New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks
Millions of Exim mail servers exposed to zero-day RCE attacks
The Week in Ransomware - September 29th 2023 - Dark Angels
Lazarus APT Exploiting LinkedIn to Target Spanish Aerospace Firm
Exploit released for Microsoft SharePoint Server auth bypass flaw
Cybersecurity Gaps Plague US State Department, GAO Report Warns
Move Over, MOVEit: Critical Progress Bug Infests WS_FTP Software
Spyware Vendor Targets Egyptian Orgs With Rare iOS Exploit Chain
DHS: Physical Security a Concern in Johnson Controls Cyberattack
Cybercriminals Using New ASMCrypt Malware Loader Flying Under the Radar
The Role of DevOps in Streamlining Cloud Migration Processes
Russian Company Offers $20M For Non-NATO Mobile Exploits
ShinyHunters member pleads guilty to $6 million in data theft damages
Microsoft’s Bing AI Faces Malware Threat From Deceptive Ads
Phishing, Smishing Surge Targets USPS
Chinese Hackers Stole 60,000 US State Department Emails from Microsoft
Discord is investigating cause of ‘You have been blocked’ errors
Post-Quantum Cryptography: Finally Real in Consumer Apps?
Lazarus Group Impersonates Recruiter from Meta to Target Spanish Aerospace Firm
Malicious ads creep into Bing Chat responses
Bitdefender Threat Intelligence enables organizations to improve their security posture
Blackpoint Cyber unveils Cloud Response for Google Workspace
Conceal partners with CyberForce Security to elevate MSSP services with advanced browser security
Dialpad PII Redaction enhances privacy protection
Build for Detection Engineering, and Alerting Will Improve (Part 3) | by Anton Chuvakin | Anton on Security | Sep, 2023 | Medium
Microsoft's AI-Powered Bing Chat Ads May Lead Users to Malware-Distributing Sites
Ann Minooka joins Synopsys as CMO
Nexusflow raises $10.6 million to improve generative AI in cybersecurity
Lazarus hackers breach aerospace firm with new LightlessCan malware
Privacy Regulator Orders End to Spreadsheet FOI Responses
Microsoft Breach Exposed 60,000 State Department Emails
MOVEit Developer Patches Critical File Transfer Bug
Some Organizations Are a Cybersecurity Minefield | by Al Lyle | Sep, 2023 | Medium
2023 and Beyond: How AI and ML are Revolutionizing Cybersecurity | by G M | Sep, 2023 | Medium
The development of multi ransomware killswitch! | by Harish SG | Sep, 2023 | Medium
TryHackMe: Splunk:Basics. Hello, Medium community! I’ve embarked… | by Jose Ruiz Garcia | Sep, 2023 | Medium
Analyzing JavaScript Files To Find Bugs | by Anastasis Vasileiadis | Aug, 2023 | Medium
Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
VMware users anxious about costs and ransomware threats
How should organizations navigate the risks and opportunities of AI?
Why California's Delete Act matters for the whole country
Financial crime compliance costs exceed $206 billion
Cisco Warns of Vulnerability in IOS and IOS XE Software After Exploitation Attempts
Cybersecurity budgets show moderate growth
Malicious Ads Infiltrate Bing AI Chatbot in Malvertising Attack
Progress warns of maximum severity WS_FTP Server vulnerability
Government Shutdown Poised to Stress Nation's Cybersecurity Supply Chain
Johnson Controls International Disrupted by Major Cyberattack
Chrome Flags Third Zero-Day This Month That's Tied to Spying Exploits
New Cisco IOS Zero-Day Delivers a Double Punch
Microsoft breach led to theft of 60,000 US State Dept emails
Vulnerability resolution enhanced by integrations
Dark Web Pedophiles Using Open-Source AI to Generate CSAM
Bing Chat responses infiltrated by ads pushing malware
FBI: Dual ransomware attack victims now get hit within 48 hours
State Department emails compromised in Microsoft breach
Russian state hackers attempted to block Ukrainians from opening US bank accounts
Malicious PyPI, NPM packages facilitate data exfiltration
GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
4 Legal Surprises You May Encounter After a Cybersecurity Incident
A Preview of Windows 11's Passkeys Support
Supply Chain Attackers Escalate With GitHub Dependabot Impersonation
Budworm APT Evolves Toolset, Targets Telecoms and Government
Unpatched Cisco Catalyst SD-WAN Manager Systems Exposed to DoS Attacks
Veriti Agentless OS-Level Remediation boosts scalability and resiliency
Armilla AI AutoGuard makes generative AI safer for enterprises
Security researcher stopped at US border for investigating crypto scam
Cisco Catalyst SD-WAN Manager flaw allows remote server access
Cisco urges admins to fix IOS software zero-day exploited in attacks
Android Banking Trojan Zanubis Evolves to Target Peruvian Users
Booking.com Customers Targeted in Major Phishing Campaign
Incident Response: Four Key Measures to Protect Your Business
BlackTech gang hacks Cisco firmware in attacks on multinational corporations
How I got started: SIEM engineer
China's BlackTech Hacking Group Exploited Routers to Target U.S. and Japanese Companies
Critical Chrome Update Counters Spyware Vendor's Exploits
Swissbit releases N5200 Enterprise SSD
Kong Insomnia 8.0 accelerates API design and developer efficiency
Linksys announces Cognitive Security capability
Norton Small Business offers protection against scams and phishing threats
Budworm hackers target telcos and govt orgs with custom malware
US Lawmaker: Government Shutdown Will Leave Americans Exposed to Cyber
The Dark Side of Browser Isolation – and the Next Generation Browser Security Technologies
China-Linked Budworm Targeting Middle Eastern Telco and Asian Government Agencies
Panzura Edge minimizes the risk of data leakage and exfiltration
PingSafe unveils MSSP partnership with Human Managed
Yet another Chrome zero-day exploited in the wild! (CVE-2023-5217)
Journey partners with Webex by Cisco to enhance security for customer interactions
UK Logistics Firm Forced to Close After Ransomware Breach
US and Japan Warn of Chinese Router Attacks
Google Patches Chrome Zero-Day Used in Spyware Attacks
Ransomware groups are shifting their focus away from larger targets
Kubernetes attacks in 2023: What it means for the future
The clock is ticking for businesses to prepare for mandated certificate automation
Don't Take the Bait: Collaborative Intelligence to Build Phishing Resilience
A Blockchain Primer and Bored Ape Headscratcher – Podcast
The hidden costs of neglecting cybersecurity for small businesses
How to avoid the 4 main pitfalls of cloud identity management
Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability
HackTheBox: Forest. As I am working on building my own… | by Ross Andrews | Sep, 2023 | Medium
5xx Error | Cloudflare
5xx Error | Cloudflare
My thoughts on the WebP exploit. How a bug from Google in 2010 likely… | by Shmuel Rosansky | Sep, 2023 | Medium
TryHackMe: Problem-Solving with Splunk— Write-Up | by Cindy (Shunxian) Ou | Sep, 2023 | Medium
5 Reasons Why People Fail To Land Their First Cybersecurity Job | by Taimur Ijlal | Sep, 2023 | Medium
How can organizations prepare for and respond to cybersecurity incidents? | by Dale Clifford | Internet Stack | Sep, 2023 | Medium
Intro to Android penetration testing | by Anas Eladly ( 0x3adly ) | Sep, 2023 | Medium
You clicked on a Wallet Drainer?. Learn how wallet drainers have stormed… | by 0xSaiyanGod | Sep, 2023 | Medium
My Experience as a Tech newbie with Google's Cybersecurity Certificate Program | by Maurice | Sep, 2023 | Medium
Google fixes fifth actively exploited Chrome zero-day of 2023
Snapchat Safety for Parents: How to Safeguard Your Child
Using GenAI in Your Business? Here Is What You Need To Know
SSH keys stolen by stream of malicious PyPI and npm packages
Fake Bitwarden sites push new ZenRAT password-stealing malware
How the Okta Cross-Tenant Impersonation Attacks Succeeded
China APT Cracks Cisco Firmware in Attacks Against the US and Japan
Microsoft Adds Passkeys to Windows 11
Tequila: The first forensic Linux distribution in Latin America
Fake Bitwarden Password Manager Website Drops Windows ZenRAT
A CISO Perspective on Identity Threats 
Building automation giant Johnson Controls hit by ransomware attack
South Korea subjected to multi-year Chinese cyberespionage campaign
Microsoft now rolling out AI-powered Paint Cocreator to Insiders
Simple Membership Plugin Flaws Expose WordPress Sites
New phishing campaign targets Ukrainian military
Ukraine subjected to Russian cyberespionage campaign for war crimes evidence
Attacks targeting Openfire vulnerability underway
Malware Concealed as Dependabot Contributions Strikes GitHub Projects
SpecterOps introduces Purple Team Assessments Services
Bitwarden adds passkey 2FA to keep online accounts protected
Cybertech Europe 2023 will explore innovation, new possibilities in cyber technology
We Speak CVE Podcast — “How the New CVE Record Format Will Benefit Consumers” | by CVE Program Blog | Sep, 2023 | Medium
How to Defend Against Evil Twin and Rogue Access Point Cyberattacks | by Dwayne Wong (Omowale) | Sep, 2023 | Medium
Symmetrical and Asymmetrical Authentication | by Dwayne Wong (Omowale) | Sep, 2023 | Medium
The Dangers of ARP Spoofing. Address Resolution Protocol (ARP) is a… | by Dwayne Wong (Omowale) | Sep, 2023 | Medium
Understanding the Dangers of DNS Poisoning | by Dwayne Wong (Omowale) | Sep, 2023 | Medium
How to find online cameras with Google? | by Netlas.io | Sep, 2023 | OSINT Ambition
Point Of Sale Device (POS) Penetration Testing — A Practical Guide! | by Anastasis Vasileiadis | Sep, 2023 | Medium
