OpenAI confirms Operator Agent is now more accurate with o3
Operation Endgame claims 300 domains in mass takedown effort
BlackLock Ransomware Group Claims Breach of Toho, But Evidence Falls Short - Security Spotlight
Chinese Hackers Exploit Cityworks Zero-Day to Breach U.S. Local Government Systems - Security Spotlight
Chinese Hackers Exploit Ivanti EPMM Zero-Day to Breach Government Agencies - Security Spotlight
Coca-Cola Investigates Alleged Data Breach Tied to Everest Ransomware Group - Security Spotlight
iOS Sleep App Exposes Personal and Health Data of Over 25,000 Users - Security Spotlight
BadSuccessor Exploits Windows Server 2025 Flaw for Full AD Takeover
CISA warns of attacks on Commvault’s Microsoft Azure environment
ConnectWise ScreenConnect Tops List of Abused RATs in 2025 Attacks
Dozens of malicious packages on NPM collect host and network data
Hackers Use TikTok Videos to Distribute Vidar and StealC Malware via ClickFix Technique
Operation Endgame Takes Down DanaBot Malware, Neutralizes 300 Servers
Chinese cyber spies are using Ivanti EPMM flaws to breach EU, US organizations
FBI warns of Luna Moth extortion attacks targeting law firms
Hacker steals $223 million in Cetus Protocol cryptocurrency heist
Active Directory breach likely with critical Windows Server 2025 exploit
Almost $223M pilfered in Cetus crypto heist
Elevated cyberattack exposure of ICS instances found
ViciousTrap Uses Cisco Flaw to Build Global Honeypot from 5,300 Compromised Devices
TikTok videos + ClickFix tactic = Malware infection
Operation RapTor led to the arrest of 270 dark web vendors and buyers
SafeLine WAF: Open Source Web Application Firewall with Zero-Day Detection and Bot Protection
300 Servers and €3.5M Seized as Europol Strikes Ransomware Networks Worldwide
Chrome 0-Day CVE-2025-4664 Exposes Windows, Linux Browser Activity
DanaBot botnet disrupted, QakBot leader indicted
Law Enforcement Busts Initial Access Malware Used to Launch Ransomware
TikTok videos now push infostealer malware in ClickFix attacks
Windows 11 Notepad gets AI-powered text writing capabilities
Scarcity signals: Are rare activities red flags?
Global Dark Web Sting Sees 270 Arrested
DragonForce Engages in "Turf War" for Ransomware Dominance
🤖 AI vs. Hackers: Can AI Help in Bug Bounty or Is It Just a Hype? | by Abhijeet Kumawat | Apr, 2025 | InfoSec Write-ups
Police takes down 300 servers in ransomware supply-chain crackdown
Chinese threat actors exploited Trimble Cityworks Flaw to breach U.S. local government networks
U.S. Dismantles DanaBot Malware Network, Charges 16 in $50M Global Cybercrime Operation
Is privacy becoming a luxury? A candid look at consumer data use
Outsourcing cybersecurity: How SMBs can make smart moves
Token Security unveils MCP Server for non-human identity security
CISA Warns of Suspected Broader SaaS Attacks Exploiting App Secrets and Cloud Misconfigs
GitLab Duo Vulnerability Enabled Attackers to Hijack AI Responses with Hidden Prompts
Digital trust is cracking under the pressure of deepfakes, cybercrime
New infosec products of the week: May 23, 2025
Shift left strategy creates heavy burden for developers
Hudson Rock Drops BlackBastaGPT: Built from 1M Internal Messages Leaked from Black Basta Ransomware Group
Microsoft dials up Uncle Sam to take down LummaC2 malware backbone
Claude 4 benchmarks show improvements, but context is still 200K
Trimble Cityworks zero-day attacks on US local governments detailed
U.S. CISA adds a Samsung MagicINFO 9 Server flaw to its Known Exploited Vulnerabilities catalog
Coca-Cola, Bottling Partner Named in Separate Ransomware and Data Breach Claims
US indicts leader of Qakbot botnet linked to ransomware attacks
Operation RapTor: 270 Arrested in Global Crackdown on Dark Web Vendors
Hackers use fake Ledger apps to steal Mac users’ seed phrases
Ghosted by a cybercriminal
Database Leak Reveals 184 Million Infostealer-Harvested Emails and Passwords
Kettering Health Cyber-Attack Disrupts Services
AI-Generated TikTok Videos Used to Distribute Infostealer Malware
Coinbase Breach Affected Almost 70,000 Customers
Russia facing spike in PureRAT malware attacks
New Signal update stops Windows from capturing user chats
Chinese Hackers Exploit Trimble Cityworks Flaw to Infiltrate U.S. Government Networks
3AM Ransomware Operators Use Spoofed IT Calls, Email Bombing for Network Breaches - Security Spotlight
EU Sanctions Stark Industries and Leadership for Supporting Russian Cyber Operations
Global Crackdown Dismantles Lumma Infostealer Malware Network, Seizes 2,300 Domains - Security Spotlight
Marks & Spencer Projects $402 Million Profit Loss After Cyberattack Disrupts Operations - News
Over 100 Malicious Chrome Extensions Found Stealing User Data Through Spoofed VPN and Productivity Tools - Security Spotlight
Russian APT28 Hackers Target Ukraine Aid Operations Through Global Espionage Campaign - Security Spotlight
Unpatched Windows Server vulnerability allows full domain compromise
Ivanti EPMM flaw exploited by Chinese hackers to breach govt agencies
Police arrests 270 dark web vendors, buyers in global crackdown
FTC finalizes order requiring GoDaddy to secure hosting services
Chinese hackers breach US local governments using Cityworks zero-day
Mastering Emerging Regulations: DORA, NIS2 and AI Act Compliance
Critical Zero-Days Found in Versa Networks SD-WAN/SASE Platform
Legitimate tools spoofed by infostealing Chrome extensions
Salt Typhoon likely to remain in US telco networks forever, experts say
Scattered Spider’s UK, US attacks preceded by financial services targeting
Chinese Hackers Exploit Ivanti EPMM Bugs in Global Enterprise Network Attacks
Critical Windows Server 2025 dMSA Vulnerability Enables Active Directory Compromise
Druva strengthens cyber resilience across Microsoft Azure environments
StackHawk raises $12 million to help security teams tackle AI-powered dev cycles
Signal now blocks Microsoft Recall screenshots on Windows 11
Law enforcement dismantled the infrastructure behind Lumma Stealer MaaS
Unpatched Versa Concerto Flaws Let Attackers Escape Docker and Compromise Host
Webinar: Learn How to Build a Reasonable and Legally Defensible Cybersecurity Program
Identity Security Has an Automation Problem—And It's Bigger Than You Think
19-Year-Old Admits to PowerSchool Data Breach Extortion
Signal blocks Microsoft Recall from screenshotting conversations
UAT-6382 exploits Cityworks zero-day vulnerability to deliver malware
vulnerability - Cisco Talos Blog
Sensitive Personal Data Stolen in West Lothian Ransomware Attack
Western Logistics and Tech Firms Targeted by Russia’s APT28
FBI and Europol Disrupt Lumma Stealer Malware Network Linked to 10 Million Infections
INE Security Partners with Abadnet Institute for Cybersecurity Training Programs in Saudi Arabia
Unpatched critical bugs in Versa Concerto lead to auth bypass, RCE
Global Law Enforcers and Microsoft Seize 2300+ Lumma Stealer Domains
Russia-linked APT28 targets western logistics entities and technology firms
NCC Group Expert Warns UK Firms to Prepare for New Cybersecurity Bill
CTM360 report: Ransomware exploits trust more than tech
Many rush into GenAI deployments, frequently without a security net
Be careful what you share with GenAI tools at work
Review: CompTIA Network+ Study Guide, 6th Edition
The hidden gaps in your asset inventory, and how to close them
Russian hackers targeting Western logistics, tech support of Ukraine
Scattered Spider Breached M&S via Third-Party TCS Credentials, Sources Confirm - Security Spotlight
Serviceaide Data Leak Exposes Health Records of Over 480,000 Catholic Health Patients - Security Spotlight
Trojanized KeePass Installer Leads to Ransomware on VMware ESXi Servers - Security Spotlight
VanHelsing Ransomware Builder Leaked by Former Developer on Hacking Forum - Security Spotlight
Over 100 Malicious Chrome Extensions Found Masquerading as AI Tools, VPNs, and Crypto Utilities - Security Spotlight
Microsoft Dismantles Global Lumma Stealer Network, Seizes 2,000+ Domains
Anthropic web config hints at Claude Sonnet 4 and Opus 4
OpenAI hints at a big upgrade for ChatGPT Operator Agent
Critical Samlify SSO flaw lets attackers log in as admin
SK Telecom Malware Breach Lasted 3 Years, Exposed 27 Million Phone Numbers - Security Spotlight
Tesco, Aldi Supplier Peter Green Chilled Hit by Ransomware, Disrupting UK Retail Supply Chains - Security Spotlight
Coinbase Data Breach Exposes Personal Information of 69,461 Customers in Contractor-Driven Incident - Security Spotlight
Mobile Carrier Cellcom Breached, Company Confirms Cyberattack Behind Extended Outages - Security Spotlight
PowerSchool Hacker Pleads Guilty to Student Data Extortion Scheme - Security Spotlight
XRP Futures Offer New Tools for Navigating Crypto Volatility
Russian hackers breach orgs to track aid routes to Ukraine
A cyberattack was responsible for the week-long outage affecting Cellcom wireless network
Threat Actor Selling 1.2 Billion Facebook Records, But Details Don’t Add Up
Sophos Firewall v21.5: Streamlined management
Russian Hackers Exploit Email and VPN Vulnerabilities to Spy on Ukraine Aid Logistics
Lumma Stealer Malware-as-a-Service operation disrupted
Russia to enforce location tracking app on all foreigners in Moscow
3AM ransomware uses spoofed IT calls, email bombing to breach networks
Lumma infostealer malware operation disrupted, 2,300 domains seized
Data-stealing Chrome extensions impersonate Fortinet, YouTube, VPNs
Lumma infostealer malware operation disrupted, 2,300 domains seized
Cybercriminals Mimic Kling AI to Distribute Infostealer Malware
Flaw in Google Cloud Functions Sparks Broader Security Concerns
The Forbidden Intel Opcode That Melts CPUs | by Cfir Aguston | Apr, 2025 | Medium
Dumping Credentials with Python: Automating LSASS Access and Credential Extraction Post-Exploitation | by Maxwell Cross | May, 2025 | Medium
Explore topics
Medium
Cybersecurity Leaders Are Staying in The Shadows | by Stephen Pao | E³ — Entertain Enlighten Empower | Apr, 2025 | Medium
Survey finds gaps in cyber threat intel sharing
China-linked operative exposed at U.S. university
Strider launches real-time threat detection upgrades
Lumma Stealer: Breaking down the delivery techniques and capabilities of a prolific infostealer
Trojanized RVTools push Bumblebee malware in SEO poisoning campaign
European Union sanctions Stark Industries for enabling cyberattacks
ThreatLocker Patch Management: A Security-First Approach to Closing Vulnerability Windows
DragonForce targets rivals in a play for dominance
Vulnerable Redis servers targeted for cryptojacking
New SideWinder APT attacks target South Asian ministries
Novel MarsSnake backdoor spread in Chinese APT attack
Coinbase data breach impacted 69,461 individuals
Fake Kling AI Facebook Ads Deliver RAT Malware to Over 22 Million Potential Victims
PureRAT Malware Spikes 4x in 2025, Deploying PureLogs to Target Russian Firms
How Private Investigators Handle Digital Forensics?
KrebsOnSecurity Hit with 6.3 Tbps DDoS Attack via Aisuru Botnet
Anchore SBOM tracks software supply chain issues
Data-stealing VS Code extensions removed from official Marketplace
RSA 2025: AI’s Promise vs. Security’s Past — A Reality Check | by Anton Chuvakin | Anton on Security | May, 2025 | Medium
AI Security Essentials: Safeguarding Your RAG-based GenAI Applications | by Itay Hazan | Intuit Engineering | May, 2025 | Medium
A more private internet: Encryption standards hit new milestones | by Jigsaw | Jigsaw | May, 2025 | Medium
Our Journey to Centralized Identity and Access Management | by Isuru Cumaranathunga | The PickMe Engineering Blog | May, 2025 | Medium
Lab Rats: 6 Essential Tools For Your RF Hacking Lab | by Investigator515 | Radio Hackers | May, 2025 | Medium
U.S. CISA adds Ivanti EPMM, MDaemon Email Server, Srimax Output Messenger, Zimbra Collaboration, and ZKTeco BioTime flaws to its Known Exploited Vulnerabilities catalog
Securing CI/CD workflows with Wazuh
How to Detect Phishing Attacks Faster: Tycoon2FA Example
Flawed WordPress theme may allow admin account takeover on 22,000+ sites (CVE-2025-4322)
Kettering Health hit by system-wide outage after ransomware attack
Marks & Spencer faces $402 million profit hit after cyberattack
Two-Fifths of Americans Want to Ban Biometric Use
US Teen to Plead Guilty in PowerSchool Extortion Campaign
Medium: Read and write stories.
ResearchGate - Temporarily Unavailable
DanaBot botnet disrupted, QakBot leader indicted - Help Net Security
CTO at NCSC Summary: week ending May 25th
Feds charge 16 Russians allegedly tied to botnets used in cyberattacks and spying - Ars Technica
GitHub - sudo-secxyz/OpenVulnScan: A simple vulnerability scanning application built with FastAPI.
Access Denied
Coca-Cola, Bottling Partner Named in Separate Ransomware and Data Breach Claims
Mysterious hacking group Careto was run by the Spanish government, sources say | TechCrunch
Don't Call That "Protected" Method: Dissecting an N-Day vBulletin RCE | Karma(In)Security
#vulnerability #vulnintel #vulnrichment #infosec #cybersecurity | 🇮🇳 Ayush S.
GitHub - dreizehnutters/nmap2csv: A CLI tool to parse Nmap XML files into clear, readable CSV reports.
