NCA Busts Russian Crypto Networks Laundering Funds and Evading Sanctions
CISA Warns of Active Exploitation of Flaws in Zyxel, ProjectSend, and CyberPanel
Preparing for Q-day: The essential role of cloud migration in securing enterprise data
Microsoft says having a TPM is "non-negotiable" for Windows 11
Abuse of Cloudflare domains for phishing doubled in 2024, report says
White House: Salt Typhoon hacked telcos in dozens of countries
New DroidBot Android malware targets 77 banking, crypto apps
Wyden and Schmitt Call for Investigation of Pentagon's Phone Systems
Onapsis Expands Code Security Capabilities to Accelerate and De-Risk SAP BTP Development Projects
CISA Issues Guidance to Telecom Sector on Salt Typhoon
Russian FSB Hackers Breach Pakistan's APT Storm-0156
Meta: Russia tops disinformation ops, followed by Iran and China
Black Basta ransomware gang hit BT Group
UK disrupts Russian money laundering networks used by ransomware
FBI shares tips on how to tackle AI-powered fraud schemes
Pegasus Spyware Proliferates Across iOS, Android Devices
Veeam Urges Updates After Discovering Critical Vulnerability
Veeam patches bugs in VSPC, one leading to remote code execution
Authorities shut down Crimenetwork, the Germany's largest crime marketplace
API Security in Open Banking: Balancing Innovation with Risk Management
BT unit took servers offline after Black Basta ransomware breach
New DroidBot Android banking malware spreads across Europe
New Kimsuky credential theft attacks involve Russian email addresses
Additional MOVEit hack data from major firms exposed
Widespread RAT compromise via bogus emails, JavaScript payloads detailed
CFPB proposes increased data broker restrictions
Cybercrime-enabling Matrix encrypted messenger dismantled by law enforcement
Are We on the Brink of Saying Goodbye to Passwords?
Critical Veeam Vulnerabilities Allow Remote Code Execution
Russian hackers hijack Pakistani hackers' servers for their own attacks
Solana Web3.js library backdoored to steal secret, private keys
Wirral Hospital Recovery Continues One Week After Cyber Incident
FTC Safeguards US Consumers from Location Data Misuse
Liverpool Children’s Hospital Confirms Cyber-Attack
Ransomware Costs Manufacturing Sector $17bn in Downtime
Russia-Linked Turla Exploits Pakistani Hackers' Servers to Target Afghan and Indian Entities
NHS Ransomware Attack: Russian INC Ransom Gang Steals Patient Data
Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage
Six password takeaways from the updated NIST cybersecurity framework
Japan warns of IO-Data zero-day router flaws exploited in attacks
Shorter Lifespan Reduces Digital Certificate Vulns
Navigating the Changing Cybersecurity Regulations Landscape
Upgrade your Sophos Firewall to v21 today
Veeam addressed critical Service Provider Console (VSPC) bug
Cloud threat report: Possible trend in cloud credential "oversaturation"
Vodka Maker Stoli Files for Bankruptcy After Ransomware Attack - Security Spotlight
Cloudflare Cyber Attacks Surge: Developer Domains Exploited for Phishing and DDoS - Security Spotlight
Costa Rica Ransomware Attack Cripples State Energy Company RECOPE - Security Spotlight
Crypto and Cybersecurity: How to Keep Your Cryptocurrency Safe in 2025
Solana's popular web3.js library backdoored in supply chain compromise
How widespread is mercenary spyware? More than you think
Europol Dismantles Criminal Messaging Service MATRIX in Major Global Takedown
Cisco Urges Immediate Patch for Decade-Old WebVPN Vulnerability
Product showcase: Securing Active Directory passwords with Specops Password Policy
Navigating Exposures in Energy ICS Environments
Tech Predictions for 2025’s Frontline Workforce: Secure, Simplify, Opt
Security Risks Persist in Open Source Ecosystem
ENISA Launches First State of EU Cybersecurity Report
Four takeaways for cloud practitioners from the Finastra breach
Australia, Canada, New Zealand, and the U.S. warn of PRC-linked cyber espionage targeting telecom networks
How to Plan a New (and Improved!) Password Policy for Real-World Security Challenges
7 PAM Best Practices to Secure Hybrid and Multi-Cloud Environments
Authorities Take Down Criminal Encrypted Messaging Platform MATRIX
PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785)
Vodka Giant Stoli Files for Bankruptcy After Ransomware Attack
How I Climbed to #1 Hacker. The triagers recognized the impact… | by CipherHawk | Dec, 2024 | Medium
U.S. CISA adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog
Researchers Uncover Backdoor in Solana's Popular Web3.js npm Library
Veeam Data Platform v12.3 encompasses three key objectives for enterprises
Veza Access Requests reduces the risk of identity-based threats
AttackIQ Flex 3.0 empowers security teams to take control of their detection strategies
Elastic expands cloud detection and response capabilities from a single SIEM
FortiAppSec Cloud simplifies web application security management
SecureG, CTIA Project Secures Business Phone Calls
German Police Shutter Country’s Largest Dark Web Market
The New Cyber Frontier: Managing Risks in Distributed Teams
70% of open-source components are poorly or no longer maintained
Whitepaper: 9 traits of effective cybersecurity leaders of tomorrow
SafeLine: Open-source web application firewall (WAF)
65% of office workers bypass cybersecurity to boost productivity
Securing AI's new frontier: Visibility, governance, and mitigating compliance risks
🚨 Critical Bug: Deny Sign-In & Steal Sensitive Info on Behalf of Victims 🚨 | by JEETPAL | Dec, 2024 | InfoSec Write-ups
Docker/Kubernetes (K8s)Penetration Testing Checklist | by Ajay Naik | Dec, 2024 | InfoSec Write-ups
Tricky & Simple EXIF protection Bypass | by Saurabh sanmane | Dec, 2024 | InfoSec Write-ups
TryHackme’s Advent of Cyber 2024 — Day 03 Writeup | by Nanda Siddhardha | Dec, 2024 | InfoSec Write-ups
Run LLM on Pi5: Connecting an NVIDIA GPU to Raspberry Pi 5 via PCIe x4 | by Alican Kiraz | Dec, 2024 | Medium
TryHackMe — Advent of Cyber 2024: Day 3 Writeup | by Rahul Hoysala | Dec, 2024 | Medium
Joint Advisory Warns of PRC-Backed Cyber Espionage Targeting Telecom Networks
Critical SailPoint IdentityIQ Vulnerability Exposes Files to Unauthorized Access
Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses
Veeam Issues Patch for Critical RCE Vulnerability in Service Provider Console
Stoli Group USA files for bankruptcy after ransomware attack
Misconfigured WAFs Heighten DoS, Breach Risks
BigID Releases Data Activity Monitoring
Cisco ASA flaw CVE-2014-2120 is being exploited in the wild
15 SpyLoan Apps Found on Play Store Targeting Millions
Cloudflare’s developer domains increasingly abused by threat actors
Vodka maker Stoli files for bankruptcy in US after ransomware attack
Decade-Old Cisco Vulnerability Under Active Exploit
The Role of Salesforce Implementation in Digital Transformation
US shares tips to block hackers behind recent telecom breaches
Exploit released for critical WhatsUp Gold RCE flaw, patch now
Veeam warns of critical RCE bug in Service Provider Console
Cyber-Unsafe Employees Increasingly Put Orgs at Risk
Cisco warns of continued exploitation of 10-year-old ASA bug
Eon introduces advanced cloud backup automation and retrieval features
ENGlobal Cyberattack: Major Energy Contractor Hit by Ransomware - Security Spotlight
Yahoo Data Breach Settlement
Dark Web Hydra Market Mastermind Sentenced to Life by Russia
Police seizes largest German online crime marketplace, arrests admin
Venom Spider Spins Web of MaaS Malware
French Mobile Operators Join Forces to Tackle Rising Fraud
Kimsuky Group Adopts New Phishing Tactics to Target Victims
Ransomware Attack Disrupts Operations at US Contractor ENGlobal
Founder of defunct Hydra Market subjected to life sentence
New AWS incident response service unveiled
Over 346K files exposed by WotNot’s misconfigured cloud database
Cryptocurrency sector losses from hacks, scams declining
Cybersecurity incident acknowledged by Signzy
Third-party access: The overlooked risk to your data protection plan
Data Vigilante Leaks 772K Employee Records from Top Firms and 12.3M-Row Database
Veeam plugs serious holes in Service Provider Console (CVE-2024-42448, CVE-2024-42449)
How to Secure Your Amazon SES Email with Proofpoint Secure Email Relay
FTC bans data brokers from selling Americans’ sensitive location data
Police seize Matrix encrypted chat service after spying on criminals
Note From the Editor-in-Chief
Ransomware's Grip on Healthcare
Police Shut Down Matrix Encrypted Criminal Hub
Sophos named a Gartner® Peer Insights™ Customers’ Choice for Managed Detection and Response (MDR) Services for the 2nd time
Cloud Security: Lessons Learned and Applied to Emerging Tech – Bertrum Carroll – CSP #203
DMM Bitcoin halts operations six months after a $300 million cyber heist
Police takes down Matrix encrypted chat service used by criminals
The Growing Threat of MMS Scam Messages
White FAANG Data Export Attack: A Gold Mine for PII Threats
Security Pros Positive About GenAI in Cyber
All UPI IDs in India have Predictable Patterns that allow the disclosure of mail IDs | by JEETPAL | Dec, 2024 | InfoSec Write-ups
Common Holiday Phishing Scams To Watch Out for This Season | by Marisa Tranchitella Foltz | Dec, 2024 | InfoSec Write-ups
From Hacktivism to Cyber Warfare: Understanding the Role of Ideology in Cyberattacks | by Kamesh | Dec, 2024 | InfoSec Write-ups
Small Bugs, Big Bounties: A Hacker’s Guide to Quick Wins | by Akash Ghosh | Dec, 2024 | InfoSec Write-ups
TryHackme’s Advent of Cyber 2024 — Day 02 Writeup | by Nanda Siddhardha | Dec, 2024 | InfoSec Write-ups
Five ways to tighten up Kubernetes security
ENGlobal Corporation discloses a ransomware attack
Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability
The Ultimate Guide to Designing a Logo Online: Tools, Tips, and Tricks
N2WS platform enhancements improve restore time for enterprises and MSPs
Phishers send corrupted documents to bypass email security
Sweet Security helps organizations protect their cloud environments
Poland probes Pegasus spyware abuse under the PiS government
NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise
Push Security introduces verified stolen credentials detection capability
US government, energy sector contractor hit by ransomware
Hydra Market Leader Sentenced to Life by Moscow Court
Chinese LIDAR Dominance a Cybersecurity Threat, Warns Think Tank
UK Cyber-Attacks Surge as Threats Hit Harder, Warns NCSC
North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks
Nextcloud Talk: Open-source, GDPR-compliant alternative to Microsoft Teams
Thales Data Risk Intelligence identifies risks to sensitive data
Reimagining cybersecurity for platform developers | by Tide Foundation | Oct, 2024 | InfoSec Write-ups
Why We Invested in Upwind Security… Again | by Michael Robinson | Craft Ventures | Dec, 2024 | Medium
TryHackMe — Advent of Cyber 2024: Day 2 Writeup | by Rahul Hoysala | Dec, 2024 | Medium
From File Upload To LFI: A Journey To Exploitation | by Chux | Dec, 2024 | Medium
Cybersecurity jobs available right now: December 3, 2024
Best practices for staying cyber secure during the holidays
Horns&Hooves Campaign Delivers RATs via Fake Emails and JavaScript Payloads
Treat AI like a human: Redefining cybersecurity
How Attackers Use Corrupted Files to Slip Past Security
Corrupted Microsoft Office documents used in phishing campaign
Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform
'Bootkitty' First Bootloader to Take Aim at Linux
Korea arrests CEO for adding DDoS feature to satellite receivers
AWS Launches New Incident Response Service
Interpol Cyber-Fraud Action Nets More Than 5K Arrests
Tia Hopkins on diversity, resilience, and redefining leadership (video)
New Rockstar 2FA Phishing-as-a-Service Kit Targets Microsoft 365 Accounts
BootKitty UEFI malware exploits LogoFAIL to infect Linux systems
Mozilla really wants you to set Firefox as default Windows browser
Russia sentences Hydra dark web market leader to life in prison
Name That Edge Toon: Shackled!
