiController does not check for token validity (expiry, not-before, issuance date), which can allow an attacker to bypass the check for t
CVE-2024-8646 -- In Eclipse Glassfish versions prior to 7.0.10, a URL redirection vulnerability to untrusted sites existed.
CVE-2024-8686 -- A command injection vulnerability in Palo Alto Networks PAN-OS software enables an authenticated administrator to bypass system restrictions and run arbitrary commands as root on the firewall.
CVE-2024-8687 -- An information exposure vulnerability exists in Palo Alto Networks PAN-OS software that enables a GlobalProtect end user to learn both the configured GlobalProtect uninstall password and the configured disable or disconnect passcode. After the password or
CVE-2024-8688 -- An improper neutralization of matching symbols vulnerability in the Palo Alto Networks PAN-OS command line interface (CLI) enables authenticated administrators (including read-only administrators) with access to the CLI to to read arbitrary files on the f
CVE-2024-8689 -- A problem with the ActiveMQ integration for both Cortex XSOAR and Cortex XSIAM can result in the cleartext exposure of the configured ActiveMQ credentials in log bundles.
CVE-2024-8690 -- A problem with a detection mechanism in the Palo Alto Networks Cortex XDR agent on Windows devices enables a user with Windows administrator privileges to disable the agent. This issue may be leveraged by malware to disable the Cortex XDR agent and then t
CVE-2024-8691 -- A vulnerability in the GlobalProtect portal in Palo Alto Networks PAN-OS software enables a malicious authenticated GlobalProtect user to impersonate another GlobalProtect user. Active GlobalProtect users impersonated by an attacker who is exploiting this
CVE-2024-8692 -- A vulnerability classified as critical was found in TDuckCloud TDuckPro up to 6.3. Affected by this vulnerability is an unknown functionality. The manipulation leads to weak password recovery. The attack can be launched remotely. The exploit has been disc
CVE-2024-8694 -- A vulnerability, which was classified as problematic, was found in JFinalCMS up to 20240903. This affects the function update of the file /admin/template/update of the component com.cms.controller.admin.TemplateController. The manipulation of the argument
CVE-2024-8705 -- A vulnerability was found in Shandong Star Measurement and Control Equipment Heating Network Wireless Monitoring System 5.6.2 and classified as critical. Affected by this issue is the function GetDataKindByType of the file /DataSrvs/UCCGSrv.asmx. The mani