Flickr moves to contain data exposure, warns users of phishing
UK Construction Firm Hit by Prometei Botnet Hiding in Windows Server
8 Top MDR Providers for Mid-Market Companies
Romania’s Oil Pipeline Operator Hacked: How an Infostealer Infection Paved the Way for Qilin's Ransomware Attack
New tool blocks imposter attacks disguised as safe commands
Week in review: Notepad++ supply chain attack details and targets, Patch Tuesday forecast
newsletter Round 562 by Pierluigi Paganini – INTERNATIONAL EDITION
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 83
DKnife toolkit abuses routers to spy and deliver malware since 2019
OpenClaw Integrates VirusTotal Scanning to Detect Malicious ClawHub Skills
Bithumb Mistakenly Sends 620,000 Bitcoin ($40B) to Customer Accounts
Italian university La Sapienza still offline to mitigate recent cyber attack
Firefox Will Give Users an AI Kill Switch for Better Privacy
State actor targets 155 countries in 'Shadow Campaigns' espionage op
CISA pushes Federal agencies to retire end-of-support edge devices
German Agencies Warn of Signal Phishing Targeting Politicians, Military, Journalists
Payments platform BridgePay confirms ransomware attack behind outage
DKnife Linux toolkit hijacks router traffic to spy, deliver malware
Germany warns of Signal account hijacking targeting senior figures
CISA warns of SmarterMail RCE flaw used in ransomware attacks
Chinese-Made Malware Kit Targets Chinese-Based Edge Devices
Substack Confirms Data Breach, “Limited User Data” Compromised
AI Agents’ Most Downloaded Skill Is Discovered to Be an Infostealer
EDR, Email, and SASE Miss This Entire Class of Browser Attacks
China-Linked DKnife AitM Framework Targets Routers for Traffic Hijacking, Malware Delivery
Flickr Notifies Users of Data Breach After External Partner Security Flaw
Poland's energy control systems were breached through exposed VPN access
State-backed phishing attacks targeting military officials and journalists on Signal
EU says TikTok faces large fine over "addictive design"
Man pleads guilty to hacking nearly 600 women’s Snapchat accounts
Asian State-Backed Group TGR-STA-1030 Breaches 70 Government, Infrastructure Entities
CISA Orders Removal of Unsupported Edge Devices to Reduce Federal Network Risk
17% of 3rd-Party Add-Ons for OpenClaw Used in Crypto Theft and macOS Malware
CISA orders US federal agencies to replace unsupported edge devices
Nearly 5 Million Web Servers Found Exposing Git Metadata – Study Reveals Widespread Risk of Code and Credential Leaks
How Samsung Knox Helps Stop Your Network Security Breach
Ransomware attackers are exploiting critical SmarterMail vulnerability (CVE-2026-24423)
CISA orders federal agencies to replace end-of-life edge devices
Flickr discloses potential data breach exposing users' names, emails
New Cyber Startup Programme to Debut at Infosecurity Europe 2026
Safeguarding Supply Chain Data Through Effective Risk Assessment
U.S. CISA adds SmarterTools SmarterMail and React Native Community CLI flaws to its Known Exploited Vulnerabilities catalog -
Compromised dYdX npm and PyPI Packages Deliver Wallet Stealers and RAT Malware
MintMCP’s governance platform helps organizations deploy, monitor, and secure AI agents
Claude Opus 4.6 improves agentic performance and model safety
February 2026 Patch Tuesday forecast: Lots of OOB love this month
Kasada Account Intelligence combats manual fraud and abuse
Mobile privacy audits are getting harder
Claude Opus 4.6 Finds 500+ High-Severity Flaws Across Major Open-Source Libraries
The hidden cost of putting off security decisions
New infosec products of the week: February 6, 2026
2026 Puzzle Concepts
OpenSourceMalware.com - Community Threat Intelligence
Just a moment...
Romania’s Oil Pipeline Operator Hacked: How an Infostealer Infection Paved the Way for Qilin's Ransomware Attack | InfoStealers
Introduction - Shelltief's Documentation
GitHub - trappsec-dev/trappsec: deception as a developer tool
Defense Evasion: The Service Run Failed Successfully
Vimeo
Google Shifts Post-Quantum Encryption from R&D to Government Policy Mandate | The Meridiem
- YouTube
PanicLock - Panic Button for Your Mac
GitHub - nightfullstar/openclaw-defender
Coalmine[Alpha] WebUI Walkthrough Overview
Introducing Kingfisher: Real-Time Secret Detection And Validation | MongoDB
- YouTube
0-Days \ red.anthropic.com
trappsec
- YouTube
- YouTube
- YouTube
CTO at NCSC Summary: week ending February 8th
GitHub - KeygraphHQ/shannon: Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark.
Digital security in the Quantum Era
GitHub - heshanthenura/sentrigoV2
Analysis of active exploitation of SolarWinds Web Help Desk | Microsoft Security Blog
Client Challenge
Princeton PExL Program Files Exposed in Open Google Cloud Storage
From magic to malware: How OpenClaw's agent skills become an attack surface | 1Password
Just a moment...
AI Agents’ Most Downloaded Skill Is Discovered to Be an Infostealer | InfoStealers
State-backed phishing attacks targeting military officials and journalists on Signal - Help Net Security
New Clickfix variant ‘CrashFix’ deploying Python Remote Access Trojan | Microsoft Security Blog
Screaming at the Kernel: How GhostKatz Uses "Vulnerable Drivers" to Dump Credentials via Physical Memory
Humanity Protocol Experiment Reveals How AI Can Bypass KYC And Exploit Digital Trust | Metaverse Post
The RCE that AMD won't fix! | MrBruh's Epic Blog
Vercel Security Checkpoint
“Developers lack knowledge to implement secure software development”
Agentic Multi-Tool Security Platform.
cloud-security-microsoft-azure
security-snaapi
🛡️ Security scanner for OpenClaw skills - detects malicious patterns and vulnerabilities before installation. Protects against credential harvesting, external downloads, suspicious APIs, shell injection, and more. Scan before you install!
Learning and Proof of Concept Project
a basic hack for people to skid
Iceman hack
Hacking on local AI setup
A minimalist, high-fidelity HTML5 "Hello World" proof of concept demonstrating true static autonomy without build chains or frameworks.
Real-time DNS security monitoring platform built on Cloudflare Workers
Agent security layer ensuring human operator control over task execution - blocks system-level commands and requires approval
Proof of Concept exploit for the Joomla 3.7.0 com_fields SQL injection vulnerability (CVE-2017-8917), demonstrating detection, enumeration, and data extraction in a CTF-friendly workflow.
.NET 10 + Nix + LGTMP Otel proof of concept
Atomic Grammar VM - Lace Compute for Chemistry. A proof-of-concept that treats chemistry as grammar, not physics.
Secure proof-of-concept demonstrating OpenClaw AI agent integration with a Telegram bot using containerized deployment and best security practices.
Proof of Concept for Discord Board Game app launchable via activities.
Proof‑of‑concept to control REMKO SmartWeb devices via cloud MQTT (WebSockets), including ON/OFF via captured UART frames. Starting point for Home Assistant integration.
Proof of Concept-Data to Plain Language Clip Board
a proof of concept toolkit for mutual aid groups based on node / twilio / airtable
K3S Proof of Concept with Terraform
Proof of Concept
Educational vulnerable web lab for ethical hacking
Proof-of-concept parallax penguin walking game
🔒 Explore API security by identifying and fixing OWASP vulnerabilities using AWS services and best practices for robust protection.
Homelab project to prctice external data ingestion
Proof-of-concept Q-Learning scheduler for production planning. Trains tabular RL agent (1,500 jobs) to assign machines or defer jobs while respecting colours, urgency, readiness & business rules. Generates policy + simulated allocations. CUDA accelerated.
Proof of concept for visualizing DOM evolution across releases
Educational vulnerable web lab for ethical hacking
Proof of concept of creating bitfield booleans in AutoHotkey V2.
A Proof of Concept PHP 8.3 library that lets you describe API endpoints once and get generated request/response DTOs, a typed handler interface, and an OpenAPI 3.0 spec from the same definition.
This repository contains Python scripts and tools focused on offensive security and penetration testing, inspired by real-world black hat Python techniques used in ethical hacking and red team operations. For educational use only. Scripts must be used on
nullopcode.cv - hacker terminal resume site
cloud-security-project--lab
Winner - Hack-Nation 2026 (VC Big Bet Track) One Click AI Challenge: Supply Chain Agents
A cross‑platform firewall management utility built in Python, providing easy terminal commands to enable, disable, and check firewall status on macOS and Windows. Ideal for learning system automation and security basics.
Ein Proof-of-Concept, wie ein `UIViewController` auf spezifische Weise in eine SwiftUI-App eingebettet werden kann
mobile-security-tools
cyber_security
Project-Thrown is a fast, experimental photogrammetry pipeline that reconstructs rough 3D meshes from 360° video or image orbits. Inspired by wheel-thrown pottery, it shapes form through rotation and repeated passes, prioritizing simplicity and speed over
Hands-on OpenStack security labs focused on RBAC hardening, policy enforcement, and multi-tenant cloud defense.
first-proof-of-concept
provides agent scaffolding for an environment resembling enterprise software development - from proof-of-concept to production-ready
Hardened security configuration for OpenClaw deployments
A reproducible script proof-of-concept that simulates jailbreak-style stress tests across model and safety variants, computes ASR with Wilson confidence intervals, analyzes severity-weighted risk, and visualizes adversarial transferability with figures an
Proof-of-Concept. ProDJLink Audio Guardian
A proof-of-concept for VLM-based UI testing implemented with Swift for XCTests.
An interactive security assessment suite for Claude Code, Codex, and Open Code that automates penetration testing and code audits based on the Shannon methodology.
A minimal, working proof of concept that validates Drools 8.x as the rule engine for Islamic banking policy evaluation. The project demonstrates declarative rule definitions, runtime evaluation via REST API, an admin dashboard for rule management, and aud
hackingbooks
Prototype exploring StrongDM's Software Factory pattern for spec-driven development with AI agents. BDD test execution, LLM obfuscation, and satisfaction scoring. Proof-of-concept written by OpenClaw (GLM-4.7). Use at your own risk.
📚 Личный исследовательский журнал для IT-экспериментов. Документирую Proof of Concepts, сравниваю технологии, фиксирую выводы. Структурированные заметки в Markdown — от гипотез до работающего кода и инсайтов.
ethical-hacking-project
Distillation engine for clinical guidelines (proof of concept)
Cracking password
AI security copilot(frontier agent) for phishing attacks ie text, voice, links etc which captures incomming database, web traffic captures before it enters an org infrastructure & anlysis it with the ML trained model and then forwards it to openai gpt-4o
umoomi-security-system
Proof-of-concept document processing solution that extracts information from insurance claims and generates summaries using Amazon Bedrock.
A collection of custom scripts, configurations, and notes for Kali Linux. Focused on penetration testing, ethical hacking, and applied security automation. Includes setup guides, tool usage examples, and workflow optimizations for security professionals a
api-proof-of-concept
​A lightweight Java execution engine designed to run untrusted code with granular security controls
Proof-of-concept .NET project demonstrating stream-based PDF ingestion with a transport abstraction.
OnValuet is a modern, security-first digital vault designed to help you store, manage, and protect your most important information in one safe place. From passwords and cards to documents and sensitive notes, OnValuet gives you complete control over your
Recursive multi-agent orchestrator for autonomous supply chains. Features game-theoretic negotiation, cross-vendor arbitrage, and asynchronous procurement logic. (Hack-Nation '26)
A project to show how GitHub coding agent can turn screenshots of legacy apps into working proof-of-concepts for cloud native Azure replacements if the legacy database schema is also provided
Safety guardrails for Claude Code. A seatbelt, not an armored car.
A fast, asynchronous IP Threat Intelligence tool for security analysts. Scans bulk IPs using AbuseIPDB & VirusTotal with custom risk scoring and forensic reporting.
This notebook explores a proof of concept (POC) of auditing crypto asset activity according to the travel rules and amount thresholds.
Premium GQ-level cybersecurity website template - AI-native security platform design
social media reader proof of concept
Educational Proof-of-Concept for the Dual_EC_DRBG backdoor (CVE-2014-8610) - NIST P-256 state recovery attack demonstration
header_security_scanner
A Salesforce proof‑of‑concept that enables cross‑org access to data without third‑party tools or full data sync. The solution provides bidirectional CRUD for core records via REST and dashboard management via the Metadata API, all surfaced in a single LWC
cyber security
Password analyzer that evaluate password, strength, using trophy, calculation, pattern, detection, and security focused your text
Network and Web Security
SecurityMiddlewareLab
This project merges the packet-level detection of an IDS with Zero Trust verification principles.