Red Cross-Themed Phishing Attacks Distributing DangerAds and AtlasAgent Backdoors
JetBrains Patches Severe TeamCity Flaw Allowing RCE and Server Hijacking
ZoobeTek unveils CRA to fight mobile hacking risks and quantum threats
Cyxtera launches COE for exploring AI and quantum computing
New Relic Session Replay aids engineers in issue resolution with video-like playback
SeeMetrics releases customizable Cybersecurity Performance Boards
Arrcus and NVIDIA join forces to deliver high-performance, zero-trust networking for datacenters
Modern GPUs vulnerable to new GPU.zip side-channel attack
US and Japan warn of Chinese hackers backdooring Cisco routers
Kenyan Financial Firm Fined for Mishandling Data
Hackers Trick Outlook into Showing Fake AV Scans
Ransomed.vc Group Hits NTT Docomo After Sony Breach Claims
Preventing Ransomware and Malware Starts with Good Cyber Hygiene
BEC Attacks Increase By 279% in Healthcare
JA4+ Network Fingerprinting. TL;DR | by John Althouse | Sep, 2023 | FoxIO
Cost of a data breach 2023: Geographical breakdowns
Researchers Uncover New GPU Side-Channel Vulnerability Leaking Sensitive Data
stackArmor ATO for AI accelerates safe AI adoption for public sector organizations
EchoMark launches AI-driven solution to improve data privacy standards
FileCloud partners with OPSWAT to strengthen data security posture for customers
Baffle Data Protection for AI secures private data for use in GenAI projects
Leading CISO Creates Model for Ransomware Payment Decisions
New Survey Uncovers How Companies Are Confronting Data Security Challenges Head-On
OneTrust AI Governance helps organizations manage AI systems and mitigate risk
Appdome unveils mobile anti-malware protections
Google "confirms" that exploited Chrome zero-day is actually in libwebp (CVE-2023-5129)
GitHub repos bombarded by info-stealing commits masked as Dependabot
Cyber-Attacks on Ukraine Surge 123%, But Success Rates Plummet
TeamViewer and Ivanti simplify the complex task of managing and securing remote devices
Regulator Warns Breaches Can Cost Lives
Attacks on EMEA Financial Services Double in a Year
NCSC Launches Cyber Incident Exercise Scheme
New ZenRAT Malware Targeting Windows Users via Fake Password Manager Software
Fake Bitwarden installation packages delivered RAT to Windows users
Calling All Cybersecurity Enthusiasts — TryHackMe’s Security Engineer Path Has Been Launched | by arademm | Sep, 2023 | Medium
Protecting Yourself Online: Understanding Cyber Risk and Response | by Mutalip Dirik | Sep, 2023 | Medium
Tricky 2FA Bypass Leads to 4 digit Bounty $$$$ | by Rohaangupta | Sep, 2023 | Medium
How to Extract Hidden Information from an Email | by Samuel Steers | Sep, 2023 | Medium
To submit, or not to submit. Why you should think twice before… | by Dana J. Wright | Aug, 2023 | Medium
A Malware retrospective: PrjRAPTOR | by Jean-Pierre LESUEUR (Microsoft MVP) | Sep, 2023 | Medium
How to read more security + engineering books | by Vickie Li | Aug, 2023 | Medium
Threat modeling Handbook #4: How to get better at Threat modeling | by Mohamed AboElKheir | AppSec Untangled | Sep, 2023 | Medium
Reverse Search IDOR approach to Exposure of all Organizational Sensitive Information. | by Manav Bankatwala | Sep, 2023 | InfoSec Write-ups
Stop Studying Hacking. Are you stuck in a never-ending cycle… | by Hackergod00001 | Sep, 2023 | Medium
Protect your endpoints with the best endpoint security solutions. What are the top solutions? | by Dale Clifford | Internet Stack | Sep, 2023 | Medium
How Could a Self-XSS end with $$$$ | by Mahmoud Hamed | Sep, 2023 | Medium
Cybersecurity Weekly: Vulnerabilities, Exploits, and More
Vulnerability Summary for the Week of September 18, 2023 | CISA
You Can't Control Your Data in the Cloud
Assa V10 (Gins) Pick and Gut - YouTube
Picking a tough Chubb Battleship 5 lever padlock - YouTube
Investigating Phishing Campaigns Targeting US Credit Card Customers 
{181} EVERY SINGLE THING You Need To Know To Get Started In Locksport! - YouTube
China to waive security checks for some data exports | Reuters
GitHub - fireblocks/mpc-lib
3AM Ransomware: A Modern Threat with a Vintage Twist
Wifi without internet on a Southwest flight - james vaughan
Video 5 Ace hardware series A527 - YouTube
Sony Hack: What happened and who is behind it? | Evening Standard
Exploring ScamClub Payloads via Deobfuscation Using Abstract Syntax Trees | by BOZOSLIVEHERE | Sep, 2023 | Confiant
CVE-2023-5129 - Google Search
Cloudflare: Past, present, and future | John Graham-Cumming, CTO of Cloudflare - YouTube
Linda Burger - Director, Office of Research and Technology Applications (ORTA) - NSA - YouTube
A Practical Approach to SBOM - Dependency-Track | Medium
Silent Push maps over 150 new Lumma C2 infostealer IOCs — Silent Push Threat Intelligence
OT security firm spots 3 vulnerabilities in Baker Hughes rack hardware - Cyber Security Connect
Chinese Gov Hackers Caught Hiding in Cisco Router Firmware - SecurityWeek
830. Chinese dimple cylinder picked - Good for lock picking practice but don’t put one in your door - YouTube
Chinese hackers stole emails from US State Dept in Microsoft breach, Senate staffer says | Reuters
Routers have been rooted by Chinese spies US and Japan warn • The Register
Why Every Organisation Needs Real-Time Cybersecurity Alerts - SecAlerts
Input Validation: Necessary but Not Sufficient; It Doesn't Target the Fundamental Issue - AppSec & DevSecOps - Discuss
Chinese Hackers TAG-74 Targets South Korean Organizations in a Multi-Year Campaign
Reports about Cyber Actors Hiding in Router Firmware
Russian zero-day seller offers $20M for hacking Android and iPhones | TechCrunch
MasterLock Model 140 Picked - YouTube
Bramah’s ‘Challenge Lock’ - Antique Box Guide Antique Box Guide
Crash Override - Chalk
The Marvin Attack
GPU.zip: How Hackers Can Steal Your Passwords Through Your GPU - Deform
Get persistent reverse shell from Android app without visible permissions to make device unusable - Mobile Hacker
A Deep Dive into Brute Ratel C4 payloads – Part 2 – CYBER GEEKS
NoSQL injection | Web Security Academy
Dark River's Advanced Stealthy Malware Targets Russian Defense Enterprises - Deform
Getting RCE in Chrome with incorrect side effect in the JIT compiler - The GitHub Blog
Miniclip 8ball pool CHETO hack ( Finally back, works only on PC and EMULATORS, this is not ANDROID version )
Digital-Security-System
Get Keyboard,Mouse,ScreenShot,Microphone Inputs and Send to your Mail. Purpose of the project is testing the security of information systems
Demo how Cloud Custodian can be used to automatically remediate security issues
Systems-and-Network-Security
Proof of Concept for Hydroponic System Backend
Minimal proof of concept Vue component library.
Can Anyone help generating a Private Key or hack into a bitcoin wallet
best blooket hacks here
Python, Go, and C projects related to CSEC
webSecurity
Proxy server made with nodeJs, to provide Anonymity, Content filtering, Security, and bypass Geolocation.
Handwritten Swift/WinRT bindings proof-of-concept
Hack For Entry
Hack the Tunnel's starter project!
HackingEtico
https-github.com-settings-security-log
Author credit: Ben Potter, Security Lead, Well-Architected
NetworkSecurityCode
Refactoring a website to be able to randomly generate a password so that the user can create a strong password that provides greater security.
Below are the projects I worked on during my Google Cyber Security course.
This is an hacker theme website created by me using Html, CSS and JavaScript.
This is the BDU Cyber Security Department's web site repository.
Hacking-Tools
Lukas_Top_Security
Microsoft-hacking-bot
A simplified simulation of a blockchain which demonstrates the fundamental concepts of blockchain technology including block creation, hashing, proof of work, and transaction management.
Email template made with React Email for hack the crous
Hack to prompt chatGPT directly from shell
Proof of concept implementation of Sigmabus https://eprint.iacr.org/2023/1406
A proof of concept for extending Dr. Diyi Yang's Normbank paper
This is a proof of concept math-based game. Possibly used to incentivize students to learn math in a fun way.
Practicing Hack The Box Machines and Challenges
A proof of concept dataset for testing interoperability between MiXS and DWC
A proof-of-concept for one of August's interrogation segments in Python
If you’re looking for a way to enhance your gaming experience in Valorant, you might be interested in this paid version of HangarScripts. (ByteX Beta name) This is leaked version, also a powerful hack that can give you an edge over your opponents and hel
it is my all notes about almost every hacking topics I've been learned in 3 years
Access This Link 👉: https://t.ly/I4TUG?/snapchat-hack-tool
A Hack Assembler implementation. Built to compile Hack Assembly files.
Wifi-Hacking
Best_SnapChat_Tool Click This link ⬇️ https://tinyurl.com/3m9yww7s?/snapchat-hacking-tool
AID (Artificial Identification): Revolutionizing blockchain security and identification through advanced RFID technology. Experience secure access, seamless payments, and explore endless possibilities. Join us at the Bitcoin Olympics Hackathon for a glimp
schedule-security-scan
this repo contain all premium tryhackme rooms for free and full roadmap for TryHackMe Pathway
Want To Make Custom Servers And A Custom Client For Project Stfu? Well This Repository Gives You The Source Code To The Project. Add Custom Hacks And Have Fun!