Eyes in the Dark: Russia’s Hacking of Border Surveillance Cameras in EU States – Strategic Goals and Threats to NATO - Robert Lansing Institute
WordPress Security Cheatsheet | Cloud Security Partners
The anatomy of a stealer package -- Lumma Stealer – DAK.LOL –
CVE-2025-32756: Fortinet RCE Exploited in the Wild | Horizon3.ai
Hacker Conference HOPE Says U.S. Immigration Crackdown Caused Massive Crash in Ticket Sales
Bloomberg - Are you a robot?
Attention Required! | Cloudflare
Live Forensic Collection from Ivanti EPMM Appliances (CVE-2025-4427 & CVE-2025-4428)
Rare Code Base
Automating MS-RPC vulnerability research | Incendium.rocks
Lumma information stealer infrastructure disrupted | Malwarebytes
Hack of Contractor Was at Root of Massive Federal Data Breach
cve-2025-26817 netwrix rce
UK accuses Russian GRU of carrying out cyberattacks targeting logistics, technology organizations
The DarkForge Labs Blog | Welcome to the DarkForge Labs blog! We explore topics that intrigue us, from security research to upcoming events. Enjoy your stay! – The DarkForge Labs Team
MSN
DragonForce targets rivals in a play for dominance – Sophos News
reuters.com
Branch Privilege Injection: Exploiting Branch Predictor Race Conditions – Computer Security Group
Release v2.4.0 · rabbitstack/fibratus · GitHub
A First Successful Factorization of RSA-2048 Integer by D-Wave Quantum Computer
Rusty Pearl: Remote Code Execution in Postgres Instances 
Lumma Stealer Malware-as-a-Service operation disrupted - Help Net Security
Cybersecurity Academy - Start for Free - OPSWAT Academy
CVE-2025-26147: Authenticated RCE In Denodo Scheduler  - Rhino Security Labs
A house full of open windows: Why telecoms may never purge their networks of Salt Typhoon | CyberScoop
EVMAuth: An Open Authorization Protocol for the AI Agent Economy | HackerNoon
Announcing HPU on FPGA: The First Open-source Hardware Accelerator for FHE
Scattered Spider snared financial orgs before retail • The Register
- YouTube
- YouTube
MalChela 2.2 “REMnux” Release – Baker Street Forensics
Attention Required! | Cloudflare
Post-Quantum Cryptography Comes to Windows Insiders and Linux | Microsoft Community Hub
Bot-that-automates-farming-and-clicker-activities-in-LumiTerra-game.-Includes-crypto-token-integration-and-API-support.-Features-cheats-and-hacks-to-maximize-profit.-Managed-via-Telegram-for-efficient-game-control.
A desktop application for automating social media DMs with privacy and security in focus
SpringBoot-Security-BasicAuthentication
An intelligent, production-ready automation bot that applies to LinkedIn Easy Apply jobs with advanced security, logging, and error handling.
proof of concept for moving particle websites
Rapid Void Crew fire ship, Biomass Void Crew resource set, Void Crew gun no overheating, Resource Void Crew set alloy, Repairing instant Void Crew, Health Void Crew pc infinite, Void Crew ignore perk hack, Set speed multiplier Void Crew, Void Crew set bio
venus hacks 25!
Password Manager in Java is a console-based tool that helps users generate secure passwords, check their strength, and learn password safety tips. It uses user-defined criteria like length, symbols, and digits to create strong passwords and analyzes them
BLE-Security-Dashboard-
Proof of Concept showcasing Mode Context Protocol (MCP) integration with Claude AI to analyze personal data fetched via Server-Sent Events (SSE).
Proof of concept for integrating with the OpenAI API using the new Python SDK (>=1.0.0).
This project uses SRGAN to enhance low-resolution images using deep learning. It combines CNN-based feature extraction and GAN-based adversarial training to refine textures. PSNR and SSIM metrics evaluate performance. Applications include medical imaging,
Hack The Future
do i need to exlain this??
ReacTkinter (Retink) is a proof-of-concept UI library that implements React's principles for tkinter
A collection of resources, projects, test runs, and proof-of-concepts (POCs) from my Machine Learning journey. This repo reflects my hands-on practice, experiments, and study of core ML concepts and real-world applications
All-in-One Hacking tools are here....
eFootball 2021 pro gamer mod, eFootball 2021 rapid access mod, eFootball PES 2021 super enhancer, eFootball game power house mod, eFootball PES 2021 power pack hack, PES game power pack cheat, PES 21 god mode access, PES 21 ultimate power trainer, eFootba
Blind Forest power enhancer trainer, Ori and the Blind Forest experience boost, Unlimited health Blind Forest mods, Unlimited skill points Ori trainer, Ori and the Blind Forest mega energy, OATBF loot drop mods, Ori and the Blind Forest health infinity, B
internship from hacking school
Railway Empire 2 cheats innovation hack, Empire 2 trainer citizens chooser, Empire 2 mods water unlimited, Railway Empire cheats water endless, Empire 2 mods chosen hack, Empire 2 mods locomotive hack, Railway Empire cheats goods modifier, RE2 hacks citiz
Custom 75% mechanical keyboard. Features include switch hotswap, gasket mount, per-key RGB, 1.3" OLED screen, custom firmware, rotary encoder, custom printed circuit board (PCB), lubricated switches and stabilizers, and more! Created for Hack Club's Highw
People cheats unlimited health, Pit People pc damage reflect, People hacks item duplicator, Pit game cheat engine, Pit People trainers gather speed, Pit People pc enemy freeze, Pit People trainers teleportation, PP pc unlimited hp, Pit People trainers deb
DoD cheats unlimited health, Infinite money DoD mod, No limits Defiance Dawn cheats, Unlock all Dawn of Defiance mod, Unlock all Defiance Dawn cheats, Unlimited stamina Dawn game mod, Infinite money Dawn of Defiance mod trainer, Dawn of Defiance super spe
Enterprise-grade carpool management application with Node.js TypeScript backend, Next.js frontend, advanced monitoring, security scanner, and performance optimization
Open source supermachine proof of concept. Self host a MCP server with STDIO transport and get instant SSE Url
Bot that automates farming and clicker activities in BoomLand.io game. Includes crypto integration and API support. Equipped with cheats and hacks to maximize profits and enhance gameplay efficiency.
Bot that automates farming and clicker activities in Fableborne game. Features include crypto token integration and API support. Equipped with cheats and hacks to optimize profits and enhance gameplay efficiency.
Bot that automates farming and clicker activities in Catizen mini-game. Includes features for crypto integration and blockchain technology. The bot supports hacks and cheats to optimize profit and enhance gameplay efficiency.
Escalation game hacks total control, Super speed mod ICBM Escalation, Battle master mod ICBM, ICBM game hacks enemy freeze, Mega defense mod for Escalation, ICBM Escalation cheats expansion pack, Majestic power hack ICBM, Speed boost hack for ICBM, Escala
Bot that trades cryptocurrency on Blums P2P chain exchange. It includes features for farming, hacking, and cheating to maximize profits. The bot supports Telegram for easy management and integrates with the exchange for optimized performance.
Hacker news MCP server
Bot that automates farming and clicker activities in Xborg game. Includes crypto integration and API support. Designed with cheats and hacks to maximize profits and enhance gameplay efficiency.
Like a Dragon trainer forums, YLD hack team synergy, Like a Dragon trainer materials boost, Dragon Game hack performance boost, Yakuza Game mod loot drop, Dragon Game trainer max level, Yakuza Like a Dragon corporate win, Management unlimited funds Dragon
Bot that automates farming and clicker activities in Aavegotchi game. Features include crypto integration and API support. Equipped with cheats and hacks to optimize profits and enhance gameplay efficiency.
Hacker new MCP server
Some security tools! READ the README file!
A working proof-of-concept for drones that recharge via ambient energy and wireless checkpoints—no cables, no downtime. IX-T demonstrates sustainable autonomy through physics-backed hardware, intelligent pathing, and real-world feasibility. Built to inspi
"Apex Legends Hacks Free Download 2025 - Windows Cheat Tools & Aimbot Scripts"
Microservice_Spring_Security
Eternal game super damage cheat, Strands game set max magic hack, Eternal game unlimited magic trainer, Eternal Strands trainer mod unlimited items, Eternal game set health cheat, Unlimited items trainer mod Eternal Strands, ES set jump height hack, ES se
DBXV speed boost mod, Skill points in DBXV mod, DRAGON BALL XENOVERSE unlimited attribute points, One hit kills DBXV mod, Unlock all skills for DRAGON BALL, XENOVERSE unlimited XP cheat, DRAGON BALL one hit kills cheats, DRAGON BALL XENOVERSE freeze time,
simple proof-of-concept for preventive action in case of repetition of the "Alexandria Library" incident
Sn0w Client (not to be confused with the other snow client nor the OTHER other sn0w client) is a beta 1.7.3 hacked client.
WeatherWise API is a robust weather information service that provides weather data, location-based services, and user management features. Built with ASP.NET Core, it implements modern security practices, health monitoring, comprehensive logging, and Prog
security-labs
Created an IoT-based security system using Arduino sensors and Python, enhanced with machine learning for accurate person detection.
Cheat engine trainer NFS Most Wanted, Always win race trainer for Need for Speed, Unlimited hp cheats NFSMW, Always win race hacks Most Wanted, Max sp mods Most Wanted, Damage multiplier cheats Need for Speed Game, Skill points hacks NFSMW, Unlock all hac
proof-of-concept Strudel mode for Emacs
This is a simple proof-of-concept to serve a model with inteded incremental improvments for logging and performance
🚀 THE definitive enterprise-grade reference implementation for Google ADK (1.0+) agentic systems. Complete boilerplate with embedded best practices, security, monitoring, and 30-50% cost optimization.
Train Sim god mode hack, Train World 2 god mode, Full Train World 2 unlock all, Train Sim World 2 hacks, Train Sim World 2 Mega AP, Advanced Train World 2 cheat engine, Extra Train Sim World 2 skill points, Train Sim skill points cheat, Full Train Sim Wor
POC de seguridad web con autenticación robusta basada en JWT, cookies protegidas y validación cruzada entre SPA, backend y middleware
Proof of concept for a clock using concentric rings to tell time.
DayZ Hack Download 2025 - Free Cheats & Bots for Windows
"Valorant Cheats Free Download 2025 - Undetected Hacks & Aimbot for Windows (Latest Update)"
Everdream Valley god mode cheats, Valley mod unlock all, Valley mod loot drop, Cheat engine Everdream mods, Valley mod cheat engine, Valley mod experience boost, Everdream Valley pc watering can never decrease, Everdream ignore fixing building cheats, Val
Ocaso-Security
androidSecurityScanner
Assetto Corsa loot drop mods, Assetto Corsa unlimited nitro hacks, Assetto nitro unlimited mods, Assetto Corsa unlimited attack cheats, Corsa PC time cheats, Assetto Corsa cheat engine AI, Assetto freeze time attack cheats, Assetto Corsa mods freeze AI, A
Ninja Gaiden 2 cheats skill points, Cheat engine hacks Ninja Gaiden 2 Black, Experience boost hacks Ninja Gaiden 2 Black, Infinite consumables trainer Ninja Gaiden 2 Black, Speed boost in Ninja Gaiden 2 Black, NG2B trainer edit yellow essence, Gaiden 2 Bl
"Bladepoint Cheats 2025: Free Aimbot & ESP Hack for Windows (Latest Undetected)"
Resources amount Farm Manager 2021 mod, FM 2021 cheats fast build, Farm Manager cheats no resource expiry, Set game speed Farm Manager hacks, Max staff energy Farm Manager mod, FM 2021 cheats resources amount, Set game speed cheats Farm Manager, Fast buil
Projeto SpringBoot JPA, utilizando Swagger e security com finalidade de criar e vizualizar dados no postgreSQL
Avowed Skill Unlock Mod, Avowed Stun Multiplier Hack, Avowed Hack Impact Game, Avowed Mod Acceleration, Avowed Game Perception Set, Avowed Cooldown Hack Trainer, Avowed Unlimited HP Trainer, Avowed Hit Kills Cheat, Avowed Speed Attack Trainer, Jump Height
This tool creates secure, random passwords using a customizable combination of uppercase letters, lowercase letters, numbers, and special characters—ideal for enhancing security in your applications or personal use.
get security log from remote machine
"Kiddions Mod Menu Free Download 2025 - Ultimate Windows Cheat Tool & GTA 5 Hack Resources"
Feed and Grow Fish speed boost, Unlimited health for FAGF, Feed and Grow no cooldown, Feed and Grow Fish game hacks, Feed Fish skill points, Hack Feed and Grow Fish mega exp, Mod Feed and Grow Fish unlimited stamina, Grow Fish mods, Feed and Grow Fish mod
ci-cd-security-pipeline
Sniper Elite 5 experience boost trainers, Sniper Elite 5 trainers add 1k xp, Sniper Elite 5 unlimited ammo trainer, Unlimited health cheat Sniper Elite 5, SE5 trainer set game speed, Sniper Elite 5 pc mod add 1k xp, Sniper Elite hack super stealth, Unlimi
Latest Rainbow Six Siege Cheats and Hacks 2025
"Dead by Daylight Hacks 2025 Free Download for Windows - DBD Cheat Engine & Unlock All Tools"
PC mods Kingdom Rush pc, Unlimited gold Kingdom Rush 5 pc, Unlimited gold Kingdom Rush 5 game, Hacks Kingdom Rush 5 trainer, Kingdom Rush cheats unlimited gold, Trainers Kingdom Rush hacks gold, Kingdom Rush 5 trainer unlimited hearts, Kingdom Rush pc ins
Learning On-Premise Systems and Networks Security
Final version of the FeedHub project after implementing reviewer feedback. Includes improvements in security, UX, testing and Firebase architecture.
The experimental server has only one opened port (for security reasons). This project aims to dispatch the receveid data to other servers responsible for the data treatment.