SecurityPo2
Randori External Attack Surface Management (EASM) an IBM Company for Splunk enables security teams to discover, monitor, analyze, and operationalize external attack surface data directly in Splunk—without relying on the Randori External Attack Surface Man
AI-Powered Security & Monitoring
Preventive security infrastructure for cloud-based AI assistants and AR systems.
AI-powered security vulnerability scanner that runs locally via npm with zero infrastructure. 131+ OWASP rules, 15 languages, free AI analysis, MCP server for coding agents.
Pre-flight transaction security checker - simulate before signing
Cyber-Security-Project-
Welcome to Moyo — your all-in-one solution for everyday needs. Whether you need a plumber, nurse, interior designer, or assistance with organizing a religious ceremony, Moyo connects you with trusted and verified service providers across domestic care, se
A **modern, web-based RTSP NVR dashboard** for Linux with **audio + video streaming**, **event-based recording**, **timeline playback**, and **volume-triggered audio capture**. Built for **home labs, MSPs, security engineers, and Proxmox users** who want
Real-time • Safety-first • Raspberry Pi ready • Dockerized • Open-source
It was used to check the fake news that over spread in social media which is like fake image, news, videos ,audios to detect that it was real or fake to prevent across the fake people and hackers
Generate a structured implementation brief for: A shell script linter that checks bash scripts for common mistakes, security iss
VibeHacking
Catch And Tame! Script 2026 • Auto Catch • ESP • Speed Hack • God Mode • Teleport • Infinite Stamina
Proof of concept implementation of Incentivized Self-Organizing Agent Networks.
better-hack 2026
leeds hack 2026 code
spark-hacks
Proof of concept implementation of Incentivized Self-Organizing Agent Networks.
App para la resolución de TTY
Hack The Throne IIIT Una Hackathon
A project to create a membership service website for Ace Job Agency, a company who is transforming their traditional business model into an online presence
🛡️ Security scanner for AI agent skills — 68% contain vulnerabilities
Hardened Ubuntu EC2 server using SSH key authentication, firewall rules, Fail2Ban, and automatic security updates.
AI used in the security domain to help detect weapons, aggressive behavior and fatigue within vehicles to improve the safety of both passengers and drivers
Sample runbook and monitoring notes for proof-of-concept technical tests
Read Hacker "Nius" from your Terminal!
github repo for Hack the Coast 2026
Our case for Pulsar_Hack
Here you can see and read through reports of various targets,including HTB machines and other vulnerable websites(phpvulnweb)
Security-hardened MCP server for Excalidraw with API key auth, rate limiting, real-time WebSocket sync, and 14 diagramming tools
Logfire Proof of Concept for Swarmlens
Security-Operations-
Tidal Hack 2026
Parse URLs. Searches for potential vulnerabilities. Checks for XSS and SQL injections. Looks at security headers.
Brain-to-robot intent decoder: decoding EEG brain signals into humanoid robot commands at 24ms latency. Multi-robot fleet orchestration with one human supervising 10+ autonomous robots. Hack Nation 2026 - ThoughtLink Challenge (Kernel & Dimensional).
Secure Cloud Storage and Backup Management System using AWS. Implements Amazon S3 for centralized storage, versioning-based backup and recovery, IAM for role-based access control, and encryption for data security, ensuring high availability, protection, a
(Hack the Coast UBC)
Security-Suite
Generating a proof-of-concept btc/lightning Alice & Bob scenarios demo using the alby-agent-skill, using claude code tasks
AI-powered document analysis with enterprise-grade security and features
hack the coast 2026 🔥
WinSecurity-Simulator — это образовательный проект на Python, демонстрирующий механизмы взаимодействия с системными ресурсами Windows, такими как реестр, управление громкостью, видео-потоки и манипуляция рабочим столом.
AI-driven Broadcast Technology News Portal & Hybrid Bento Grid Hub. Real-time insights on ST 2110 Infrastructure, Cloud Playout, Streaming, and Media Security. Automated via GitHub Actions with a rolling archive for high-performance delivery. Tags -
A little HIL proof of concept
proof-of-concept
Proof of Concept for CVE-2026-1281 & CVE-2026-1340 - Ivanti EPMM Pre-Auth RCE via Bash Arithmetic Expansion
hack the coast 2026
A proof of concept UI for an app where you scroll bets
A patcher is a tool that applies targeted updates to software or firmware to fix bugs, close security vulnerabilities, or improve stability without reinstalling the entire system. Patchers help keep systems secure and reliable while minimizing downtime, e
hack McWiCS 2026
Secure web application built using Flask and MySQL as part of Cryptonic Area's Cyber Security Virtual Internship. Implements authentication, authorization, secure password handling, input validation, and protection against common web attacks.
Trust, but verify. Security certification for AI agent skills. Dual-badge system: technical security + adoption signals.
I developed a proof-of-concept SOC automation tool using Python. The system parses security logs, detects suspicious activity using rule-based logic, enriches alerts with threat intelligence, simulates automated responses, and generates security reports.
Hack McWiCS 2026 Repo
A place where I can work on setting up AI ideas. This will include proof of concepts (POC), thought maps, etc.. Repository is mainly a place to store an updated list of things to try and how to get it done.
Black Net — Network & Security Challenge
Hands-on networking labs using Cisco Packet Tracer. Learning network fundamentals from basic concepts to certification prep. Covers IP addressing, routing, switching, protocols, and security basics. Building networking knowledge as foundation for cybersec
Hack The Box machine writeups and documentation
A portfolio showcasing IT security projects, including hands-on labs, case studies, and applied cybersecurity concepts.
This skill helps beginners secure their Linux VPS step-by-step. It sets up a firewall, private VPN access (Tailscale), automatic updates, and hacker protection (Crowdsec/Traefik). It’s an easy-to-follow guide that turns a fresh server into a secure fo
-Mr-Who-s-Hacking-Hub-
Code for UGA Hacks 11 - Bank Statement Analysis
🛡️ AI-powered risk oracle for DeFi agents built on Chainlink CRE. Detects honeypots and price manipulation using GPT-4o-mini synthesis and real-time security data.
🧪 VulnLabz is a hacker-style test lab for your web app: run security regression scenarios (SQLi, IDOR, SSRF, brute force) and catch broken defenses before release.
My first flavortown project based on the personal website hack club workshop.
A disaster response program useful for a post-disaster. Made for Hack the Coast 2026
A complete ethical hacking learning pathway from scratch covering networking, Linux, web security, penetration testing tools, cloud security, and practical labs with real-world cybersecurity examples.
Sui NFT are different, this is how for the hack money 2026 ethglobal hackathon
Security assessment and threat model for ClientHub CRM – Nexcell Solutions Internship Project.
“A curated collection of 2026’s hottest cybersecurity trends, hacker buzzwords, and AI‑powered attack & defense insights — for red teamers, security enthusiasts, and cyberculture fans.”
Web security labs: XSS, IDOR, Authentication flaws
Multiplayer proof-of-concept
WICS Hack Project
A modern, security-first init system written in Rust
PhishGuard is a Flask-based security project that detects phishing attacks in Emails, SMS, Files, and URLs using machine learning models. Designed as a student project, it demonstrates how real-time detection and a user-friendly web interface can enhance
Educational phishing awareness simulation for cybersecurity training by cy.Chokz
🛡️ A Python-based Backdoor Proof-of-Concept (PoC) demonstrating C2 communication, persistence mechanisms, and remote command execution for educational analysis.
These are my different labs which helped me gain hands on experience and various digital forensics team activity.
ProofOfConcept
SecurityCheck
Proof of Concept for CVE-2026-0770 - Langflow Remote Code Execution
First POC | GastroForge
AI-powered security investigation tool that autonomously hunts suspicious activity
Linux is everywhere in cybersecurity — from servers to cloud environments to security tooling. In this hands-on lab, you’ll learn essential Linux commands, navigation, and workflows that every cyber professional should know. Perfect for beginners or anyon
A post-quantum secure chat app protects messages from today’s hackers and future quantum computers. It uses quantum-resistant encryption with end-to-end security, forward secrecy, and safe key exchange, preventing “harvest now, decrypt later” attacks and
Project for WiCS Hack 2026
A browser-based FPS Star Wars GoldenEye 007 inspired prototype set in the Star Wars Universe (NOT FULL GAME). This proof-of-concept focuses on navigating map setting, level architecture, first-person traversal, and weapon handling mechanics.
Automated public SBOM repository for all Contrast Security products
Project for UGA Hacks 11
UGA Hacks 11 !!!
Better Hacks 2026 @ YC (Better Auth)
ThApo Proof of Concepts
Spring-Security-api
Test automation for legacy systems (mainframes, terminals, TN5250) with deterministic state-based workflows instead of timing hacks.
Official documentation for KoreShield - Open-source security platform protecting LLM applications from prompt injection attacks
some life hacks for Sophos XGS Firewalls
WIn Hack 2026 Project using NextJS Framework
QWER Hacks 2026 Hackathon Project
A proof of concept for a GitHub-native leaderboard system, self contained and deployable in GHEC
AI SOC Co-Pilot for monitoring and detecting security threats in student networks
tidal hack project for the spring of 2026
A learning project built to explore Spring Boot security and OAuth2 authentication using Facebook.
Mr-Whos-Hacking
Managed OpenClaw hosting for indie hackers — AI co-founder on Telegram, Discord & WhatsApp with startup skills built in.
This repository contains the source code and proof-of-concept (PoC) implementation described in the book chapter: "AI-based Health Assessment of Greenhouse Crops: A Case Study for Sustainable Agriculture".
Key Features Security: 🔒 Zero-Knowledge encryption 🛡️ AES-256 military-grade crypto 🔑 PBKDF2 100,000 iterations ⏰ Auto-lock after inactivity Functionality: 📱 Multiple credential types 🔍 Search & filter ⭐ Favorites 🎲 Password generator 📋 Auto-clear cli
Monitors prices of securities
MCP Gateway + Gemini 3 Hackathon Submission - AI-powered MCP security gateway
Notas y prácticas de Hack The Box Academy (formación en ciberseguridad)
Hostile attack page for testing QAMax demo crawl pipeline security
Hands-on exercises from Linux Basics for Hackers by OTW, covering networking, file management, and Linux fundamentals.
Revolutionary security scanner for AI agent skills - LLM-powered semantic analysis, attack chains, behavioral sandbox
Linux-Security-Scanner
Python-based Cybersecurity toolkit with multiple security utilities (Port Scanner, Password Checker, Hash Generator, URL Checker).
A Spring Boot demo project showcasing JWT-based authentication, Spring Security, RBAC, and RESTful API best practices.
This repo is for our project in Hack the diff.
Graeme Edwards | Security Engineer. Leveraging adversarial insights (Nmap, Metasploit) to build resilient defensive architectures. Portfolio highlights include CIS-aligned Windows hardening, SIEM pipeline engineering, and packet-level forensic analysis (W
AI-Powered Oracle for Model 4 Real World Asset Tokenization with Anti-Replay Security
Intro to Red Team - By Hack The Box
Security-Services-Card
Ollama Scanner v3.0.0 - Network security scanner for Ollama instances with vulnerability detection
Proof of concept: Press release fine-tuning pipeline
VALORANT Cheat - Aimbot, ESP, Ragebot hack, Skinchanger & more! Regularly updated.
Network-Security
🦨 Seguridad ética y despliegues automáticos por Zorribandi. Protegiendo la red, un commit a la vez. 🛡️💻
Hacking-exercises
Security Operations & Architecture Labs - SOC Analyst Portfolio
Proof of Concept (POC) for FINERACT-2439: A secure, high-performance Backend-for-Frontend (BFF) for Apache Fineract
Asterisk PBX Proof-of-concept setup using Incus and Opentofu technologies
A calm, terminal-native news reader for the Cyber Security Professional who lives in the terminal.
just some files
Hack To The Future
This repository contains a Proof of Concept (PoC) for CVE-2025-49132, a critical vulnerability in Pterodactyl Panel versions < 1.11.11.
Brainrot Evolution Script 2026 • Auto Evolve • ESP • Speed Hack • Infinite Points • God Mode • Teleport
Generating a proof-of-concept btc/lightning Alice & Bob scenarios demo using the alby-agent-skill
proof of concept beslisboom
Batch check domain mail security configuration including MX, SPF, DKIM, DMARC records with risk assessment and remediation recommendations.