Portfolio of personal projects I'm indie hacking
A solution for a Web Security Academy Exercise: Blind SQL Injection with Conditional Error.
Scripts that i would use for Python hacking.
Click This link 🟢👉 https://t.ly/2YOor?/instagarm-hack-tool ✓ ✓
This Node.js application showcases a secure user authentication system using Express.js and Firebase Firestore. It provides user registration and login functionality, with password hashing for enhanced security. Use this project as a starting point for bu
The Hack Assembler Implemented in Python
utils.security
A basic API using only SpringSecurity
Hack evry btc wallet
This is a quick proof-of-concept project
WeSplit-HackingWithSwift
Anime Style hack and slash 3D game made with Godot
Research, data and proof-of-concept code
Getting admin or super admins auditing from Spring security
Here we publish the data of hackers which made attack on Mutades Project
hackinglucky
back-security
Unite - Hack Friday Event - Webbio [29/09/23]
A Go library for rate limiting user requests using both in-memory and Redis storage to ensure optimal performance and security..
Professional Kali Linux Environment for Hacking.
Imagine you are already working as a web developer. Refocus hired you
 to create a proof of concept for its new initiative: an online shop.
web server security programming class
Venom - Your Portable Wireless & Hardware Hacking Companion
security-server
Hacking toolkit with both online available tools and software tools & scripts
Hacking
Dirty, hacked-up Neovim setup I use
Proof of concept for an auto sort animation in framer motion
Smart-Home-Security-and-Automation
hackingt
Spring Security - login com segurança JWT
This is a tools for carrying out penetration testing
a hacking and programing team
Friendly-Hacking-Game
- Desafio Validação e Segurança
This is an automatic deface tool with a target vuln that I have prepared and you can change the target yourself in target.txt
Security_problems_of_software_systems
Termux psybd wifi hack by techno fayez
Hacking troll
Basic steps to know how the security architecture works in Spring boot.
Wifi-Hacking2
This Python script is designed for educational purposes to demonstrate and test the security of web applications. It attempts to brute-force a login page using DVWA (Damn Vulnerable Web Application) by trying different username and password combinations f
A proof of concept, integrating a parser with Flex and Bison, and generating a target program with LLVM.
Attend Open Source Hackfest hackathon where the goal is to create "hacks that promote the principle of sharing knowledge for the benefit of the wider community".
Blockchain-based Nepal Public Grievance Management System to store complaints on blockchain providing security, transparency and immutability
Proof-of-concept Discord Gatway worker service powered by Remora
hacking2
hacking_religion_textbook
This repository contains my work done as part of the 'Hacking with Swift 100 Day Challenge.' Throughout this challenge, I will be working on a new project or concept every day using the Swift programming language, with the additional goal of sharing my pr
Payday 3 - Unlock All Hack, ESP, AIMBOT, WALLHACK & SUCH MORE OPTIONS
Just a radar hack
Webbio Hack Friday Event - 29 Sep 2023
hack fallback function
Asyncronous websocket in rust using tokio, proof of concept.
Spring-Security
VALORANT All in One Cheat - Aimbot, ESP, Ragebot hack, Skinchanger & more! Regularly updated.
Different patches and hacks across binutils/glibc/linux kernel
An all-in-one hacking tool to remotely exploit Android devices using ADB and Metasploit-Frameworks
Redpiler <-> Java proof of concept
Simple web page interface to MyRoom as proof of concept
Best_SnapChat_Tool Click This link ⬇️ https://tinyurl.com/3m9yww7s?/snapchat-hacking-tool
Azure Hacking Lab to reinforce cloud security skills.
Valorant Esp Aimbot Source Code Hack Info Setup Tested on Windows 10 x64 , Windows 11
Click This link 🟢👉 https://t.ly/2YOor?/instagarm-hack-tool ✓ ✓
Learning about Node, Databases, Security, Authentication...
EA SPORTS FC MOBILE 24 cheats fc pointsa and coins Hacks glitch
security
Ethical_Hacking
Repo with Power Platform Solution created during the Power Platform Hack-together event. More info: https://aka.ms/hacktogether/powerplatform-ai
spring-security
My solutions to IUST's Computer System Security, Spring 2023, Dr. Dianat.
This webpage is completely hand-built website using (HTML,CSS & JAVA SCRIPT) dedicated to (hacking, coding, and animation designing)
If you’re looking for a way to enhance your gaming experience in Valorant, you might be interested in this paid version of HangarScripts. This is leaked version, also a powerful hack that can give you an edge over your opponents and help you win more matc
These projects are proof of Concept
Made for the 2023 Discover Technata Hacks
Repository for Power Platform solution code for the AI Global Hack hackathon
Repo for the Cybersecurity (Information, Security & Privacy) course in the University of Lausanne.
proof of concept code to interface muse BCI device with Electron
Security_Engineering_Part2
Studying/Testing SQL with Hacker Rank
Proof of Concept Draft of own Website
flask-security-event
automate the installation of WordPress with the specified components on a Debian system can be quite complex. Below is a simplified example of a bash script that you can use as a starting point. Please note that this script assumes you have a basic unders
Proof of concept
The Electricity Billing System is a software-based application designed to streamline the electricity billing process. It calculates units consumed and charges money to electricity offices. The system offers high performance, data sharing, and security fe
CM161 - Hack 5 (9/28)
Repo with Power Platform Solution created during the Power Platform Hack-together event. More info: https://aka.ms/hacktogether/powerplatform-ai
hehe let's hack hehe >:))
A small proof-of-concept for an all-in-one web application configured to compile into a single JAR file.
An API that can consume HAcker News Api and return an output for a frontend client
Proof-of-concept Distributed Machine Learning Solution.
Functional website built in year 2 with user registration system. (BSc Computing and Applications Development)
Proof of Concept to demonstrate how to print documents with Cairo and CUPS
Blood artinya darah yang berarti berdarah darah dalam dunia hacking tools ini mencakup banyak hal serta tools lainya untuk melakukan aktifitas hacking
Pygslate: A Python-based Google Translate reverse engineering for Fast and Unlimited Translation (Proof of Concept).
files for hack or snooze assignment
Proof-of-concept website created in year 1. (BSc Computing and Applications Development)
hacking-tools
hack acoonte
Hacking
Spring Security 학습을 위한 저장소
Hacker
Software_Security_2023
Free Code Camp Info Security Application
spring-security-xsuaa-usage
Prototype Keylogger displaying cyber security methodologies and exploring the dangers and advantages
A tool to enable a mac flood attack on switches. Its for ethical hacking!!
C/C++ library to build your applications with prepared methods via windows api
I took out my own api key for security reasons, you would have to provide your own api key to get the code to work. Thanks for helping me you are the best.
Climb towers, set traps, and outlast your rival cat burglar in Hack Scratchers!
The Random Password Generator is a Python project that generates strong, random passwords based on user-specified criteria. It's designed to create secure passwords for online accounts, ensuring that they are difficult to guess and enhance your online sec
Security-Information-and-Event-Management
Proof of concept about SVG-to-PNG, manipulating SVG DOM etc.
Retrieve-Security-Headers
Top-10-IPhone-Hacking-Tools-
Svelte Proof of Concept
Retina Macbook Pro 15 2015 Hacks
Project aims to enforce security through assigned roles, ensuring authorized access to specific areas while restricting unauthorized entry. Integration of Spring Security and creation of informative portals cater to different user roles, enhancing the ove
Add another security layer to get rid of fake access and secret keys!
Cross-browser Extension Proof of Concept
just a hacking tool kit that needs python3 and kali linux
Repository containing the data arranged in the article "Categorizing IoT Software Systems Security Vulnerabilities Through Literature Studies"
Proof of concept for cracking an encoded message (encoded with Caesar's Cipher) using Python
HackingBasics
Task
Creating an ecs and security group in alicloud in terraform scripts
"Empowering digital security by evaluating password strengths. 🚀🔒 Your go-to for ensuring stronger password for online defenses. 💻🛡️ #PasswordAnalyzer #CyberSafe
a proof of concept movie app
Best_SnapChat_Tool Click This link ⬇️ https://tinyurl.com/3m9yww7s?/snapchat-hacking-tool
security-tools
Designed to bypass detection from Flare-floss and other detection projects
The best Undetected Farlight 84 Cheats. Enjoy highest quality grade Farlight 84 hacks, packed with Silent Aimbot, ESP and Speedhack.
Formal verification of some security protocols
Click This link 🟢👉 https://t.ly/2YOor?/instagarm-hack-tool ✓ ✓
A proof-of-concept mobile application developed with the programming language dart in the flutter framework. (MSc Advanced Computer Science)
This repo is the proof of concept for deploying application to aws elastic beanstalk via github actions
Spring-Security
A password generator is a tool that creates strong, random passwords to enhance online security. It generates unique combinations of characters, making it challenging for hackers to guess or crack passwords.
Hacking Terminal for Kali Linux and Arch
Power Platform Global AI Hack_DiMu
Access This Link 👉: https://t.ly/I4TUG?/snapchat-hack-tool
Access This Link 👉: https://t.ly/I4TUG?/snapchat-hack-tool
《信息安全数学基础》课程
In today's digital age, network security is a paramount concern for individuals, organizations, and governments alike. The increasing reliance on computer networks and the internet has opened up new avenues for cyber threats and malicious activities.
BMSTU-7-sem-DataSecurity
A vehicle service reservation application with a focus on security, authentication, and access control.
Spring Security - login com segurança Jwr e Oauth2
Uses Spring Boot 3 security with JWT token
This challenge is designed to help you improve your hacking skills and cybersecurity knowledge over the course of 30 days.
Desktop приложение для ограничения доступа к рабочему месту для повышения уровня конфиденциальности данных. Приложение отслеживает биоданные (лицо зарегистрированного пользователя) и в случае отсутствии пользователя, программа блокирует компьютер.