Free crafting trainer FatalZone, Instant cooldown for FatalZone hack, Instant cooldown hack FatalZone, God armor cheats FatalZone, FatalZone no clip mod, Weapon swapper mod FatalZone, Infinite lives FatalZone cheats, God armor FatalZone mod, FatalZone ult
While the Hot Irons trainers, While the Irons game molding items, While Irons Hot mod game speed, The Irons Hot unlock all, While the Irons game hacks, The Irons Hot edit gold, While the Irons Hot hack game speed, While Irons Hot edit gold, While the Iron
"Baldur's Gate 3 Cheats 2025: Free Download for Windows - Ultimate Trainer, Mods & Hack Tools"
An OIDC application that uses MFA for login and a SPA as the client
COS hacks no puddles, Cafe Simulator no trash after eating, Cafe Owner Simulator toggle free camera, Owner Simulator mods reputation multiplier, Cafe Simulator mods no rats, Cafe Owner Simulator no trash eating, Owner Simulator mod stop time, Owner Simula
Point Blank Free Download Hack with Aimbot 2025
"Free Roblox Jailbreak Scripts 2025 - Windows Download for AutoFarm & Hacks (Latest Update)"
IXION cheats database mods, IXION trainer speed boost hacks, IXION mods god powers trainer, IXION trainer free play hacks, IXION mods premium hacks trainer, IXION cheats building without resources, IXION mods pc game hacks, IXION cheats instant travel mod
csp-content-security-policy
Proof-of-concept in Java of https://eprint.iacr.org/2017/1196.pdf
Buy Verified Revolut Account – (US, UK,CA & More) Looking to buy verified Revolut account from usabuysmm You’ve come to the right place. Whether you need it for personal transactions or international business, a verified Revolut account offers unmatched f
Maui Checkbox Dropdown proof of concept
"Adopt Me Script 2025 Free Download for Windows – Auto Farm & Hack Tools"
Get the Delta Force Hack Tool 2025 for Windows and enhance your gameplay with easy-to-use features. Download now and join the community of gamers enjoying improved performance! 🛠️💻
security of HERO BOT by heroikzre
proof-of-concept
course-tracker-spring-security
Proof-of-concept AI-driven command and control for RAT
Politicas de Segurança da Informação e Privacidade e documentos relacionados / Information Security and Privacy Politics and related documents.
SafeVault-Security-Project
"PUBG Cheats 2025 Free Download for Windows - Aimbot, ESP, Wallhack & More Working Hacks"
An open source website SEO and security analyser
This is a proof of concept that I builded for my client to show the workflow.
Sentry, feature-complete and packaged up for low-volume deployments and proofs-of-concept
"Counter Strike 2 Cheats Free Download 2025 - Windows Hacks, Aimbot & Wallhack Tools (Latest)"
ReconPy is a versatile, cross-platform command-line reconnaissance toolkit designed for security professionals, penetration testers, and bug bounty hunters. It automates various information-gathering tasks, covering both passive and active reconnaissance
MiniCart is a prototype full-stack e-commerce application built with TypeScript, demonstrating modern development practices and scalable architecture. This project serves as a proof-of-concept for building e-commerce solutions with separate frontend and b
Free UA mana cheats, God mode trainer for UA, Underworld Ascendant loot trainer, Ascendant damage trainer, Underworld Ascendant hacks no cooldown, Ascendant experience boost hacks, Damage multiplier hacks Underworld Ascendant, Download Underworld Ascendan
Proof of concept Model Context Protocol Serveru (SSE + CLI) pro bakalari.cz
contains an OWASP Juice Shop i analyzed for security vulnerabilities using industry-standard SAST tools and export the results to DefectDojo.
"Free MM2 Scripts 2025 Download for Windows – Best Murder Mystery 2 Hack Tools & Cheats"
A proof of Concept(POC) for the digital library project !
Proof-of-Concept
Download Collection of useful and categorize wordlist from multiple popular wordlist providers
This repo will be for me to re-visit and showcase the skills and hands on experience I have gained from using Hack the Box
A simple proof-of-concept entertainment platform.
Developed a proof-of-concept local AI-powered knowledge base and Retrieval Augmented Generation (RAG) system to explore data parsing, analysis, and AI-driven insights from diverse, locally stored data sources. This project was self-initiated to understand
# BackdoorThis repository contains a Python-based backdoor and listener server designed for educational purposes. Explore the code to understand reverse shell communication and remote command execution. 🐍✨
"Free MM2 Scripts 2025 Download for Windows - Best Murder Mystery 2 Hack Tools & Cheats"
This is the proof of concept of how we create a visual mannequin based on user inputs (e.g., height, body shape)?
Proof of concept for a clock using concentric rings to tell time.
Outlast unlimited batteries hack cheats, Super speed hacks Outlast 2, Game Outlast 2 unlimited stamina trainers, Unlimited batteries cheats Outlast 2, Outlast 2 batteries unlimited trainer, Unlimited health pc Outlast 2, Mods freeze enemies Outlast 2, Out
user-security-group-creation
A proof of concept Kafka Producer that can live in a remote environment.
Speed game set NA hack, Success Neon Abyss, Points upgrade for NA, Money Neon Abyss cheat, Fire rapid Abyss, Bombs ignore Abyss mod, Upgrade points NA hack, Cooldown skills NA cheat, Money Abyss trainer, Hit one kills Abyss, Rapid fire Abyss game, Jumps u
Sentry, feature-complete and packaged up for low-volume deployments and proofs-of-concept
Small proof of concepts and examples to solidify concepts
"Phasmophobia Cheat Engine 2025 Free Download for Windows - Ultimate Ghost Hunting Hacks & Mods"
Raft mod building infinite, Raft mod oxygen unlimited, Raft PC food infinite, Set game pace Raft, Max items Raft trainer, Raft mod craft infinite resources, Raft hack jump high, Set speed Raft mod, Instant grill purify Raft, Infinite food Raft cheat, Raft
Free Lets Build a Zoo trainers, Build a Zoo research cheat, Research Build a Zoo points hack, Zoo Builder cheats, PC Lets Build a Zoo employees boost, Zoo Builder research points hack, Hack Lets Build a Zoo pc, Modded Lets Build a Zoo cheats, Lets Build Z
Speed boost cheat Monster Prom, Pro trainers tips Monster Prom, MP cheats super stats, No cooldown trainers for Monster Prom game, Prom unlimited hp boost, Prom trainers no cooldown, Guide to Monster Prom infinite resources, MP infinite resources cheat, M
"Free Roblox Jailbreak Scripts 2025 – Windows Download for AutoFarm & Hacks (Latest)"
A Proof of concept made for the TROOBA retail insights ai agent
🛡️ Personal toolkit for ethical hacking, pentesting, and cybersecurity practice. Includes scripts, cheatsheets, and tools for legal and educational use.
Add XP Human Revolution, Unlimited Items DXHR, Freeze AI DEHR, Save Location DXHR, Teleport Deus Ex Human, Add Praxis DEHR, One Hit Kills DXHR, DXHR unlimited health pack hack, DXHR save location pack, DXHR one hit kills engine pack hack, DXHR freeze AI p
"2025 Best Tower Defense Scripts Free Download for Windows – Ultimate TD Bot & Hack Resources"
conp-dataset-Parcellating-the-parcellation-issue---a-proof-of-concept-for-reproducible-analyses-usin
"Marvel Rivals Hack Tool Free Download 2025 – Windows Cheats, Unlock All Characters & Skins"
A command-line utility for secure, deterministic derivation of BIP-39 passphrases using Argon2id.
Hack to Future
Python-based network security tools for port scanning, service detection, and vulnerability assessment
EN: A simple and practical collection of HTTP headers with recommended values, effects, and related security risks. FR : Une collection simple et pratique d’en-têtes HTTP avec leurs valeurs recommandées, effets et risques de sécurité associés.
"Marvel Rivals Hack Tool Free Download 2025 – Windows Cheats, Unlock All Characters & Resources"
DieYoung unlimited materials, Trainers DY mod, DY no cooldown, DY game hacks, Free craft DY, Unlimited items Die Young, Pc DY hacks, Unlimited materials Die Young trainer, Free craft Die Young game, Unlimited stamina DY mod, Pc DY unlimited materials, Unl
A self-contained Python solution that automatically and permanently deletes all data on USB drives after a preset time interval (6/12/24 hours etc.). Combines military-grade security protocols with foolproof automation.
"PUBG Cheats 2025 Free Download for Windows - Aimbot, ESP, Wallhack & More Working Hacks"
CS2 Aimbot Hacks: Precision Tools for Ultimate Gameplay
federated-network-security
Walking Zombie 2 Quick Unlimited Throwables, Walking Zombie 2 Damage Multiplier Hack, Zombie 2 Unlimited HP Hack, Walking Zombie 2 Unlimited Throwables Cheat, WZ2 Unlock All Trainer, Walking Zombie Super Damage Hack, WZ2 Skill Points Mod, Walking Zombie 2
glossary-info-security
Quantum-Anomaly-Detection-for-Network-Security
Sahil-security-
Beer Factory edit mod, BF speed cheats money, Beer Factory speed hacks, BF speed edit cheat, Beer Factory max stats mod, Beer Factory money hacks, Beer Factory reputation edit, BF speed trainer money, Cheats game speed Beer Factory, Beer Factory speed con
MyClinicSecurityTeam
Weapons free FFII hack, Gil editor FF 2 mod, Items rain FF 2 mod, Strike true FF 2 mod, Foes instant FINAL FANTASY II game, Duels always FINAL FANTASY game, Unlock secrets FINAL FANTASY game, FFII ultimate trainer, Omnipotent FINAL FANTASY trainer, Assets
In this exercise, a software vulnerability scan will be conducted on the Damn Vulnerable Web Application (DVWA) using a software vulnerability scanner. As a Cyber Security Analyst, it is an essential skill to be able to detect software vulnerabilities an
A custom-built SIEM (Security Information and Event Management) Monitoring Tool designed to collect, analyze, and visualize security logs in real-time. This tool provides proactive security event detection and incident monitoring for small to mid-scale en
SR2 mods no reload unlimited, SR2 trainer god mode health, Saints Row 2 unlimited health hack, Unlimited ally health Saints Row, No reload SR2 unlimited mods, Saints Row 2 cheat engine money, Saints Row 2 mods unlimited, Unlimited stamina SR2 hacks, Saint
Survive game cheats unlimited HP, Obtain all recovery Digimon mod, Digimon trainer obtain all recovery hack, DS trainer 100 support hack, Digimon Survive set friend affinity hack, Digimon Survive trainer 100 hit, Survive trainer unlimited items hack, Unli
A Proof of concept made for the TROOBA retail insights ai agent
This project shows how to automate adding users and computers to an Active Directory environment. It covers organizing OUs, applying Group Policies for security and access, and using PowerShell to streamline onboarding. Ideal for maintaining consistency a
Hacking the matrix one commit at a time | Solana dev | Code is poetry, chaos is art
No cooldown hacks Marvel Ultimate Alliance, Unlock all trainer Marvel Ultimate Alliance, Trade infinite hacks Marvel Ultimate Alliance, Unlimited power trainer Marvel Ultimate Alliance, Speed boost cheats Ultimate Alliance, Ultimate Alliance cheats unlock
TF Manager no cooldown, Manager pc cheats mod, Loot drop Teamfight Manager, TFM max attack hack, TFM loot drop cheat, Teamfight Manager pro mods, Teamfight hacks trainer, Teamfight Manager game hacks, Teamfight mods unlimited, Teamfight Manager hacks game
Livestream Hacking
Simple REST spring boot project for todos(jpa,mysql,security,JWT)
🛡️ A collection of my beginner to advanced cybersecurity projects — tools, scripts, and practical utilities built to learn and grow in ethical hacking & cybersecurity.
Welcome to the repository of my security research findings and proof-of-concepts (PoCs) for solidity smart contracts and blockchain vulnerabilities. The repository contains my findings and PoCs for security vulnerabilities in smart contracts and blockcha
Etrian Odyssey HD unlimited TP, Etrian Odyssey game Speed cheats, Etrian 2 HD unlimited TP, EO2 HD Items trainer, EO2 HD Items hack, Etrian 2 HD EXP multiplier, Etrian Odyssey add Skill engine, Etrian Odyssey II HD instant Mode, EO2 HD Skill engine, Etria
Poppy Playtime Hacks Height Mods, Poppy Playtime Cheats Game Accelerator, Poppy Playtime Mods Player Jump, Poppy Playtime Hacks Boost Jump, Poppy Playtime Mods Game Cheats, Playtime Cheats Jump Height, Poppy Playtime Cheats Fast Forward, PP Hacks Speed Pl
BeS Security Analyst AI Agent.