CI/CD Pipeline Security Scanner to Detect secrets, vulnerabilities, and misconfigurations
Workspace de hacking intelligent & coach méthodologique aveugle pour Hack The Box — Exploite les extensions natives de Claude Code
Onboarding Proof of Concept
MikroTik-Security-Hardening-Script-
SECURITY IN CLOUD COMPUTING AND IOT
Secure MERN Starter - Production‑ready Next.js + Node/Express + MongoDB with secure auth, RBAC, security headers, rate limiting, validation, secrets hygiene, and CI security checks.
globex-security
Low-Cost Autonomous AI Weeding Robot for Smallholder Farms (Proof of Concept)
test/proof of concept for creating pdf-ua with PHP
Etherlink-focused x402 proof of concept using Permit2: custom facilitator, paid store API, and wallet storefront demo for BBT micropayments (USDC/EIP-3009 not currently supported on Etherlink).
security-trainer
Daily Facts 4U is a single-page micro-knowledge app that serves daily holidays, historical events, facts, hacker quotes, famous quotes, and nerdy need-to-know bites from local JSON. It features an animated menu, reload buttons, and a footer with branding.
i Proof of Concept Application
Complete home network control center for Raspberry Pi with Telegram bot, Pi-hole, VPN split routing, and security monitoring
Useful security and automation tools by Niko Black
Argo-Style Arithmetic Garbled Circuits Proof of Concept
HackingDay
A simplified version of Minecraft as a proof of concept FEAL FREE TO MAKE IT BETTER
Minecraft pvp hacks, made as joke.
A trial server targeting MCP usage proof of concept
Black Net — Network & Security Challenge
Simple Message Queue in Go A lightweight, proof-of-concept message queue implementation in Golang with HTTP API support. This project demonstrates the core concepts of message queuing systems like RabbitMQ and Kafka. ⚠️ Note: This is a learning project an
it's my first backend project of spring boot learned about amazing things like redis,kafka,jwt tokens proper working of api's and spring security
PCOS-Weight loss hacks
course-2-play-it-safe-manage-security-risks
Proof of Concept for Caddy with Cloudflare DNS Challenge
AI-powered content generation platform with device fingerprinting security, Groq LLM integration, and TTS capabilities
OpenAPI static security scanner
Unofficial proof-of-concept Windows port workflow for Codex MacOS app.
proof of concept for a freelance job
prism proof of concept
AI-powered security audits for OpenClaw
Dependency-free CLI + GitHub Action to scan JS/TS repos for MCP/tool-server security footguns (CORS, eval, exec, etc.)
Security-Notes
This is a proof-of-concept demonstration created to showcase ServiceNow-AWS integration capabilities. It demonstrates best practices for cloud automation, API-first architecture, and enterprise workflow integration.
Play Clash Royale with your voice. Five-tier AI routing system combining on-device speech recognition, computer vision, and cloud LLM strategic reasoning. Built for the Supercell Global AI Game Hack.
lean4-ogp-zk-security
ClearanceOS automates the "dirty work" of security clearances by converting unstructured police records into legally cited, adjudication-ready "Statements of Reasons" in seconds, not weeks.
Supercell Global AI Game Hack -project.
Proof of concepts for potential Kapso primitives
Cybersecurity portfolio built with Next.js (React), focused on projects in monitoring, logs analysis, and security practices, developed with support of generative AI.
Security-monitoring-agent
Some Proof of Concept Solutions for Firqua
Terraform Proof of Concept for Azure VNet Peering with private connectivity between VNets
GitHub Action that runs CodeQL analysis, prioritizes security issues, and dispatches Devin sessions to fix them in batches
Intelligent security monitoring agent for real-time threat detection
I developed a professional services showcase website for an intelligence and security consulting firm, focused on discretion, credibility, and analytical branding. The project included full UI/UX design, and responsive web development.This project demons
A simple web tool that helps security testers find vulnerabilities in websites by automating the boring parts of testing HTTP requests.
Step-by-step guides for installing and running OpenClaw, an open-source AI agent, on Mac, Linux VPS, and AWS covering setup, security, messaging channels, Google integration, skills, and monitoring.
TESTING HACK FOR QR CODE SCAN
Professional MERN e-commerce platform featuring a high-fashion minimalist aesthetic. Includes variant-level inventory, JWT/Google authentication, real-time WebSocket order tracking, and secure checkout. Optimized for high-performance deployment and produc
Security scanner for OpenClaw AI agent configurations. 128 checks, MIT license, runs in under 1 second.
Setting-up-a-SIEM-Security-Information-and-Event-Management-Security-Onion-
Sublime Security Rules
Quantum Computing in a plugin, proof of concept plugin
NEW UI HACK
A proof-of-concept service desk platform.
This is a test proof of concept to have a file based pglite running from the command line.
💘 Hack My Heart — A Cybersecurity-Themed Valentine's Day Interactive Experience
Proof of Concept for a Server-Side Template Injection (SSTI) vulnerability in Calibre’s Templite engine (GHSA-xrh9-w7qx-3gcc). Demonstrates arbitrary Python code execution via user-supplied HTML export templates in affected versions (≤ 9.1.0).
hacker antisocial media for the cool kidz
Industrial Control Systems (ICS) security research - CVE discoveries, technical publications, and conference presentations
Hacking-MCP
🔐 Comprehensive Cybersecurity Projects Collection | Password Strength Analysis | Encryption & Decryption | Ethical Hacking | Security Tools | Python
webAppSecurity
securityTraining
MCP-Based-LLM-Security-Gateway
"Secure Todo Application demonstrating real web security practices (Authentication, Hashing, Input Sanitization, Session Control) built during Cryptonic Area Virtual Internship"
Python-based security automation and SOC log analysis tools
A remake of Balatro on 3ds to be run on LovePotion. This is more of a proof-of-concept build that will maybe be run through DevKitPro for more optimization, especially for older 3ds models
Security audit toolkit and resources from Pertama Partners
Security Solutions
sshit is a research implementation of an SSH-like protocol in Rust with a focus on transparency, systems thinking, and security.
Hosting panel focused on security and performance.
proof of concept fastapi + redis
Don't get pinched. Security audit toolkit for OpenClaw deployments. 63 checks across 8 categories.
ابزار امن‌ساز کافه‌پرشین یک پلتفرم تحت وب بسیار قدرتمند، مدرن و کاملاً امن است که برای مبهم‌سازی (Obfuscation) و رمزگشایی (Decryption) متن‌ها، لینک‌ها و کانفیگ‌های حساس طراحی شده است
A proof of concept script for parsing the lines of text on a receipt to get the food item on that line., if it exists.
AI-powered web application security scanner for reconnaissance, WAF detection, and vulnerability discovery.
A security system for checking when a kid left school and who came for them , to mitigate kidnappings that are not resolved.
Cybersecurity | CompTIA Security+ | FTN Novi Sad Student | Specialized in Defensive Systems.
JavaScript-based extension for detecting potentially malicious email content using pattern-based analysis
Source Code of our Unity Project for the Supercell AI: Global AI Game Hack.
Tartan Hacks 2026
CyberShield-AI-driven-multi-layer-cyber-security-framework
Educational ARP Spoofing (Man-in-the-Middle) script for learning network security concepts. Demonstrates how ARP cache poisoning works in a controlled lab environment to understand attack vectors and defenses. For educational use only — never deploy on ne
17 universal baseline skills for Claude Code — code review, debugging, security, auth, accessibility, and more. Follows the SKILL.md open standard.
Comprehensive documentation for CloudLens — Graph-Based Infrastructure as Code Security Analysis
A proof-of-concept for zero-copy/zero-serialization ideas focusing on C++ backbone
security-portfolio
Security Research
A hands-on cybersecurity lab portfolio documenting blue team, SOC, and defensive security exercises. Includes step-by-step methodologies, tools used, screenshots, findings, and lessons learned from real-world and simulated security scenarios.
Production-grade monitoring, alerting, logging, and security controls for highly available AWS environment using Terraform, with secure secrets management and operational best practices.
Test Blog Proof of Concept
Metadata editor for images and videos. Edit, view, and strip EXIF data directly in your browser with enterprise-level security and performance.
Tartan Hacks
RAG Proof of concept for LLM integration
Essential skills for Claude Code — security auditing, hardening guidance, and more
Proof of Concept
Secure-by-default Go MCP server starter (CORS allowlist, size limits, optional auth)
A proof-of-concept MCP server demonstrating how to scope an AI agent's file access to a user's permission boundaries using OAuth 2.0 delegated authorization, Auth0 RBAC, and Google Drive.
Secure-by-default Node.js MCP server starter (CORS allowlist, size limits, schema validation)
Advanced Open-Source Mobile Security to detect and block spyware
Spring Boot 4.0+ auto-configuration for Logback Access. HTTP access logging for Tomcat/Jetty with Spring Security, TeeFilter, and profile-based configuration.
Security-first Rust framework for request inspection & decision making
Simple Proxy API to retrieve a list of Stories ordered by score, obtained from Hacker News
🍲 Cloud security data in one pot — bronze/silver/gold layers for insights & compliance
I am saving up my notes while doing Presecurity learning path on Try Hack Me. Hope it will help others also.
DVLD is a comprehensive desktop application designed to manage the lifecycle of driving licenses, vehicle registrations, and traffic violations. Built using **C#**, **.NET Framework, and SQL Server, this project follows a strict 3-Tier Architecture to e
Security Triage using AI
cyber-security
This repository contains my personal cybersecurity portfolio website designed to showcase my technical skills, security projects, certifications, and hands-on experience in cyber defense and security automation.
AI assisted app that allow you to plan out a security system. (Work in Progress)
Intelligent macOS security scanner that identifies unsigned apps, Gatekeeper violations, and suspicious persistence mechanisms with context-aware risk assessment. No false positive fatigue.
SecurityScanner — Fast CLI security scanner for AI agent ecosystems. Detects prompt injection, command execution risks, secret leakage, and supply-chain threats across SKILL repos, MCP servers, browser/IDE extensions, and codebases. Built with Bun + TypeS
security-guard-deploy
A lightweight, Security Information and Event Management (SIEM) application focused on Application Security (AppSec)
SY0-701 Investigation Game For Security+ Cert
ML-based anomaly detection for OpenStack Keystone API calls with dynamic trust scoring.
A series of technology tests for services that could be developed in Phase 6 b of eReefs
🔐 Generate secure passwords quickly with this C++ command-line tool, featuring interactive options and guaranteed character diversity for enhanced security.
RTOS-based ESP32 home security controller using ESP-IDF
marliz-security-audits
Ansmart Browser is a modern, lightweight web browser built for speed, security, and simplicity. Experience smooth browsing, fast page loading, and a clean, intuitive interface designed for everyday internet use.
Style hacks
Aegis is an OS-adjacent AI mediation system designed to interpret human intent, explain consequences, and enforce explicit boundaries before any action is taken.
AI-driven arcade platform combining multiplayer games, real-time AI via GCP and Ollama, hardware and audio interaction, and an integrated hacking module with offensive and defensive security challenges running in isolated sandbox environments.
a web site
Snapper - Security rules manager for AI agents (OpenClaw, Claude Code, Cursor)
ProxyWave Meet || Enterprise-grade screen share meetings with security, control, and scale.
Safely run cloud security testing with Claude Code / Desktop
UltraV10lence Hacked Client - ddrace network cheats
🚀 Automate Instagram account creation efficiently with this Python tool, simulating real browser behavior for optimal performance and security.
Security middleware for Solana agents. Transaction firewall, prompt injection defense, audit trails.
SECURITY
A production-grade, full-stack real-time communication platform built with scalability, security, and modern UI/UX principles in mind.
一个基于 Spring Boot 2.7.18 、 MybatisPlus、 JWT、Spring Security、Redis、Vue的前后端分离的后台管理系统
IronClaw is OpenClaw inspired implementation in Rust focused on privacy and security
Control layer for autonomous AI agents. Safe actions run automatically. Risky actions wait for approval.
🔍 Enhance your security knowledge with 88,636 real-world vulnerability cases from WooYun, providing practical insights for effective risk management.
🚀 A complete hands-on journey to master Kubernetes for DevOps — covering core concepts, networking, scaling, deployments, security, and real-world cluster operations from beginner to advanced.
🛡️ Automate vulnerability scanning with a user-friendly dashboard that integrates top security tools for efficient assessments and real-time tracking.
🛠️ Gather critical domain information and test web security with Lucas Kit's powerful tools, UltraDNS and SiteStress.