8 Tips for Hiring Neurodivergent Talent
TryHackMe Advent of Cyber 2024 (All Tasks Write-up, Updated Daily) 🎄 | by Daniel Iwugo | Dec, 2024 | InfoSec Write-ups
RansomHub attack compromises Bologna FC data
Uganda downplays central bank hack
SmokeLoader Malware Exploits MS Office Flaws to Steal Browser Data
The shocking speed of AWS key exploitation
Novel phishing campaign uses corrupted Word documents to evade security
2 UK Hospitals Targeted in Separate Cyberattacks
Does Your Company Need a Virtual CISO?
France Accuses Azerbaijan of Online Manipulation Campaigns
Corrupted Word Files Fuel Sophisticated Phishing Campaign
Millions of Android devices compromised with SpyLoan malware apps
Mounting pro-Russian DDoS attacks launched against Japan
Over $400M sequestered, more than 5K arrested in global cybercrime crackdown
Russia arrests ransomware-linked hacker
Actively exploited Partner Network site flaw, others addressed by Microsoft
Veterans Health Administration Cyberattack
Alder Hey Children's Hospital Data Breach: INC Ransomware Leaks Sensitive Patient Data - Security Spotlight
Incident Response Playbooks: Are You Prepared?
Crypto.com Launches Massive $2m Bug Bounty Program
Tor Project needs 200 WebTunnel bridges more to bypass Russia' censorship
Op HAECHI V: Interpol Arrests 5,500 Cybercriminals, Recovers $400 Million
Datadog Cloud SIEM accelerates security investigations
SmokeLoader Malware Resurfaces, Targeting Manufacturing and IT in Taiwan
Hackers Drain $1.48 Billion from Crypto in 2024, Led by DeFi Exploits
Radiant Logic provides continuous identity hygiene assessments via real-time streaming data
Skyflow protects sensitive data flowing in and out of AI agents
Veracode unveils innovations for secure software development
AWS offers incident response service
Mozilla really wants you to easily set Firefox as default Windows browser
Endpoint Security recent news | Dark Reading
SmokeLoader Malware Campaign Targets Companies in Taiwan
Why OT environments are vulnerable – and what to do about it
Google Chrome’s AI feature lets you quickly check website trustworthiness
Bologna FC Hit By 200GB Data Theft and Ransom Demand
Russia Arrests Prominent Ransomware Operator
The World’s First OSCP+ Exam Review | by Tunahan TEKEOGLU | Nov, 2024 | Medium
World Wide CTF 2024 | Forensics Challenges | by أحمد ناصر | Dec, 2024 | Medium
Exploiting Facebook Ads: $2100 Bug Bounty for Role Management DoS | by Kiril Krivoguz | Dec, 2024 | InfoSec Write-ups
Advent of Cyber 2024 [ Day 1 ] Writeup with Answers | TryHackMe Walkthrough | by Karthikeyan Nagaraj | Dec, 2024 | Medium
Operation HAECHI-V led to more than 5,500 suspects arrested
A Guide to Securing AI App Development: Join This Cybersecurity Webinar
THN Recap: Top Cybersecurity Threats, Tools and Tips (Nov 25 - Dec 1)
$400M seized, 5,500 arrested in global operation targeting cyber fraud
8 Million Android Users Hit by SpyLoan Malware in Loan Apps on Google Play
Global Police Arrest 5500 in $400m Cyber-Fraud Crackdown
UK Government Invites Industry to Get Behind new UK Cyber Team
Firmware Penetration Testing Checklist | by Ajay Naik | Dec, 2024 | InfoSec Write-ups
iDRAC to Domain Admin. Hello all! | by Jevon Davis | Dec, 2024 | InfoSec Write-ups
TryHackMe Advent of Cyber 2024 (All Tasks Write-up, Updated Daily) 🎄 | by Daniel Iwugo | Dec, 2024 | InfoSec Write-ups
TryHackme’s Advent of Cyber 2024 — Day 01 Writeup | by Nanda Siddhardha | Dec, 2024 | InfoSec Write-ups
How I found 4 IDORs in the same target | by Ahmed Hussein | Nov, 2024 | Medium
Faster Than Dilithium And Much Smaller Keys: Meet FAEST | by Prof Bill Buchanan OBE FRSE | Nov, 2024 | Medium
Pretend AI, aka Microsoft Recall. “If you want to keep a secret, you must… | by Prof Bill Buchanan OBE FRSE | Nov, 2024 | Medium
Towards Zero Trust and Attribute-Based Encryption | by Prof Bill Buchanan OBE FRSE | Nov, 2024 | Medium
Android Pentesting: Unleashed Exploring Mobile Vulnerabilities | by th3.d1p4k | Nov, 2024 | Medium
The $300 Journey from RFI to RCE that Changed Everything | by Dhabaleshwar Das | Nov, 2024 | Medium
The $2,200 ATO Most Bug Hunters Overlooked by Closing Intruder Too Soon | by Mohsin khan | Nov, 2024 | Medium
INTERPOL Arrests 5,500 in Global Cybercrime Crackdown, Seizes Over $400 Million
Data scientists create tool to spot fake images
Week in review: Exploitable flaws in corporate VPN clients, malware loader created with gaming engine
Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges
How AI is transforming human risk management
The Sticker Shop | TryHackMe | Walkthrough | by Shakhawat Hossain - 0xShakhawat | Nov, 2024 | Medium
Explore topics
Everyone Loves Policy as Code, No One Wants to Write Rego
Odessa Cyberattack Disrupts City Services
Attention Required! | Cloudflare
UnitedHealthcare CEO Brian Thompson fatally shot in New York
Tenable Adds Patch Management to Rapidly Close Security
Zafran
Bypassing WAFs with the phantom $Version cookie | PortSwigger Research
DroidBot: Insights from a new Turkish MaaS fraud operation | Cleafy Labs
How widespread is mercenary spyware? More than you think - Help Net Security
A New Phone Scanner That Detects Spyware Has Already Found 7 Pegasus Infections | WIRED
Data Leak Exposes Millions of Top Corporations Employee Records
Ransomware Attack Disrupts PIH Health Hospitals
- YouTube
Researchers Uncover Backdoor in Solana's Popular Web3.js npm Library
PoC exploit for critical WhatsUp Gold RCE vulnerability released (CVE-2024-8785) - Help Net Security
IEC 62443 : la norme incontournable pour la cybersécurité industrielle - informatique Industrielle & IIoT
Hackers Use Corrupted ZIPs and Office Docs to Evade Antivirus and Email Defenses
Gem::SafeMarshal escape / nastystereo.com
XS-Leaks through Speculation-Rules - SECCON CTF 13 Author's Writeup ( Tanuki Udon ) - Satoooonの物置
U.S. officials urge Americans to use encrypted apps amid cyberattack
US says Chinese hackers are still lurking in American phone networks | TechCrunch
U.S. officials urge Americans to use encrypted apps amid cyberattack
FBI tells telecom firms to boost security following wide-ranging Chinese hacking campaign | AP News
FireCompass Unveils Industry's First Agent AI for Ethical Hacking & Autonomous Penetration Testing
US energy contractor ENGlobal reports 'limited' access to IT • The Register
GitHub - doxx/darkflare: DarkFlare Firewall Piercing (TCP over CDN)
RaccoonO365 Script Analysis
Corrupted Microsoft Word files used to launch phishing attacks | TechRadar
CloudGoat Official Walkthrough Series: ‘sqs_flag_shop’ - Rhino Security Labs
CSPT the Eval Villain Way! · Doyensec's Blog
OAuth Labs: OAuth 2.0 Vulnerabilites | cyllective's blog
US agency proposes new rule blocking data brokers from selling Americans' sensitive personal data | TechCrunch
Cisco Warns of Exploitation of Decade-Old ASA WebVPN Vulnerability
Police takes down Matrix encrypted chat service used by criminals - Help Net Security
- YouTube
Ransomware Attack Disrupts ENGlobal Operations in Texas
GitHub - tiagorangel1/bunbuster: Ridiculously fast web & TCP fuzzer designed for brute-forcing directories, subdomains, and files on web servers.
EU’s first ever report on the state of cybersecurity in the Union | ENISA
Master Cybersecurity with Browser Network Tools
Taqtics - Elite Cybersecurity Solutions
NachoVPN Tool Exploits Flaws in Popular VPN Clients for System Compromise
North Korean Kimsuky Hackers Use Russian Email Addresses for Credential Theft Attacks
Xerox, Nokia, BofA, Morgan Stanley's employees data dumped • The Register
reuters.com
Vulnerability Summary for the Week of November 25, 2024 | CISA
Pentesting Salesforce Communities | 0xbro
AWS announces AWS Security Incident Response for general availability - AWS
Stoli Group USA Files for Bankruptcy After Cyberattack
You Might As Well Use a Content Security Policy | Alex MacArthur
Breaking Down Adversarial Machine Learning Attacks Through Red Team Challenges
Understanding RaccoonO365 Phishing-as-a-Service
- YouTube
SmokeLoader Malware Resurfaces, Targeting Manufacturing and IT in Taiwan
Blue Yonder moves closer to full recovery after November ransomware attack | Cybersecurity Dive
The 50 most common passwords and how to start creating stronger ones
Hacking group claims to have cracked Microsoft's software licensing security on a massive scale | TechSpot
Clutch - The Day We Unveiled the Secret Rotation Illusion
Just a moment...
Just a moment...