"ETS 2 Cheats 2025: Free Download for Windows – Ultimate Euro Truck Simulator 2 Mods & Hacks"
One Piece World Seeker auto aim hack, One Piece super speed World Seeker cheat, World Seeker mega jump One Piece trainer, One Piece World Seeker skill reset code, One Piece speed boost World Seeker guide, World Seeker invisibility One Piece hack, One Piec
cyber-security
"Windows Raft Cheat Engine 2025: Free Download Hacks, Mods & Bots for Unlimited Resources"
SC hacks pc game, Space Crew trainer hull damage, Space Crew hacks experience boost, Space Crew mod pc cheats, Space Crew cheats unlimited fuel, Space Crew hacks crew health, Space Crew cheats boost hacks, SC unlimited selected crew boost mod, Space Crew
Unlock all DOOM trainer mod, DOOM 2016 save location cheats, God mode DOOM trainer hack, Save location DOOM 2016 game mod, Save location DOOM game cheats, God mode hacks DOOM 2016, Cheat engine unlimited hp DOOM, Teleport DOOM PC mod, Loot drop DOOM cheat
Game trainer WWE 2K19 cheat engine, Trainer cheats WWE 2K19 unlock all, 2K19 mods no cooldown, 2K19 hacks weak opponents, PC cheats WWE 2K19 unlock all, Trainer cheats WWE 2K19 unlimited VC, WWE 2K cheats unlock all, Skill points with WWE 2K, Trainer trai
Creating offensive security tools for personal learning
Minecraft Vape V4 Aimbot Hack Free for PC
"Brookhaven Script 2025 Free Download for Windows - Ultimate Roblox Hack & Exploit Resources"
Battle Brothers healing surge trainer, Battle Brothers weapon upgrade trainer, Battle Brothers perk enhancer hack, BB full invincibility mod, Battle Brothers map reveal hack, Battle Brothers fatigue remover mod, Battle Brothers game damage multiplier mod,
A lightweight and fast network scanning tool for Termux. Built for educational and ethical hacking purposes by darkiller33x
One Hit Armor Veilguard, Armor One Hit DATV, Edit Materials Amount Hack Dragon Age, Set Game Speed Dragon Age, Healing Potions Veilguard, Exp Multiplier Mod DATV, Momentum Dragon Age Hack, Kills Dragon Age One, Infinite Health Veilguard Mod, Money Edit Dr
security-incident-report-yummyrecipes
Download Farlight 84 Hack Tool 2025 - Undetected & Working
F1 Manager Mods 2023 infinite wind hacks, F1 Manager Mods 2023 money cost cap, F1 Manager Trainer 2023 edit tyre hacks, F1 2023 infinite fuel trainer, PC F1 Manager 2023 edit powertrain trainer, Manager 2023 empty ai fuel hacks, F1 Manager Trainer 2023 da
Serious Sam cheats no cooldown, Serious Sam game hacks unlimited shield, Serious Sam 4 mods unlimited skill points, SS4 pc unlimited shield, SS4 god mode cheats, Serious Sam 4 unlock all hacks, Sam 4 trainer no reload, Sam 4 mod unlimited ammo, SS4 game h
MGS 3 cheats unlimited health, MGS3 Snake trainers no reload, Solid 3 hacks damage multiplier, METAL GEAR 3 Snake pc skill points, MGS 3 cheats experience boost, MGS3 Snake hacks unlimited stamina, Solid 3 Eater pc skill points, Snake Eater Version cheats
Unlimited ammo hack Conan Chop Chop pc, Conan Chop Chop experience boost mod, Conan Chop Chop unlimited skill charges mod, Conan game unlimited HP cheat, Chop Chop quick kill Conan hacks, Conan game unlimited skill points cheat, Unlimited keys Conan Chop
Proof of concept for socratic ai
Im actively combating scammers while developing various cheats and tools for games, including Hack Cheat Driver Esp Aimbot Magic Bullet, Driver Injector Overlay, and Imgui
Bot that automates farming and clicker activities in Catizen mini-game. Includes features for crypto integration and blockchain technology. The bot supports hacks and cheats to optimize profit and enhance gameplay efficiency.
a2a and mcp server with spring security , secure your agent with spring based security features
A hack pad for Hack Club's Highway to Undercity
Proof of concept for UUI
multi agent drone security monitoring system
rainbow-six-siege-hack rainbow-six-siege-esp rainbow-six-siege-cheat r6-cheat r6-hack r6s-cheat rainbow-six-cheat r6s-hack r6s-esp rainbow-six-siege-hack-free free-r6s-hack rainbow-six-hack-free r6s-hack-free rainbow-six-siege-hacks rainbow-six-siege-chea
Bot that trades cryptocurrency on Blums P2P chain exchange. It includes features for farming, hacking, and cheating to maximize profits. The bot supports Telegram for easy management and integrates with the exchange for optimized performance.
A proof of concept Argo CD deployment
Proof of concept for a method statement generator.
displays steel structural shape profiles--proof of concept and method development
pdf password cracker anon cracker 💥 bruteforce .pdf and .zip files in lighting speed 💥 a single tool to bruteforce pdf , zip and hashes very super fast. pdf cracker zip cracker pdf bruteforce zip bruteforce hash bruteforce has cracker pdf cracker zip crac
Bot that automates farming and clicker activities in Xborg game. Includes crypto integration and API support. Designed with cheats and hacks to maximize profits and enhance gameplay efficiency.
Proof of Concept for CVE-2024-9463
Yoo how are you i am one of the hacker
Proof of concept for a method statement generator.
Proof of Concept for Cruise0 SPA using Auth0
StreamIO is a Windows-based Active Directory lab on Hack The Box that showcases a full-stack exploitation chain combining web exploitation, SQL injection, LFI, RFI, reverse shell delivery, post-exploitation enumeration, and domain privilege escalation usi
Bot that automates farming and clicker activities in Aavegotchi game. Features include crypto integration and API support. Equipped with cheats and hacks to optimize profits and enhance gameplay efficiency.
LED-Hacking
A simple hack using vibescript to generate good commit mensages
Proof of Concept API template for rapid prototyping.
AS game mods crew health boost, AS pc hacks no cooldown, AS pc hacks free mode, Abandon Ship cheats crew boost, PC Abandon Ship trainers enemy track, AS pc cheats battle simulator, Abandon Ship pc hacks crew train, Abandon Ship pc trainers fast sail, PC A
Bot-that-automates-farming-and-clicker-activities-in-LumiTerra-game.-Includes-crypto-token-integration-and-API-support.-Features-cheats-and-hacks-to-maximize-profit.-Managed-via-Telegram-for-efficient-game-control.
🎓 BCA Student @ PSIT Kanpur 💻 Learning DSA | Full Stack Web Development 🌐 Passionate about Web Dev 🔐 Exploring Cybersecurity & Ethical Hacking 📈 On a journey to build, break, and learn 🚀 Let’s connect and grow together!
Proof-of-concept scanner targeting CVE-2024-21762 in FortiOS SSL VPN’s /remote/hostcheck_validate endpoint with reverse shell payload delivery.
Boost Your Fortnite FPS Easily: 2025 Windows Download and Performance Hacks 🔥
Mod Gone Rogue God Mode, Trainer Gone Rogue Speed Hacks, Hack Gone Rogue Speed Enhancer, PC Gone Rogue Money Hacks, Gone Rogue No Cooldown Trainers, PC Gone Rogue Damage Multiplier, Mod Gone Rogue Invincible, GR Unlimited HP Cheats, Cheat Gone Rogue No Co
A Real Estate Management System using DBMS helps store and manage data on properties, tenants, leases, maintenance, and finances. It ensures data integrity, security, and easy access, allowing property managers to track payments, schedule maintenance, and
HandsOnHacking
Bot that automates farming and clicker activities in Tomarket game. Features include crypto integration, Telegram support, and API tools. Equipped with cheats and hacks to maximize profits and enhance gameplay efficiency.
proof of concept for build config.
Defense multiplier in FINAL FANTASY XVI hacks, Super stagger damage FF XVI mods, FINAL FANTASY XVI trainer max limit break gauge, Ability points multiplier FF XVI cheats, Set game speed FF XVI mods, FINAL FANTASY XVI cheats infinite limit break, Ability p
Marvel Rivals Windows Hacks 2025: Unlock All Secrets 🔓
Thief 2 cheat auto cracking, TS2 trainer drone distance infinite, Simulator 2 trainer jumps, Thief Simulator 2 PC trainer distance, Thief Simulator hack skill points, Thief Simulator 2 PC hack skills, Thief Simulator 2 PC hack panel, Thief Simulator mod a
ChowNaija is a Spring Boot-based backend API that powers a platform for discovering and reviewing restaurants across Nigeria. Users can explore dining options, share ratings, and post reviews to celebrate the country's vibrant food culture. Leveraging Spr
front and back end proof of concept. Created in two separate instances of visual studio
Aspiring Cybersecurity Analyst with strong foundational certifications and hands-on skills in network defense, SIEM tools, application security, and cloud security practices, ready to contribute to secure application environments.
A proof of concept for an API for beneficiary designations
Path of Exile 2 2025 Windows Hacks: Cheat Menu Guide 🎯
2025 Windows Exclusive: Insurgency Sandstorm Hack Free Download
Strange Brigade Game Speed Cheat, Game Speed Mod Strange Brigade, SB Perfect Accuracy Trainer, Strange Brigade Rapid Fire Mod, Game Speed Strange Brigade, Infinite Health Mod Strange Brigade, Strange Brigade Mods, Rapid Fire Mod Strange Brigade, Infinite
Distrubuted counter proof-of-concept using ETS and R2
Download 2025 Runescape Hack for Windows: Free Ultimate Tool!🔥
Proof of Concept for Heavy On The Move landing page and branding
CS2 Silent Hacks 2025: Undetected Windows Cheats & Bypasses 🕵️
Cyber Security Internship May-June 2025 Task 03
Chatinger is a modern real-time chat application designed with end-to-end communication security, inspired by the standards of platforms like WhatsApp. It offers seamless messaging between users with robust privacy, authentication, and session handling.
Flexson is a platform for efficient JSON file management with secure authentication, collaborative workspaces, and API access. It simplifies creating, organizing, and sharing JSON data with enterprise-grade security, ideal for storing parameters for compa
The best of security tools for PostgreSQL management tools
Repro of Semantic Kernel Open Hack Bug
A platform designed to be an essential asset for Security Operations Centers (SOCs), Computer Security Incident Response Teams (CSIRTs), and Computer Emergency Response Teams (CERTs), empowering them with the tools and intelligence needed to detect, inves
# Cloudflare-SQL-to-APIThis project allows you to create REST APIs quickly using SQL queries on Cloudflare Workers and D1 databases. 🚀 With a focus on performance and security, it simplifies the process of connecting your database to an API without the ne
GTFO hacks skill points, Cheat engine GTFO mod, No cooldown GTFO hack, Cheat engine GTFO pc, Experience boost GTFO hack, GTFO cheats damage multiplier, No cooldown GTFO hack, Set run speed GTFO hack, GTFO trainer set run speed, Cheat engine GTFO mod, Loot
A narrative-driven 2D hack-and-slash demo built in Godot 4. Atmospheric. Minimalist. Experimental.
2025 PUBG Hack Tools: Windows Download & Setup 📥
Backend - SpringBoot-Spring-Security/Application Web de Réservation d'Événements Ce dépôt contient le backend de l’application de réservation d’événements. Il gère la logique métier, les API REST, la gestion des utilisateurs, des événements et des réserva
CyberKit is a terminal-based toolkit for OSINT and cybersecurity scanning, designed for ethical research. Explore its features to gather public information and enhance your skills in a responsible way. 🛠️💻
Dota 2 Hacks & Cheats for Windows 2025: Ultimate Guide 🚀
This app will help you to encrypt or decrypt a text using different ciphers and secret keys. This code is just for educational purpose and is not as such safe for well developed level but highly acceptable for university level projects.
GoBypass403 is a tool designed to help security professionals test and bypass 403 Forbidden errors on web applications. It streamlines the penetration testing process, making it easier to identify vulnerabilities and enhance web security. 🛠️💻
This repository features a Python script that simulates a basic Denial of Service (DoS) attack for educational purposes. Users can explore how these attacks work and improve their cybersecurity knowledge through hands-on experience. 🐙💻
Static website deployment on AWS S3 with CloudFront and security configuration
TheFudRat v2 is a cross-platform payload generator and evasion tool for ethical hackers. It supports Android, Windows, Linux, and macOS, offering features like encryption, APK merging, and Play Protect bypass for stealthy, customizable backdoor creation.
Clair Obscur Windows Hack 2025 🚀 Expedition 33 Menu Guide
PHP CRUD API Generator allows you to quickly turn your MySQL/MariaDB database into a REST-like API with ease. 🚀 With features like auto-discovery of tables and robust authentication options, it simplifies backend development while ensuring security. 💻
PortWarden is a fast and efficient TCP port scanner that helps users identify open ports and services on a network. With its multi-threaded design, it delivers results quickly, making it an essential tool for ethical hacking and security assessments. 🐙💻
hacking
securityinstagram
springboot-jwtSecurity
WPAUDIT is a flexible tool for assessing WordPress security, helping users find vulnerabilities quickly. 🛡️ With its modular design, you can customize scans to fit your specific needs. 🖥️
This repository contains several methods of outlier and anomaly detection. These methods include detection algorithms such as DBScan and Local Outlier Factors to find outliers in our data. These are important for cyber security purposes and can be used to
Terminal-attached Network Defense Tool
Bank-Security-Application
Bot inteligente para asesoramiento en seguridad electrónica
With unwavering precision, Google Chrome safeguards user data within an unyielding fortress of security. Hence, for the Mercuria
zero trust security implementation on Apple environment
Phishing URL Detection system using 17 key features to classify URLs as benign, defacement, phishing, or malware. Achieved 93% accuracy with Random Forest, 92% with XGBoost. Includes a web interface for URL upload, feature analysis, and security recommend
大树框架快速开发平台(开源版) 最简洁的Java快速开发平台 Springboot + Security + Vue2 + ElementUI
Embassy Rust code for Security Robot (with ultrasonic, motors, and PIR motion detection)
FiveM External cheat, offers various features like aimbot, triggerbot, exploits, and customizable settings, enhancing the gameplay experience. It includes a KeyAuth system for additional security and user management. The cheat is designed to be undetectab
Hexend: a cyberpunk-themed Dead Man's Switch app designed to simulate hacker-induced system failures.