Web-security
A Small Script to unlock PDF files wich cant be shown in the Preview Handler because of stupid Windows security features-
Unified messaging for browser applications
Sandboxed LLM code execution environment with infrastructure-level security controls
A Security-First Identity Provider (IdP) for Scalable Legacy Systems
A data-driven dashboard for visualizing cyber threats using simulated security incident data. It highlights attack trends, geographical hotspots, and vulnerable systems through interactive charts and maps, enabling faster threat analysis and improved cybe
A secure credential proxy for CLI tools. Executes tools with secrets on behalf of sandboxed processes - credentials never enter the sandbox.
🚀 Build a modern Internal Developer Platform with IDP Core, showcasing production-ready Infrastructure as Code, GitOps, and Observability patterns.
🌐 Monitor and analyze smart home networks with our IoT platform, integrating device data and security feeds for seamless automation and insights.
🛒 Build a Flutter + Firebase commerce app that features a complete shopping experience with a clean architecture and an integrated AI layer.
repository for my .NET Internship at Codveda Technologies. It covers C# OOP, ASP.NET Core MVC, Microservices, and Azure. I’m implementing JWT security, Docker, and scalable logic to meet internship requirements. Includes video proof and documentation.
Restoring Jay Fenlason's original 1981—1982 Hack to run on modern Linux.
BrowserStream Studio is a secure, local-first, web-based streaming application inspired by OBS. It supports multi-platform streaming (Twitch, YouTube, Kick), a live video preview, a plugin system, and strong security by default. All user data and plugins
Security Attendane Manager
A proof-of-concept Progressive Web App (PWA) demonstrating push notifications triggered from a Python Flask backend.
Smart API Security Scanner is an educational security tool for analyzing REST APIs and detecting common vulnerabilities based on the OWASP API Security Top 10. It performs automated, non-destructive checks and provides clear explanations, impact analysis,
AI Chatbot Hacking Repo for CactusCon 14 in 2026
🛡️ Build a Secure Hub-and-Spoke network in Azure using Bicep for efficient management of shared services and centralized security.
Optimized Dockerfile templates with multi-stage builds and security best practices
🔍 Detect and fix RBAC vulnerabilities in REST APIs by comparing access responses across different user roles for enhanced security.
🔒 Manage your passwords securely with Passkeys CLI, a production-ready password manager that uses AES-GCM encryption and provides a user-friendly terminal interface.
A lightweight alternative to Clawdbot / OpenClaw that runs in Apple containers for security. Connects to WhatsApp, has memory, scheduled jobs, and runs directly on Anthropic's Agents SDK
🛡️ Assess security with SecCheckmate, a framework featuring 200+ tests across five domains for professional-grade vulnerability detection and compliance.
🕵️♂️ Elevate your security testing with Gh0stFramework, a powerful tool for performing penetration tests and enhancing your cybersecurity measures.
A clear, step by step Windows 11 setup and troubleshooting guide designed for IT Support and beginner friendly security hardening. Includes screenshots, explanations, and real world workflows.
Security monitoring and vulnerability assessment platform
Fedora Silverblue with custom security patch
ProjectMap V9 - Laney Lab Autonomous Racer Hack
SwiftUI proof-of-concept for pulsed and continuous haptic feedback on charts
A beginner-friendly vulnerability assessment project performed on a live website using passive security testing techniques. Includes risk classification, business-level explanations, remediation steps, and a professionally designed report.
Identity Provider: Secure OAuth2/JWT authentication service with multi-role support and MFA capabilities.
TypeScript/JavaScript SDK for AI Agent Security - Drop-in security for LangChain, CrewAI, AutoGPT and custom agents
A reusable OpenTofu (Terraform) configuration for managing AWS Organizations Service Control Policies (SCPs)
Zero-code K8s sidecar for log sanitization. Detects secrets via Entropy Analysis, preserves JSON integrity, and redacts PII deterministically. 🛡️
Advanced Remote Device Security & Management System
Security framework for RAG systems
security-controls-mcp
Documentación de los retos CTF
esp32-security-system
smart_security
Here will appear my projects for Hack club
LLM_SECURITY_PROJECT
Enterprise-grade platform for deploying autonomous AI trading agents on Solana. Built on ElizaOS with secure wallet infrastructure, institutional-grade security, and full US regulatory compliance.
Handy is a Kotlin-based Android proof-of-concept implementing a privacy-aware location-based help service inspired by the SamaritanCloud model. The system relies on blurred location profiles, local distance computation, and distributed matching to enable
proof of concept produced with colab: we presented this in the jan 2026 undergraduate biomedical engineering case comp; by arya bari, marlene bucher, and vicky kuang. full abstract underway
Pocket Notes - A full-stack, responsive note-making application with group-based organization. Built using React, Node.js, Express, and MongoDB. Features secure JWT authentication, real-time search, modular CSS, and a mobile-first UI. Optimized for securi
Framework-agnostic Telegram Bot SDK for PHP, built on Guzzle, with async update handling, client models, processors, and security-focused obfuscation for tooling.
Proof-of-concept for Elixir schema validation, demonstrating expressive and composable schemas on top of Zoi.
Some Mestastic Hacking
TEHQEEQ (تحقیق - meaning "Investigation" in Urdu/Arabic) is a comprehensive network reconnaissance framework designed for security professionals and penetration testers. Built with modularity and ease of use in mind, TEHQEEQ provides extensive intelligenc
Proof of Concept per il capitolato. Artefatto da consegnare con l'RTB.
Portfolio command center for indie hackers. Track traffic, health, and traction signals across all your products.
Project 1
website for Hack a Castle (Noble and Greenough's school hackathon)
CAPSTONE Project. A centralized web-based platform to automate recruitment and organize personnel deployment for the Aloha Security Agency.
A serverless URL shortener powered by Cloudflare Workers at the edge.
Network-Security
Python-based automated internal network security assessment tool
i store my dsa problems of leet code,hacker rank and code ninja.
HIPAA Compliance Platform - Security Risk Assessment, Policy Library, and Expert Consultation
Hacker News daily digest, curated by LLM.
The Ultimate Hybrid RAG Framework: Local/Remote LLMs, Live Watcher, Deep Profiling & Security.
Email-based signup/logi with email verification, password recovery and soft delete support. Designed to be stateless, API-first, and easy to plug into any backend or microservice architecture.
A practical networking portfolio showcasing CCNA labs, security fundamentals, and network automation with clear documentation and real-world simulations.
ML Project for the network security
A Secure ClI Password Generator
VettID Backend Infrastructure - AWS CDK, Lambda handlers, Nitro Enclave
Secure messaging without smartphones. Native SimpleX Protocol implementation in C for embedded systems. Features Hardware Abstraction Layer supporting multiple MCU platforms, hardware security modules, and three device tiers from maker-friendly to state-l
ethical hacking labs and reports
DevScan is an AI-powered automated code audit platform that analyzes source code on every GitHub push or pull request. It detects security vulnerabilities, logical bugs, performance issues, and clean-code violations, and proposes actionable fixes using la
Hyperbolic Geometry AI Safety Framework - 14-layer exponential security boundary with Lyapunov stability, Hamiltonian CFI, and post-quantum cryptography (Patent Pending)
CTF/Hacking/Boxes write-ups - Educational resources for penetration testing and ethical hacking
SQLite row/column/table level security
Cyber Security Lab Submissions
Security guard service quoting platform with ML-powered pricing
MLOps-Data-Science-Network-Security-with-AWS
Ethical Hacking & Penetration Testing
security-movil
A minimal ForwardAuth gateway for Traefik and Nginx that handles login sessions and request access control. / 面向 Traefik 和 Nginx 的极简 ForwardAuth 鉴权网关,负责会话与访问控制。
CBP Repo for code related to the project on soy monoculture and its effects on risks to food security
Repostory of the various cryptography algorithms I learn during my 6th semester
Backend of the university security project Safeo
Hackers' Notes
Professional portfolio showcasing offensive security skills: AD exploitation, vulnerability research, and tool development.
🤖 40 specialized AI agents for software development - bug fixing, testing, security, UI/UX, and more. Works with Claude Code, Codex CLI, and other AI coding assistants.
Hack client for Eaglercraft 1.12
Cryptography as a service. Post-quantum ready (ML-KEM, ML-DSA), FIPS 140-2/3 compliant, context-driven encryption with zero-config SDKs. - "Life is hard but cryptography doesn't have to be"
A technical project archive showcasing hands-on work in security analysis, penetration testing, malware detection, and secure database implementation. Documentation and samples only.
🛡️ Generate and detect homoglyph attacks with this Python toolkit, enhancing awareness of Unicode phishing and aiding in CTF challenges.
🚀 Streamline development with KavaHub, a cloud-native solution for real-time data convergence, offering security, scalability, and efficiency for Go projects.
🔍 Track and test WhatsApp devices easily with WaSonar, a CLI tool for educational research and security analysis, leveraging Baileys.
🚀 Enhance call stack security with Moonwalk--, a PoC that combines Stack Moonwalking and memory self-encryption to protect shellcode from inspection.
🔒 Implement secure file uploads with Cloudinary, ensuring safe handling of user data through signed uploads, private assets, and temporary download links.
🔒 Enable secure data exchange with SecretNet's real-time encryption and access control, designed for robust Rust development and enhanced productivity.
🔄 Demonstrates rolling code authentication for secure vehicle access using STM32H533RE, inspired by advanced steering column lock systems.
🔍 Simulate real-world web attacks and enhance financial security through comprehensive incident response, secure protocol design, and access control evaluation.
🛡️ Control and monitor internet access on Windows without root access, enhancing privacy and security with user-friendly, application-specific filtering.
🚓 Search surveillance footage offline using AI. Analyze videos with natural language queries for enhanced privacy and security.
A CLI tool for automated firmware extraction, analysis, and vulnerability detection. It identifies embedded systems, extracts file systems, and performs security checks, providing detailed reports for researchers and developers to enhance IoT and embedded
🔍 Scan for dependency confusion vulnerabilities in your projects to enhance security and protect against potential threats with ease.
A robust Python-based IoT device scanner designed for comprehensive network discovery, vulnerability assessment, and security reporting. It identifies active devices, open ports, common services, and weak credentials, providing actionable insights to secu
Open-SSPM is a small “who has access to what” service. It syncs identities from Okta (IdP) and permissions from connected apps (GitHub, Datadog, AWS Identity Center). Demo: admin@admin.com / admin
🛠️ Test and validate the CVE-2025-55184 vulnerability in React Server Components to enhance your application's security against denial-of-service attacks.
A predictive safety architecture for estimating drowning risk in inland water bodies using environmental data analysis. (Proof of Concept)
Origin Korea - Token Analytics & Security Audit Platform
🛡️ Explore network security with this educational toolkit to understand device behavior, misconfigurations, and the importance of modern protections.
🔒 Implement a security proxy for Model Context Protocol using ensemble anomaly detection to classify requests as benign or attack for enhanced safety.
GateKey is a zero-trust VPN solution that wraps OpenVPN. Users authenticate via their company's identity provider (Okta, Azure AD, etc.) and get short-lived VPN credentials automatically. No passwords to remember, no certificates to manage.
🔒 Build secure applications easily with GuardianJS, a powerful JavaScript library designed for seamless authentication and user management.
This Platform is a Java Full Stack project built using a microservices architecture, where users can create service requests and providers can accept or reject them. The system is designed with a frontend-first approach and focuses on scalability, securit
🔍 Detect and stop secrets from leaking in your code with ShepScan, the AI-native solution for modern development teams.
AnXinSecurity
Cybersecurity platform offering domain/IP scanning, WHOIS lookups, port analysis, and phishing detection. Upcoming: VPN config generator, SSL/TLS scanning, AI security chatbot, and automated PDF reports. Built with security-first architecture including SS
Collaborative application security testing between humans and agents via CLI and MCP
Micro Big Brother Simulator - Proof of Concept of NPCFramework
🛡️ Monitor code security in real-time with SecureWatch, an IntelliJ IDEA plugin that identifies vulnerabilities and offers detailed fix suggestions.
🛡️ Analyze WordPress security with WP-Audit, an AI-powered tool that detects vulnerabilities and generates detailed reports for authorized testing.
🛠️ Exploit remote code execution vulnerability in XWiki through SolrSearch, affecting the platform’s security and user data integrity.
🚗 Build a scalable car rental backend using layered architecture, Entity Framework, and best practices like IoC and SOLID principles.