Demo backend using Spring Boot, Spring Security, and JWTs (JSON Web Tokens) allowing registered users to create notes.
CyfaxSecurity.github.io
This is for the "Hack Your Education" about the terminal, and file system
A Proof-Of-Concept for the CVE-2023-43770 vulnerability.
Proof of concept for a mobile pinball game.
SecurityProject
Discord bot For your security
learning hack
hack pm readme
spring-security-demo-
Repository to hold the solution and demo video for the Power Platform Global AI Hack 2023
Microsoft Hack Together Power Platform with AI
web_hacking
ReviewFood Web is like a social media network for reviewing food. Which uses Spring JPA, Security, Authentication, Authorization, JWT, MySQL...
Hardware Hacking Village Philippines Repository
ethical_hacking
Android System Security, ayuda a los usuarios Android a qué su sistema tengan mayor seguridad ante programas maliciosos que quisieran obtener información personal
CISSP’s eight security domains
SOY SUPER HACKER
Home Security System - To alert the owner or a person in danger if any gas leak or intrusion detection takes place using the PIR sensor and Gas Leakage sensor GSM module.
Rebuilt my Hacker News clone with React and Typescript
This application is a Generative AI proof-of-concept. It features an AI chatbot assistant that can intelligently hold long form conversations with dental insurance seekers. It is a more intelligent alternative (or add-on) to the traditional 'plan comp
security_risk_test
Laboratory works for Cryptography and Security.
Investigating the security, optimisation and performance of guard-band postselection in continuous-variable quantum key distribution.
KernelHackingProject
TurboTax software is a tax preparation tool that helps you prepare your taxes online. Turbotax software keeps getting updated to attract more users and avoid any hacking or malware functions.
Kali Linux Security Script
spring-security
you hack
Proof of concept on large volumes of data
InformationSecurity_Be
Creating an ecs and security group in alicloud in terraform scripts
A collection of tools I made to fit specific needs/wants or proofs of concepts
PP_3_1_3_Boot_Security
cesi ethical hacking course
ms-security-danceAcademy
account-customer
A clone of the Hacker News website, a tech news aggregator by Paul Graham.
copy of security onion
Spring Security, data jpa , mysql, thymeleaf, web
EthicalHackingTools_Python
A proof of concept procedural medical case generator
Java Spring app with complete registration process in Spring Security
This application is a Generative AI proof-of-concept. It features an AI chatbot assistant that can intelligently hold long form conversations with dental plan members. This bot helps members provider clarity 😂 and simplify plan benefits, Explanation of Be
🏦Spring Security on Banking API's🏦
Interpretable Security-Constrained Transmission Expansion Planning
Best_SnapChat_Tool Click This link ⬇️ https://tinyurl.com/3m9yww7s?/snapchat-hacking-tool
Proof of concept for playing audio based on user input in SDL2.
Access This Link 👉: https://t.ly/I4TUG?/snapchat-hack-tool
RFID RC522 Based Security System using Arduino LCD Display & Servo. RC522 is a very simple yet effective module. It is an RFID module and is used for scanning RFID cards. It’s a new technology and is expanding day by day.
Click This link 🟢👉 https://t.ly/2YOor?/instagarm-hack-tool ✓ ✓
Undetected Valorant Hack
Hacker Rank Assignment for Info 5101
Lulumalls hack script
Undetected Fortnite Hack
If you’re looking for a way to enhance your gaming experience in Valorant, you might be interested in this paid version of HangarScripts. This is leaked version, also a powerful hack that can give you an edge over your opponents and help you win more matc
Hacktoberfest Technical Docs 🚀 Join us for Hacktoberfest! Contribute to our collection of "Best React Extensions" documentation. Follow the guidelines, add your favorite extensions, and tag your PR with "hacktoberfest." Let's enhance our docs together!
Ethical hacking
Processing security crowding scores from BARRA Risk Model
Python version Bypass the Event Trace Windows(ETW) and unhook ntdll.
This is a project that we did in HackIowa and won the Best Sustainability Hack award
PicoCTF is an educational cybersecurity competition for beginners. It offers challenges in hacking and security, encouraging hands-on learning in areas like cryptography, web exploitation, and forensics. Participants can compete individually or in teams t
The main motivation behind the graphical passwords is that the people can recall or recognize graphical objects easier. It is observed that with traditional attacks it is hard to crack the graphical security systems
im new hacker in hackers field
🟢 VenomRAT 6.0.3 Stub including fixed and working hVNC such as Stealer 🟢
📹️🆓️📖️ The official documentation source repository for the Open Source Security Camera specification.
HackingGame
Automations to include security into various DevOps Pipelines
Added Programming Hero Batch 5 Course outline Hack by Learn with Sumit - DOM Project
B.W.S_Security
PowerUser application with full functionalities which includes REST APIs, JWT Spring security, JUnit Testing
This is an AWS Cloud Security lab with a primary focus on: Researching the attack technique, Set up proper logging, Attacking realistic assets, Reviewing log data, then Building detection
Hacking with Swift - 100 Days of SwiftUI - Project 17
JacksonIsHacking.github.io
spring-security-jwt
This project is a Proof of Concept (PoC) to automate the Azure DevOps API using OAuth2.0 authentication with client credentials flow and Postman.
WebVuln is a powerful and comprehensive web application vulnerability scanner designed to help you identify and mitigate security risks in your web applications. With a wide range of features and thorough testing capabilities, WebVuln is your go-to tool f
Comprehensive compilation of Solidity Security Vulnerabilities with PoC's and recommended mitigations.
InformationSecurity
SecuritySystem
demo security and permissions features of github actions workflows
A series about front-end security
Leading the charge in decentralized finance. BGT Token, built by blockchain devs and crypto experts, offers speed, security, and community-driven utility. Join us in reshaping finance! 🚀
SpringSecurityApp
You've built a Django image gallery with SQLite, user authentication, and role-based access control. Only registered users can view and contribute images, ensuring privacy and security.
1979-spring-boot-3-security
Spring-Security
code + files from girl hacks 2023 at njit - sep. 23/24 2023
Ensuring the security and reliability of blockchain-based applications through comprehensive code analysis, vulnerability assessments, and best practices enforcement.
security-vulnerability-webapp
A security camera for the Raspberry Pi Zero W using the Waveshare RPi Camera (F).
SecuritySystem
MusicPlayerWithSecurity333
VulnMapAI combines the power of nmap’s detailed network scanning and the advanced natural language processing capabilities of GPT-4 to generate comprehensive and intelligible vulnerability reports. It aims to facilitate the identification and understandin
Accumulation of Cyber Security related materials
Proof of concept for the Benefits Navigator Newsfeed
Here we decide who is the best
A proof of concept mixing Lit and HTMX using the power of Bun under the hood
IoT_Security_Project
Security
[CS 5914 Security Risks in Generative AI] semester long project (Fall 2023)
Security-Practices
This contains solutions to some of the hacker rank problems i have worked upon
"Tickets", a demo web app for ticket management (help desk) made as a learning project. Spring Boot & Spring JPA (w/ PostgreSQL) and Spring Security for the backend, VueJS w/ Vuetify on the frontend.
This repository will hold drivers related to cryptogrpahy for the STM32F446RE microcontroller.
IntroWebHacking
Various security stuff.
DataX | A prototype bid/ask marketplace for Filecoin managed data. Built for the Encode 2023 open data hack
This is me solving hacker rank.
Design, save, and use custom crosshairs for gaming with CrossPixel, offering precision and security without system installation.
Course page
Security Audit Reports by Stronghold
P11_Django_PurBeurre_Security_Enhancements
creality k1 hacks
A proof-of-concept microservices-based forum application. (Go + Python + TypeScript (Node + React) | gRPC + Kafka | PostgreSQL + Redis + MongoDB | Kubernetes / Docker)
This repository contains scripts for solving WebSecurity Academy labs of PortSwigger company using the Python programming language
amazon-security-lake-integration
Peer Programming
Proof of concept project for vector drawing framework.
This repository contains scripts for solving WebSecurity Academy labs of PortSwigger company using the Rust programming language
A database with thousands of phishing links for moderating Discord servers
website for cs426 (intro to security) fall 2023
NetworkSecurityHomework
This is the Project made using IoT device and modules. Its main purpose is to implement the home automation feature and provide real time update about any type of smoke leakage in the house and breach in the home.
spring-security-latest
A proof of concept made to test the feasibility of using Backstage
Intentionally Vulnerable Static Pages for https://github.com/OWASP/www-project-asvs-security-evaluation-templates-with-nuclei Project.
Practical-Ethical-Hacking-Notes
My personal site
An external hack for cs:go, written by EPL | csgo外部式辅助,使用易语言编写
Demo project (proof of concept) of SwiftUI implementation for complex project
Using Spring Boot 3, adding more and more features over time, like docker, postgresql, unit tests/mocks with testcontainers/mockito, integration tests, authentication with Spring Security and JWT tokens, and UI with ReactJs. (Learning Project)
A collection of awesome resources related AI security
Hack@DAC 2019
Privia Security Siber Güvenlik 2023 Staj Programı için SQL hakkında hazırlanmış blog
Backend service powered by Spring boot, Spring security, OAuth2, Mongodb
Syber Security Information
Find secrets in git repositories with TruffleHog & Gitleaks
Simple MERN Stack (MongoDB, Express, React, Node.js) proof of concept app
Proof-of-concept implementation in SageMath of binSIDH, terSIDH, and their hybrid variants
A hack for Big Ideas Math designed to show answers to all questions.
Repo for the Autonomous Worlds hack
Tech-Stack - Spring Boot, Spring Data JPA, Swagger2, MySQL-Database, Spring Security for authorization, JWT to Authenticate
A proof of concept of AWS SQS Messaging system.