0x00 - Introduction to Windows Kernel Exploitation //
Inside the 2024 CWE Top 25: Trends, surprises, and persistent challenges - Help Net Security
INTERPOL Arrests 5,500 in Global Cybercrime Crackdown, Seizes Over $400 Million
Cybercriminals Use NFC Relay to Turn Stolen Credit Cards into Cash without a PIN Mobile Hacker
VRV-Security-s-Python-Intern-Assignment
Comprehensive security plugin with DDOS prevention, reCAPTCHA, IP blocking, and Two-Factor Authentication.
Elastic Stack Security Information and Event Management using the Elastic Web portal and a Kali Linux VM
SystemSecurityScripts
A small proof-of-concept game about flying over some islands and painting across the sky.
Terraform-AWS-Proof-of-Concept
APK available as a proof of concept
A Spring Boot-based proof of concept project using Firebase.
This repository demonstrates a Proof of Concept for enabling a .NET MAUI app to start automatically on device boot, specifically for Android. Additionally, it includes an approach to restart the application at runtime.
"This repository contains the Python-based assignment solutions submitted as part of the internship program at VRV Security. It includes implementations and code snippets designed to meet the specified requirements of the task. The solutions demonstrate p
End to End project deployed in AWS with CI/CD pipeline
This project uses a webcam to perform real-time face detection, employing computer vision techniques to identify and track faces for applications such as security and user interaction.
Identificación y Estudio de Vulnerabilidades habituales en Despliegues de Aplicaciones en Servicios Cloud
This project implements eye iris detection using a webcam, leveraging image processing techniques to accurately identify and track the iris in real-time for applications like authentication and security.
AWS-Proof-of-Concept
Git hack 3
A proof of concept about Keycloak using Python
A quick-and-dirty hack to provide dcap-rs via standard C FFI.
Ejercicios del Hack de Git en Social Oplesk
Welcome to the React Router Task! 🚀 This project is a dynamic blog application built with React and React Router. 🖥️ It features categorized articles on Data Science, Full Stack Development, Cyber Security, and Career. 📚 Navigate seamlessly and enjoy a sm
Phishing for knowledge within the cyber world, one security layer at a time.
Demo authenticating against multiple OpenID-Connect IdPs with Caddy
A proof of concept
🔒 Secure Password Checker A robust library for customizable password validation, designed to enhance security and prevent weak or compromised credentials.
This is just to be a proof of concept on to power the internal IR Diode
A declarative hacking environment you can run with Docker.
A very rough proof of concept of the ML predictive analysis model.
Experimenting with MiMC hashing to create a mini proof of concept
A custom Strapi v5 upload provider for Google Cloud Storage, enabling seamless image and file uploads to GCP buckets. Designed for scalability, security, and easy integration with Strapi projects.
The best tools for auditing and ethical hacking
A proof of concept on using Envoy as an OAuth2 authentication middleware
Security considerations include implementing role-based access control to restrict unauthorized actions, using secure authentication methods, sanitizing user inputs, enforcing CORS policies, applying rate limiting, and enabling secure HTTP headers.
Useful exception handlers for security proposes.
phishing_cyber_security
Conduct-a-security-audit
VRV_Security
SpringSecurityDemo
A curated list of wireless sensing security works, organized by signal roles: Victims, Weapons, and Shields
iVariSecuritySystemsPvtLtd
VRV-security-
Final project of distributed secruity system for distributed computing class.
vrv_security
VRV-Security-Intern
VRV-Security-Assignment
SecurityAgents
like hobo_vr, but like an actually functioning driver, also a proof of concept for the new asio ipc
edu_boot_mybatis_security_jwt
Upcoming Hack Club Shop!
Cyber-Security-Projects
시스템 보안과 해킹
This Python application provides a graphical user interface for encrypting and decrypting secret messages using the Fernet symmetric encryption scheme. The app is built using Tkinter for the GUI and incorporates password-based authentication for added sec
Proof of some concepts like pub/sub, redis, docker, event-driven, websockets, microservices, datadog
Este projeto é uma aplicação Spring Boot que demonstra o uso de autenticação e autorização utilizando Spring Security, OAuth2 e JWT (JSON Web Token)
Terraform-Aws-Security-Group
A board game proof of concept that hopefully won't get me sued.
This repository contains a Proof of Concept (PoC) exploit for CVE-2024-11680, a critical vulnerability in ProjectSend r1605 and older versions. The exploit targets a Cross-Site Request Forgery (CSRF) flaw in combination with Privilege Misconfiguration iss
CVE-2018-16763-Proof-of-Concept
Web and Hacking Blog
Spring_Security_Validate_Data_With_Database
Rough proof of concept / dev environment for <https://github.com/mefranklin6/Extron-Frontend-API>
ngx_http_modsecurity_module
Syahril-Security
Hack Sprint for T2 at Atlas School. For this Hack Sprint, our theme is "Travel." We are making a text adventure game that works on a website and a mobile app. Multiplayer voting will be added if there is time.
EmailSecurityChecking
A little proof-of-concept for js-nest-typeorm-gremlin
MedicoAPI es una API REST diseñada para gestionar información de médicos de manera segura y eficiente. Este proyecto está construido con las tecnologías de Spring Boot, Spring Security y JWT, lo que garantiza un manejo robusto de datos y un control de acc
Enhancing-Network-Security-with-Machine-Learning-Based-Intrusion-Detection-System
Proof of Concept: F1 Prediction Hub is a state-of-the-art Formula 1 analytics dashboard powered by machine learning, providing comprehensive race predictions, historical insights, and driver analysis.
VRV Security frontend developer intern assignment
A simple repository to test some security tools with python language and evaluate their results
cashapp-security
How to Hack ChatGPT
This project parses and analyzes server log files to detect suspicious activity, such as multiple failed login attempts and frequent endpoint access. It aims to provide insights into potential security issues by identifying IP addresses associated with br
A simple Java Spring application demonstrating authentication with JWT and Spring Security integration.
-Enterprise-Networking-and-Security
SSE FInal Project
CyberSecurityLogin
Developed a SOAR system that can detect,isolate and respond to security incidents using limacharlie,Tines and Slack/email notifications.
VRV-Security-Frontend-Developer-Intern-Assignment
holbertonschool-cyber_security
Experimenting with MiMC hashing to create a mini proof of concept
A simple REST API that uses JWT authentication, built with Spring frameworks such as Spring Boot, Spring Security, and Spring Web. Created for practice purposes.
Module 2: Introduction to Security Within the Organization, Risk Management and Threat Modeling, Governance Frameworks, Compliance, and BCP/DR Assignment 2: Assessing Security Culture
Assignment Submission - Frontend Developer Intern - VRV Security
Security.app
A simple proof of concept LLM-based translation tool using OpenAI API
"SecureAccess" - porject
hacker news app using swiftUI
POAM Automation Proof-of-Concept with Google App Script
Security projects using Python
Cloud s3 automation and security
Here are basic wordpress plugins that does their job but you should remove them after they completed theyr job since they are not tested on security against hackers!
Module 1: The Cybersecurity Mindset, Attacking and Defending, Surveying the Cyberspace, Assignment 1: Security Reporting
Create a backend API that integrates two external services: a Weather API and a Location API. The goal is to develop a service that allows users to retrieve current weather information based on their IP address, with a focus on best practices in API desig
My first fully built proof-of-concept React assignment.
This is not remotely close to a finished product, and does not intend to nor does this claim to be working fine-tuning code for MaskGCT. This is just an inspirational proof of concept of what to do as a mere mortal when a neural network is open weights bu
Contains proof of concept code to work with various small low power displays.
VRV-Security-s-Python-Intern-Assignment
security
The Personal Wi-Fi Network Vulnerability Scanner is a Python tool to secure Wi-Fi networks. It detects devices, checks open ports, and identifies vulnerabilities. Built with Scapy, socket, and Tkinter, it offers a simple GUI for quick scans, helping users
SYSC 4810 - Network and Software Security - Course Assignment
Processes log files to extract and analyze key information.
Java-UdaSecurity
R Lab Programs from 5th sem CSE(Cyber Security) Syllabus
Assignments - VRV Security
AIccsTest (Consciousness Test) + AIsecTest (Security Test) - Overview of AI Testing Solutions
A proof of concept in generating neural audio codec with small codebook
A proof of concept demonstrating the bug I am experiencing with Phoenix LiveView, Bun, and Sortable.js.
watchOS jailbreaking tool proof of concept
Ouath2, Spring Security, JWT 를 이용한 여러가지(4가지) 인증, 인가 방법 연습
POAM Automation Proof-of-Concept with Google App Script
A proof of concept NextJS p2p app built on top of Holepunch Hyperswarm
Notes from the Practical Web Hacking Course from TCM Security
Show "whiter than white color" for certain browsers using only CSS hack (without HDR video elements).
Updated Fortnite External Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, lege
Proof of Concept Exploit for CVE-2024-9465
A terraform module for allowing Rad Security to scan ECR registries in your AWS account.
Security-ATM
Updated Fortnite Internal Source | fortnite cheat, fortnite driver, fortnite offsets, valorant offsets, valorant cheat, data pointer, data ptr, ioctl, offsets, driver, cheats, hacks, hack, undetected, cracked, ud, external, internal, cs2, rust, apex, lege
Hack The Box Walkthrough and command notes
crud_empl_start_security
spring security example with authentication
cs2-cheat cheat-cs-go midnight-cs-2 cs-2-cheats fatality midnight counter-strike-2-aimbot-pc counter-strike-2-aimbot-script counter-strike-2-free-aimbot counter-strike-2-recoil-hack counter-strike-2-free-utility cs2-aimlock cs2-glow-hack cs2-weapon-hack c
Hardware_Security
Apex Legends AI Hack Cheat Triggerbot Noclip silent aimbot esp wallhack wh exploit godmode fly FlickBot Legit SemiRage softaim 2024 inventory skin changer swapper hwid spoofer changer free macros norecoil speedhack undetected injector radar FPS Booster Un
CCTV-and-Security-Monitoring-System-Simulation
simple app to try completing security shepherd CSRF2 challenge
takedaSecurity.github.io
A proof of concept process application using PAMOE v9.1.1 Technical Preview
Proof of Concept (POC) for querying OpenAI to generate a code review summary for each file in a GitHub project, categorized by file extension.
Security_Java
I needed a simple devops project to test out some security research whiteboarding and proof of concepts
VRV-Security
PROJECT REPOSITORY OF INFORMATION SECURITY HACKING
My submission for Hack Club's Boba Drops
This is a school activity project for IPT (Information and Programming Technology) using ASP.NET MVC 5. The project demonstrates a secure form-based authentication system with modern UI design and best security practices.
VRV is a Node.js-based web application that integrates essential tools and libraries for secure authentication, robust role-based access control (RBAC), and efficient backend management. This project uses a modern tech stack to ensure scalability, securit
revisiting-spring-boot-security
pci-dss-proof-of-concept
Smart-Grid-Security
an-example-security-repo
A real-time object detection system using live camera feeds (CCTV) for enhanced security and surveillance. The application processes video streams to detect and track objects, providing automated monitoring and alerts.