🔍 Assess VPN security with VPN-BlackBox-Checker, a tool for uncovering vulnerabilities without prior knowledge or credentials.
holbertonschool-cyber_security
Flow is a lightweight Linux endpoint security tool that monitors network, process, and file activity to detect suspicious behavior, with minimal privileges and a simple, transparent design.
🖼️ Draws a playful border around the active window on macOS, blending humor with utility in a unique software experience.
An experimental registry of Package-URLs for packages that do not live a registry.
Try Hack Me Challenges Solution Step by Step
Universal security validation framework for Next.js applications
holbertonschool-cyber_security
holbertonschool-cyber_security
holbertonschool-cyber_security
holbertonschool-cyber_security
Agent Skill for PHP security audits - OWASP patterns, vulnerability detection | Claude Code compatible
A visual node-based editor for designing and deploying security rules to Fastly Compute@Edge. Build request routing, rate limiting, and blocking rules through a drag-and-drop interface without writing code.
Web Application Security Scanner
ON NO! Someone put an RPG in a packet sniffer
This repository contains all course materials for CSC 481/681: Principles of Computer Security, including syllabus, schedule, lecture slides, and assignments.
Mobile-Application-Security
A simple bash script and configs to setup a secure Fedora Xfce Minimal workstation
React dashboard for PhishGuard ML phishing detection. Real-time URL analysis with threat scoring visualization.
Intelligent AI system for code quality & security analysis with SonarQube.
basic-hack-tools
🤖 Specialized plugins for Claude Code CLI with expert AI agents. 🦀 Rust plugin included: 7 agents for architecture, development, testing, performance, security, code review, and CI/CD. Extensible for any development domain.
ShieldCI Laravel Package - Open-source static analysis and security auditing tool for Laravel applications. Includes 99+ analyzers for security vulnerabilities, performance issues, and code quality. Works with Laravel 9, 10, 11, and 12.
This project was built and submitted as part of the DevOne Hack hackathon. This repository was created to push the project to GitHub for the hackathon submission.
testing-and-security_final_2025
💻 Showcase forensic and cybersecurity skills through detailed reports on forensics, penetration testing, and threat hunting in ethical hacking.
ML-powered threat detection and alert correlation platform for enterprise security monitoring.
Smart Contract Security Researcher • Blockchain • AI • Decentralized Systems
NMIT HACKS 6th Edition
📱 Explore iPhone features with phones8, a project designed to enhance your smartphone experience and streamline your daily tasks.
Proof of Concept of Maze Game. A-maze-ing.
A proof-of-concept peer-to-peer distributed key-value storage system implemented in Java using Akka actors. The project simulates a dynamic and fault-tolerant storage network supporting replication, partitioning, and consistency guarantees across multiple
🤖 Enable hands-free online exams with an AI-powered system that uses face recognition and head gestures, designed for users with disabilities.
Proof of concept for delivery orders assistant
ZK-Camera is a proof-of-concept system that demonstrates how zero-knowledge proofs (ZKPs) can be used to prove the authenticity of an image at capture time without revealing the image or its metadata. The core idea is to generate a cryptographic commitme
ghir is a CLI making past GitHub Releases immutable
University Club Management System where students and communities come together, supporting Admin, President, and Standard User roles. Built with Spring Boot, Spring Security, JWT authentication, Elasticsearch-based logging, and secure email-based password
Jade Tipi proof of concept - Full stack application
A personal playground for all things tech 🚀 — notes, code snippets, labs, experiments, and learnings. This repo is my digital workspace to explore, break, fix, and build while documenting the journey across Cloud, DevOps, SRE, Security, Blockchain, AI/ML,
Ethical hacking is the authorized practice of using hacking techniques to identify and fix security vulnerabilities in computer systems and networks. Unlike malicious hackers, ethical hackers work with permission to improve security and protect sensitive
Fully autonomous AI hacker to find actual exploits in your web apps. Shannon has achieved a 96.15% success rate on the hint-free, source-aware XBOW Benchmark.
Proof of Concept for how to use ModelarDB for data storage in the DMMAI framework.
what's cooking in the hack club kitchen
A Proof Of Concept for me to help me understand how gRPC works.
🛡️ Simulate breach probabilities and visualize cybersecurity risk with CyberForge, an interactive dashboard for effective security investment communication.
I all the notes about the Try_Hack_me_SOC_level_1 path are available here
🖥️ Experience easy installation with Bubbles OS, a ready-to-use ISO file based on Ubuntu, featuring multiple desktop environments and secure performance.
Blue-Team-Defensive-Security
What I think is the minimum best practices needed for all new AWS Projects to ensure proper security.
Hack-N-Slash Roguelike Rhythm Game
A RESTful Journaling API using Spring Boot and Spring Security for user authentication and MongoDB for data storage.
Studies for Certified Ethical Hacker (CEH) v13.
Authentication portal that gives Plex, Jellyfin, and Emby users single sign-on into internal services. v2.0.3 adds expanded provider support, hardened security defaults, and streamlined onboarding flows for admins and members.
Proof-of-Concept educacional explorando malware staging via Library of Babel. Demonstra como plataformas legítimas podem ser usadas adversarialmente para persistência de payload. Implementa codificação reversível, busca por coordenadas e recuperação garan
Websocket Without Javascript | A proof of concept Full Duplex Connection Without Javascript, Just HTTP Chunk Encoding
Self-hosted GitHub App that validates Pull Request reviews. It helps organizations improve governance and security by ensuring PRs cannot be merged without proper approvals while keeping developer experience
Fallout 76 Hacks and Tips for Effortless Progression 🚀 Unlock Secrets Now
🔒 Build verifiable peer-to-peer applications with a zero-trust cryptographic protocol framework that ensures complete security without requiring trust in users.
task for cyber
🛡️ Protect your npm supply chain with clear guidance on detection and remediation against threats like supply-chain worms.
🔍 Detect and monitor file integrity across Unix and Windows systems using SHA256 hashing and metadata analysis for enhanced security.
🚀 Enable instant P2P USDT transactions with low fees and high security using Flash USDT, perfect for traders and businesses.
Hi there, I'm Chetan Gavali 👋 2nd Year B.Tech Computer Engineering Student at K. K. Wagh Institude Of Engineering College. 💻 Front End Developer | Passionate about Ethical Hacking. 🚀 Always eager to learn and grow — currently building "Le
A proof-of-concept exploring how Quantum Fourier Transform (QFT) performs on chirp signals — the kind of waveform produced by events like black hole mergers — using IBM Qiskit's simulator at hyper-low qubit counts.
ProofOfConcept
This project implements a Compliance-Aware Content Moderator as a Proof of Concept (PoC) using Semantic Kernel (SK) in a Google Colab notebook. The moderator evaluates user-generated content (e.g., forum posts) against a dynamic set of policies (static, s
A curated, open-source portfolio of my projects and write-ups—built in public and served via GitHub Pages for anyone to explore.
🔍 Monitor security feeds to collect alerts on vulnerabilities and updates, delivering real-time notifications to Discord for quick response.
Game hacking library and bindings to xNVSE/F4SE
FIRST ever tool to view "private Instagram accounts" (download medias without login)
🛡️ Proof of Concept (PoC) for CVE-2025-32463 — Local privilege escalation in sudo (versions 1.9.14 to 1.9.17). This exploit abuses the --chroot option and a malicious nsswitch.conf to execute arbitrary code as root. ⚠️ For educational and authorized testi
list of completed modules on Hack The Box Academy website
📊 Streamline your Docker logs into clear, actionable insights with this local, automated tool that delivers daily summaries and critical alerts.
go backend for hack-me-frontend. A platform for you to get hacked
holbertonschool-cyber_security
conp-dataset-Parcellating-the-parcellation-issue---a-proof-of-concept-for-reproducible-analyses-usin
📡 Streamline API discovery and testing for web apps with S-APICONT, a Burp Suite plugin that automates extraction and testing for security researchers.
🚀 Visualize ITSM incident predictions and analytics with this modern web interface, enabling efficient risk management and proactive decision-making.
The Cometbid Technology Foundation Monorepo-Based Frontend
Este será o projeto representando o que eu absorvi sobre o 2ª capítulo do livro: Black Hat Python - Programação Python para hackers e pentesters
🚀 Create a web-based Sliver C2 command center with Argus-Sliver, offering security researchers an intuitive, full-featured penetration testing platform.
🔐 Automate SSL/TLS certificate management with ACME Commander, a modern client focused on DNS challenges and integrated with Cloudflare for smooth operations.
Feeds - News aggregator for the discerning software engineer and security professional on the Microsoft, Azure, and C# stack. RSS output feeds as a single daily summary built using Jekyll, Python, GitHub Actions and hosted on GitHub Pages.
A Model Context Protocol (MCP) Gateway & Registry. Serves as a central management point for tools, resources, and prompts that can be accessed by MCP-compatible LLM applications. Converts REST API endpoints to MCP, composes virtual MCP servers with added
GitHub Action to update pull request branches securely
🤖 Empower your workflow with Lethe, an autonomous AI assistant that remembers your preferences and projects, enhancing productivity 24/7.
scrape hacker news metadata for data analysis
🤖 Test DevEx speed with this auto-generated repo featuring a base setup and dummy code.
Battery monitoring service for Z-Wave networks. Vendor-independent, passive RF sniffing, no cloud required. Early-stage proof of concept — traffic parsing, device identification, and network visualization.
Cyber Security StartUp
secret.py is a tool designed to analyze JavaScript files and detect sensitive information such as API keys, credentials, tokens, and other secrets that might have been accidentally exposed in the code. This tool can be useful for security researchers, bug
Full-stack inventory management system for a luxury clothing warehouse. Built with Spring Boot 3, Spring Security (RBAC), and Thymeleaf. Features distribution center REST API integration.
This project provides a comprehensive security event monitoring and notification system for AWS environments.
🔒 Streamline AWS security with reusable Terraform patterns for robust landing zones that prioritize practical controls and compliance.
Simple, hackable transformer training & inference, in bare-metal JAX
中文: 🚀 高性能开源威胁情报自动化搜集与聚合工具。基于 Python Asyncio 构建,支持 MISP/CSV/Text 多源采集、自动标准化、去重清洗及数据生命周期管理。 English: 🚀 An automated, high-performance threat intelligence collection and aggregation tool based on Python Asyncio. Supports MISP/CSV/Text feeds with built-in no
Project source code for the OHR Design and Lechnolgy collab to make a hackable electronic lamp.
This is a simple react app (mostly function proof), the UI design will be updated after this is more of a proof of concept
Authenticate to ICP canisters over HTTP (Proof of Concept)
🤖 Offer expert advice to startups in legal, finance, and competitive areas using AI-driven insights and unique cross-critique methods.
🚀 Install and cache Kiro CLI effortlessly for your GitHub workflows, streamlining your development process with ease.
🔍 Analyze Markdown content for SEO using a blend of rule-based checks and AI insights with the MD Audit agent for better optimization.
HACS Plugin to control IKEA OBEGRÄNSAD Wall Lamp hacked with ph1p/ikea-led-obegraensad and ESP device
🇳🇴 Enhance your security research with a 20 million entry Norwegian WiFi wordlist, optimized for authorized penetration testing and network analysis.
One Calendar is a privacy-first calendar web app built with Next.js. It combines powerful productivity tools with modern security features, including end-to-end encryption (E2EE), password-protected sharing, and self-destructing share links. 📅
Proof of concept design files
The Hack Club streaming service.
An optimised library for anything Roblox aim hacks related.
🔒 Enable HTTPS for Pi-hole with automatic SSL certificate generation, Tailscale DNS detection, and cross-platform compatibility for Windows, Linux, macOS, and Android devices.
Summary of my findings and learnings on penetration testing & ethical hacking concepts - based on my knowledge and research from multiple resources.
A security-focused library OS supporting kernel- and user-mode execution
Educational repository focusing on defensive security strategies, controls, and best practices to protect systems against cyber threats.
Bringing Hack Club events to you
Developing an Hospital Specific EHR System focused on enhancing data security, reducing paperwork, and improving data reporting for communicable diseases.
🔧 Build and deploy Silo V2 contracts efficiently with this monorepository, featuring integration tools and a bug bounty for security enhancements.
Sanctum is an experimental proof-of-concept EDR, designed to detect modern malware techniques, above and beyond the capabilities of antivirus. Built in Rust.
Building blockchains and security tutorials in Rust
🗃 The Vortex Launcher is an easy-to-use tool that helps you create Vortex projects, manage your tools and projects, add content from the community, and share your own content too!