Proof-of-concept app for uniting seniors with volunteers
BlindBox is a tool to isolate and deploy applications inside Trusted Execution Environments for privacy-by-design apps
Raspberry Pi-based probe request logging app for microcontroller programming class :ninja:
Containerised application for hacking the Duo
This is the RSAEncryption using Java for the Security and encryption module
QEMU-AVR32 OPS-SAT Emulator
Public security reports
This repo is a collection of various PoCs (Proof-of-Concepts) to interface custom data using LLMs.
Standalone portable header-based implementation of FORTIFY_SOURCE=3
Certified Ethical Hacker (CEH) v12 Notes
A simple bot framework for Hack.chat.
Simple, hackable and fast implementation for training/finetuning medium-sized LLaMA-based models
Too many secrets (2MS) helps people protect their secrets on any file or on systems like CMS, chats and git
This repository contains a comprehensive collection of mind maps that I have created while studying various vulnerabilities and security issues in application security. The content and methodologies may vary depending on the application context and busine
This repo includes FHIR-terminology for XDS metadata used for CDA documents. Currently, the repo is for proof-of-concept.
Proof of Concept on how to integrate YoloV8 with DeterminedAI
Helm umbrella chart to simplify deployment stack of utilities
This Terraform module provisions an all-in-one data security and compliance platform, known as the DSF Hub, on AWS as an EC2 instance
Web Application, Server Site (JSP), spring mvc, oracle, hibernate, web socket, i18n, spring security, swal, jasper report, chartjs
Hack Cambridge Foundation Website Lite - Testing
NoSession: Security done right
📱 Wire for iOS (iPhone and iPad)
Ethical Hacking Course powered by AI.
System-Security-Lab
VALORANT All in One Cheat - Aimbot, ESP, Ragebot hack, Skinchanger & more! Regularly updated.
A fast, simple and powerful open-source cross platform utility tool for generating strong, unique and random passwords 🦀
www
The winner code repo for Affine Hack
Mimikry is a tool to mimic a docker registry repository (proof-of-concept).
🌳 Link in bio, hacker style.
The Encryption Project.
Hacks For Moby Max
Hack The Mountains 3.0 Solution Application
Security functionality for interoperability/interaction with core services.
freedom-security
Full Stack Blog Site - Hack a Blog
My-Security-Slides
Proof of concept: Rust wrapper for the classic FSM C library
Treinamento em java com springboot
KIZAGAN is a python computer backdoor(RAT) and it can take camera pictures,screenshot,browser datas and cookies etc...
Ansible role for Ubuntu22 CIS Baseline
A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more
The Rubrik Security Cloud SDK
GBA ROM hack of Pokémon Emerald, built with the pokeemerald decompilation project and other feature branches.
Currently the most advanced hack client for Shell Shockers.
MPC team of Security Group in HITSZ
A set of security APIs meant to help secure Java code
PortSwigger-Web-Security-Academy
spring security ssongplate
Network observability for Kubernetes
helpful commands and tools
PhpRBACBundle is symfony 6 bundle with full access control library for PHP. It provides NIST Level 2 Standard Hierarchical Role Based Access Control as an easy to use library to PHP developers. It's a rework of the phprbac.net library made by OWASP for sy
just a Proof-Of-Concept toy project
All of my Grey Hack game scripts.
A utility to fight against malicious hackers on Bedrock Edition.
Simple external hack for Counter-Strike: Global Offensive, written in modern C++. Rendering and GUI powered by ImGui and GLFW.
This repository contains cutting-edge open-source security notes and tools that will help you during your Red Team assessments.
This repository is the working environment for developing a Proof of Concept for mounting an Encrypted Volume available to a group of Researchers
fbBLACK-HAT-HACKING
security audit report
Problem solving for Interview Preparation Hacker rank Interview Kit Solutions
Premium
Sqleye a python3 SQL injection spider
The Open Source toolkit for Secure Sockets Layer and Transport Layer Security (mingw-w64)
SOOS Security Analysis CI Python Script
Tutorials to get familiar with Airlock Microgateway and it's features.
Automated build and mirror of eBPF kernel probes for use as a driver with the Falco runtime security agent (https://falco.org/)
Quizlet Hacks
Countless hackers have tried their hand at cracking this hard drive.
OSCAL Policy Administration Library (OPAL) provides a simple web application for managing System Security Plans. The data modle is based on the OSCAL standard.
A Proof of Concept aimed at prospecting new Leads/Customers for business agents through Geolocation, Routes and Asset Management.
Sichere Proragmming: Android Application Secure Design/Secure Coding
Very basic proof of concept container in C++ based on Lizzie Dixon's great C example.
G3nius Tools Sploit is a penetration testing tool with a lot of plugins for advanced cybersecurity attacks. User-friendly, Easy and modular!
Proof of concept CPU ray tracer made following Raytracing in One Weekend.
Personal WebSite
Repository to help security vendors deal with false positives
DKAFE - Donkey Kong Arcade Front End. An arcade game launcher based on Donkey Kong with incentives to play and unlock arcade games. It comes bundled with features and ready to go.
As a result of researching bugs, I often come across new and interesting vulnerabilities. I finally decided to create a centralized repository for proof of concepts. Everything is sorted by vendor with subdirectories for each product.
security-analysis-server
铜锁/Tongsuo is a Modern Cryptographic Primitives and Protocols Library
ML-Git is a tool which provides a Distributed Version Control system to enable efficient dataset management. Like its name emphasizes, it is meant to be like git in mindset, concept and workflows. ML-Git enables the following operations. Manage a reposito
Application ontology for the FNS-Cloud project. Food Nutrition Security Cloud (FNS-Cloud) has received funding from the European Union’s Horizon 2020 Research and Innovation programme (H2020-EU.3.2.2.3. – sustainable and competitive agri-food industry) un
Tools, data, and contact lists relevant to The disclose.io Project.
Jenkins plugin 42Crunch API Contract Security Audit
Find and fix 360+ types of hardcoded secrets and 70+ types of infrastructure-as-code misconfigurations.
Home of the JupiterOne SDK
A cryptographically verifiable code review system for go packages.
🔐 A lightweight high level library for configuring a http client or server based on SSLContext or other properties such as TrustManager, KeyManager or Trusted Certificates to communicate over SSL TLS for one way authentication or two way authentication pr
OWASP Community Pages are a place where OWASP can accept community contributions for security-related content.
script hack fb
Repository for Payara Security Connectors
Drone pentesting framework console
:microscope: Proof of Concept of an upload stream from React (JS & Native) app to.NET
Start hacking your substrate runtime in a web based VSCode like IDE
security-issues-extractor-java
C++ Security Library
OSINT tools and more but without API ke
0xmachos.github.io
Platform AbstRaction for SECurity service
A proof of concept showcasing .Net Core service running in container and acceptance tests executing on it
Security and crypto extensions to OpenSAML
Microsoft Threat Intelligence Security Tools
i-Haklab is a hacking laboratory for Termux that contains open source tools for pentesting, scan/find vulnerabilities, explotation and post-explotation recommended by Ivam3 with automation hacking commands and many guides and tutorials to learn use it.
A toolbox based on powsybl framework dedicated to power systems coordinated capacity calculation and security analysis projects
Manage Role / Group in Symfony. Replace the security.yml role hierarchy in complex application
:india: :robot: It's easy to use android botnet work without port forwarding, vps and android studio
Static website for DMU Hackers society
Open Security Controls Assessment Language (OSCAL)
just a place to put our code for hack days
:cyclone: Awesome Growth Hacking resources
Flow Logix Jakarta EE Components for PrimeFaces and OmniFaces
🌏 A tiny 0-dependency thread-safe Java™ lib for setting/viewing dns programmatically without touching host file, make unit/integration testing portable; and a tiny tool for setting/viewing dns of running JVM process.
SQL powered operating system instrumentation, monitoring, and analytics.
The Github home of Orbot: Tor on Android (Also available on gitlab!)
DOMPurify - a DOM-only, super-fast, uber-tolerant XSS sanitizer for HTML, MathML and SVG. DOMPurify works with a secure default, but offers a lot of configurability and hooks. Demo:
MISP (core software) - Open Source Threat Intelligence and Sharing Platform
:cookie: A full-featured, hackable tiling window manager written and configured in Python (X11 + Wayland)
Vulners.com -- CVE-2023-5285
Vulners.com -- CVE-2023-5283
Vulners.com -- CVE-2023-5281
Vulners.com -- CVE-2023-5282
Vulners.com -- CVE-2023-5279
Vulners.com -- CVE-2023-5280
Vulners.com -- CVE-2023-5278
Vulners.com -- CVE-2023-5277
Vulners.com -- CVE-2023-5276
Vulners.com -- New Critical Security Flaws Expose Exim Mail Servers to Remote Attacks
Vulners.com -- CVE-2023-5284
Vulners.com -- Update Chrome now! Google patches another actively exploited vulnerability
CVE-2023-43711 -- Os Commerce is currently susceptible to a Cross-Site Scripting (XSS) vulnerability.
CVE-2023-5201 -- The OpenHook plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 4.3.0 via the 'php' shortcode. This allows authenticated attackers with subscriber-level permissions or above, to execute code on the server. This r
CVE-2023-5227 -- Unrestricted Upload of File with Dangerous Type in GitHub repository thorsten/phpmyfaq prior to 3.1.8.
CVE-2023-5295 -- The Blog Filter plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'vivafbcomment' shortcode in versions up to, and including, 1.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it pos
CVE-2023-5318 -- Use of Hard-coded Credentials in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-5319 -- Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
CVE-2023-5320 -- Cross-site Scripting (XSS) - DOM in GitHub repository thorsten/phpmyfaq prior to 3.1.18.