The project is a comprehensive PowerShell script that automates the routine maintenance and optimization of a Windows 11 Home environment. It combines several functionalities to enhance system performance, troubleshoot issues, and ensure security, demonst
A Spring Boot project implementing Authentication, Authorization, and Role-Based Access Control (RBAC) with JWT and Spring Security.
eBanking-spring-security
Clickpix Proof of Concept for implement an SDK
aws-security-monitoring
Fraud Detection Framework leveraging text extraction, similarity scoring, and fraud analysis to enhance security in Open Finance ecosystems
This project uses Terraform to create and manage AWS resources, including EC2 instances, VPC, subnets, and security groups, following best practices for security and scalability.
Proof of concept of embedding a DSL into SystemVerilog
Proof of concept of using SvelteKit to bundle components that use highcharts to make charts
Introduction to Cyber Security
Proof of concept
URP Office Hacker Game
dependency-security-check
Cloud-Computing-Security-and-Customization-in-Multi-Tenant-Environments-Comprehensive-Review
Script para buscar información sobre máquinas de Hack The Box basado en la base de datos de @S4vitar.
spring-security
A modern cross-platform GUI tool for security, deployment & auditing of Cisco Meraki appliances.
holbertonschool-cyber_security
Security implementation layer for Eclipse BaSyx Python SDK
webSecurity
A modern, AI-powered password generator built with Next.js 14, featuring quantum-safe algorithms, context-aware analysis, and comprehensive security validation. Combines advanced cryptography with an intuitive UI to create strong, compliant passwords for
MetaMaskSecurityResearch
Proof-of-concept SVM for Sig
Proof-of-concept implementation of a comprehensive pipeline for Requirements Engineering (RE) using foundation models. Includes example prompts and results for RE phases: elicitation, analysis, documentation, validation, and management.
IT and security projects
vrv-security
This project was developed with the Spring framework in Java, applying concepts such as: Cache, Pagination, and Sorting for optimization and efficiency. Spring Security for generating keys, JWT tokens, and user authentication. Swagger for API documentati
a proof of concept autogen / streamlit app to give curriculum feedback based on the LX design principles.
This repository contains some proof of concept hacking scripts using python
test-gh-advanced-security
WeSplit is a Hacking With Swift - 100 days of SwiftUI project
This project aims to develop a secure REST API for an eBanking application. The API will provide access to user accounts, loans, cards, and balances. It will utilize Spring Security to implement robust authentication and authorization mechanisms.
SpringSecurity_JWT
Spring_Security_Validating_Data
securityApplication
A proof-of-concept project using Microsoft Azure for energy consumption optimization, showcasing data engineering skills with a sustainability focus.
A proof of concept to showcase the roles of publisher and consumer with Kafka and golang
A comprehensive study and proof-of-concept (PoC) demonstrating GPS spoofing attacks on mobile systems, including iOS and Android platforms, using the Ephemeris Extension Method to bypass GPS time verification.
安全工具
Proof-of-concept exploits created with the aim of advancing modern security research and providing detection opportunities for the latest emerging threat vectors.
This repo holds relevant API specifications and tooling for the gematik API Portal. This repository is currently only of status proof of concept.
CyberSecurity_Code
Proof-of-concept Servant integration with Rhine
🤖 Mev B0T: An Ethereum bot 🌍 designed in Solidity 🔒 to optimize MEV (Miner Extractable Value) 💸 extraction. Features mempool 🌊 monitoring, front-running 🚀, and robust security mechanisms 🔐.
holbertonschool-cyber_security
Proof-of-concept web application for secret santa game with JS
CCTC_SECURITY
vrv-security-assignment
holbertonschool-cyber_security
Proof of concept project for uploading .xlsx file and returning filtered response.
The Process Logger Tool is a Python script that tracks running processes and their network connections. It provides details like PID, process name, status, executable path, and network connections (IP, port, status). It logs all data to a file for easy re
spring_auth-Security-
A Python-based Proof of Concept for transcribing Hungarian audio files using the Whisper model locally. This tool supports both long-form audio processing and sample creation, with options for chunked processing of larger files.
spring-security
Proof of concept to expose the official swiss OeV Icons as a Swift Package
This repository contains cheat codes and hacks for the video game "Baldur's Gate". Learn how to manipulate in-game features for strategic advantages and enhanced gameplay.
Bunch of fixes I made for older games. Be it widescreen hack or general fix.
This repository contains cheat codes and hacks for the popular city-building game SimCity. Explore various cheats to quickly grow your city and unlock new features.
This repository is build to keep all the custom hacks related to Elementor Plugins.
Create a monitoring and alerting system for security events, such as unauthorized IAM access or policy violations.
Network_Security_Analysis
Hack The Box Academy Walkthrough's
Python script for automating initial Linux server setup and security configurations
VRN-security
This is a project to help me get ready for Cloud Security (university course).
AuraHaus ✨🛍️ is a stylish e-commerce platform offering a seamless shopping experience with JWT-based security, React-powered UI, and robust backend support.It is inspired by sephora website .
Easily hackable and configurable python script/package bundler built for uv
security
Shell script that checks email security policies for domains by verifying their SPF, DKIM, and DMARC records.
Hacker Rank Basic to Advance
PathFinder is a tool designed to visualize call graphs of source code.
SECURITY-PATERN
My live-coding environment and hacked-up solutions for Advent of Code 2024
jenkins-security-analysis
spring-la-mia-pizzeria-security
PoC (Proof of Concept) version of TO-DO-LIST application.
Investment for retirement calculator for mexicans comparing AFORE to other securities based on user's age, risk aversion and personal preferences.
Spring_Security
Proof of Concept for Portable Node ExpressJS (WITHOUT USING DOCKER)
This section illustrate you about implementation of Spring Security to your RestAPIs
A CTF problem demonstrating a SECURITY MISCONFIGURATION
ShopxIndia is a platform build using microservice-based architecture solution powered by AWS Cloud and GraphQL Federation, providing scalable, high-performance services with a unified API. It utilizes AWS infrastructure, automated CI/CD pipelines, Docker,
A hands-on project to simulate and document IT administration and security tasks in a homelab environment.
Cryptohack - A platform for studying and performing cryptography and security-related tasks is offered by the website CryptoHack. It provides practical activities to assist people improve their cryptography skills.
Network security project
information-security
Basic Message App Backend with Spring Boot and JPA without Spring Security
CyberSecurity
Hacking Into ZLT S10 4G CAT4 CPE
ToolShare is a platform designed to allow users to lend lend and borrow tools in their local area with the added security of a system to ensure that users are fairly compensated for any damage caused to their tools.
FiveM External cheat, offers various features like aimbot, triggerbot, exploits, and customizable settings, enhancing the gameplay experience. It includes a KeyAuth system for additional security and user management. The cheat is designed to be undetectab
Roblox Deepwoken Script Hack Cheat Exploit Executor Injector GUI Lua 100% UNC DECOMPILER Best Keyless No Key Undetected Macros Pastebin Working 2024 (Working PC/Mobile/Android/IOS) Free Download NO BAN Bypassing Byfron Bypass Anti-cheat Solara OP Autofarm
Collection of hacked-together scripts to integrate some HTB goodness into your Discord server.
A command line app where you can buy tickets, create and login into accounts. It handles exeptions and errors and estimates password security among others.
An automated log monitoring system that continuously analyzes Linux sys-logs for threat levels 4 and below, leveraging a fine-tuned Large Language Model (LLM) to detect issues, provide explanations, and recommend actionable remediation measures to enhance
Batter & Bloom is a fictional company website designed to demonstrate the potential of OpenAI technologies, such as ChatGPT, in designing and developing websites from the ground up—efficiently and creatively. This project serves as a proof of concept for
A proof-of-concept IoT system designed to demonstrate IoT workflows using MQTT publish-subscribe paradigm.
People kept asking, so here they are
python_for_security
Automate pentest on a honey pot and collect information with a NIDS
Security_Project
Optimizing Kubernetes Security through automated Network Policy in Multi-Cloud Environment
A Chatmate Application in Java is a program designed to facilitate real-time communication between users. It typically includes features like user authentication, chat rooms, direct messaging, and multimedia support, with a focus on simplicity, scalabilit
Data leakage threatens organizational security by exposing sensitive information. Identifying leaks in multi-agent systems is challenging. This project develops a terminal based Data Leakage Detection System to allocate data, track usage, and identify lea
Microservices along with emerging technologies (Spring boot, Spring data, Spring security, REST, MySQL, ELK, Docker, k8s, Event driven, Kafka, Saga pattern, Caching, AWS, Loadbalancer, API management)
An AI model that detects anomalies in hardware usage patterns, to flag potential security threats and prevent system breaches.
harmony
Spring Boot Project from Talusko Youtube Channel by Navin Reddy
Hack day project to build an ID tag kiosk for kids
The Hospital Security Application is a system designed to verify and manage authorized visitors for patients. The system will be run by Admins and Security personnel. Security will verify the visitor’s identity using their National ID and check against th
web-security-course
Full-Stack Hacker News Clone
Loja virtual em Nextjs com Backend Java Spring (Boot, Security, JPA)
Cyber_Security_project
kubernetes-security-resources
security-project
GitHub repository for Snowboarding/Motorcycle proof of concept
SystemSecurity
security_course_projects
website for hosting High Seas Hack Club ships
This repository will include information related to my independent work studying defensive cybersecurity
Spring Security Frontend
A hacknet inspired hacking program
Software-Security
A less paranoid methodology for locking down your tech.
Juice YSWS for Hack Club
This repository provides a proof-of-concept for a real-time data ingestion app to process and analyze cryptocurrency market data from Coinbase. It supports Kahoot!'s finance team with real-time insights, including highest bid, lowest ask, max spread, and
Hacker news clone
Hush Security helm charts
cyber-security-problem-
Brun a 2D tottaly hackable game engine
INTA 6450 - Data Analytics and Security: Enron Project (Fall 2024)
StreamlinePHP is a lightweight, modular PHP framework focused on simplicity and efficiency for building modern web applications. With intuitive routing, controller management, a customizable templating system, and essential security features, StreamlinePH
The official GitHub page for the paper "Who is Accountable? The Data, Model or Regulations? A Review of Bias, Fairness, and Safety towards Responsible AI"
A Temporal Logic and Model Checking Educational learning tool (Proof of Concept)
RequestShield is a 100% Free and OpenSource tool designed to analyze HTTP access.logs and identify suspicious HTTP requests and potential security threats. It uses factors like geolocation, abuse history, request volume, and suspicious request paths to as
基于 Spring Security 6 搭建 OAuth2 授权和认证服务。
Simple vulnerability scanner for software security courses, ISEP 2024
FCI-Computer-Security
Sanctum is a proof-of-concept EDR like tool, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.