GoLang Penetration Testing & Email Security Toolkit
spring-security-projects
creating endpoints for ZAP and host it inside a dedicated server to be called by Gitlab repo pipeline
2025 Highway to Undercity Hack Club Submission
network-security-controls
This demonstration showcases the complete setup of the infrastructure required to build a generative AI agent using Azure AI Foundry and Azure OpenAI Service. This example is configured within a public network; however, please ensure you adapt the impleme
grabber 🔥 blank grabber 🔥 updated 2024 🔥 blank password grabber written in python. cookie stealer password stealer wallet stealer cookie grabber password grabber wallet grabber cookie stealer password stealer wallet stealer cookie grabber password grabber
Cyber-Security-
Birthrack is a Python tool that creates password lists by combining a username with all birthdays (0101–1231). It supports symbols like _ or @ and username variations (lowercase, capitalized, uppercase). Useful for security testing. Outputs passwords to a
A proof of concept app to demonstrate the unique feature of the "useFieldArray" hook from the react-hook-form library
Marvis Vault is an open-source project focused on enhancing the security and compliance of AI workflows. Join us in building a reliable infrastructure for agent operations on GitHub! 🐙💻
short solution
Experimental Sequor projects and proof-of-concepts
otp-maker is a simple tool for generating one-time passwords. It ensures secure access to your applications with ease. 🛠️✨
Infinite stamina Bleak Faith mod, Jump height Bleak Faith Forsaken, Infinite flux for Forsaken, Forsaken free crafting hack, Bleak Faith cheats speed boost, Fast travel for Forsaken, Bleak Faith Forsaken full unlock, Bleak Faith no cooldown cheats, Bleak
this is a proof of concept project to create the first point of sales system by our new team
Proof of concept for AI-based irrigation optimization
Lightweight proof-of-concept text editor
A proof of concept for an invoice classifier and extractor based on Microsoft's Content Understanding API
Star Survivor trainers ss cheats, Star Survivor mod infinite boosts, Star Survivor trainer time decreaser, Star Survivor hack survivor trainer, Star Survivor hack star mod, Star Survivor mod ss mod, Star Survivor cheat star trainer, Star Survivor trainer
Kafka Proof of Concept
Terminal-style cyberpunk hacking game built with Python + Pygame for Amazon Q CLI Game Challenge 2025
Wolfenstein game ammo unlimited mod, The New Colossus one shot kills, Wolfenstein New Colossus kits upgrade, Wolfenstein game throwables infinite, The New Colossus ghost mode trainer, Wolfenstein II throwables infinite, The New Colossus unlimited laser mo
hacking
gh repo clone aws-samples/ingest-and-analyze-aws-security-logs-in-microsoft-sentinel
network-hacking-status-monitoring
Bot that automates farming and clicker activities in Tomarket game. Features include crypto integration, Telegram support, and API tools. Equipped with cheats and hacks to maximize profits and enhance gameplay efficiency.
Created a Spring Project which run on security configuration on particular end points.
proof of concept blog viewer with API integration
Bot that automates farming and clicker activities in Pixels.xyz game. Includes crypto integration and API support. Features hacks and cheats designed to maximize profits and improve gameplay efficiency.
Bot-that-automates-farming-and-clicker-activities-in-LumiTerra-game.-Includes-crypto-token-integration-and-API-support.-Features-cheats-and-hacks-to-maximize-profit.-Managed-via-Telegram-for-efficient-game-control.
System Security Management
Bot that automates farming and clicker activities in Chainmonsters game. Features include crypto token integration and API support. Equipped with cheats and hacks to maximize profits and enhance gameplay efficiency.
Hacking
Task-Cyber-Security-1
Roblox MM2 Hack
BBtool is a user-friendly penetration testing tool designed for security researchers and ethical hackers. It integrates multiple security testing tools into one interface, making vulnerability discovery efficient and straightforward. 🛠️🌐
Bot that automates farming and clicker activities in PiggyPiggy game. Features include crypto integration and API support. Equipped with hacks and cheats to maximize profits and enhance gameplay efficiency.
security-review
Bot that automates farming and clicker activities in Cyber Finance game. Features include crypto integration with CFI, Telegram support for management, and hacks and cheats to maximize profit. Designed for efficient gameplay and profit optimization.
Bot that automates farming and clicker activities in BoomLand.io game. Includes crypto integration and API support. Equipped with cheats and hacks to maximize profits and enhance gameplay efficiency.
The Linux 101 workshop I prepared together with Hawks Cyber Security.
This project aims to develop an Android security app that protects users especially children and seniors from malicious apps, files, and links. It will scan files, detect suspicious links, analyze app behavior for privacy risks, use machine learning to id
Bot that automates farming and clicker activities in Fableborne game. Features include crypto token integration and API support. Equipped with cheats and hacks to optimize profits and enhance gameplay efficiency.
Codehawks-Security--Portfolio
Hacker News Reader with Todo list for tracking reading progress
ENHANCING-ELECTRONIC-HEALTH-RECORD-SECURITY-USING-BLOCKCHAIN-AND-HOMOMORPHIC-SEARCHABLE-ENCRYPTION
ProyecSecurity
Download The Division 2 Ultimate Hack for Windows – 2025 Update!🔥
SecurityOfficeWebApp
Safe Wuthering Waves Hack Download 2025 for Windows PC Edition ⚡
on-the-go combination lock cracking tool for the Flipper Zero, inspired by security researcher Samy Kamkar’s work on the mechanical vulnerabilities in Master Lock combination padlocks.
Advisories for security findings
A proof-of-concept online videogame store, made for a school project.
ade-security2
H.M.A.S - Hacker Messages As Service
ackend API for Civic Connect – a platform to streamline communication and collaboration between citizens and local governments. Built with scalability, security, and civic engagement in mind.
A proof of concept for a godot glsl shader which allows dynamic per pixel rendering of two separate sprites to allow transitions between colour palletes.
This repository contains a Docker Compose environment for a private homelab focused on security, automation, authentication, and developer productivity.
Public security and compliance assets for GIGO Data, Inc. (email authentication, trust signals, and transparency policies)
Apex Legends Hack 2025 | Free Aimbot + ESP + No Recoil | Undetected Apex Cheat PC
A spring Boot-based web application for managing school operations, featuring role-based access, secure authentication, course management, and dynamic views using Thymeleaf. Built with Spring Security, MVC structure for real-world educational platform sim
Proof of concept for the Woocommerce FFL
💀 Web exploitation, accessibility phishing, and signal-layer abuse — documented by Shelbyxss. Writeups, payloads, whisper trap demos, and research logs from a 15-week journey into ethical hacking.
This is a **sanitized proof-of-concept test suite** for a fictional multi-region e-commerce application.
..
LLM Audit Assistant is a self-hosted proof-of-concept platform designed for teams to analyze internal documents using large language models (LLMs).
TO BE DELETED
Live Demo: https://walid-it-hack.github.io/homework/
Whatsapp Hack Fake
NLWeb implementation for WordPress - Proof of Concept with Limited functionality
Process Hacker Descargar 2025 Crack Español Key
an AI-powered reconnaissance tool designed for ethical hackers It automates information gathering and enriches the output using AI for security analysis.
This is a proof-of-concept (ONLY), application that shows how a law firm can design, develop, and deploy their own in-house QuickBooks Enterprise Desktop with Filevine's case management system. In this setup, the MOCK Filevine server is created to simulat
CSI Internal Hack
Website to program a hackable padge
SharpSuccessor is a .NET Proof of Concept (POC) for fully weaponizing Yuval Gordon’s (@YuG0rd) BadSuccessor attack from Akamai.
miside-cheat,-miside-crack,-miside-hack,-miside-cheats,-miside-hacks,-miside-cheat-engine,-miside-hack-engine,-miside-crack-menu,-miside-cheat-2025,-miside-cheat-2025,-miside-hack-menu,-miside-cheat-menu,-miside-script
**Multi-Modal for DevOps Automation** is an AI-driven framework integrating **LLMs, computer vision, and structured data processing** to enhance **CI/CD pipelines, infrastructure monitoring, and security compliance**. Built with **FastAPI, Docker, and AWS
phone hack prank
Middleware for gofiber implementing Google reCAPTCHA v3 validation
2025 Windows Exclusive Marvel Rivals Hack Download Guide⚡
Exclusive WoW Bot Hack 2025: Safe Download for Windows PC🛡️
Funcaptcha solver using reverse-engineered Arkose Labs logic. For research only.
Secure Download Free Scum Hack for Windows in 2025 – Best Cheats and Mods
Kaspersky Internet Security Torrent Setup Patched 2025
🎯 1V1.LOL Hack Script — Auto-Build, Auto-Combat, Auto-Resources, and Beyond
Crack password protected zip files
A Python-based keylogger for educational use only. Captures keystrokes, logs active window titles, and adds timestamps. Designed to demonstrate basic monitoring techniques in ethical cybersecurity research and endpoint security awareness.
A proposal to make Social Security solvent through independent investment reform
Get the New Warframe Hack Download for Windows 2025 Now! 💥
Proof of concept for the Woocommerce FFL
보안공부 일지
Ejecutable en windows para buscar las maquinas de Hack the box resueltas por savitar espero sea del agrado de la comunidad 🥂
A Proof-Of-Concept MCP Server for the Mollie payments API
ZeeOxx-Security-v1
EKS blue-green deployment demo with K6 load test proof of concept
Hackers en arte y diseño
Get Safe Mordhau Hacks 2025: Easy Windows Download and Installation
This web application is a full-stack platform designed for outdoor enthusiasts to discover, list, and review camping locations. It provides a user-friendly interface for exploring campsites, and contributing personal experiences. The platform emphasizes b
A proof of concept Better Discord plugin demonstrating RSA encryption usage.
ade-security
Ultimate Guide to Downloading Deceit Hack on Windows in 2025🚀
Bot that automates farming and clicker activities in Seekers of Tokane game. Includes features for crypto integration and API support. Designed with cheats and hacks to optimize profits and improve gameplay efficiency.
Evaluate the security of GitHub Actions in a controlled, automated workflow (IssueOps + GitOps) before letting developers use them.
A personal hacking journal to track CTFs and challenges.
security
This is a Python soc project with tools for research and automation for the blue team.
A tool designed to bypass security measures on cryptocurrency wallets by exploiting vulnerabilities in the system. Hackers can use this software to gain unauthorized access to digital assets stored in these wallets.
Best Halo Infinite Hack 2025: Easy and Free Download on Windows PC🚀
Proof-of-concept Python script for scraping a state procurement website, filtering RFPs by keyword, and exporting a priority-ranked Excel report.
FIDO2 USB Security Key, My Master's Thesis at CTU FEE, 2025
hacker-writeups.github.io
Bot that automates farming and clicker activities in Chibi Clash game. Features include crypto token integration and API support. Designed with cheats and hacks to optimize profits and enhance gameplay efficiency.
BlockPost is a Python-based blockchain application with a Flask web interface that enables creating, mining, and verifying posts as transactions on a decentralized blockchain network. It demonstrates core blockchain concepts like proof-of-work, consensus,
Making a hack day project with web components
Bot that automates farming and clicker activities in Brilliant Crypto game. Features include crypto token integration and API support. Designed with cheats and hacks to optimize profits and enhance gameplay efficiency.
3fa_email_security
Phasmophobia Free Hack Pack 2025: Windows-Compatible Downloads and Tips 👻
This repository contains a minimal proof of concept demonstrating peer-to-peer networking capability using Mycoria. The implementation establishes a direct connection between two independent nodes in a simplified environment.
CTwobe is a **Proof of Concept** demonstration of using YouTube as a covert communication channel. This project showcases how YouTube's platform could theoretically be leveraged for command and control operations through video descriptions, comments, and
AP-TOOL is a simple Android-compatible penertation testing tool written in Python Designed for use with Termux or other Android linux environments it offers several essential feautres for ethical hacking and information gethering
Secure NBA 2025 Hack Tool Download for Windows PC in 2025 ⚡
Ultimate SCP Hacking Download for Windows in 2025🔥
Proof of concept of reading from Omnifocus's sqlite database using Rails
GhostKYC — A proof-of-concept agent system that flags blockchain risk without full KYC, using scenario-driven analysis.
hacker-writeups.github.io
Exclusive Zone Wars Hack 2025: Download Now on Windows🌟
Master Axie with 2025 Hack Download for Windows - Exclusive Tips ⚡
"Vaultix" is a secure document management system. It prioritizes data integrity and security for sensitive documents.
Get BF5 Hack 2025 Download Now: Windows Edition, Easy Setup Guide
Best Deceit Hacks 2025: Secure Windows Download Now!🔒
Solutions and walkthroughs for OverTheWire: Bandit - learn Linux command-line basics through real hacking challenges.
Top 2025 Hacks for Lethal Company: Free Windows Download Guide🚀
Network-Security-ML
Secure and Easy: Download Minecraft Neverlose Hack for Windows in 2025 💻
🔥Download Lust Goddess Hack 2025 for Windows – Free and Easy Guide
A security bot with all utilities you need antiroledelete/antiroleadd/antichanneldelete but still need some modification
HackStore - Boutique en ligne d'outils pour le hacking éthique et la cybersécurité.
codes about security and authentication
Get Latest Halo Infinite Hack Download for Windows 2025 – Unlocked Features Now
🔧 MD5Cng-style hashing in .NET Core/5+ (Linux/macOS)! Lightweight cross-platform method using System.Security.Cryptography for legacy checksums, data migrations, or .NET Framework upgrades. No Windows dependencies—ideal for CI/CD pipelines. Not crypto-saf
Best Insurgency Sandstorm Hacks to Download in 2025 – Windows Edition ⚡
Bot that automates farming and clicker activities in Pancake Protectors game. Includes crypto token integration and API support. Equipped with cheats and hacks to maximize profit and enhance gameplay efficiency. Managed via Telegram for optimal game manag
System Security project for JWT-based RESTful API authentication
Bot that automates farming and clicker activities in Tomarket game. Features include crypto integration, Telegram support, and API tools. Equipped with cheats and hacks to maximize profits and enhance gameplay efficiency.
Hands-on exploitation of the VSFTPD 2.3.4 backdoor vulnerability using Metasploit to gain shell access, create users, modify logs, and attempt privilege escalation in a secure lab environment.
Bot that automates farming and clicker activities in Tomarket game. Features include crypto integration, Telegram support, and API tools. Equipped with cheats and hacks to maximize profits and enhance gameplay efficiency.
Bot that automates farming and clicker activities in PiggyPiggy game. Features include crypto integration and API support. Equipped with hacks and cheats to maximize profits and enhance gameplay efficiency.
💻 Offensive security practice logs and CTF write-ups
Just a basic SIEM (Security Information and Events Management) dashboard to see how logging and the such work on a small scale
2025 Update: Free 7 Days To Die Hacks Download for Windows PC Exclusive
A tool designed to bypass security measures and gain unauthorized access to cryptocurrency wallets, allowing for the theft of digital assets. Utilizes advanced hacking techniques to exploit vulnerabilities in wallet systems and extract funds without detec
PromptMe is an educational project that showcases security vulnerabilities in large language models (LLMs) and their web integrations. It includes 10 hands-on challenges inspired by the OWASP LLM Top 10, demonstrating how these vulnerabilities can be disc
The Cyber Scan Audit (TCSA) is a Python-based tool that automates Windows system security audits by scanning the entire system and generating detailed reports.