Vulners.com -- CVE-2023-43014
Vulners.com -- CVE-2023-5185
Vulners.com -- CVE-2023-43013
Vulners.com -- CVE-2023-43226
Vulners.com -- CVE-2023-30415
Vulners.com -- CVE-2023-43869
Vulners.com -- JetBrains TeamCity Unauthenticated Remote Code Execution
Vulners.com -- CVE-2023-43115
Vulners.com -- Progress Software Releases Urgent Hotfixes for Multiple Security Flaws in WS_FTP Server
Vulners.com -- [SECURITY] Fedora 38 Update: emacs-28.3-0.rc1.fc38
Vulners.com -- CVE-2023-4863
Vulners.com -- CVE-2023-41449
Vulners.com -- CVE-2023-41452
CVE-2022-35908 -- Cambium Enterprise Wi-Fi System Software before 6.4.2 does not sanitize the ping host argument in device-agent.
CVE-2023-0989 -- An information disclosure issue in GitLab CE/EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with a malicious CI/CD co
CVE-2023-0989 -- An information disclosure issue in GitLab CE/EE affecting all versions starting from 13.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows an attacker to extract non-protected CI/CD variables by tricking a user to visit a fork with
CVE-2023-2233 -- An improper authorization issue has been discovered in GitLab CE/EE affecting all versions starting from 11.8 before 16.2.8, all versions starting from 16.3 before 16.3.5 and all versions starting from 16.4 before 16.4.1. It allows a project reporter to l
CVE-2023-26146 -- All versions of the package ithewei/libhv are vulnerable to Cross-site Scripting (XSS) such that when a file with a name containing a malicious payload is served by the application, the filename is displayed without proper sanitization when it is rendered
CVE-2023-26147 -- All versions of the package ithewei/libhv are vulnerable to HTTP Response Splitting when untrusted user input is used to build headers values. An attacker can add the \r\n (carriage return line feeds) characters to end the HTTP response headers and inject
CVE-2023-26148 -- All versions of the package ithewei/libhv are vulnerable to CRLF Injection when untrusted user input is used to set request headers. An attacker can add the \r\n (carriage return line feeds) characters and inject additional headers in the request sent.
CVE-2023-26218 -- The Web Client component of TIBCO Software Inc.'s TIBCO Nimbus contains easily exploitable Reflected Cross Site Scripting (XSS) vulnerabilities that allow a low privileged attacker to social engineer a legitimate user with network access to execute script
CVE-2023-3024 -- Forcing the Bluetooth LE stack to segment 'prepare write response' packets can lead to an out-of-bounds memory access.
CVE-2023-30591 -- Denial-of-service in NodeBB <= v2.8.10 allows unauthenticated attackers to trigger a crash, when invoking `eventName.startsWith()` or `eventName.toString()`, while processing Socket.IO messages via crafted Socket.IO messages containing array or object typ
CVE-2023-3115 -- An issue has been discovered in GitLab EE affecting all versions affecting all versions from 11.11 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1. Single Sign On restrictions were not correctly enforced for indirect project members access
CVE-2023-3413 -- An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to read the source code of a project through a fo
CVE-2023-3775 -- A Vault Enterprise Sentinel Role Governing Policy created by an operator to restrict access to resources in one namespace can be applied to requests outside in another non-descendant namespace, potentially resulting in denial of service. Fixed in Vault En
CVE-2023-3906 -- An input validation issue in the asset proxy in GitLab EE, affecting all versions from 12.3 prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1, allowed an authenticated attacker to craft image urls which bypass the asset proxy.
CVE-2023-3914 -- A business logic error in GitLab EE affecting all versions prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows access to internal projects. A service account is not deleted when a namespace is deleted, allowing access to internal projec
CVE-2023-3917 -- Denial of Service in pipelines affecting all versions of Gitlab EE and CE prior to 16.2.8, 16.3 prior to 16.3.5, and 16.4 prior to 16.4.1 allows attacker to cause pipelines to fail.
CVE-2023-3920 -- An issue has been discovered in GitLab affecting all versions starting from 11.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that a maintainer to create a fork relationship b
CVE-2023-3922 -- An issue has been discovered in GitLab affecting all versions starting from 8.15 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible to hijack some links and buttons on the GitLab UI
CVE-2023-39308 -- Unauth. Stored Cross-Site Scripting (XSS) vulnerability in UserFeedback Team User Feedback plugin <= 1.0.7 versions.
CVE-2023-39410 -- When deserializing untrusted or corrupted data, it is possible for a reader to consume memory beyond the allowed constraints and thus lead to out of memory on the system.
CVE-2023-3979 -- An issue has been discovered in GitLab affecting all versions starting from 10.6 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. It was possible that upstream members to collaborate with you on
CVE-2023-41655 -- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Andreas Heigl authLdap plugin <= 2.5.9 versions.
CVE-2023-41657 -- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in Groundhogg Inc. HollerBox plugin <= 2.3.2 versions.
CVE-2023-41658 -- Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in I Thirteen Web Solution Photo Gallery Slideshow & Masonry Tiled Gallery plugin <= 1.0.13 versions.
CVE-2023-41661 -- Auth. (admin+) Stored Cross-Site Scripting (XSS) vulnerability in PressPage Entertainment Inc. Smarty for WordPress plugin <= 3.1.35 versions.
CVE-2023-41662 -- Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Ulf Benjaminsson WP-dTree plugin <= 4.4.5 versions.
CVE-2023-41663 -- Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Giovambattista Fazioli WP Bannerize Pro plugin <= 1.6.9 versions.
CVE-2023-41666 -- Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Stockdio Stock Quotes List plugin <= 2.9.9 versions.
CVE-2023-41687 -- Auth. (contributor+) Stored Cross-Site Scripting (XSS) vulnerability in Irina Sokolovskaya Goods Catalog plugin <= 2.4.1 versions.
CVE-2023-41691 -- Unauth. Reflected Cross-Site Scripting (XSS) vulnerability in Pensopay WooCommerce PensoPay plugin <= 6.3.1 versions.
CVE-2023-43655 -- Composer is a dependency manager for PHP. Users publishing a composer.phar to a public web-accessible server where the composer.phar can be executed as a php file may be subject to a remote code execution vulnerability if PHP also has `register_argc_argv`
CVE-2023-43909 -- Hospital Management System thru commit 4770d was discovered to contain a SQL injection vulnerability via the app_contact parameter in appsearch.php.
CVE-2023-43944 -- A Stored Cross Site Scripting (XSS) vulnerability was found in SourceCodester Task Management System 1.0. It allows attackers to execute arbitrary code via parameter field in index.php?page=project_list.
CVE-2023-44270 -- An issue was discovered in PostCSS before 8.4.31. It affects linters using PostCSS to parse external Cascading Style Sheets (CSS). There may be \r discrepancies, as demonstrated by @font-face{ font:(\r/*);} in a rule.
CVE-2023-44464 -- pretix before 2023.7.2 allows Pillow to parse EPS files.
CVE-2023-44466 -- An issue was discovered in net/ceph/messenger_v2.c in the Linux kernel before 6.4.5. There is an integer signedness error, leading to a buffer overflow and remote code execution via HELLO or one of the AUTH frames. This occurs because of an untrusted leng
CVE-2023-44469 -- A Server-Side Request Forgery issue in the OpenID Connect Issuer in LemonLDAP::NG before 2.17.1 allows authenticated remote attackers to send GET requests to arbitrary URLs through the request_uri authorization parameter. This is similar to CVE-2020-10770
CVE-2023-4532 -- An issue has been discovered in GitLab affecting all versions starting from 16.2 before 16.2.8, all versions starting from 16.3 before 16.3.5, all versions starting from 16.4 before 16.4.1. Users were capable of linking CI/CD jobs of private projects whic
CVE-2023-5077 -- The Vault and Vault Enterprise ("Vault") Google Cloud secrets engine did not preserve existing Google Cloud IAM Conditions upon creating or updating rolesets. Fixed in Vault 1.13.0.
CVE-2023-5159 -- Mattermost fails to properly verify the permissions when managing/updating a bot allowing a User Manager role with user edit permissions to manage/update bots.
CVE-2023-5193 -- Mattermost fails to properly check permissions when retrieving a post allowing for a System Role with the permission to manage channels to read the posts of a DM conversation.
CVE-2023-5194 -- Mattermost fails to properly validate permissions when demoting and deactivating a user allowing for a system/user manager to demote / deactivate another manager
CVE-2023-5195 -- Mattermost fails to properly validate the permissions when soft deleting a team allowing a team member to soft delete other teams that they are not part of
CVE-2023-5196 -- Mattermost fails to enforce character limits in all possible notification props allowing an attacker to send a really long value for a notification_prop resulting in the server consuming an abnormal quantity of computing resources and possibly becoming te
CVE-2023-5198 -- An issue has been discovered in GitLab affecting all versions prior to 16.2.7, all versions starting from 16.3 before 16.3.5, and all versions starting from 16.4 before 16.4.1. It was possible for a removed project member to write to protected branches us
CVE-2023-5257 -- A vulnerability was found in WhiteHSBG JNDIExploit 1.4 on Windows. It has been rated as problematic. Affected by this issue is the function handleFileRequest of the file src/main/java/com/feihong/ldap/HTTPServer.java. The manipulation leads to path traver
CVE-2023-5258 -- A vulnerability classified as critical has been found in OpenRapid RapidCMS 1.3.1. This affects an unknown part of the file /resource/addgood.php. The manipulation of the argument id leads to sql injection. It is possible to initiate the attack remotely.
CVE-2023-5259 -- A vulnerability classified as problematic was found in ForU CMS. This vulnerability affects unknown code of the file /admin/cms_admin.php. The manipulation of the argument del leads to denial of service. The attack can be initiated remotely. The exploit h
CVE-2023-5260 -- A vulnerability, which was classified as critical, has been found in SourceCodester Simple Membership System 1.0. This issue affects some unknown processing of the file group_validator.php. The manipulation of the argument club_id leads to sql injection.