SecurityWeb
Managing Software Complexity and Security using SIMEX and SOAA
WVU Tech EE480 / CS480 Senior Capstone
🔬 Proof of Concept of Tensorflow with .NET
Python Network Security Analyzer Suite
Python proof of concept for BCHOL. Solves for x in Ax = b, using the recursive Schur Linear Quadratic Regulator. It requires A to be a positive semi-definite matrix to guarantee good result.
proof of concept project for ouath and be one of the microservics in gym booking application
Security-Checker-Project
"Shopme" - An E Commerce Application || Tech Stack: Thymeleaf, Bootstrap, jQuery Java, Spring Boot, Spring Data JPA, Hibernate, Spring Security, Spring OAuth, Spring Mail, JUnit, Mockito, PayPal Checkout API, MySQL database, Heroku and Amazon S3
Proof of concept updater for a user to apply PF2 updates via a diff file
RESTful API using the Spring Framework, features such as Spring Security for security, Swagger for documentation, Spring Data JPA for data persistence, Spring HATEOAS, validation with JWT tokens, testing, creating a scalable and efficient application.
Cryptography-and-Network-Security
security.foi.ge
Svelte-based proof of concept of rendering dom elements to webgl while maintaining accessibility (screen reader, keyboard navigation, etc)
Activities and Projects
Passionate about Rust, and all STEM
**ErgoShirt** is an IoT t-shirt designed to improve posture, blending technology with health benefits. Created for the *IoT for Digital Transformation* course in PUC-Rio's MDT program, it showcases a Proof of Concept integrating hardware, software, and cl
Cyber-Security
This repository is made to automate the setup and Installation of various tools and applications within a Windows Subsystem for Linux (WSL2) environment. This script installs a comprehensive toolkit for security and penetration testing tasks.
A comprehensive collection of security services, tools, and information catering to a wide variety of uses
I built a rigorous cybersecurity project portfolio for simulated clients, covering NIST frameworks, audits, Linux, SQL, assets, threats, vulnerabilities, detection, incident response, escalation, Wireshark, tcpdump, IDS (Suricata), SIEM (Splunk, Chronicle
Info stealer Proof of Concept for firefix
This project is an open-source proof of concept implementing a Runes Mock Bridge
My 2nd project: Java, Spring (Boot, MVC, Security, Data JPA), Hibernate, PostgreSQL, Redis, Kafka, Thymeleaf, Docker
Debian-based image with monitoring, logging, security, and management tools.
Hacker Hub Proxy
Just a C# websockets server with Rust Tauri app as a client proof of concept :)
Proof of Concept (PoC) for a client-side Network File System (NFS) built with React, Redux, Chakra UI, and TypeScript. This project demonstrates an optimal frontend toolchain for scalable and maintainable web applications, featuring dynamic routing, runti
A proof of concept of a full data pipeline to index data from LSE websites and make /search available as an API endpoint
Rate Limit middleware for Hono Server
The project focuses on network isolation, traffic control, protection against malicious traffic, routing, and DNS configuration to enhance the security posture of the network.
CyberSecurityAndMachineLearning
Proof of concept for chatbot answering questions / generating code samples for MSAL.
Automate Office 365 license assignments based on security groups in Active Directory using Microsoft Graph
Cardano Node Typescript Proof of Concept implementation
Hacks away at various aarch64 images to install Photon
Throw a tag at it and it comes back with a checksum.
hack ark mobile
A graphics hack of spinning wings.
OCP-Security-SAFE
Get Hands-On Security Recommendations for Your SAP BTP Environment
Code repository for Social Security Design and Its Political Design (2023)
The Common Vulnerabilities Exposures (CVE) Database
LFI: Practical, Efficient, and Secure Software-based Sandboxing
Based on the encryption SDK developed by HUAWEI CLOUD KMS Java SDK, KMS provides a set of best practices for data encryption and decryption that comply with industry security specifications.
Speckleversary side project, proof of concept tool for automatically rendering views inside a speckle commit using a headless blender.
WaddleBot is a security and fraud detection engineer's run at a super modular bot designed to route chat prompts to serverless scripts (Lambda / OpenWhisk)! It applies a common profile to a user and allows for points, reputation, etc. to follow that user
A programming language exclusively designed for cybersecurity
A zsh shell micro-framework. Created to be simple and hackable, with a focus on being as close to the fish shell as possible.
A proof of concept Vue.js + Nuxt.js project
Generate a temporary access token for a github app using app id and its private key and either installtation id or installation repository name.
Simple PHP Web App that allows cloning of rows in a table selected by ID. Made as proof of concept.
High Performance GraphQL Runtime
Start an app from this template! Easy "start here" that has things I frequently like to have for proof of concept purposes.
The purpose of this assignment is to get you to use Finite Automata concepts in solving real-life problems.
Zero-Trust access management with true WireGuard® 2FA/MFA
eVtSecurity_Blacklisting
Front end (UI) plugin to support security-analytics
面向红队的, 高度可控可拓展的自动化引擎
Code-signing for npm packages
Proof of concept for a GitHub Actions datastore for One Piece manga.
C++ implementation of Tink
This repository contains a set of rules samples that can be directly used with Trellix Endpoint Security, in the Exploit Prevention policy.
Language-agnostic SLSA provenance generation for Github Actions
Quack is a free and open-source chat application designed for private use. Although it doesn't have any unique features, it combines the best features from other communicators. Quack prioritizes privacy and security by allowing users to host their own app
OTP Email MFA is a multi-factor authentication plugin that sends a one-time password to a user's email, providing an additional layer of security.
The CxAST Visual Studio plugin enables you to import results from a CxAST scan directly into your IDE
Proof Of Concept testing stuff with Discord
OSINT tool for finding email by first and last name
Zeranoe's MinGW-w64 build script with focus on security. Used by mingw-w64-dpp.
Elastio examples, proof-of-concept implementations, and user-contributed scripts to backup and restore All The Things
The wolfSSL Command Line Utility wolfCLU
🏠 Project landing page
Submits a build artifact to SignPath Code Integrity Platform for build integrity check and code signing.
Payment system proof of concept
PHP library and example application for the Ubiq Security Platform (Mirror of https://gitlab.com/ubiqsecurity/ubiq-php)
Collection of various interfaces for Windows functionality in a Pythonic way
A collection of packages for using GitHub security advisories in Node.js.
Everoute provide cloud-native networking and security solution
Website for the International Workshop on Critical Infrastructure and Manufacturing System Security (CIMSS)
🔍 A Hex Editor for Reverse Engineers, Programmers and people who value their retinas when working at 3 AM.
An enterprise identity and access management platform-- Janssen is a distribution of standards-based, developer friendly, components that are engineered to work together in any cloud. #OAuth #OpenID #FIDO
CloudSplaining on AWS Managed Policies
The CBA Consult IT Management Framework is a project to optimize companies goverenance framework in a multi cloud environment. One of the reasons the framework and the procedures involved in creating, maintaining and updating the framework is leveraging t
OpenSSF Scorecard - Security health metrics for Open Source
🔬 Proof of Concept of a .NET Framework project using GitHub Actions for build, testing and deploy
Fortify+Scala+sbt example
Ansible role for Red Hat 8 CIS Baseline
CryptoKit is a high-level Android library that streamlines cryptographic operations using the Android Keystore. It offers secure key management, encryption/decryption, digital signatures, and seamless biometric authentication, enabling developers to integ
A vulnerability scanner for container images and filesystems
Spring Oauth2 ResourceServer + Oauth2 Security + Authorization Code grant flow
a list of awesome resources related to security and hacking of VoIP, WebRTC and VoLTE
Heimdall Enterprise Server 2 lets you view, store, and compare automated security control scan results.
:barber: Security in Node.js using express-brute, express-brute-redis, Helmet, Node Redis, Rate Limit Redis, CORS, GitHub and Greenkeeper
Open-source tool to enforce privacy & security best-practices on Windows, macOS and Linux, because privacy is sexy
Anything about kernel security. CTF kernel pwn, kernel exploit, kernel fuzz and kernel defense paper, kernel debugging technique, kernel CVE debug.
A proof of concept demonstrating a compile-time mapping mechanism with placeholders in C++.
GeekMasher's Development and Security Engineer Blog
Main website servers
EVE is Edge Virtualization Engine
Attribute Based Access Control for React
Splunk Security Content
Helm charts for Anchore tools and services
Middleware in Action (mia) is a proof-of-concept from AoLab since 2016
Tools to help patching roms
Crack password protected zip files
Blue Hydra
unofficial Japanese translation of OWASP Mobile Application Security Testing Guide.
Security advisory database for Rust crates published through crates.io
👩‍🏫 👨‍🏫 The open-source curriculum of Enki!
Ansible role to apply a security baseline. Systemd edition.
Docker image for Radicale calendar and contact server :calendar: + security :closed_lock_with_key: + addons :rocket:
Prowler is an Open Cloud Security tool for AWS, Azure, GCP and Kubernetes. It helps for continuos monitoring, security assessments and audits, incident response, compliance, hardening and forensics readiness. Includes CIS, NIST 800, NIST CSF, CISA, FedRAM
wolfSSL product manuals and documentation.
DSS4NAFA Logmap proof-of-concept: monitoring data collection & analysis
A low-interaction SSH honeypot written in C
UNIX-like reverse engineering framework and command-line toolset
:cookie: A full-featured, hackable tiling window manager written and configured in Python (X11 + Wayland)
CVE-2018-9397 -- In WMT_unlocked_ioctl of MTK WMT device driver, there is a possible OOB
CVE-2018-9398 -- In fm_set_stat of mediatek FM radio driver, there is a possible OOB write
CVE-2018-9399 -- In /proc/driver/wmt_dbg driver, there are several possible out of bounds
CVE-2018-9400 -- In gt1x_debug_write_proc and gt1x_tool_write of
CVE-2018-9402 -- In multiple functions of gl_proc.c, there is a buffer overwrite due to a missing bounds check. This could lead to escalation of privileges in the kernel.
CVE-2018-9403 -- In the MTK_FLP_MSG_HAL_DIAG_REPORT_DATA_NTF handler of flp2hal_-
CVE-2018-9404 -- In oemCallback of ril.cpp, there is a possible out of bounds write due to an
CVE-2018-9407 -- In emmc_rpmb_ioctl of emmc_rpmb.c, there is an Information Disclosure due to a Missing Bounds Check. This could lead to Information Disclosure of kernel data.
CVE-2018-9408 -- In m3326_gps_write and m3326_gps_read of gps.s, there is a possible Out Of
CVE-2018-9416 -- In sg_remove_scat of scsi/sg.c, there is a possible memory corruption due to
CVE-2018-9439 -- In __unregister_prot_hook and packet_release of af_packet.c, there is a
CVE-2018-9462 -- In store_cmd of ftm4_pdc.c, there is a possible out of bounds write due to
CVE-2018-9463 -- In sw49408_irq_runtime_engine_debug of touch_sw49408.c, there is a possible
CVE-2024-12185 -- A vulnerability has been found in code-projects Hotel Management System 1.0 and classified as problematic. This vulnerability affects unknown code of the component Administrator Login Password Handler. The manipulation of the argument Str2 leads to stack-
CVE-2024-12186 -- A vulnerability was found in code-projects Hotel Management System 1.0 and classified as problematic. This issue affects some unknown processing of the file hotelnew.c of the component Available Room Handler. The manipulation of the argument admin_entry l
CVE-2024-54221 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Roninwp FAT Services Booking.This issue affects FAT Services Booking: from n/a through 5.6.