A daily-updated repository providing IP address ranges for major cloud providers (AWS, Google Cloud, Azure, Cloudflare) in multiple formats with ready-to-use Nginx and Apache configurations.
plugins-melapress-login-security
🤖 Automate tasks seamlessly with KeyPresser Hardware, using Arduino to simulate keyboard and mouse actions for efficient control and operation.
Zen protects your Java app against attacks with one line of code. Get peace of mind— at runtime.
🔍 Detect hardcoded tokens and secrets in JavaScript files to enhance your code security and prevent leaks efficiently.
Applied Mathematics projects designed to keep me afloat in the realm of ML, NN, and Applied Math.
Hardware Vault / Security Key
Proof of Concept project, use at your own risk.
🔒 Protect your privacy and secure your online activities with Safe Connect, the digital security solution built for safety and reliability.
一个自由强大跨平台的十六进制编辑器 / A free, powerful, cross-platform hex editor
As a bug hunter, are your bug bounty reports getting rejected because you don't use a "malicious" Proof of Concept (PoC) app to exploit the vulnerabilities? I've got you covered!
Wiki home page for the Hacker Dojo Python Group
🚀 Exploit CVE-2025-9074 with this Docker escape framework, simplifying API vulnerabilities and enhancing security testing for developers and researchers.
ConfigServer Security & Firewall (CSF) - Robust linux iptables/nftables firewall & free ipset blocklist service.
Study note
Nuclei POC,每2小时更新 | 自动整合全网Nuclei的漏洞POC,实时同步更新最新POC,保存已被删除的POC。通过批量克隆Github项目,获取Nuclei POC,并将POC按类别分类存放,使用Github Action实现。已有41w+POC,其中3.5w+高质量POC
Retro-inspired operating system designed to be learnable and hackable by its users
Proof of concept of FDTD algorithm
This repository contains sample code demonstrating various use cases leveraging Amazon Bedrock and Generative AI. Each sample is a separate project with its own directory, and includes a basic Streamlit frontend to help users quickly set up a proof of con
Proof of concept of how the Tapestry website and documentation could be based on Antora. Intended for futher discussion with the Tapestry team.
A full-stack portfolio website that includes my tech, cyber-security, and production background.
Adds a graphical bar HUD element for SMW hacking
Independent, privacy-first, self-hostable PoW CAPTCHA service made in EU
Multi tool RF hack - Esp32 - cc1101 - Oled 8x7
Modified version of cujanovic's dns.py for DNS Rebinding attacks.
This is an attempt at creating a tool dedicated to Mega Man ZX ROM hacking.
🕰️ Measure clock skew in real-time to identify devices with Chronos-Track's advanced fingerprinting engine, ensuring accurate device recognition and security.
Teleport Operator for Giant Swarm
🛠️ Extract and analyze network-based IOCs from malware samples in various archive formats with GoVettersTools for enhanced security research.
OpenID Connect, the authentication protocol and identity layer on top of OAuth 2.0 used in many SSO and adopted in many social logins (Apple, Facebook, Google, ...etc). Find this curated list of providers, services, libraries, and resources to adopt it an
Generate a temporary access token for a github app using app id and its private key and either installtation id or installation repository name.
OCSF schema for Rust
Playwright Proof of Concept, Create Trello board through UI and API
I wanna a hacker
Performance, Accessibility, Usability, Security. If it's open-source and should be an NPM module, you'll find it here!
Online competitive hacking game made in Unity
🔒 Simplify Django permissions with a declarative system that protects views, reducing repetitive checks and improving security.
#hashicorp #devsecops #hashiconf #aws #cloud #security #ambassador #builder #hug #iac #infrastructure #ai/ml #terraform #ansible #bash #cybersecurity
🔍 Analyze and convert credential dumps quickly with dumptools, the fast Rust CLI for threat and intelligence analysts.
AWS Control Tower and Lacework allow seamless multi-account cloud security. With Lacework and AWS Control Tower, enrolling a new AWS account now means security best practices and monitoring are automatically applied consistently across your organization.
🔍 Enhance Java application security with automated code analysis, route extraction, and parameter mapping for effective auditing and risk assessment.
SonarSource Static Analyzer for Kotlin Code Quality and Security
Security hardening scripts for CTFs
Full set of AppArmor policies
🔍 Build a custom bruting list for efficient password cracking and pair work collaboration.
🔍 Identify and report security vulnerabilities in software versions and operating systems to safeguard your infrastructure against potential threats.
A Hacked up view of the DWD weather via Brightsky.dev for Sailfish OS
A utility to stream (and record) from a Remarkable2 without hack or third party dependencies
Best-practices security made usable.
Red Kite, the Extensible Attack Surface Management tool.
🔒 Securely pin Go tool versions for reproducible builds and improve your CI/CD processes with gopin, the essential CLI for version control.
security-aws
My personalized Hosts file collection of various sources, cleaned and optimized specially for pDNSf
🌐 Gather DNS and domain data effortlessly with Lucas Kit, featuring UltraDNS and SiteStress for enhanced security testing and load testing solutions.
🔒 Control identity and trust with UnifiedDomain, an experimental offline-capable solution for secure device enrollment and SSH authorization.
A react, redux, html canvas powered clone of pacman created as part of a hack day
🔍 Detect and anonymize personal data with PIICloak's API, designed for speed, accuracy, and compliance with GDPR and CCPA.
🚀 Explore high-quality skills for SpoonOS, Web3, AI productivity, and enterprise tooling with 57+ curated Python scripts across multiple challenge tracks.
Advanced DNS filter/blocklists for privacy, security, and clean browsing.
🔒 Securely encrypt and authenticate data with EAMSA 512, a high-performance, production-ready Go implementation featuring 512-bit block size and 1024-bit key material.
DTLA Hack for LA is partnering with Los Angeles Department of Transportation (LADOT) to develop a Traffic Demand Management (TDM) calculator tool. This tool will help planners at LADOT and real estate developers to meet the Los Angeles’s Mobility Plan go
Test of https://github.com/mitchellkrogza/The-Big-List-of-Hacked-Malware-Web-Sites/blob/master/hacked-domains.list
React app which provides an offline client for reading Hacker News
Switchboard Security & Privacy Plug
CLOSE ACCESS DENIAL.
🔑 Second factor TOTP (RFC 6238) provider for Nextcloud
File Access Policy Daemon
The Github home of Orbot: Tor on Android (Also available on gitlab!)
Security automation content in SCAP, Bash, Ansible, and other formats
OSSEC is an Open Source Host-based Intrusion Detection System that performs log analysis, file integrity checking, policy monitoring, rootkit detection, real-time alerting and active response.
Friend/foe individual writers on Hacker News.
:cookie: A full-featured, hackable tiling window manager written and configured in Python (X11 + Wayland)
CVE-2026-2194 -- A flaw has been found in D-Link DI-7100G C1 24.04.18D1. This affects the function start_proxy_client_email. Executing a manipulation can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used.
CVE-2026-2194 -- A flaw has been found in D-Link DI-7100G C1 24.04.18D1. This affects the function start_proxy_client_email. Executing a manipulation can lead to command injection. The attack can be executed remotely. The exploit has been published and may be used.
CVE-2026-2195 -- A vulnerability has been found in code-projects Online Reviewer System 1.0. This vulnerability affects unknown code of the file /system/system/admins/assessments/pretest/questions-view.php. The manipulation of the argument ID leads to sql injection. The a
CVE-2026-2116 -- A vulnerability has been found in itsourcecode Society Management System 1.0. Impacted is an unknown function of the file /admin/edit_expenses.php. Such manipulation of the argument expenses_id leads to sql injection. It is possible to launch the attack r
CVE-2026-2117 -- A vulnerability was found in itsourcecode Society Management System 1.0. The affected element is an unknown function of the file /admin/edit_activity.php. Performing a manipulation of the argument activity_id results in sql injection. The attack can be in
CVE-2026-2118 -- A vulnerability was determined in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_4407D4 of the file /goform/formReleaseConnect of the component rehttpd. Executing a manipulation of the argument Isp_Name can lead to command injection.
CVE-2026-2120 -- A vulnerability was identified in D-Link DIR-823X 250416. This affects an unknown function of the file /goform/set_server_settings of the component Configuration Parameter Handler. The manipulation of the argument terminal_addr/server_ip/server_port leads
CVE-2026-2122 -- A security flaw has been discovered in Xiaopi Panel up to 20260126. This impacts an unknown function of the file /demo.php of the component WAF Firewall. The manipulation of the argument ID results in sql injection. The attack may be launched remotely. Th
CVE-2026-2129 -- A vulnerability was found in D-Link DIR-823X 250416. Affected by this issue is some unknown functionality of the file /goform/set_ac_status. Performing a manipulation of the argument ac_ipaddr/ac_ipstatus/ap_randtime results in os command injection. The a
CVE-2026-2130 -- A vulnerability was determined in BurtTheCoder mcp-maigret up to 1.0.12. This affects an unknown part of the file src/index.ts of the component search_username. Executing a manipulation of the argument Username can lead to command injection. The attack ma
CVE-2026-2131 -- A vulnerability was identified in XixianLiang HarmonyOS-mcp-server 0.1.0. This vulnerability affects the function input_text. The manipulation of the argument text leads to os command injection. Remote exploitation of the attack is possible. The exploit i
CVE-2026-2132 -- A security flaw has been discovered in code-projects Online Music Site 1.0. This issue affects some unknown processing of the file /Administrator/PHP/AdminUpdateCategory.php. The manipulation of the argument txtcat results in sql injection. The attack can
CVE-2026-2133 -- A weakness has been identified in code-projects Online Music Site 1.0. Impacted is an unknown function of the file /Administrator/PHP/AdminUpdateCategory.php. This manipulation of the argument txtimage causes unrestricted upload. The attack is possible to
CVE-2026-2134 -- A security vulnerability has been detected in PHPGurukul Hospital Management System 4.0. The affected element is an unknown function of the file /hms/admin/manage-doctors.php. Such manipulation of the argument ID leads to sql injection. The attack may be
CVE-2026-2135 -- A vulnerability was detected in UTT HiPER 810 1.7.4-141218. The impacted element is the function sub_43F020 of the file /goform/formPdbUpConfig. Performing a manipulation of the argument policyNames results in command injection. It is possible to initiate
CVE-2026-2136 -- A flaw has been found in projectworlds Online Food Ordering System 1.0. This affects an unknown function of the file /view-ticket.php. Executing a manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The
CVE-2026-2137 -- A vulnerability has been found in Tenda TX3 up to 16.03.13.11_multi. This impacts an unknown function of the file /goform/SetIpMacBind. The manipulation of the argument list leads to buffer overflow. The attack can be initiated remotely. The exploit has b
CVE-2026-2138 -- A vulnerability was found in Tenda TX9 up to 22.03.02.10_multi. Affected is the function sub_42D03C of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. The attack can be launched remotely. The exploit h
CVE-2026-2139 -- A vulnerability was determined in Tenda TX9 up to 22.03.02.10_multi. Affected by this vulnerability is the function sub_432580 of the file /goform/fast_setting_wifi_set. This manipulation of the argument ssid causes buffer overflow. The attack may be init
CVE-2026-2140 -- A vulnerability was identified in Tenda TX9 up to 22.03.02.10_multi. Affected by this issue is the function sub_4223E0 of the file /goform/setMacFilterCfg. Such manipulation of the argument deviceList leads to buffer overflow. The attack may be launched r
CVE-2026-2141 -- A security flaw has been discovered in WuKongOpenSource WukongCRM up to 11.3.3. This affects an unknown part of the file gateway/src/main/java/com/kakarote/gateway/service/impl/PermissionServiceImpl.java of the component URL Handler. Performing a manipula
CVE-2026-2142 -- A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420688 of the file /goform/set_qos. Executing a manipulation can lead to os command injection. The attack can be executed remotely. The exploit has been
CVE-2026-2143 -- A security vulnerability has been detected in D-Link DIR-823X 250416. This issue affects some unknown processing of the file /goform/set_ddns of the component DDNS Service. The manipulation of the argument ddnsType/ddnsDomainName/ddnsUserName/ddnsPwd lead
CVE-2026-2145 -- A vulnerability was identified in cym1102 nginxWebUI up to 4.3.7. The impacted element is an unknown function of the file /adminPage/conf/check of the component Web Management Interface. Such manipulation of the argument nginxDir leads to cross site scrip
CVE-2026-2146 -- A security flaw has been discovered in guchengwuyue yshopmall up to 1.9.1. This affects the function updateAvatar of the file /api/users/updateAvatar of the component co.yixiang.utils.FileUtil. Performing a manipulation of the argument File results in unr
CVE-2026-2147 -- A weakness has been identified in Tenda AC21 16.03.08.16. This impacts an unknown function of the file /cgi-bin/DownloadLog of the component Web Management Interface. Executing a manipulation can lead to information disclosure. The attack may be performed
CVE-2026-2148 -- A security vulnerability has been detected in Tenda AC21 16.03.08.16. Affected is an unknown function of the file /cgi-bin/DownloadFlash of the component Web Management Interface. The manipulation leads to information disclosure. It is possible to initiat
CVE-2026-2149 -- A vulnerability was detected in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /appointments.php. The manipulation of the argument patient_id results i
CVE-2026-2150 -- A flaw has been found in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Affected by this issue is some unknown functionality of the file /checkin.php. This manipulation of the argument patient_id causes cross site scriptin
CVE-2026-2151 -- A vulnerability has been found in D-Link DIR-615 4.10. This affects an unknown part of the file adv_firewall.php of the component DMZ Host Feature. Such manipulation of the argument dmz_ipaddr  leads to os command injection. The attack can be launched rem
CVE-2026-2152 -- A vulnerability was found in D-Link DIR-615 4.10. This vulnerability affects unknown code of the file adv_routing.php of the component Web Configuration Interface. Performing a manipulation of the argument dest_ip/ submask/ gw results in os command inject
CVE-2026-2153 -- A vulnerability was determined in mwielgoszewski doorman up to 0.6. This issue affects the function is_safe_url of the file doorman/users/views.py. Executing a manipulation of the argument Next can lead to open redirect. The attack may be launched remotel
CVE-2026-2154 -- A vulnerability was identified in SourceCodester/Patrick Mvuma Patients Waiting Area Queue Management System 1.0. Impacted is an unknown function of the file /registration.php of the component Patient Registration Module. The manipulation of the argument
CVE-2026-2155 -- A security flaw has been discovered in D-Link DIR-823X 250416. The affected element is the function sub_4208A0 of the file /goform/set_dmz of the component Configuration Handler. The manipulation of the argument dmz_host/dmz_enable results in os command i
CVE-2026-2156 -- A weakness has been identified in code-projects Online Student Management System 1.0. The impacted element is an unknown function of the file /admin/announcement/index.php?view=add of the component Announcement Management Module. This manipulation causes
CVE-2026-2157 -- A security vulnerability has been detected in D-Link DIR-823X 250416. This affects the function sub_4175CC of the file /goform/set_static_route_table. Such manipulation of the argument interface/destip/netmask/gateway/metric leads to os command injection.