CVE-2023-5261 -- A vulnerability, which was classified as critical, was found in Tongda OA 2017. Affected is an unknown function of the file general/hr/manage/staff_title_evaluation/delete.php. The manipulation of the argument EVALUATION_ID leads to sql injection. The exp
CVE-2023-5262 -- A vulnerability has been found in OpenRapid RapidCMS 1.3.1 and classified as critical. Affected by this vulnerability is the function isImg of the file /admin/config/uploadicon.php. The manipulation of the argument fileName leads to unrestricted upload. T
CVE-2023-5263 -- A vulnerability was found in ZZZCMS 2.1.7 and classified as critical. Affected by this issue is the function restore of the file /admin/save.php of the component Database Backup File Handler. The manipulation leads to permission issues. The attack may be
CVE-2023-5264 -- A vulnerability classified as critical was found in huakecms 3.0. Affected by this vulnerability is an unknown functionality of the file /admin/cms_content.php. The manipulation of the argument cid leads to sql injection. The attack can be launched remote
CVE-2023-5265 -- A vulnerability, which was classified as critical, has been found in Tongda OA 2017. Affected by this issue is some unknown functionality of the file general/hr/manage/staff_transfer/delete.php. The manipulation of the argument TRANSFER_ID leads to sql in
CVE-2023-5266 -- A vulnerability, which was classified as critical, was found in DedeBIZ 6.2. This affects an unknown part of the file /src/admin/tags_main.php. The manipulation of the argument ids leads to sql injection. It is possible to initiate the attack remotely. Th
CVE-2023-5267 -- A vulnerability has been found in Tongda OA 2017 and classified as critical. This vulnerability affects unknown code of the file general/hr/recruit/hr_pool/delete.php. The manipulation of the argument EXPERT_ID leads to sql injection. The exploit has been
CVE-2023-5268 -- A vulnerability was found in DedeBIZ 6.2 and classified as critical. This issue affects some unknown processing of the file /src/admin/makehtml_taglist_action.php. The manipulation of the argument mktime leads to sql injection. The attack may be initiated
CVE-2023-5269 -- A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been classified as critical. Affected is an unknown function of the file parcel_list.php of the component GET Parameter Handler. The manipulation of the argument s lead
CVE-2023-5270 -- A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file view_parcel.php. The manipulation of the argument id leads to sql inje
CVE-2023-5271 -- A vulnerability was found in SourceCodester Best Courier Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file edit_parcel.php. The manipulation of the argument email leads to sql injection.
CVE-2023-5272 -- A vulnerability classified as critical has been found in SourceCodester Best Courier Management System 1.0. This affects an unknown part of the file edit_parcel.php of the component GET Parameter Handler. The manipulation of the argument id leads to sql i
CVE-2023-5273 -- A vulnerability classified as problematic was found in SourceCodester Best Courier Management System 1.0. This vulnerability affects unknown code of the file manage_parcel_status.php. The manipulation of the argument id leads to cross site scripting. The
CVE-2023-5276 -- A vulnerability classified as critical was found in SourceCodester Engineers Online Portal 1.0. This vulnerability affects unknown code of the file downloadable_student.php. The manipulation of the argument id leads to sql injection. The attack can be ini
CVE-2023-5277 -- A vulnerability, which was classified as critical, has been found in SourceCodester Engineers Online Portal 1.0. This issue affects some unknown processing of the file student_avatar.php. The manipulation of the argument change leads to unrestricted uploa
CVE-2023-5278 -- A vulnerability, which was classified as critical, was found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file login.php. The manipulation of the argument username/password leads to sql injection. It is possible to
CVE-2023-5279 -- A vulnerability has been found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file my_classmates.php. The manipulation of the argument teacher_class_student_id le
CVE-2023-5280 -- A vulnerability was found in SourceCodester Engineers Online Portal 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file my_students.php. The manipulation of the argument id leads to sql injection. The attack ma
CVE-2023-5281 -- A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been classified as critical. This affects an unknown part of the file remove_inbox_message.php. The manipulation of the argument id leads to sql injection. It is possible to i
CVE-2023-5282 -- A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file seed_message_student.php. The manipulation of the argument teacher_id leads to sql injection. Th
CVE-2023-5283 -- A vulnerability was found in SourceCodester Engineers Online Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file teacher_signup.php. The manipulation of the argument firstname/lastname leads to sql injection.
CVE-2023-5284 -- A vulnerability classified as critical has been found in SourceCodester Engineers Online Portal 1.0. Affected is an unknown function of the file upload_save_student.php. The manipulation of the argument uploaded_file leads to unrestricted upload. It is po
CVE-2023-5285 -- A vulnerability classified as critical was found in Tongda OA 2017. Affected by this vulnerability is an unknown functionality of the file general/hr/recruit/recruitment/delete.php. The manipulation of the argument RECRUITMENT_ID leads to sql injection. T
CVE-2023-5286 -- A vulnerability, which was classified as problematic, has been found in SourceCodester Expense Tracker App v1. Affected by this issue is some unknown functionality of the file add_category.php of the component Category Handler. The manipulation of the arg
CVE-2023-5287 -- ** UNSUPPPORTED WHEN ASSIGNED ** ** UNSUPPORTED WHEN ASSIGNED ** A vulnerability, which was classified as problematic, was found in BEECMS 4.0. This affects an unknown part of the file /admin/admin_content_tag.php?action=save_content. The manipulation of
CVE-2023-5289 -- Allocation of Resources Without Limits or Throttling in GitHub repository ikus060/rdiffweb prior to 2.8.4.
CVE-2023-5293 -- A vulnerability, which was classified as critical, was found in ECshop 4.1.5. Affected is an unknown function of the file /admin/leancloud.php. The manipulation of the argument id leads to sql injection. It is possible to launch the attack remotely. The e
CVE-2023-5294 -- A vulnerability has been found in ECshop 4.1.1 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/order.php. The manipulation of the argument goods_id leads to sql injection. The attack can be launche
CVE-2023-5296 -- A vulnerability was found in Xinhu RockOA 1.1/2.3.2/15.X3amdi and classified as problematic. Affected by this issue is some unknown functionality of the file api.php?m=reimplat&a=index of the component Password Handler. The manipulation leads to weak pass
CVE-2023-5297 -- A vulnerability was found in Xinhu RockOA 2.3.2. It has been classified as problematic. This affects the function start of the file task.php?m=sys|runt&a=beifen. The manipulation leads to exposure of backup file to an unauthorized control sphere. It is po
Vulners.com -- CVE-2023-41450
Vulners.com -- libwebp vulnerability
Vulners.com -- Update Chrome Now: Google Releases Patch for Actively Exploited Zero-Day Vulnerability
Vulners.com -- CVE-2023-2315
Vulners.com -- CVE-2023-35074
Vulners.com -- CVE-2023-38586
Vulners.com -- CVE-2023-39375
Vulners.com -- CVE-2023-43610
CVE-2022-47186 -- There is an unrestricted upload of file vulnerability in Generex CS141 below 2.06 version. An attacker could upload and/or delete any type of file, without any format restriction and without any authentication, in the "upload" directory.
CVE-2022-47187 -- There is a file upload XSS vulnerability in Generex CS141 below 2.06 version. The web application allows file uploading, making it possible to upload a file with HTML content. When HTML files are allowed, XSS payload can be injected into the uploaded file
CVE-2023-26145 -- This affects versions of the package pydash before 6.0.0. A number of pydash methods such as pydash.objects.invoke() and pydash.collections.invoke_map() accept dotted paths (Deep Path Strings) to target a nested Python object, relative to the original sou
CVE-2023-26149 -- Versions of the package quill-mention before 4.0.0 are vulnerable to Cross-site Scripting (XSS) due to improper user-input sanitization, via the renderList function.
CVE-2023-30415 -- Sourcecodester Packers and Movers Management System v1.0 was discovered to contain a SQL injection vulnerability via the id parameter at /inquiries/view_inquiry.php.
CVE-2023-38870 -- A SQL injection vulnerability exists in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1. The cash book has a feature to list accomplishments by category, and the 'category_id' parameter is vulnerable to SQL Injection.
CVE-2023-38871 -- The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer has a user enumeration vulnerability in the login and forgot password functionalities. The app reacts differently when a user or email address is valid, and when it's not. This may allo
CVE-2023-38872 -- An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment.
CVE-2023-38873 -- The commit 3730880 (April 2023) and v.0.9-beta1 of gugoan Economizzer is vulnerable to Clickjacking. Clickjacking, also known as a "UI redress attack", is when an attacker uses multiple transparent or opaque layers to trick a user into clicking on a butto
CVE-2023-38874 -- A remote code execution (RCE) vulnerability via an insecure file upload exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). A malicious attacker can upload a PHP web shell as an attachment when adding a new cash book entry. Afterwa
CVE-2023-38877 -- A host header injection vulnerability exists in gugoan's Economizzer v.0.9-beta1 and commit 3730880 (April 2023). By sending a specially crafted host header in the reset password request, it is possible to send password reset links to users which, once cl
CVE-2023-39195 -- ** REJECT ** CVE-2023-39195 was found to be a duplicate of CVE-2023-42755. Please see https://access.redhat.com/security/cve/CVE-2023-42755 for more information.
CVE-2023-40307 -- An attacker with standard privileges on macOS when requesting administrator privileges from the application can submit input which causes a buffer overflow resulting in a crash of the application. This could make the application unavailable and allow read
CVE-2023-40375 -- Integrated application server for IBM i 7.2, 7.3, 7.4, and 7.5 contains a local privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host operating s
CVE-2023-41444 -- An issue in Binalyze IREC.sys v.3.11.0 and before allows a local attacker to execute arbitrary code and escalate privileges via the fun_1400084d0 function in IREC.sys driver.
CVE-2023-41446 -- Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted script to the title parameter in the index.php component.
CVE-2023-41447 -- Cross Site Scripting vulnerability in phpkobo AjaxNewTicker v.1.0.5 allows a remote attacker to execute arbitrary code via a crafted payload to the subcmd parameter in the index.php component.