CVE-2018-9392 -- In get_binary of vendor/mediatek/proprietary/hardware/connectivity/gps/gps_hal/src/data_coder.c, there is a possible out of bounds write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges neede
CVE-2018-9393 -- In procfile_write of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_proc.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of privilege with System execution privileges needed. User interaction i
CVE-2018-9394 -- In mtk_p2p_wext_set_key of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_p2p.c, there is a possible OOB write due to improper input validation. This could lead to local escalation of privilege with System execution privileges needed. User inter
CVE-2018-9395 -- In mtk_cfg80211_vendor_packet_keep_alive_start and mtk_cfg80211_vendor_set_config of drivers/misc/mediatek/connectivity/wlan/gen2/os/linux/gl_vendor.c, there is a possible OOB write due to a missing bounds check. This could lead to local escalation of pri
CVE-2018-9396 -- In rpc_msg_handler and related handlers of drivers/misc/mediatek/eccci/port_rpc.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with System execution privileges needed. User int
CVE-2023-52943 -- Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors.
CVE-2023-52944 -- Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to perform limited actions on the set action rules function via unspecified vectors.
CVE-2023-6978 -- The WP Job Manager – Company Profiles plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'company' parameter in all versions up to, and including, 1.7 due to insufficient input sanitization and output escaping. This makes it poss
CVE-2024-10567 -- The TI WooCommerce Wishlist plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wizard' function in all versions up to, and including, 2.9.1. This makes it possible for unauthenticated attacker
CVE-2024-10576 -- Infinix devices contain a pre-loaded "com.transsion.agingfunction" application, that exposes an unsecured broadcast receiver. An attacker can communicate with the receiver and force the device to perform a factory reset without any Android system permissi
CVE-2024-10587 -- The Interactive Contact Form and Multi Step Form Builder with Drag & Drop Editor – Funnelforms Free plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 3.7.4.1 via deserialization of untrusted input. This makes
CVE-2024-10663 -- The Eleblog – Elementor Blog And Magazine Addons plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the goodbye_form_callback() function in all versions up to, and including, 1.8. This makes it pos
CVE-2024-10664 -- The Knowledge Base documentation & wiki plugin – BasePress Docs plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the basepress_db_posts_update() function in all versions up to, and including, 2.1
CVE-2024-10787 -- The LA-Studio Element Kit for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.4.4 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be included. This mak
CVE-2024-10832 -- The Posti Shipping plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.10.3. This is due to missing or incorrect nonce validation on the generate_notices_html() function. This makes it possible for unau
CVE-2024-10885 -- The SearchIQ – The Search Solution plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'siq_searchbox' shortcode in all versions up to, and including, 4.6 due to insufficient input sanitization and output escaping on user su
CVE-2024-10952 -- The The Authors List plugin for WordPress is vulnerable to arbitrary shortcode execution via update_authors_list_ajax AJAX action in all versions up to, and including, 2.0.4. This is due to the software allowing users to execute an action that does not pr
CVE-2024-11093 -- The SG Helper plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in version 1.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Administrator-level ac
CVE-2024-11293 -- The Registration Forms – User Registration Forms, Invitation-Based Registrations, Front-end User Profile, Login Form & Content Restriction Social Sites Login plugin for WordPress is vulnerable to authentication bypass in all versions up to, and including
CVE-2024-11398 -- Improper limitation of a pathname to a restricted directory ('Path Traversal') vulnerability in OTP reset functionality in Synology Router Manager (SRM) before 1.3.1-9346-9 allows remote authenticated users to delete arbitrary files via unspecified vector
CVE-2024-11466 -- The Intro Tour Tutorial DeepPresentation plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'tab' parameter in all versions up to, and including, 6.5.2 due to insufficient input sanitization and output escaping. This makes it pos
CVE-2024-11479 -- A HTML Injection vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. HTML markup could be added to comments of tickets, which when submitted will render in the
CVE-2024-11643 -- The Accessibility by AllAccessible plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the 'AllAccessible_save_settings' function in all versions up to, and inc
CVE-2024-11747 -- The Responsive Videos plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'somryv' shortcode in all versions up to, and including, 2.1 due to insufficient input sanitization and output escaping on user supplied attributes. T
CVE-2024-11769 -- The Flower Delivery by Florist One plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'flower-delivery' shortcode in all versions up to, and including, 3.9 due to insufficient input sanitization and output escaping on user
CVE-2024-11807 -- The NPS computy plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'data1' and 'data2' parameters in all versions up to, and including, 2.8.0 due to insufficient input sanitization and output escaping. This makes it possible for
CVE-2024-11813 -- The Pulsating Chat Button plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.3.6. This is due to missing or incorrect nonce validation on the amin_chat_button_settings_page() function. This makes it po
CVE-2024-11814 -- The Additional Custom Order Status for WooCommerce plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the wfwp_wcos_delete_finished, wfwp_wcos_delete_fallback_finished, wfwp_wcos_delete_fallback_orders_updated, and wfwp_wcos_delete_f
CVE-2024-11854 -- The Listdom – Business Directory and Classified Ads Listings WordPress Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘shortcode’ parameter in all versions up to, and including, 3.7.0 due to insufficient input sanitizatio
CVE-2024-11880 -- The B Testimonial – testimonial plugin for WP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'b_testimonial' shortcode in all versions up to, and including, 1.2.2 due to insufficient input sanitization and output escapi
CVE-2024-11897 -- The Contact Form, Survey & Form Builder – MightyForms plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mightyforms' shortcode in all versions up to, and including, 1.3.9 due to insufficient input sanitization and output
CVE-2024-11903 -- The WP eCards plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'ecard' shortcode in all versions up to, and including, 1.3.904 due to insufficient input sanitization and output escaping on user supplied attributes. This m
CVE-2024-11935 -- The Email Address Obfuscation plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘class’ parameter in all versions up to, and including, 1.0.1 due to insufficient input sanitization and output escaping. This makes it possible for au
CVE-2024-11952 -- The Classic Addons – WPBakery Page Builder plugin for WordPress is vulnerable to Limited Local PHP File Inclusion in all versions up to, and including, 3.0 via the 'style' parameter. This makes it possible for authenticated attackers, with Contributor-lev
CVE-2024-11985 -- An improper input validation vulnerability leads to device crashes in certain ASUS router models.
CVE-2024-12056 -- The Client secret is not checked when using the OAuth Password grant type.
CVE-2024-12099 -- The Dollie Hub – Build Your Own WordPress Cloud Platform plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.2.0 via the 'elementor-template' shortcode due to insufficient restrictions on which posts can be i
CVE-2024-12107 -- Double-Free Vulnerability in uD3TN BPv7 Caused by Malformed Endpoint Identifier allows remote attacker to reliably cause DoS
CVE-2024-12123 -- A hidden field manipulation vulnerability was identified in Issuetrak version 17.1 that could be triggered by an authenticated user. 
CVE-2024-12138 -- A vulnerability classified as critical was found in horilla up to 1.2.1. This vulnerability affects the function request_new/get_employee_shift/create_reimbursement/key_result_current_value_update/create_meetings/create_skills. The manipulation leads to d
CVE-2024-12147 -- A vulnerability was found in Netgear R6900 1.0.1.26_1.0.20. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file upgrade_check.cgi of the component HTTP Header Handler. The manipulation of the argument C
CVE-2024-12148 -- Incorrect authorization in permission validation component in Devolutions Server 2024.3.6.0 and earlier allows an authenticated user to access some reporting endpoints.
CVE-2024-12149 -- Incorrect permission assignment in temporary access requests component in Devolutions Remote Desktop Manager 2024.3.19.0 and earlier on Windows allows an authenticated user that request temporary permissions on an entry to obtain more privileges than requ
CVE-2024-12151 -- Incorrect permission assignment in the user migration feature in Devolutions Server 2024.3.8.0 and earlier allows users to retain their old permission sets.
CVE-2024-12180 -- A vulnerability classified as problematic has been found in DedeCMS 5.7.116. Affected is an unknown function of the file /member/article_add.php. The manipulation of the argument body leads to cross site scripting. It is possible to launch the attack remo
CVE-2024-12181 -- A vulnerability classified as problematic was found in DedeCMS 5.7.116. Affected by this vulnerability is an unknown functionality of the file /member/uploads_add.php of the component SWF File Handler. The manipulation of the argument mediatype leads to c
CVE-2024-12182 -- A vulnerability, which was classified as problematic, has been found in DedeCMS 5.7.116. Affected by this issue is some unknown functionality of the file /member/soft_add.php. The manipulation of the argument body leads to cross site scripting. The attack
CVE-2024-12183 -- A vulnerability, which was classified as problematic, was found in DedeCMS 5.7.116. This affects the function RemoveXSS of the file /plus/carbuyaction.php of the component HTTP POST Request Handler. The manipulation leads to cross site scripting. It is po
CVE-2024-12196 -- Incorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the password history of an entry without the view password permission.
CVE-2024-20397 -- A vulnerability in the bootloader of Cisco NX-OS Software could allow an unauthenticated attacker with physical access to an affected device, or an authenticated, local attacker with administrative credentials, to bypass NX-OS image signature verification
CVE-2024-37574 -- The GriceMobile com.grice.call application 4.5.2 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the com.iui.mobile.presentation.MobileActivity.
CVE-2024-37575 -- The Mister org.mistergroup.shouldianswer application 1.4.264 for Android enables any installed application (with no permissions) to place phone calls without user interaction by sending a crafted intent via the org.mistergroup.shouldianswer.ui.default_dia
CVE-2024-38829 -- A vulnerability in VMware Tanzu Spring LDAP allows data exposure for case sensitive comparisons.This issue affects Spring LDAP: from 2.4.0 through 2.4.3, from 3.0.0 through 3.0.9, from 3.1.0 through 3.1.7, from 3.2.0 through 3.2.7, AND all versions prior
CVE-2024-39163 -- binux pyspider up to v0.3.10 was discovered to contain a Cross-Site Request Forgery (CSRF) via the Flask endpoints.
CVE-2024-39219 -- An issue in Aginode GigaSwitch V5 before version 7.06G allows authenticated attackers with Administrator privileges to upload an earlier firmware version, exposing the device to previously patched vulnerabilities.
CVE-2024-40717 -- A vulnerability in Veeam Backup & Replication allows a low-privileged user with certain roles to perform remote code execution (RCE) by updating existing jobs. These jobs can be configured to run pre- and post-scripts, which can be located on a network sh
CVE-2024-40744 -- Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.6.
CVE-2024-40744 -- Unrestricted file upload via security bypass in Convert Forms component for Joomla in versions before 4.4.8.
CVE-2024-40745 -- Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.6.
CVE-2024-40745 -- Reflected Cross site scripting vulnerability in Convert Forms component for Joomla in versions before 4.4.8.