CVE-2026-2158 -- A vulnerability was detected in code-projects Student Web Portal 1.0. This impacts an unknown function of the file /check_user.php. Performing a manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely
CVE-2026-2159 -- A flaw has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected is an unknown function of the file /tourism/classes/Master.php?f=register of the component Registration. Executing a manipulation of the argument firstname/lastname/us
CVE-2026-2160 -- A vulnerability has been found in SourceCodester Simple Responsive Tourism Website 1.0. Affected by this vulnerability is an unknown functionality of the file /tourism/classes/Master.php?f=save_package. The manipulation of the argument Title leads to cros
CVE-2026-2161 -- A vulnerability was found in itsourcecode Directory Management System 1.0. Affected by this issue is some unknown functionality of the file /admin/forget-password.php. The manipulation of the argument email results in sql injection. The attack can be laun
CVE-2026-2162 -- A vulnerability was determined in itsourcecode News Portal Project 1.0. This affects an unknown part of the file /admin/aboutus.php. This manipulation of the argument pagetitle causes sql injection. The attack may be initiated remotely. The exploit has be
CVE-2026-2163 -- A vulnerability was identified in D-Link DIR-600 up to 2.15WWb02. This vulnerability affects unknown code of the file ssdp.cgi. Such manipulation of the argument HTTP_ST/REMOTE_ADDR/REMOTE_PORT/SERVER_ID leads to command injection. The attack may be launc
CVE-2026-2164 -- A security flaw has been discovered in detronetdip E-commerce 1.0.0. This issue affects some unknown processing of the file /seller/assets/backend/profile/addadhar.php. Performing a manipulation of the argument File results in unrestricted upload. Remote
CVE-2026-2165 -- A weakness has been identified in detronetdip E-commerce 1.0.0. Impacted is an unknown function of the file /Admin/assets/backend/seller/add_seller.php of the component Account Creation Endpoint. Executing a manipulation of the argument email can lead to
CVE-2026-2166 -- A security vulnerability has been detected in code-projects Online Reviewer System 1.0. The affected element is an unknown function of the file /login/index.php of the component Login. The manipulation of the argument username/password leads to sql inject
CVE-2026-2167 -- A vulnerability was detected in Totolink WA300 5.2cu.7112_B20190227. The impacted element is the function setAPNetwork of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument Ipaddr results in os command injection. The attack may be performed f
CVE-2026-2168 -- A flaw has been found in D-Link DWR-M921 1.1.50. This affects the function sub_419920 of the file /boafrm/formLtefotaUpgradeQuectel. This manipulation of the argument fota_url causes command injection. It is possible to initiate the attack remotely. The e
CVE-2026-2169 -- A vulnerability has been found in D-Link DWR-M921 1.1.50. This impacts an unknown function of the file /boafrm/formLtefotaUpgradeFibocom. Such manipulation of the argument fota_url leads to command injection. It is possible to launch the attack remotely.
CVE-2026-2171 -- A vulnerability was found in code-projects Online Student Management System 1.0. Affected is an unknown function of the file accounts.php of the component Login. Performing a manipulation of the argument username/password results in sql injection. The att
CVE-2026-2172 -- A vulnerability was determined in code-projects Online Application System for Admission 1.0. Affected by this vulnerability is an unknown functionality of the file enrollment/index.php of the component Login Endpoint. Executing a manipulation can lead to
CVE-2026-2173 -- A vulnerability was identified in code-projects Online Examination System 1.0. Affected by this issue is some unknown functionality of the file login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiat
CVE-2026-2174 -- A security flaw has been discovered in code-projects Contact Management System 1.0. This affects an unknown part of the component CRUD Endpoint. The manipulation of the argument ID results in improper authentication. The attack may be launched remotely.
CVE-2026-2175 -- A weakness has been identified in D-Link DIR-823X 250416. This vulnerability affects the function sub_420618 of the file /goform/set_upnp. This manipulation of the argument upnp_enable causes os command injection. Remote exploitation of the attack is poss
CVE-2026-2176 -- A security vulnerability has been detected in code-projects Contact Management System 1.0. This issue affects some unknown processing of the file index.py. Such manipulation of the argument selecteditem[0] leads to sql injection. The attack can be execute
CVE-2026-2177 -- A vulnerability has been found in SourceCodester Prison Management System 1.0. The impacted element is an unknown function of the component Login. The manipulation leads to session fixiation. It is possible to initiate the attack remotely. The exploit has
CVE-2026-2178 -- A vulnerability was found in r-huijts xcode-mcp-server up to f3419f00117aa9949e326f78cc940166c88f18cb. This affects the function registerXcodeTools of the file src/tools/xcode/index.ts of the component run_lldb. The manipulation of the argument args resul
CVE-2026-2179 -- A vulnerability was determined in PHPGurukul Hospital Management System 4.0. This impacts an unknown function of the file /admin/manage-users.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit
CVE-2026-2180 -- A vulnerability was identified in Tenda RX3 16.03.13.11. Affected is an unknown function of the file /goform/fast_setting_wifi_set. Such manipulation of the argument ssid_5g leads to stack-based buffer overflow. The attack can be launched remotely. The ex
CVE-2026-2181 -- A security flaw has been discovered in Tenda RX3 16.03.13.11. Affected by this vulnerability is an unknown functionality of the file /goform/openSchedWifi. Performing a manipulation of the argument schedStartTime/schedEndTime results in stack-based buffer
CVE-2026-2182 -- A weakness has been identified in UTT 进取 521G 3.1.1-190816. Affected by this issue is the function doSystem of the file /goform/setSysAdm. Executing a manipulation of the argument passwd1 can lead to command injection. The attack may be launched remotely.
CVE-2026-2183 -- A security vulnerability has been detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This affects an unknown part of the file /restructured/csv.php. The manipulation leads to unrestricted upload. Rem
CVE-2026-2184 -- A vulnerability was detected in Great Developers Certificate Generation System up to 97171bb0e5e22e52eacf4e4fa81773e5f3cffb73. This vulnerability affects unknown code of the file /restructured/csv.php. The manipulation of the argument photo results in os
CVE-2026-2185 -- A flaw has been found in Tenda RX3 16.03.13.11. This issue affects the function set_device_name of the file /goform/setBlackRule of the component MAC Filtering Configuration Endpoint. This manipulation of the argument devName/mac causes stack-based buffer
CVE-2026-2186 -- A vulnerability has been found in Tenda RX3 16.03.13.11. Impacted is the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument list leads to stack-based buffer overflow. The attack may be performed from remote. The
CVE-2026-2187 -- A vulnerability was found in Tenda RX3 16.03.13.11. The affected element is the function set_qosMib_list of the file /goform/formSetQosBand. Performing a manipulation of the argument list results in stack-based buffer overflow. It is possible to initiate
CVE-2026-2188 -- A vulnerability was determined in UTT 进取 521G 3.1.1-190816. The impacted element is the function sub_446B18 of the file /goform/formPdbUpConfig. Executing a manipulation of the argument policyNames can lead to os command injection. It is possible to launc
CVE-2026-2189 -- A vulnerability was identified in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/report/index.php. The manipulation of the argument ay leads to sql injection. The attack can be initiated remotely. The exp
CVE-2026-2190 -- A security flaw has been discovered in itsourcecode School Management System 1.0. This impacts an unknown function of the file /ramonsys/user/controller.php. The manipulation of the argument ID results in sql injection. The attack can be launched remotely
CVE-2026-2191 -- A weakness has been identified in Tenda AC9 15.03.06.42_multi. Affected is the function formGetDdosDefenceList. This manipulation of the argument security.ddos.map causes stack-based buffer overflow. The attack may be initiated remotely. The exploit has b
CVE-2026-2192 -- A security vulnerability has been detected in Tenda AC9 15.03.06.42_multi. Affected by this vulnerability is the function formGetRebootTimer. Such manipulation of the argument sys.schedulereboot.start_time/sys.schedulereboot.end_time leads to stack-based
CVE-2026-2193 -- A vulnerability was detected in D-Link DI-7100G C1 24.04.18D1. Affected by this issue is the function set_jhttpd_info. Performing a manipulation of the argument usb_username results in command injection. Remote exploitation of the attack is possible.
CVE-2026-2205 -- A vulnerability was identified in WeKan up to 8.20. This affects an unknown part of the file server/publications/cards.js of the component Meteor Publication Handler. Such manipulation leads to information disclosure. The attack may be performed from remo
CVE-2026-2206 -- A security flaw has been discovered in WeKan up to 8.20. This vulnerability affects unknown code of the file server/methods/fixDuplicateLists.js of the component Administrative Repair Handler. Performing a manipulation results in improper access controls.
CVE-2026-2207 -- A weakness has been identified in WeKan up to 8.20. This issue affects some unknown processing of the file server/publications/activities.js of the component Activity Publication Handler. Executing a manipulation can lead to information disclosure. It is
CVE-2026-2208 -- A security vulnerability has been detected in WeKan up to 8.20. Impacted is an unknown function of the file server/publications/rules.js of the component Rules Handler. The manipulation leads to missing authorization. The attack can be initiated remotely.