CSI Internal-Hack Project by Team-4
The Asuka Phishing Framework is a Python-based tool designed for educational and authorized security testing purposes. It allows users to clone a target website, host it on a local phishing server, and capture credentials, session data, and user interacti
Distributed Security Information and Event Management (SIEM) System
Security-Funded
Web-Application-Security
Terminal-based toolkit for WiFi Pineapple clones focused on penetration testing, Tor integration, and network security automation.
For educational and security research purposes only.
greta-taverny-security
Spring Security in spring boot
WPAUDIT: Advanced Python-based WordPress security auditing suite & vulnerability scanner. Automates pentesting with Nmap, WPScan, Nuclei, SQLMap. Comprehensive reports. Ideal for ethical hackers & Kali Linux.
A redesign for the hack club website, built with Next.js and Tailwind CSS.
security-cheatsheets
My daily notes on Linux, Python and Cyber Security.
Home_Network_Security_Assessment_Report
I built this tool to have a simple DNS lookup tool which contains all information we simply need in our work to check a domain on its security.
information-security
INIQ (pronounced "in-ick") is a cross-platform command-line tool for Linux/macOS system initialization. It streamlines the process of setting up new systems with proper user accounts, SSH access, and security configurations
A randomizer for the ROM Hack "Pokémon Scrambled Scarlet" created by doozsromhacks.
For hack club neighborhood (:
unity_to_be_the_hero ,type game ,Gameplay:hack and slash to versus wave enermy
Documentation for SEAR
SIEM Log Generator A lightweight and flexible log generation tool for simulating real-world security events. Easily produce logs in formats such as Syslog, Windows Event Logs, and CEF to test SIEM use cases, fine-tune detection rules, or populate security
shree-security-revised
Repo containing security development projects for CSC842 DSU course
My Cyber Security Profile
Documenting my path through A+, Network+, and Security+
GTA V mod menus offer undetected cheats for FiveM and single-player modes. Features like external cheats, ESP, and aimbot enhance gameplay, while private cheat sources ensure stealth and security.
Various hacks for most common sites by using plain javascript, just trying to leverage the console
Hands-on Security Labs funded by NSF
Serverless AWS Lambda ETL project to clean and query IMDb data using S3, Glue, and Athena.
Password managing make easy for user
A collection of hands-on guides for web application security testing, based on OWASP methodologies and real-world bug bounty practices.
security-first-lead-capture
A blockchain-powered solution for tracking equipment using Solana. Ensures transparency, security, and traceability across the supply chain. Built with Solana (Rust) for smart contracts, React.js for the frontend, Node.js for the backend, and MongoDB for 
kubernetes-devops-security
BrowserSecurityCheck
BlindSpot-Proof-of-Concept
API Tools and hacks >:)
WIP RSS viewer. For Hack Club's Neighborhood
Proof of concept verification of Cairo's fractions
Hands-on AWS governance and security controls based on the AWS Well-Architected Framework.
projet de soutenance
Projects from Hacking with Swift's 100 Days of SwiftUI course (plus one from the UIKit course)
SuperteamMY Mega Hack | Breakout
The Kanban board features a React front-end and a Spring Boot back-end with REST and GraphQL APIs, JWT-secured endpoints via Spring Security filters, PostgreSQL persistence with Liquibase migrations, real-time updates, caching for performance, monitoring
Define and run Docker Compose-like stacks in Python — with logic, dry-run, checks, no YAML / no hacks.
security_exam
Cloud Security Assessments
Created By: Giordan Masen and Ghazi Kazmi | 100h hack SF!
Tajiri is a self-custodial smart contract wallet platform for the Hedera network, offering enhanced security, social recovery, and gasless transactions.
Ethical hacking project
At SLERF, we are not just building a platform. We are pioneering an entirely new operating layer for decentralized finance. Your participation, your innovation, and your ideas are the cornerstone of this revolution. Let’s hack the future together.
Cyber Security Internship Task for Prodigy InfoTech
🛡️ A collection of in-depth vulnerability advisories and security research reports published by 0daysec, including technical writeups, CVE analyses, exploitation techniques, and remediation guidance.
This DevSecOps pipeline integrates free and open-source security tools to enable continuous and automated security testing throughout the software development lifecycle.
🏠 crib. is a house management app for hacker houses — vote on issues, share one-time secrets, send affirmations, and more, all in one sleek dashboard.
amcloud-security-shared
Personal technical guide to offensive cybersecurity and pentesting. Documentation of tools, commands, labs, and best practices.
MISA-Hacking
A lightweight save file viewer for Grey Hack, built with Godot Engine.
OWASP Foundation web repository
Administrative management scripts to configure, review, and update items stored in 1Password for security and organisation
💾┃Dark-Scripts - Repositório criado para armazenar scripts do CMSP Hacks
IPC demonstration via WinUI3
MCP crawler proof of concept
Vibecondom: A security tool for detecting hidden characters and malicious prompt injections in text content intended for LLMs. Scans for control characters, zero-width characters, Unicode tag characters, bidirectional text manipulations, mixed scripts, an
SecurityChildren
owasp-genai-security-ja
DocuTrack is a proof-of-concept dapp built on the Internet Computer for sharing and managing documents.
springboot-security-oauth2-social
API on Spring boot, spring security and Jwt
Modular platform for security auditing of networks, web, DNS & APIs. Plugin-based, Docker-isolated, and report-driven.
Personal project about security
Hello, world! 🌍 I'm a passionate Linux System & Server Administrator, living in front of three tty terminals 🖥 🖥 🖥, where I breathe Linux and script bash every day. With a burning desire to master the command line, I dive deep into the file system. As a c
Proof-of-Concept Verification Infrastructure for SP1 zk chips
weekly-security-report_2.0
Annihilator's massive corruption and decoy approach protects data on insecure media like SSDs, where secure erase is ineffective. It creates a corruption labyrinth, preventing forensic recovery and ensuring data security.
Project implementing all the necessary proofs of concept for an application platform Dashboard.
Hack your Kubernetes cluster with very basic methods and tools
proof-of-concept
Wanderlust is a full-stack travel blogging platform built with the MERN stack (MongoDB, Express.js, React, Node.js) and deployed using modern DevOps practices. This project demonstrates end-to-end implementation of a production-grade application with robu
CSSINJ is a tool that exploits CSS injection vulnerabilities to exfiltrate sensitive information from web applications. This tool is designed for security professionals to assess the security posture of web applications by demonstrating how CSS can be use
End-to-End-MLOps-Pipeline-for-Network-Security
Welcome to BinTechHub, a repository that houses all the tools, scripts, and projects developed to enhance cybersecurity, automate tasks, and optimize digital presence. Whether it's bots, browser extensions, security solutions, or SEO tools, this repo serv
Proof of concept: an interactive GraphQL API explorer
Cyber-Security-Tasks
MajesticVPN is a powerful and reliable solution for your online security and privacy. With MajesticVPN you can browse the internet safely and anonymously, protecting your data from prying eyes and providing access to content blocked in your area.
This GitHub repository contains cheats and hacks for enhancing gameplay in the popular RPG Baldur's Gate 3. Explore new ways to manipulate the game mechanics and make your journey through the Forgotten Realms more exciting.
A proof-of-concept web interface for performing cross-chain swaps using The Compact.
SpringBoot reference proof of concepts & commonly used patterns, tools, dependencies & Concepts
Documentacion de los retos de CTF
IasC Infra and Security
a 3D printer YSWS (You Ship, We Ship) by Hack Club. Everyone who gets a benchy printed will be flown to RMRRF in Colorado. Run by @qcoral
A vulnerable Android app for security testing and analysis
Documentación de los retos CTF
XYZ Dealer, an Indonesian car dealership, is implementing a Proof-of-concept to develop a demo car loan system, aiming to streamline the process, eliminate human errors, and provide real-time data tracking. The system uses a structured data model and Pyth
This repository contains the proof of concept implementation of the paper Layout-Agnostic MPI Abstraction for Modern C++.
cotlib is a secure, high-performance Go library for parsing, validating, and generating Cursor-on-Target (CoT) XML messages. It features a comprehensive, embedded type catalog with metadata, robust validation logic, and LLM/AI-friendly search APIs. Desig
React app for the website food-security.net
BaseSecurityFront
[USENIX Security 2025] SafeSpeech: Robust and Universal Voice Protection Against Malicious Speech Synthesis
[USENIX Security '25] Whispering Under the Eaves: Protecting User Privacy Against Commercial and LLM-powered Automatic Speech Recognition Systems
Manual for security guidance and secure by design in DfE
Home security daemon
LLM authentication, model replacement, content security, etc. All-in-one gateway.
Radcipher Smart Contract Security Audit
The Open Source Security Platform Unified XDR and SIEM protection for endpoints and cloud workloads.
Lightweight CLI tool to convert SARIF reports to clean Markdown
Final project for bachelor's degree in software engineering. A mobile app for citizens of Judea and Samaria that recognizes emergency events during drives, alerts security personnel, and guides them to the location of the event using geolocation.
Real-time chat application using Django, HTMX, Websockets and Tailwind CSS. This is a proof of concept only.
FIDO2 authentication library for .NET
powston_hacking
Analysis of the AMD SEV-SNP security properties by way of the Tamarin prover
📦 The Largest Collection of Pre-Compiled Linux Static Binaries for Soar: The Modern, Bloat-Free Distro-Independent Package Manager
Hacking-Website-links
neovim configuration for the stubborn martian hacker, written in fennel
What's new in Spring Security 6.3, 6.4, 6.5 + Spring Authorization Server 1.3, 1.4 and 1.5
PrestaShop module that sends customizable Telegram notifications for new orders, admin logins, and new customer registrations. Supports multiple chat recipients, message templates, and automatic update checks.
Security of a two-party guessing game in a real/ideal style
securityfeeds.org
Online-Proctoring-Security-Privacy
Gen 1 Fakemon Overhaul hack, this time with a new, custom region, using pokered-crysaudio as a base
uga-scs-competitive-hacking.github.io
Keychat is the super app for Bitcoiners. Autonomous IDs, Bitcoin ecash wallet, secure chat, and rich mini apps — all in Keychat. Autonomy. Security. Richness.
This detailed repository provides a clear representation of a robust but still beginner friendly homelab setup that balances storage, network management, and application hosting with security and efficiency.
Hack club Arcade
BypassServ Mini Shell All Bypass Featured is a backdoor webshell that is 100% undetectable by anti viruses such as clamAV, virustotal, etc., which is made with a special command bypass feature with, mail(), mb_send_mail functions and others which allows
An Ethereum Desktop Wallet with a focus on simplicity and security
Latest CVEs with their Proof of Concept exploits.
This is my security reviews portfolio. The work I have been doing since May 2024, to the present day.
hacking_notes
A Hack Club project gamifying the experience of learning to code through the Athena initiative.
Modernizes the default Spring Web Authentication/Login UI and makes it easier customizable
Transport Layer Security (TLS) streams for JavaScript
A proof-of-concept Copy-And-Patch JIT compiler backend for Julia
Proof of Concept for running CDISC CORE within SAS
SEC540 Cloud Security Flight Simulator Bootstrap Instructions
We created a cybersecurity Systematization of Knowledge for Solana applications and protocols. We call it the Solana Security Strategy: such a database would be hugely beneficial for anyone who wants to secure their product and learn security from the bes
2024 complete alpha rewrite of nodenogg.in proof of concept platform
Spring Security + Jwt + SSR Practice Projct
Proof of concept for using positional tracking wheels in order to determine the real-time position of a robot in space. Used Unity Engine.
Generate random passphrases
Welcome to cybr
security_access_token
security_crypto_framework
security_device_auth
security_huks
Get Hands-On Security Recommendations for Your SAP BTP Environment
Offline Security Client
Awesome free cloud native security learning labs. Includes CTF, self-hosted workshops, guided vulnerability labs, and research labs.
Proof of concept for a modern search across RFCs / Drafts / etc.
Open bookmarks, links, or tabs in temporary, self-removing containers which isolate the data websites store (cookies, storage, and more) from each other, enhancing your privacy and security while you browse.
Learning Cyber Security
Example architectures utilizing DevSecOps principles to deploy F5 Application Delivery and Security Platform solutions.
Shell emulator and multitool for the video game Grey Hack.
A hosts file for blocking bad domains usually found in phishing emails targeting Greek users
Kexa's simple rules (Open Source) make it easy to monitoring and manage alerting of your entire cloud. With various monitoring and alerting options, instant and detailed alerts, easy-to-deploy and low in infrastructure costs, in turns complexity into simp
Hack. Eat. Sleep. Repeat.
FPGA verilog and firmware for TKey, the flexible and open USB security key 🔑
Hack OC Website
Repository Service for TUF: Worker
My useful files for penetration tests, security assessments, bug bounty and other security related stuff
Monkey365 provides a tool for security consultants to easily conduct not only Microsoft 365, but also Azure subscriptions and Microsoft Entra ID security configuration reviews.
EDHOC implemented in Rust, optimized for microcontrollers, with bindings for C and Python.
webtech-security-docker
Email based authentication for Go
Nrich is a Java library developed at CROZ whose purpose is to make development of applications on JVM a little easier.
Various Proof of Concept Materials/Shaders/PostPro
Automagically filter URLs with Bug Bounty program scope rules scraped from the internet.
OpenZeppelin Contracts written in Cairo for Starknet, a decentralized ZK Rollup
Mirror private Azure DevOps repositories to public Github repos to share know-how, proof of concepts, or other valuable content which would otherwise gather dust in your company.
Docker image to run a virtual HSM (Hardware Security Module) network service based on SoftHSM2 and pkcs11-proxy.
A quick, proof of concept forecasting tool to generate policy scenarios and their impact across system points.
Discover vulnerabilities and container image misconfiguration in production environments.
combateafraude organization's iOS solutions
This project aims to provide a central repository for many useful Tsunami Security Scanner plugins.
Client Library in GoLang for application developers requiring authentication and authorization information in their application. The library is used to obtain token information like user name, user attributes and audiences.