CVE-2024-42449 -- From the VSPC management agent machine, under condition that the management agent is authorized on the server, it is possible to remove arbitrary files on the VSPC server machine.
CVE-2024-42451 -- A vulnerability in Veeam Backup & Replication allows low-privileged users to leak all saved credentials in plaintext. This is achieved by calling a series of methods over an external protocol, ultimately retrieving the credentials using a malicious setup
CVE-2024-42452 -- A vulnerability in Veeam Backup & Replication allows a low-privileged user to start an agent remotely in server mode and obtain credentials, effectively escalating privileges to system-level access. This allows the attacker to upload files to the server w
CVE-2024-42453 -- A vulnerability Veeam Backup & Replication allows low-privileged users to control and modify configurations on connected virtual infrastructure hosts. This includes the ability to power off virtual machines, delete files in storage, and make configuration
CVE-2024-42455 -- A vulnerability in Veeam Backup & Replication allows a low-privileged user to connect to remoting services and exploit insecure deserialization by sending a serialized temporary file collection. This exploit allows the attacker to delete any file on the s
CVE-2024-42456 -- A vulnerability in Veeam Backup & Replication platform allows a low-privileged user with a specific role to exploit a method that updates critical configuration settings, such as modifying the trusted client certificate used for authentication on a specif
CVE-2024-42457 -- A vulnerability in Veeam Backup & Replication allows users with certain operator roles to expose saved credentials by leveraging a combination of methods in a remote management interface. This can be achieved using a session object that allows for credent
CVE-2024-45204 -- A vulnerability exists where a low-privileged user can exploit insufficient permissions in credential handling to leak NTLM hashes of saved credentials. The exploitation involves using retrieved credentials to expose sensitive NTLM hashes, impacting syste
CVE-2024-45205 -- An Improper Certificate Validation on the UniFi iOS App managing a standalone UniFi Access Point (not using UniFi Network Application) could allow a malicious actor with access to an adjacent network to take control of this UniFi Access Point.
CVE-2024-45206 -- A vulnerability in Veeam Service Provider Console has been identified, which allows to perform arbitrary HTTP requests to arbitrary hosts of the network and get information about internal resources.
CVE-2024-45207 -- DLL injection in Veeam Agent for Windows can occur if the system's PATH variable includes insecure locations. When the agent runs, it searches these directories for necessary DLLs. If an attacker places a malicious DLL in one of these directories, the Vee
CVE-2024-45717 -- The SolarWinds Platform was susceptible to a XSS vulnerability that affects the search and node information section of the user interface. This vulnerability requires authentication and requires user interaction.
CVE-2024-48453 -- An issue in INOVANCE AM401_CPU1608TPTN allows a remote attacker to execute arbitrary code via the ExecuteUserProgramUpgrade function
CVE-2024-5020 -- Multiple plugins for WordPress are vulnerable to Stored Cross-Site Scripting via the plugin's bundled FancyBox JavaScript library (versions 1.3.4 to 3.5.7) in various versions due to insufficient input sanitization and output escaping on user supplied att
CVE-2024-50947 -- An issue in kmqtt v0.2.7 allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2024-51210 -- Firepad through 1.5.11 allows remote attackers, who have knowledge of a pad ID, to retrieve both the current text of a document and all content that has previously been pasted into the document. NOTE: in several similar products, this is the intentional b
CVE-2024-51465 -- IBM App Connect Enterprise Certified Container 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, and 12.3 could allow a remote authenticated attacker to execute arbitrary commands on the system by sending a specially crafted request.
CVE-2024-52269 -- ** INITIAL LIMITED RELEASE **
CVE-2024-52272 -- Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromAdvSetLanip(overflow arg:lanMask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50
CVE-2024-52273 -- Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoublePppoeConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50
CVE-2024-52274 -- Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (setDoubleL2tpConfig->guest_ip_check(overflow arg: mask) modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50
CVE-2024-52275 -- Stack-based Buffer Overflow vulnerability in Shenzhen Tenda Technology Co Tenda AC6V2 (fromWizardHandle modules) allows Overflow Buffers.This issue affects Tenda AC6V2: through 15.03.06.50.
CVE-2024-52277 -- User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.This issue affects DocuSeal: through 1.8.1, >1.8.1.
CVE-2024-52277 -- User Interface (UI) Misrepresentation of Critical Information vulnerability in DocuSeal allows Content Spoofing.This issue affects DocuSeal: through 1.8.1, >1.8.1.
CVE-2024-52676 -- Itsourcecode Online Discussion Forum Project v.1.0.0 is vulnerable to Cross Site Scripting (XSS) via /bcc_forum/members/home.php.
CVE-2024-53614 -- A hardcoded decryption key in Thinkware Cloud APK v4.3.46 allows attackers to access sensitive data and execute arbitrary commands with elevated privileges.
CVE-2024-53982 -- ZOO-Project is a C-based WPS (Web Processing Service) implementation. A path traversal vulnerability was discovered in Zoo-Project Echo example. The Echo example available by default in Zoo installs implements file caching, which can be controlled by user
CVE-2024-54002 -- Dependency-Track is a Component Analysis platform that allows organizations to identify and reduce risk in the software supply chain. Performing a login request against the /api/v1/user/login endpoint with a username that exist in the system takes signifi
CVE-2024-54132 -- The GitHub CLI is GitHub’s official command line tool. A security vulnerability has been identified in GitHub CLI that could create or overwrite files in unintended directories when users download a malicious GitHub Actions workflow artifact through gh ru
CVE-2024-54134 -- A publish-access account was compromised for `@solana/web3.js`, a JavaScript library that is commonly used by Solana dapps. This allowed an attacker to publish unauthorized and malicious packages that were modified, allowing them to steal private key mate
CVE-2024-54153 -- In JetBrains YouTrack before 2024.3.51866 unauthenticated database backup download was possible via vulnerable query parameter
CVE-2024-54154 -- In JetBrains YouTrack before 2024.3.51866 system takeover was possible through path traversal in plugin sandbox
CVE-2024-54155 -- In JetBrains YouTrack before 2024.3.51866 improper access control allowed listing of project names during app import without authentication
CVE-2024-54156 -- In JetBrains YouTrack before 2024.3.52635 multiple merge functions were vulnerable to prototype pollution attack
CVE-2024-54157 -- In JetBrains YouTrack before 2024.3.52635 potential ReDoS was possible due to vulnerable RegExp in Ruby syntax detector
CVE-2024-54158 -- In JetBrains YouTrack before 2024.3.52635 potential spoofing attack was possible via lack of Punycode encoding
CVE-2024-54661 -- readline.sh in socat through 1.8.0.1 relies on the /tmp/$USER/stderr2 file.
CVE-2024-54674 -- app/View/GalaxyClusters/cluster_export_misp_galaxy.ctp in MISP through 2.5.2 has stored XSS when exporting custom clusters into the misp-galaxy format.
CVE-2024-54675 -- app/webroot/js/workflows-editor/workflows-editor.js in MISP through 2.5.2 has stored XSS in the editor interface for an ad-hoc workflow.
CVE-2024-7488 -- Improper Input Validation vulnerability in RestApp Inc. Online Ordering System allows Integer Attacks.This issue affects Online Ordering System: through 04.12.2024.
CVE-2024-8894 -- Out-of-bounds Write vulnerability was discovered in Open Design Alliance Drawings SDK before 2025.10. Reading crafted DWF file and missing proper checks on received SectionIterator data can trigger an unhandled exception. This can allow attackers to cause
CVE-2024-8962 -- The WPBITS Addons For Elementor Page Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 1.5.2 due to insufficient input sanitization and output escaping. This makes it possi
CVE-2024-9404 -- Moxa’s IP Cameras are affected by a medium-severity vulnerability, CVE-2024-9404, which could lead to a denial-of-service condition or cause a service crash. This vulnerability allows attackers to exploit the Moxa service, commonly referred to as moxa_cmd
Vulners.com -- CVE-2024-49415
Vulners.com -- CVE-2024-45068
Vulners.com -- CVE-2024-49420
Vulners.com -- CVE-2024-49413
Vulners.com -- CVE-2024-49418
CVE-2018-9441 -- In sdp_copy_raw_data of sdp_discovery.cc, there is a possible out of bounds read due to an incorrect bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is needed for exploitation.
CVE-2018-9449 -- In process_service_search_attr_rsp of sdp_discovery.cc, there is a possible out of bound read due to a missing bounds check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for
CVE-2021-29892 -- IBM Cognos Controller 11.0.0 and 11.0.1 could allow a remote attacker to obtain sensitive information, caused by the failure to properly enable HTTP Strict Transport Security. An attacker could exploit this vulnerability to obtain sensitive information us
CVE-2023-7255 -- Rejected reason: Assigned as duplicate and no longer used.
CVE-2024-10074 -- in OpenHarmony v4.1.1 and prior versions allow a local attacker cause the common permission is upgraded to root through use after free.
CVE-2024-10484 -- The Spectra – WordPress Gutenberg Blocks plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'Team' widget in all versions up to, and including, 2.16.2 due to insufficient input sanitization and output escaping on user suppl
CVE-2024-10893 -- The WP Booking Calendar WordPress plugin before 10.6.5 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disal
CVE-2024-11200 -- The Goodlayers Core plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the ‘font-family’ parameter in all versions up to, and including, 2.0.7 due to insufficient input sanitization and output escaping. This makes it possible for una
CVE-2024-11325 -- The AWeber Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for unauthentica
CVE-2024-11326 -- The Campaign Monitor Forms by Optin Cat plugin for WordPress is vulnerable to Reflected Cross-Site Scripting due to the use of add_query_arg without appropriate escaping on the URL in all versions up to, and including, 2.5.7. This makes it possible for un
CVE-2024-11391 -- The Advanced File Manager plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'class_fma_connector.php' file in all versions up to, and including, 5.2.10. This makes it possible for authenticated attack
CVE-2024-11453 -- The WordPress Pinterest Plugin – Make a Popup, User Profile, Masonry and Gallery Layout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gs_pin_widget' shortcode in all versions up to, and including, 1.8.8 due to insuffi
CVE-2024-11461 -- The Form Data Collector plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 2.2.3 due to insufficient input sanitization and output escaping. This makes it possible for unauth
CVE-2024-11707 -- The My auctions allegro plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'page' parameter in all versions up to, and including, 3.6.17 due to insufficient input sanitization and output escaping. This makes it possible for unaut
CVE-2024-11732 -- The BP Profile Shortcodes Extra plugin for WordPress is vulnerable to time-based SQL Injection via the ‘tab’ parameter in all versions up to, and including, 2.6.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparati
CVE-2024-11782 -- The WP Mailster plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'mst_subscribe' shortcode in all versions up to, and including, 1.8.17.0 due to insufficient input sanitization and output escaping on user supplied attribu
CVE-2024-11805 -- The Quick License Manager – WooCommerce Plugin plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via the 'submit_qlm_products' parameter in all versions up to, and including, 2.4.17 due to insufficient input sanitization and output esca
CVE-2024-11844 -- The IdeaPush plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the idea_push_taxonomy_save_routine function in all versions up to, and including, 8.71. This makes it possible for authenticated att
CVE-2024-11853 -- The jAlbum Bridge plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘ar’ parameter in all versions up to, and including, 2.0.15 due to insufficient input sanitization and output escaping. This makes it possible for authenticated at
CVE-2024-11866 -- The BMLT Tabbed Map plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'bmlt_tabbed_map' shortcode in all versions up to, and including, 1.1.8 due to insufficient input sanitization and output escaping on user supplied attr
CVE-2024-11898 -- The Scratch & Win – Giveaways and Contests. Boost subscribers, traffic, repeat visits, referrals, sales and more plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'swin-campaign' shortcode in all versions up to, and inclu
CVE-2024-12053 -- Type Confusion in V8 in Google Chrome prior to 131.0.6778.108 allowed a remote attacker to potentially exploit object corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2024-12062 -- The Charity Addon for Elementor plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.3.2 via the 'nacharity_elementor_template' shortcode due to insufficient restrictions on which posts can be included. This m
CVE-2024-12082 -- in OpenHarmony v4.0.0 and prior versions allow a local attacker cause information leak through out-of-bounds Read.