CVE-2026-2209 -- A vulnerability was detected in WeKan up to 8.18. The affected element is the function setCreateTranslation of the file client/components/settings/translationBody.js of the component Custom Translation Handler. The manipulation results in improper authori
CVE-2020-37079 -- Wing FTP Server versions prior to 6.2.7 contain a cross-site request forgery (CSRF) vulnerability in the web administration interface that allows attackers to delete admin users. Attackers can craft a malicious HTML page with a hidden form to submit a req
CVE-2020-37095 -- Cyberoam Authentication Client 2.1.2.7 contains a buffer overflow vulnerability that allows remote attackers to execute arbitrary code by overwriting Structured Exception Handler (SEH) memory. Attackers can craft a malicious input in the 'Cyberoam Server
CVE-2020-37106 -- Business Live Chat Software 1.0 contains a cross-site request forgery vulnerability that allows attackers to change user account roles without authentication. Attackers can craft a malicious HTML form to modify user privileges by submitting a POST request
CVE-2020-37107 -- Core FTP LE 2.2 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the account field with a large buffer. Attackers can create a text file with 20,000 repeated characters and paste it into the account
CVE-2020-37109 -- aSc TimeTables 2020.11.4 contains a denial of service vulnerability that allows attackers to crash the application by overwriting the Subject title field with a large buffer. Attackers can generate a 1000-character buffer and paste it into the Subject tit
CVE-2020-37122 -- SpotFTP-FTP Password Recover 2.4.8 contains a denial of service vulnerability that allows attackers to crash the application by generating a large buffer overflow. Attackers can create a text file with 1000 'Z' characters and input it as a registration co
CVE-2020-37135 -- AMSS++ 4.7 contains an authentication bypass vulnerability that allows attackers to access administrative accounts using hardcoded credentials. Attackers can log in with the default admin username and password '1234' to gain unauthorized administrative ac
CVE-2020-37141 -- AMSS++ version 4.31 contains a SQL injection vulnerability in the mail module's maildetail.php script through the 'id' parameter. Attackers can manipulate the 'id' parameter in /modules/mail/main/maildetail.php to inject malicious SQL queries and potentia
CVE-2020-37146 -- ACE Security WiP-90113 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive configuration files. Attackers can access the camera's configuration backup by sending a GET request to the /con
CVE-2020-37147 -- ATutor 2.2.4 contains a SQL injection vulnerability in the admin user deletion page that allows authenticated attackers to manipulate database queries through the 'id' parameter. Attackers can exploit the vulnerability by injecting malicious SQL code into
CVE-2020-37154 -- eLection 2.0 contains an authenticated SQL injection vulnerability in the candidate management endpoint that allows attackers to manipulate database queries through the 'id' parameter. Attackers can leverage SQLMap to exploit the vulnerability, potentiall
CVE-2020-37155 -- Core FTP Lite 1.3 contains a buffer overflow vulnerability in the username input field that allows attackers to crash the application by supplying oversized input. Attackers can generate a 7000-byte payload of repeated 'A' characters to trigger an applica
CVE-2020-37157 -- DBPower C300 HD Camera contains a configuration disclosure vulnerability that allows unauthenticated attackers to retrieve sensitive credentials through an unprotected configuration backup endpoint. Attackers can download the configuration file and extrac
CVE-2020-37159 -- Parallaxis Cuckoo Clock 5.0 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting memory registers in the alarm scheduling feature. Attackers can craft a malicious payload exceeding 260 bytes to overwrite
CVE-2020-37160 -- SprintWork 2.3.1 contains multiple local privilege escalation vulnerabilities through insecure file, service, and folder permissions on Windows systems. Local unprivileged users can exploit missing executable files and weak service configurations to creat
CVE-2020-37161 -- Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability that allows attackers to execute arbitrary code by overwriting the registration name field with malicious payload. Attackers can craft a specially designed payload to trigger remote co
CVE-2020-37162 -- Wedding Slideshow Studio 1.36 contains a buffer overflow vulnerability in the registration key input that allows attackers to execute arbitrary code by overwriting memory. Attackers can craft a malicious payload of 1608 bytes to trigger a stack-based buff
CVE-2020-37163 -- QuickDate 1.3.2 contains a SQL injection vulnerability that allows remote attackers to manipulate database queries through the '_located' parameter in the find_matches endpoint. Attackers can inject UNION-based SQL statements to extract database informati
CVE-2020-37164 -- AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license entry field to trigg
CVE-2020-37165 -- AbsoluteTelnet 11.12 contains a denial of service vulnerability that allows local attackers to crash the application by supplying an oversized license name. Attackers can generate a 2500-character payload and paste it into the license name field to trigge
CVE-2020-37166 -- AbsoluteTelnet 11.12 contains a denial of service vulnerability in the SSH2 username input field that allows local attackers to crash the application. Attackers can overwrite the username field with a 1000-byte buffer, causing the application to become un
CVE-2020-37170 -- TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy address configuration that allows local attackers to crash the application. Attackers can overwrite the address field with 3000 bytes of arbitrary data to trigger an app
CVE-2020-37171 -- TapinRadio 2.12.3 contains a denial of service vulnerability in the application proxy username configuration that allows local attackers to crash the application. Attackers can overwrite the username field with 10,000 bytes of arbitrary data to trigger an
CVE-2025-15564 -- A vulnerability has been found in Mapnik up to 4.2.0. This vulnerability affects the function mapnik::detail::mod<...>::operator of the file src/value.cpp. The manipulation leads to divide by zero. The attack needs to be performed locally. The exploit has
CVE-2026-2071 -- A vulnerability was found in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy of the file /goform/formP2PLimitConfig. Performing a manipulation of the argument except results in buffer overflow. The attack is possible to be carried ou
CVE-2026-2073 -- A vulnerability was determined in itsourcecode School Management System 1.0. This affects an unknown function of the file /ramonsys/user/index.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from rem
CVE-2026-2074 -- A vulnerability was identified in O2OA up to 9.0.0. This impacts an unknown function of the file /x_program_center/jaxrs/mpweixin/check of the component HTTP POST Request Handler. The manipulation leads to xml external entity reference. It is possible to
CVE-2026-2075 -- A security flaw has been discovered in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected is the function saveRolePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\RoleController.java of the comp
CVE-2026-2076 -- A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\Use
CVE-2026-2077 -- A security vulnerability has been detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function addRole/updateRole/deleteRole of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller
CVE-2026-2078 -- A vulnerability was detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function addPermission/updatePermission/deletePermission of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\Permissi
CVE-2026-2079 -- A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This vulnerability affects the function addMenu/updateMenu/deleteMenu of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\MenuController.java
CVE-2026-2080 -- A vulnerability has been found in UTT HiPER 810 1.7.4-141218. This issue affects the function setSysAdm of the file /goform/formUser. The manipulation of the argument passwd1 leads to command injection. Remote exploitation of the attack is possible. The e
CVE-2026-2081 -- A vulnerability was determined in D-Link DIR-823X 250416. The affected element is an unknown function of the file /goform/set_password. This manipulation of the argument http_passwd causes os command injection. The attack is possible to be carried out rem
CVE-2026-2082 -- A vulnerability was identified in D-Link DIR-823X 250416. The impacted element is an unknown function of the file /goform/set_mac_clone. Such manipulation of the argument mac leads to os command injection. The attack may be performed from remote. The expl
CVE-2026-2083 -- A security flaw has been discovered in code-projects Social Networking Site 1.0. This affects an unknown function of the file /delete_post.php. Performing a manipulation of the argument ID results in sql injection. It is possible to initiate the attack re
CVE-2026-2084 -- A weakness has been identified in D-Link DIR-823X 250416. This impacts an unknown function of the file /goform/set_language. Executing a manipulation of the argument langSelection can lead to os command injection. It is possible to launch the attack remot
CVE-2026-2085 -- A security vulnerability has been detected in D-Link DWR-M921 1.1.50. Affected is the function sub_419F20 of the file /boafrm/formUSSDSetup of the component USSD Configuration Endpoint. The manipulation of the argument ussdValue leads to command injection
CVE-2026-2086 -- A vulnerability was detected in UTT HiPER 810G up to 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formFireWall of the component Management Interface. The manipulation of the argument GroupName results in buffer o
CVE-2026-2087 -- A flaw has been found in SourceCodester Online Class Record System 1.0. Affected by this issue is some unknown functionality of the file /admin/login.php. This manipulation of the argument user_email causes sql injection. The attack may be initiated remot
CVE-2026-2088 -- A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. This affects an unknown part of the file /admin/accepted-appointment.php. Such manipulation of the argument delid leads to sql injection. The attack may be launched remotel
CVE-2026-2089 -- A vulnerability was found in SourceCodester Online Class Record System 1.0. This vulnerability affects unknown code of the file /admin/subject/controller.php. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of th
CVE-2026-2090 -- A vulnerability was determined in SourceCodester Online Class Record System 1.0. This issue affects some unknown processing of the file /admin/message/search.php. Executing a manipulation of the argument term can lead to sql injection. The attack can be e
CVE-2026-2105 -- A flaw has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The affected element is the function addDept/updateDept/deleteDept of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\DeptController.java of
CVE-2026-2106 -- A vulnerability has been found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. The impacted element is the function addNotice/updateNotice/deleteNotice/batchDeleteNotice of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\
CVE-2026-2107 -- A vulnerability was found in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. This affects the function loadAllLoginfo/deleteLoginfo/batchDeleteLoginfo of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sys\controller\LoginfoCont
CVE-2026-2108 -- A vulnerability was determined in jsbroks COCO Annotator up to 0.11.1. This impacts an unknown function of the file /api/info/long_task of the component Endpoint. This manipulation causes denial of service. The attack may be initiated remotely. The exploi
CVE-2026-2109 -- A vulnerability was identified in jsbroks COCO Annotator up to 0.11.1. Affected is an unknown function of the file /api/undo/ of the component Delete Category Handler. Such manipulation of the argument ID leads to improper authorization. The attack may be
CVE-2026-2110 -- A security flaw has been discovered in Tasin1025 SwiftBuy up to 0f5011372e8d1d7edfd642d57d721c9fadc54ec7. Affected by this vulnerability is an unknown functionality of the file /login.php. Performing a manipulation results in improper restriction of exces
CVE-2026-2111 -- A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this issue is some unknown functionality of the file /airag/knowledge/doc/edit of the component Retrieval-Augmented Generation Module. Executing a manipulation of the argument filePath c
CVE-2026-2113 -- A security vulnerability has been detected in yuan1994 tpadmin up to 1.3.12. This affects an unknown part in the library /public/static/admin/lib/webuploader/0.1.5/server/preview.php of the component WebUploader. The manipulation leads to deserialization.
CVE-2026-2114 -- A vulnerability was detected in itsourcecode Society Management System 1.0. This vulnerability affects unknown code of the file /admin/edit_admin.php. The manipulation of the argument admin_id results in sql injection. The attack may be performed from rem
CVE-2026-2115 -- A flaw has been found in itsourcecode Society Management System 1.0. This issue affects some unknown processing of the file /admin/delete_expenses.php. This manipulation of the argument expenses_id causes sql injection. It is possible to initiate the atta
CVE-2026-25560 -- WeKan versions prior to 8.19 contain an LDAP filter injection vulnerability in LDAP authentication. User-supplied username input is incorporated into LDAP search filters and DN-related values without adequate escaping, allowing an attacker to manipulate L
CVE-2026-25561 -- WeKan versions prior to 8.19 contain an authorization weakness in the attachment upload API. The API does not fully validate that provided identifiers (such as boardId, cardId, swimlaneId, and listId) are consistent and refer to a coherent card/board rela
CVE-2026-25562 -- WeKan versions prior to 8.19 contain an information disclosure vulnerability in the attachments publication. Attachment metadata can be returned without properly scoping results to boards and cards accessible to the requesting user, potentially exposing a
CVE-2026-25563 -- WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in checklist creation and related checklist routes. The implementation does not verify that the supplied cardId belongs to the supplied boardId, allowing cross-board ID tamper
CVE-2026-25565 -- WeKan versions prior to 8.19 contain an authorization vulnerability where certain card update API paths validate only board read access rather than requiring write permission. This can allow users with read-only roles to perform card updates that should r
CVE-2026-25566 -- WeKan versions prior to 8.19 contain an authorization vulnerability in card move logic. A user can specify a destination board/list/swimlane without adequate authorization checks for the destination and without validating that destination objects belong t
CVE-2026-25567 -- WeKan versions prior to 8.19 contain an insecure direct object reference (IDOR) in the card comment creation API. The endpoint accepts an authorId from the request body, allowing an authenticated user to spoof the recorded comment author by supplying anot
CVE-2026-25568 -- WeKan versions prior to 8.19 contain an authorization logic vulnerability where the instance configuration setting allowPrivateOnly is not sufficiently enforced at board creation time. When allowPrivateOnly is enabled, users can still create public boards
CVE-2026-25857 -- Tenda G300-F router firmware versio 16.01.14.2 and prior contain an OS command injection vulnerability in the WAN diagnostic functionality (formSetWanDiag). The implementation constructs a shell command that invokes curl and incorporates attacker-controll
CVE-2026-25858 -- macrozheng mall version 1.0.3 and prior contains an authentication vulnerability in the mall-portal password reset workflow that allows an unauthenticated attacker to reset arbitrary user account passwords using only a victim’s telephone number. The passw
CVE-2026-25859 -- Wekan versions prior to 8.20 allow non-administrative users to access migration functionality due to insufficient permission checks, potentially resulting in unauthorized migration operations.