A CLI project wrapping application security testing (AST) APIs
Powerful and smart Traffic Anonymizer using tor as a transparent proxy
Pentest Report Generator
A secure-by-default PHP web framework
AEM Dispatcher Security Scan
Idiomatic nmap library for go developers
Go packages built on go-tpm providing a high-level API for using TPMs
Cross-platform game hack for Counter-Strike 2 with Panorama-based GUI.
CodeQL: the libraries and queries that power security researchers around the world, as well as code scanning in GitHub Advanced Security
Machine learning project designed as proof-of-concept | 简洁机器学习项目
Spring Boot Addon to add JWT based security
weekend hack
ModSecurity v3 Nginx Connector
A simple Keychain wrapper for iOS, macOS, tvOS, and watchOS
Proof of Concept and Research repository.
Portable OpenSSH
A p2p, secure file storage, social network and application protocol
Security engine for Java (authentication, authorization, multi frameworks): OAuth, CAS, SAML, OpenID Connect, LDAP, JWT...
A script to download the latest (possibly dev) versions of the security tools I use
Tenzir is the data pipeline engine for security teams.
CVE-2024-13427 -- The Page Builder: Pagelayer – Drag and Drop website builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's Button widget in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output esca
CVE-2025-3869 -- The 4stats plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 2.0.9. This is due to missing or incorrect nonce validation on the stats/stats.php page. This makes it possible for unauthenticated attackers
CVE-2025-4336 -- The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_file() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated
CVE-2025-4602 -- The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Reads in all versions up to, and including, 1.2.5 via the get_file() function. This makes it possible for unauthenticated attackers to read the contents of ar
CVE-2025-4603 -- The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and including, 1.2.5. This makes it possible for unauth
CVE-2025-48751 -- The process_lock crate 0.1.0 for Rust allows data races in unlock.
CVE-2025-48752 -- In the process-sync crate 0.2.2 for Rust, the drop function lacks a check for whether the pthread_mutex is unlocked.
CVE-2025-48753 -- In the anode crate 0.1.0 for Rust, data races can occur in unlock in SpinLock.
CVE-2025-48754 -- In the memory_pages crate 0.1.0 for Rust, division by zero can occur.
CVE-2025-48755 -- In the spiral-rs crate 0.2.0 for Rust, allocation can be attempted for a ZST (zero-sized type).
CVE-2025-48756 -- In group_number in the scsir crate 0.2.0 for Rust, there can be an overflow because a hardware device may expect a small number of bits (e.g., 5 bits) for group number.
CVE-2025-5055 -- The Smart Forms – when you need more than just a contact form plugin for WordPress is vulnerable to Stored Cross-Site Scripting via admin settings in all versions up to, and including, 2.6.98 due to insufficient input sanitization and output escaping. Thi
CVE-2025-5058 -- The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_image() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticate
CVE-2018-25110 -- Marked prior to version 0.3.17 is vulnerable to a Regular Expression Denial of Service (ReDoS) attack due to catastrophic backtracking in several regular expressions used for parsing HTML tags and markdown links. An attacker can exploit this vulnerability
CVE-2022-31807 -- A vulnerability has been identified in SiPass integrated AC5102 (ACC-G2) (All versions), SiPass integrated ACC-AP (All versions). Affected devices do not properly check the integrity of firmware updates. This could allow a local attacker to upload a malic
CVE-2022-31812 -- A vulnerability has been identified in SiPass integrated (All versions < V2.95.3.18). Affected server applications contain an out of bounds read past the end of an allocated buffer while checking the integrity of incoming packets. This could allow an unau
CVE-2023-34873 -- On MOBOTIX P3 cameras before MX-V4.7.2.18 and Mx6 cameras before MX-V5.2.0.61, the tcpdump feature does not properly validate input, which allows authenticated users to execute code.
CVE-2023-53154 -- parse_string in cJSON before 1.7.18 has a heap-based buffer over-read via {"1":1, with no trailing newline if cJSON_ParseWithLength is called.
CVE-2024-13945 -- Stored Absolute Path Traversal vulnerabilities in ASPECT could expose sensitive data
CVE-2024-48702 -- PHPGurukul Old Age Home Management System v1.0 is vulnerable to HTML Injection via the searchdata parameter.
CVE-2024-48704 -- Phpgurukul Medical Card Generation System v1.0 is vulnerable to HTML Injection in admin/contactus.php via the parameter pagedes.
CVE-2024-51099 -- A reflected cross-site scripting (XSS) vulnerability in the component mcgs/download-medical-cards.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary code in the context of a user's browser via i
CVE-2024-51101 -- PHPGURUKUL Restaurant Table Booking System using PHP and MySQL v1.0 was discovered to contain a SQL injection vulnerability via the searchdata parameter at /rtbs/check-status.php.
CVE-2024-51102 -- PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/login.php via the username and password parameters.
CVE-2024-51103 -- PHPGURUKUL Student Management System using PHP and MySQL v1 was discovered to contain multiple SQL injection vulnerabilities at /studentrecordms/password-recovery.php via the emailid and id parameters.
CVE-2024-51107 -- Multiple stored cross-site scripting (XSS) vulnerabilities in the component /mcgs/admin/contactus.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted p
CVE-2024-51108 -- Multiple stored cross-site scripting (XSS) vulnerabilities in the component /admin/card-bwdates-report.php of PHPGURUKUL Medical Card Generation System using PHP and MySQL v1.0 allows attackers to execute arbitrary web scripts or HTML via injecting a craf
CVE-2024-51360 -- An issue in Hospital Management System In PHP V4.0 allows a remote attacker to execute arbitrary code via the hms/doctor/edit-profile.php file
CVE-2024-7803 -- An issue has been discovered in GitLab CE/EE affecting all versions from 11.6 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A Discord webhook integration may cause DoS.
CVE-2024-9163 -- A business logic error in GitLab CE/EE affecting all versions starting from 12.1 prior to 17.10.7, 17.11 prior to 17.11.3 and 18.0 prior to 18.0.1 where an attacker can cause a branch name confusion in confidential MRs.
CVE-2025-1123 -- The Solid Mail – SMTP email and logging made by SolidWP plugin for WordPress is vulnerable to Stored Cross-Site Scripting via email Name, Subject, and Body in all versions up to, and including, 2.1.5 due to insufficient input sanitization and output escap
CVE-2025-2394 -- Ecovacs Home Android and iOS Mobile Applications up to version 3.3.0 contained embedded access keys and secrets for Alibaba Object Storage Service (OSS), leading to sensitive data disclosure.
CVE-2025-24916 -- When installing Tenable Network Monitor to a non-default location on a Windows host, Tenable Network Monitor versions prior to 6.5.1 did not enforce secure permissions for sub-directories. This could allow for local privilege escalation if users had not s
CVE-2025-24917 -- In Tenable Network Monitor versions prior to 6.5.1 on a Windows host, it was found that a non-administrative user could stage files in a local directory to run arbitrary code with SYSTEM privileges, potentially leading to local privilege escalation.
CVE-2025-31049 -- Deserialization of Untrusted Data vulnerability in themeton Dash allows Object Injection. This issue affects Dash: from n/a through 1.3.
CVE-2025-31053 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in quantumcloud KBx Pro Ultimate allows Path Traversal. This issue affects KBx Pro Ultimate: from n/a through 7.9.8.
CVE-2025-31056 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Techspawn WhatsCart - Whatsapp Abandoned Cart Recovery, Order Notifications, Chat Box, OTP for WooCommerce allows SQL Injection. This issue affects Whats
CVE-2025-31060 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Capie allows PHP Local File Inclusion. This issue affects Capie: from n/a through 1.0.40.
CVE-2025-31064 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Vizeon - Business Consulting allows PHP Local File Inclusion. This issue affects Vizeon - Business Consulting: from n/a through
CVE-2025-31069 -- Deserialization of Untrusted Data vulnerability in themeton HotStar – Multi-Purpose Business Theme allows Object Injection. This issue affects HotStar – Multi-Purpose Business Theme: from n/a through 1.4.
CVE-2025-31397 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in smartcms Bus Ticket Booking with Seat Reservation for WooCommerce allows SQL Injection. This issue affects Bus Ticket Booking with Seat Reservation for W
CVE-2025-31423 -- Deserialization of Untrusted Data vulnerability in AncoraThemes Umberto allows Object Injection. This issue affects Umberto: from n/a through 1.2.8.
CVE-2025-31430 -- Deserialization of Untrusted Data vulnerability in themeton The Business allows Object Injection. This issue affects The Business: from n/a through 1.6.1.
CVE-2025-31631 -- Deserialization of Untrusted Data vulnerability in AncoraThemes Fish House allows Object Injection. This issue affects Fish House: from n/a through 1.2.7.
CVE-2025-31632 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SpyroPress La Boom allows PHP Local File Inclusion. This issue affects La Boom: from n/a through 2.7.
CVE-2025-31633 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Kiamo - Responsive Business Service WordPress Theme allows PHP Local File Inclusion. This issue affects Kiamo - Responsive Busi
CVE-2025-31636 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in SaurabhSharma WP Post Modules for Elementor allows Reflected XSS. This issue affects WP Post Modules for Elementor: from n/a through 2.5.0.
CVE-2025-31912 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Enzio - Responsive Business WordPress Theme allows PHP Local File Inclusion. This issue affects Enzio - Responsive Business Wor
CVE-2025-31913 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Ogami allows PHP Local File Inclusion. This issue affects Ogami: from n/a through 1.53.
CVE-2025-31914 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in kamleshyadav Pixel WordPress Form BuilderPlugin & Autoresponder allows Blind SQL Injection. This issue affects Pixel WordPress Form BuilderPlugin & Autor
CVE-2025-31916 -- Unrestricted Upload of File with Dangerous Type vulnerability in joy2012bd JP Students Result Management System Premium allows Upload a Web Shell to a Web Server. This issue affects JP Students Result Management System Premium: from 1.1.7 through n/a.
CVE-2025-31918 -- Incorrect Privilege Assignment vulnerability in quantumcloud Simple Business Directory Pro allows Privilege Escalation. This issue affects Simple Business Directory Pro: from n/a through 15.4.8.
CVE-2025-31924 -- Deserialization of Untrusted Data vulnerability in designthemes Crafts & Arts allows Object Injection. This issue affects Crafts & Arts: from n/a through 2.5.
CVE-2025-31927 -- Deserialization of Untrusted Data vulnerability in themeton Acerola allows Object Injection. This issue affects Acerola: from n/a through 1.6.5.
CVE-2025-32284 -- Deserialization of Untrusted Data vulnerability in designthemes Pet World allows Object Injection. This issue affects Pet World: from n/a through 2.8.
CVE-2025-32285 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ApusTheme Butcher allows Reflected XSS. This issue affects Butcher: from n/a through 2.40.
CVE-2025-32286 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Butcher allows PHP Local File Inclusion. This issue affects Butcher: from n/a through 2.40.
CVE-2025-32289 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ApusTheme Yozi allows PHP Local File Inclusion. This issue affects Yozi: from n/a through 2.0.52.
CVE-2025-32292 -- Deserialization of Untrusted Data vulnerability in AncoraThemes Jarvis – Night Club, Concert, Festival WordPress allows Object Injection. This issue affects Jarvis – Night Club, Concert, Festival WordPress: from n/a through 1.8.11.
CVE-2025-32293 -- Deserialization of Untrusted Data vulnerability in designthemes Finance Consultant allows Object Injection. This issue affects Finance Consultant: from n/a through 2.8.
CVE-2025-32294 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Oxpitan allows PHP Local File Inclusion. This issue affects Oxpitan: from n/a through 1.3.1.
CVE-2025-32302 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in gavias Winnex allows PHP Local File Inclusion. This issue affects Winnex: from n/a through 1.3.2.
CVE-2025-32309 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in ThemeMove Healsoul allows PHP Local File Inclusion. This issue affects Healsoul: from n/a through 2.0.2.
CVE-2025-32794 -- OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation privileges to injec
CVE-2025-32967 -- OpenEMR is a free and open source electronic health records and medical practice management application. A logging oversight in versions prior to 7.0.3.4 allows password change events to go unrecorded on the client-side log viewer, preventing administrato
CVE-2025-3580 -- An access control vulnerability was discovered in Grafana OSS where an Organization administrator could permanently delete the Server administrator account. This vulnerability exists in the DELETE /api/org/users/ endpoint.
CVE-2025-36527 -- Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection while exporting reports.
CVE-2025-3893 -- While editing pages managed by MegaBIP a user with high privileges is prompted to give a reasoning for performing this action. Input provided by the the user is not sanitized, leading to SQL Injection vulnerability. 
CVE-2025-3894 -- Text editor embedded into MegaBIP software does not neutralize user input allowing Stored XSS attacks on other users. In order to use the editor high privileges are required.  
CVE-2025-3895 -- Token used for resetting passwords in MegaBIP software are generated using a small space of random values combined with a queryable value.
CVE-2025-39480 -- Deserialization of Untrusted Data vulnerability in ThemeMakers Car Dealer allows Object Injection. This issue affects Car Dealer: from n/a through 1.6.6.
CVE-2025-39485 -- Deserialization of Untrusted Data vulnerability in ThemeGoods Grand Tour | Travel Agency WordPress allows Object Injection. This issue affects Grand Tour | Travel Agency WordPress: from n/a through 5.5.1.
CVE-2025-39489 -- Incorrect Privilege Assignment vulnerability in pebas CouponXL allows Privilege Escalation. This issue affects CouponXL: from n/a through 4.5.0.
CVE-2025-39490 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Backpack Traveler allows PHP Local File Inclusion. This issue affects Backpack Traveler: from n/a through 2.7.
CVE-2025-39494 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Mikado-Themes Wilmër allows PHP Local File Inclusion. This issue affects Wilmër: from n/a through n/a.
CVE-2025-39495 -- Deserialization of Untrusted Data vulnerability in BoldThemes Avantage allows Object Injection. This issue affects Avantage: from n/a through 2.4.6.
CVE-2025-39499 -- Deserialization of Untrusted Data vulnerability in BoldThemes Medicare allows Object Injection. This issue affects Medicare: from n/a through 2.1.0.