CVE-2024-29404 -- An issue in Razer Synapse 3 v.3.9.131.20813 and Synapse 3 App v.20240213 allows a local attacker to execute arbitrary code via the export parameter of the Chroma Effects function in the Profiles component.
CVE-2024-37302 -- Synapse is an open-source Matrix homeserver. Synapse versions before 1.106 are vulnerable to a disk fill attack, where an unauthenticated adversary can induce Synapse to download and cache large amounts of remote media. The default rate limit strategy is
CVE-2024-37303 -- Synapse is an open-source Matrix homeserver. Synapse before version 1.106 allows, by design, unauthenticated remote participants to trigger a download and caching of remote media from a remote homeserver to the local media repository. Such content then al
CVE-2024-40391 -- Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
CVE-2024-41775 -- IBM Cognos Controller 11.0.0 and 11.0.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information.
CVE-2024-42422 -- Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.
CVE-2024-45068 -- Authentication credentials leakage vulnerability in Hitachi Ops Center Common Services within Hitachi Ops Center OVA.
CVE-2024-45106 -- Improper authentication of an HTTP endpoint in the S3 Gateway of Apache Ozone 1.4.0 allows any authenticated Kerberos user to revoke and regenerate the S3 secrets of any other user. This is only possible if:
CVE-2024-45676 -- IBM Cognos Controller 11.0.0 and 11.0.1
CVE-2024-45757 -- An issue was discovered in Centreon centreon-bam 24.04, 23.10, 23.04, and 22.10. SQL injection can occur in the user-settings form. Exploitation is only accessible to authenticated users with high-privileged access.
CVE-2024-46624 -- An issue in InfoDom Performa 365 v4.0.1 allows authenticated attackers to elevate their privileges to Administrator via a crafted payload sent to /api/users.
CVE-2024-46625 -- An authenticated arbitrary file upload vulnerability in the /documentCache/upload endpoint of InfoDom Performa 365 v4.0.1 allows attackers to execute arbitrary code via uploading a crafted SVG file.
CVE-2024-47476 -- Dell NetWorker Management Console, version(s) 19.11, contain(s) an Improper Verification of Cryptographic Signature vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to Code execution.
CVE-2024-48080 -- An issue in aedes v0.51.2 allows attackers to cause a Denial of Service(DoS) via a crafted request.
CVE-2024-49410 -- Out-of-bounds write in libswmfextractor.so prior to SMR Dec-2024 Release 1 allows local attackers to execute arbitrary code.
CVE-2024-49411 -- Path Traversal in ThemeCenter prior to SMR Dec-2024 Release 1 allows physical attackers to copy apk files to arbitrary path with ThemeCenter privilege.
CVE-2024-49412 -- Improper input validation in Settings prior to SMR Dec-2024 Release 1 allows local attackers to broadcast signal for discovering Bluetooth on Galaxy Watch.
CVE-2024-49413 -- Improper Verification of Cryptographic Signature in SmartSwitch prior to SMR Dec-2024 Release 1 allows local attackers to install malicious applications.
CVE-2024-49414 -- Authentication Bypass Using an Alternate Path in Dex Mode prior to SMR Dec-2024 Release 1 allows physical attackers to temporarily access to recent app list.
CVE-2024-49415 -- Out-of-bound write in libsaped.so prior to SMR Dec-2024 Release 1 allows remote attackers to execute arbitrary code.
CVE-2024-49416 -- Use of implicit intent for sensitive communication in SmartThings prior to version 1.8.21 allows local attackers to get sensitive information.
CVE-2024-49417 -- Use of implicit intent for sensitive communication in Smart Touch Call prior to 1.0.0.8 allows local attackers to launch privileged activities. User interaction is required for triggering this vulnerability.
CVE-2024-49418 -- Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to enable JavaScript in its webview.
CVE-2024-49419 -- Insufficient verification of url authenticity in GamingHub prior to version 6.1.03.4 in Korea, 7.1.02.4 in Global allows remote attackers to load an arbitrary URL in its webview.
CVE-2024-49420 -- Improper handling of responses in GamingHub prior to version 6.1.04.6 in Korea, 7.1.03.7 in Global allows remote attackers to launch arbitrary activity.
CVE-2024-49421 -- Path traversal in Quick Share Agent prior to version 3.5.14.47 in Android 12, 3.5.19.41 in Android 13, and 3.5.19.42 in Android 14 allows adjacent attackers to write file in arbitrary location.
CVE-2024-50948 -- An issue in mochiMQTT v2.6.3 allows attackers to cause a Denial of Service (DoS) via a crafted request.
CVE-2024-51114 -- An issue in Beijing Digital China Yunke Information Technology Co.Ltd v.7.2.6.120 allows a remote attacker to execute arbitrary code via the code/function/dpi/web_auth/customizable.php file
CVE-2024-51363 -- Insecure deserialization in Hodoku v2.3.0 to v2.3.2 allows attackers to execute arbitrary code.
CVE-2024-51771 -- A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote threat actor to conduct a remote code execution attack. Successful exploitation could enable the attacker to run arbitr
CVE-2024-51772 -- An authenticated RCE vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploitation could allow an attacker to execute arbitrary comm
CVE-2024-51773 -- A vulnerability in the HPE Aruba Networking ClearPass Policy Manager web-based management interface could allow an authenticated remote Attacker to conduct a stored cross-site scripting (XSS) attack. Successful exploitation could enable a threat actor to
CVE-2024-52544 -- An unauthenticated attacker can trigger a stack based buffer overflow in the DP Service (TCP port 3500). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
CVE-2024-52545 -- An unauthenticated attacker can perform an out of bounds heap read in the IQ Service (TCP port 9876). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
CVE-2024-52546 -- An unauthenticated attacker can perform a null pointer dereference in the DHIP Service (UDP port 37810). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
CVE-2024-52547 -- An authenticated attacker can trigger a stack based buffer overflow in the DHIP Service (TCP port 80). This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
CVE-2024-52548 -- An attacker who can execute arbitrary Operating Systems commands, can bypass code signing enforcements in the kernel, and execute arbitrary native code. This vulnerability has been resolved in firmware version 2.800.0000000.8.R.20241111.
CVE-2024-52805 -- Synapse is an open-source Matrix homeserver. In Synapse before 1.120.1, multipart/form-data requests can in certain configurations transiently increase memory consumption beyond expected levels while processing the request, which can be used to amplify de
CVE-2024-52815 -- Synapse is an open-source Matrix homeserver. Synapse versions before 1.120.1 fail to properly validate invites received over federation. This vulnerability allows a malicious server to send a specially crafted invite that disrupts the invited user's /sync
CVE-2024-53257 -- Vitess is a database clustering system for horizontal scaling of MySQL. The /debug/querylogz and /debug/env pages for vtgate and vttablet do not properly escape user input. The result is that queries executed by Vitess can write HTML into the monitoring p
CVE-2024-53502 -- Seecms v4.8 was discovered to contain a SQL injection vulnerability in the SEMCMS_SeoAndTag.php page.
CVE-2024-53672 -- A vulnerability in the ClearPass Policy Manager web-based management interface allows remote authenticated users to run arbitrary commands on the underlying host. Successful exploit could allow an attacker to execute arbitrary commands as a lower privileg
CVE-2024-53863 -- Synapse is an open-source Matrix homeserver. In Synapse versions before 1.120.1, enabling the dynamic_thumbnails option or processing a specially crafted request could trigger the decoding and thumbnail generation of uncommon image formats, potentially in
CVE-2024-53867 -- Synapse is an open-source Matrix homeserver. The Sliding Sync feature on Synapse versions between 1.113.0rc1 and 1.120.0 can leak partial room state changes to users no longer in a room. Non-state events, like messages, are unaffected. This vulnerability
CVE-2024-53921 -- An issue was discovered in the installer in Samsung Magician 8.1.0 on Windows. An attacker can create arbitrary folders in the system permission directory via a symbolic link during the installation process.
CVE-2024-53999 -- Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The application allows users to upload files with scripts in the filename parameter. As a result, a m
CVE-2024-54000 -- Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. In versions prior to 3.9.7, the requests.get() request in the _check_url method is specified as allow
CVE-2024-54131 -- The Kolide Agent (aka: Launcher) is the lightweight agent designed to work with Kolide's service. An implementation bug in the Kolide Agent (known as `launcher`) allows for local privilege escalation to the SYSTEM user on Windows 10 and 11. The bug was in
CVE-2024-8748 -- A buffer overflow vulnerability in the packet parser of the third-party library "libclinkc" in Zyxel VMG8825-T50K firmware versions through V5.50(ABOM.8.4)C0 could allow an attacker to cause a temporary denial of service (DoS) condition against the web ma
CVE-2024-9058 -- The Element Pack Elementor Addons (Header Footer, Template Library, Dynamic Grid & Carousel, Remote Arrows) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the Lightbox widget in all versions up to, and including, 5.10.5 due to insuf
CVE-2024-9197 -- A post-authentication buffer overflow vulnerability in the parameter "action" of the CGI program in Zyxel VMG3625-T50B firmware versions through V5.50(ABPM.9.2)C0 could allow an authenticated attacker with administrator privileges to cause a temporary den
CVE-2024-9200 -- A post-authentication command injection vulnerability in the "host" parameter of the diagnostic function in Zyxel VMG4005-B50A firmware versions through V5.15(ABQA.2.2)C0 could allow an authenticated attacker with administrator privileges to execute opera
CVE-2024-9694 -- The CMSMasters Elementor Addon plugin for WordPress is vulnerable to Stored Cross-Site Scripting via multiple widgets in all versions up to, and including, 1.14.7 due to insufficient input sanitization and output escaping on user supplied attributes. This
CVE-2024-9978 -- in OpenHarmony v4.1.1 and prior versions allow a local attacker cause information leak through out-of-bounds Read.