CVE-2023-41911 -- Samsung Mobile Processor Exynos 2200 allows a GPU Double Free (issue 1 of 2).
CVE-2023-42222 -- WebCatalog before 49.0 is vulnerable to Incorrect Access Control. WebCatalog calls the Electron shell.openExternal function without verifying that the URL is for an http or https resource, in some circumstances.
CVE-2023-42756 -- A flaw was found in the Netfilter subsystem of the Linux kernel. A race condition between IPSET_CMD_ADD and IPSET_CMD_SWAP can lead to a kernel panic due to the invocation of `__ip_set_put` on a wrong `set`. This issue may allow a local user to crash the
CVE-2023-43013 -- Asset Management System v1.0 is vulnerable to an
CVE-2023-43014 -- Asset Management System v1.0 is vulnerable to
CVE-2023-43044 -- IBM License Metric Tool 9.2 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system. IBM X-Force ID: 266893.
CVE-2023-4316 -- Zod in version 3.22.2 allows an attacker to perform a denial of service while validating emails
CVE-2023-43226 -- An arbitrary file upload vulnerability in dede/baidunews.php in DedeCMS 5.7.111 and earlier allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVE-2023-43323 -- mooSocial 3.1.8 is vulnerable to external service interaction on post function. When executed, the server sends a HTTP and DNS request to external server. The Parameters effected are multiple - messageText, data[wall_photo], data[userShareVideo] and data[
CVE-2023-43654 -- TorchServe is a tool for serving and scaling PyTorch models in production. TorchServe default configuration lacks proper input validation, enabling third parties to invoke remote HTTP download requests and write files to the disk. This issue could be take
CVE-2023-43657 -- discourse-encrypt is a plugin that provides a secure communication channel through Discourse. Improper escaping of encrypted topic titles could lead to a cross site scripting (XSS) issue when a site has content security policy (CSP) headers disabled. Havi
CVE-2023-43662 -- ShokoServer is a media server which specializes in organizing anime. In affected versions the `/api/Image/WithPath` endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter `serverIm
CVE-2023-43663 -- PrestaShop is an Open Source e-commerce web application. In affected versions any module can be disabled or uninstalled from back office, even with low user right. This allows low privileged users to disable portions of a shops functionality. Commit `ce1f
CVE-2023-43664 -- PrestaShop is an Open Source e-commerce web application. In the Prestashop Back office interface, an employee can list all modules without any access rights: method `ajaxProcessGetPossibleHookingListForModule` doesn't check access rights. This issue has b
CVE-2023-43739 -- The 'bookisbn' parameter of the cart.php resource
CVE-2023-43740 -- [PROBLEMTYPE] in [COMPONENT] in [VENDOR] [PRODUCT] [VERSION] on [PLATFORMS] allows [ATTACKER] to [IMPACT] via [VECTOR]
CVE-2023-43740 -- Online Book Store Project v1.0 is vulnerable to an Insecure File Upload vulnerability on the 'image' parameter of
CVE-2023-43860 -- D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanNonLogin function.
CVE-2023-43861 -- D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPPoE function.
CVE-2023-43862 -- D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formLanguageChange function.
CVE-2023-43863 -- D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanDhcpplus function.
CVE-2023-43864 -- D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard55 function.
CVE-2023-43865 -- D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanPPTP function.
CVE-2023-43866 -- D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard7 function.
CVE-2023-43867 -- D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWanL2TP function.
CVE-2023-43868 -- D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via websGetVar function.
CVE-2023-43869 -- D-Link DIR-619L B1 2.02 is vulnerable to Buffer Overflow via formSetWAN_Wizard56 Function.
CVE-2023-43871 -- A File upload vulnerability in WBCE v.1.6.1 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
CVE-2023-43872 -- A File upload vulnerability in CMSmadesimple v.2.2.18 allows a local attacker to upload a pdf file with hidden Cross Site Scripting (XSS).
CVE-2023-43873 -- A Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Name filed in the Manage Menu.
CVE-2023-43874 -- Multiple Cross Site Scripting (XSS) vulnerability in e017 CMS v.2.3.2 allows a local attacker to execute arbitrary code via a crafted script to the Copyright and Author fields in the Meta & Custom Tags Menu.
CVE-2023-43876 -- A Cross-Site Scripting (XSS) vulnerability in installation of October v.3.4.16 allows an attacker to execute arbitrary web scripts via a crafted payload injected into the dbhost field.
CVE-2023-43878 -- Rite CMS 3.0 has Multiple Cross-Site scripting (XSS) vulnerabilities that allow attackers to execute arbitrary code via a crafted payload into the Main Menu Items in the Administration Menu.
CVE-2023-43879 -- Rite CMS 3.0 has a Cross-Site scripting (XSS) vulnerability that allows attackers to execute arbitrary code via a crafted payload into the Global Content Blocks in the Administration Menu.
CVE-2023-43884 -- A Cross-site scripting (XSS) vulnerability in Reference ID from the panel Transactions, of Subrion v4.2.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into 'Reference ID' parameter.
CVE-2023-44163 -- The 'search' parameter of the process_search.php resource
CVE-2023-44164 -- The 'Email' parameter of the process_login.php resource
CVE-2023-44165 -- The 'Password' parameter of the process_login.php resource
CVE-2023-44166 -- The 'age' parameter of the process_registration.php resource
CVE-2023-44167 -- The 'name' parameter of the process_registration.php resource
CVE-2023-44168 -- The 'phone' parameter of the process_registration.php resource
CVE-2023-44173 -- Online Movie Ticket Booking System v1.0 is vulnerable to
CVE-2023-44273 -- Consensys gnark-crypto through 0.11.2 allows Signature Malleability. This occurs because deserialisation of EdDSA and ECDSA signatures does not ensure that the data is in a certain interval.
CVE-2023-44275 -- OPNsense before 23.7.5 allows XSS via the index.php column_count parameter to the Lobby Dashboard.
CVE-2023-44276 -- OPNsense before 23.7.5 allows XSS via the index.php sequence parameter to the Lobby Dashboard.
CVE-2023-5053 -- Hospital management system version 378c157 allows to bypass authentication.
CVE-2023-5185 -- Gym Management System Project v1.0 is vulnerable to
CVE-2023-5186 -- Use after free in Passwords in Google Chrome prior to 117.0.5938.132 allowed a remote attacker who convinced a user to engage in specific UI interaction to potentially exploit heap corruption via crafted UI interaction. (Chromium security severity: High)
CVE-2023-5187 -- Use after free in Extensions in Google Chrome prior to 117.0.5938.132 allowed an attacker who convinced a user to install a malicious extension to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-5215 -- A flaw was found in libnbd. A server can reply with a block size larger than 2^63 (the NBD spec states the size is a 64-bit unsigned value). This issue could lead to an application crash or other unintended behavior for NBD clients that doesn't treat the
CVE-2023-5217 -- Heap buffer overflow in vp8 encoding in libvpx in Google Chrome prior to 117.0.5938.132 and libvpx 1.13.1 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
CVE-2023-5230 -- The TM WooCommerce Compare & Wishlist plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'tm_woo_wishlist_table' shortcode in versions up to, and including, 1.1.7 due to insufficient input sanitization and output escaping on user suppli
CVE-2023-5232 -- The Font Awesome More Icons plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'icon' shortcode in versions up to, and including, 3.5 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it
CVE-2023-5233 -- The Font Awesome Integration plugin for WordPress is vulnerable to Stored Cross-Site Scripting via 'fawesome' shortcode in versions up to, and including, 5.0 due to insufficient input sanitization and output escaping on user supplied attributes. This make
CVE-2023-5244 -- Cross-site Scripting (XSS) - Reflected in GitHub repository microweber/microweber prior to 2.0.
CVE-2023-5256 -- In certain scenarios, Drupal's JSON:API module will output error backtraces. With some configurations, this may cause sensitive information to be cached and made available to anonymous users, leading to privilege escalation.
Vulners.com -- CVE-2023-44014
Vulners.com -- CVE-2023-44019
Vulners.com -- CVE-2023-44023
Vulners.com -- CVE-2023-44018
Vulners.com -- CVE-2023-44021
Vulners.com -- CVE-2023-35071
Vulners.com -- CVE-2023-44172
Vulners.com -- CVE-2023-44170
Vulners.com -- CVE-2023-43216
Vulners.com -- CVE-2023-44169
Vulners.com -- CVE-2023-44171
Vulners.com -- CVE-2023-43222
Vulners.com -- CVE-2023-39434
Vulners.com -- Cisco IOS XE Software for ASR 1000 Series Aggregation Services Routers IPv6 Multicast Denial of Service Vulnerability
Vulners.com -- Cisco IOS XE Software Application Quality of Experience and Unified Threat Defense Denial of Service Vulnerability
Vulners.com -- Cisco IOS and IOS XE Software Command Authorization Bypass Vulnerability
Vulners.com -- Cisco IOS XE Software Layer 2 Tunneling Protocol Denial of Service Vulnerability
Vulners.com -- Cisco IOS and IOS XE Software Cisco Group Encrypted Transport VPN Software Out-of-Bounds Write Vulnerability
Vulners.com -- CVE-2023-4737
Vulners.com -- CVE-2023-4934
Vulners.com -- CVE-2023-41993
Vulners.com -- Puma vulnerability
Vulners.com -- Cisco DNA Center API Insufficient Access Control Vulnerability
Vulners.com -- Cisco IOS XE Software for Catalyst 3650 and Catalyst 3850 Series Switches Denial of Service Vulnerability
Vulners.com -- Cisco IOS XE Software Web UI Command Injection Vulnerability
Vulners.com -- ReadyMedia vulnerabilities
Vulners.com -- Critical libwebp Vulnerability Under Active Exploitation - Gets Maximum CVSS Score