CVE-2025-39500 -- Deserialization of Untrusted Data vulnerability in GoodLayers Goodlayers Hostel allows Object Injection. This issue affects Goodlayers Hostel: from n/a through 3.1.2.
CVE-2025-39501 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GoodLayers Goodlayers Hostel allows Blind SQL Injection. This issue affects Goodlayers Hostel: from n/a through 3.1.2.
CVE-2025-39502 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Goodlayers Hostel allows Reflected XSS. This issue affects Goodlayers Hostel: from n/a through 3.1.2.
CVE-2025-39503 -- Deserialization of Untrusted Data vulnerability in GoodLayers Goodlayers Hotel allows Object Injection. This issue affects Goodlayers Hotel: from n/a through 3.1.4.
CVE-2025-39504 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in GoodLayers Goodlayers Hotel allows Blind SQL Injection. This issue affects Goodlayers Hotel: from n/a through 3.1.4.
CVE-2025-39505 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in GoodLayers Goodlayers Hotel allows Reflected XSS. This issue affects Goodlayers Hotel: from n/a through 3.1.4.
CVE-2025-39536 -- Missing Authorization vulnerability in Chimpstudio JobHunt Job Alerts allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects JobHunt Job Alerts: from n/a through 3.6.
CVE-2025-41377 -- Cryptographic vulnerability in Iridium Certus 700. This vulnerability allows a user to retrieve the encryption key, resulting in the loading of malicious firmware.
CVE-2025-41378 -- The SSID field is not parsed correctly and can be used to inject commands into the hostpad.conf file. This can be exploited by an attacker to extend his knowledge of the system and compromise other devices. The information is filtered by the logs function
CVE-2025-41379 -- The Intellian C700 web panel allows you to add firewall rules. Each of these rules has an associated ID, but there is a problem when adding a new rule, the ID used to create the database entry may be different from the JSON ID. If the rule needs to be del
CVE-2025-41380 -- Iridium Certus 700 version 1.0.1 has an embedded credentials vulnerability in the code. This vulnerability allows a local user to retrieve the SSH hash string.
CVE-2025-41407 -- Zohocorp ManageEngine ADAudit Plus versions below 8511 are vulnerable to SQL injection in the OU History report.
CVE-2025-4379 -- DobryCMS in versions 2.* and lower is vulnerable to Reflected Cross-Site Scripting (XSS). Improper input validation in szukaj parameter allows arbitrary JavaScript to be executed on victim's browser when specially crafted URL is opened.
CVE-2025-43860 -- OpenEMR is a free and open source electronic health records and medical practice management application. A stored cross-site scripting (XSS) vulnerability in versions prior to 7.0.3.4 allows any authenticated user with patient creation and editing privile
CVE-2025-44998 -- A stored cross-site scripting (XSS) vulnerability in the component /tinyfilemanager.php of TinyFileManager v2.4.7 allows attackers to execute arbitrary JavaScript or HTML via injecting a crafted payload into the js-theme-3 parameter.
CVE-2025-4594 -- The Tournamatch plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'trn-ladder-registration-button' shortcode in all versions up to, and including, 4.6.1 due to insufficient input sanitization and output escaping on user su
CVE-2025-46176 -- Hardcoded credentials in the Telnet service in D-Link DIR-605L v2.13B01 and DIR-816L v2.06B01 allow attackers to remotely execute arbitrary commands via firmware analysis.
CVE-2025-46437 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tayoricom Tayori Form allows Reflected XSS. This issue affects Tayori Form: from n/a through 1.2.9.
CVE-2025-46440 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mark kStats Reloaded allows Reflected XSS. This issue affects kStats Reloaded: from n/a through 0.7.4.
CVE-2025-46444 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in scripteo Ads Pro Plugin allows PHP Local File Inclusion. This issue affects Ads Pro Plugin: from n/a through 4.88.
CVE-2025-46446 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ivanrojas Libro de Reclamaciones allows Stored XSS. This issue affects Libro de Reclamaciones: from n/a through 1.0.1.
CVE-2025-46448 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reifsnyderb Document Management System allows Reflected XSS. This issue affects Document Management System: from n/a through 1.24.
CVE-2025-46454 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in svil4ok Meta Keywords &amp; Description allows PHP Local File Inclusion. This issue affects Meta Keywords &amp; Description: from n/a
CVE-2025-46455 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in IndigoThemes WP HRM LITE allows SQL Injection. This issue affects WP HRM LITE: from n/a through 1.1.
CVE-2025-46456 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Jason Theme Blvd Sliders allows Reflected XSS. This issue affects Theme Blvd Sliders: from n/a through 1.2.5.
CVE-2025-46458 -- Cross-Site Request Forgery (CSRF) vulnerability in x000x occupancyplan allows SQL Injection. This issue affects occupancyplan: from n/a through 1.0.3.0.
CVE-2025-46460 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Detheme Easy Guide allows SQL Injection. This issue affects Easy Guide: from n/a through 1.0.0.
CVE-2025-46463 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Yamna Khawaja Mailing Group Listserv allows SQL Injection. This issue affects Mailing Group Listserv: from n/a through 3.0.4.
CVE-2025-46468 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in WPFable Fable Extra allows PHP Local File Inclusion. This issue affects Fable Extra: from n/a through 1.0.6.
CVE-2025-46474 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in SEUR OFICIAL SEUR Oficial allows PHP Local File Inclusion. This issue affects SEUR Oficial: from n/a through 2.2.23.
CVE-2025-46486 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in totalprocessing Nomupay Payment Processing Gateway allows Path Traversal. This issue affects Nomupay Payment Processing Gateway: from n/a through 7.1.7.
CVE-2025-46487 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in sftranna EC Authorize.net allows Reflected XSS. This issue affects EC Authorize.net: from n/a through 0.3.3.
CVE-2025-46488 -- Missing Authorization vulnerability in dastan800 Visual Builder allows Reflected XSS. This issue affects Visual Builder: from n/a through 1.2.2.
CVE-2025-46490 -- Unrestricted Upload of File with Dangerous Type vulnerability in wordwebsoftware Crossword Compiler Puzzles allows Upload a Web Shell to a Web Server. This issue affects Crossword Compiler Puzzles: from n/a through 5.2.
CVE-2025-46493 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in wordwebsoftware Crossword Compiler Puzzles allows Stored XSS. This issue affects Crossword Compiler Puzzles: from n/a through 5.3.
CVE-2025-46515 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in M A Vinoth Kumar Category Widget allows Reflected XSS. This issue affects Category Widget: from n/a through 2.0.2.
CVE-2025-46518 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in phpaddicted IGIT Related Posts With Thumb Image After Posts allows Stored XSS. This issue affects IGIT Related Posts With Thumb Image After Posts: from n
CVE-2025-46526 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in janekniefeldt My Custom Widgets allows Reflected XSS. This issue affects My Custom Widgets: from n/a through 2.0.5.
CVE-2025-46527 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in LikeCoin Web3Press allows Path Traversal. This issue affects Web3Press: from n/a through 3.2.0.
CVE-2025-46537 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ctltwp Section Widget allows Reflected XSS. This issue affects Section Widget: from n/a through 3.3.1.
CVE-2025-46539 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in WPFable Fable Extra allows Blind SQL Injection. This issue affects Fable Extra: from n/a through 1.0.6.
CVE-2025-4692 -- Actors can use a maliciously crafted JavaScript object notation (JSON) web token (JWT) to perform privilege escalation by submitting the malicious JWT to a vulnerable method exposed on the cloud platform. If the exploit is successful, the user can escalat
CVE-2025-47149 -- The optional feature 'Anti-Virus & Sandbox' of i-FILTER contains an issue with improper pattern file validation. If exploited, the product may treat an unauthorized pattern file as an authorized. If the product uses a specially crafted pattern file, infor
CVE-2025-47438 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in wpjobportal WP Job Portal allows PHP Local File Inclusion. This issue affects WP Job Portal: from n/a through 2.3.1.
CVE-2025-47453 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Xylus Themes WP Smart Import allows PHP Local File Inclusion. This issue affects WP Smart Import: from n/a through 1.1.3.
CVE-2025-47458 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in B2itech B2i Investor Tools allows Reflected XSS. This issue affects B2i Investor Tools: from n/a through 1.0.7.9.
CVE-2025-47461 -- Authentication Bypass Using an Alternate Path or Channel vulnerability in mediaticus Subaccounts for WooCommerce allows Authentication Abuse. This issue affects Subaccounts for WooCommerce: from n/a through 1.6.6.
CVE-2025-47478 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Metagauss ProfileGrid allows SQL Injection. This issue affects ProfileGrid : from n/a through 5.9.5.0.
CVE-2025-47492 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in add-ons.org Drag and Drop File Upload for Elementor Forms allows Path Traversal. This issue affects Drag and Drop File Upload for Elementor Forms: from n/a thr
CVE-2025-47512 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in tainacan Tainacan allows Path Traversal. This issue affects Tainacan: from n/a through 0.21.14.
CVE-2025-47513 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in James Laforge Infocob CRM Forms allows Path Traversal. This issue affects Infocob CRM Forms: from n/a through 2.4.0.
CVE-2025-47529 -- Missing Authorization vulnerability in UX Design Experts Experto CTA Widget &#8211; Call To Action, Sticky CTA, Floating Button Plugin allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Experto CTA Widget &#8211; C
CVE-2025-47530 -- Deserialization of Untrusted Data vulnerability in WPFunnels WPFunnels allows Object Injection. This issue affects WPFunnels: from n/a through 3.5.18.
CVE-2025-47532 -- Deserialization of Untrusted Data vulnerability in CoinPayments CoinPayments.net Payment Gateway for WooCommerce allows Object Injection. This issue affects CoinPayments.net Payment Gateway for WooCommerce: from n/a through 1.0.17.
CVE-2025-47535 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpopal Opal Woo Custom Product Variation allows Path Traversal. This issue affects Opal Woo Custom Product Variation: from n/a through 1.2.0.
CVE-2025-47539 -- Incorrect Privilege Assignment vulnerability in Themewinter Eventin allows Privilege Escalation. This issue affects Eventin: from n/a through 4.0.26.
CVE-2025-47541 -- Insertion of Sensitive Information Into Sent Data vulnerability in WPFunnels Mail Mint allows Retrieve Embedded Sensitive Data. This issue affects Mail Mint: from n/a through 1.17.7.
CVE-2025-47558 -- Missing Authorization vulnerability in RomanCode MapSVG allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects MapSVG: from n/a through 8.5.31.
CVE-2025-47568 -- Deserialization of Untrusted Data vulnerability in ZoomIt ZoomSounds allows Object Injection. This issue affects ZoomSounds: from n/a through 6.91.
CVE-2025-47575 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 92.0.0.
CVE-2025-47599 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in facturante Facturante allows SQL Injection. This issue affects Facturante: from n/a through 1.11.
CVE-2025-47603 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Belingo belingoGeo allows Path Traversal. This issue affects belingoGeo: from n/a through 1.12.0.
CVE-2025-47611 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Khaled User Meta allows Reflected XSS. This issue affects User Meta: from n/a through 3.1.2.
CVE-2025-47613 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in mojoomla School Management allows Reflected XSS. This issue affects School Management: from n/a through 92.0.0.
CVE-2025-47618 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Mortgage Calculator BMI Adult & Kid Calculator allows Reflected XSS. This issue affects BMI Adult & Kid Calculator: from n/a through 1.2.2.
CVE-2025-47619 -- Missing Authorization vulnerability in 6Storage 6Storage Rentals allows Path Traversal. This issue affects 6Storage Rentals: from n/a through 2.19.4.
CVE-2025-47631 -- Incorrect Privilege Assignment vulnerability in mojoomla Hospital Management System allows Privilege Escalation. This issue affects Hospital Management System: from 47.0(20 through 11.
CVE-2025-47637 -- Unrestricted Upload of File with Dangerous Type vulnerability in STAGGS STAGGS allows Upload a Web Shell to a Web Server. This issue affects STAGGS: from n/a through 2.11.0.
CVE-2025-47640 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce allows SQL Injection. This issue affects Printcart Web to Print Product Designer for Wo
CVE-2025-47641 -- Unrestricted Upload of File with Dangerous Type vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Printcart Web to Print Product Designer for WooCommerce: from
CVE-2025-47642 -- Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed allows Upload a Web Shell to a Web Server. This issue affects Ajar in5 Embed: from n/a through 3.1.5.
CVE-2025-47646 -- Weak Password Recovery Mechanism for Forgotten Password vulnerability in Gilblas Ngunte Possi PSW Front-end Login &amp; Registration allows Password Recovery Exploitation. This issue affects PSW Front-end Login &amp; Registration: from n/a through 1.13.
CVE-2025-47658 -- Unrestricted Upload of File with Dangerous Type vulnerability in ELEXtensions ELEX WordPress HelpDesk & Customer Ticketing System allows Upload a Web Shell to a Web Server. This issue affects ELEX WordPress HelpDesk & Customer Ticketing System: from n/a t
CVE-2025-47660 -- Deserialization of Untrusted Data vulnerability in Codexpert, Inc WC Affiliate allows Object Injection. This issue affects WC Affiliate: from n/a through 2.9.1.
CVE-2025-47663 -- Unrestricted Upload of File with Dangerous Type vulnerability in mojoomla Hospital Management System allows Upload a Web Shell to a Web Server. This issue affects Hospital Management System: from 47.0(20 through 11.
CVE-2025-47670 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange WordPress Social Login and Register allows PHP Local File Inclusion. This issue affects WordPress Social Login and Register
CVE-2025-47671 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in LETSCMS MLM Software Binary MLM Plan allows SQL Injection. This issue affects Binary MLM Plan: from n/a through 3.0.
CVE-2025-47672 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in miniOrange miniOrange Discord Integration allows PHP Local File Inclusion. This issue affects miniOrange Discord Integration: from n/a
CVE-2025-47673 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in tychesoftwares Arconix Shortcodes allows Reflected XSS. This issue affects Arconix Shortcodes: from n/a through 2.1.16.
CVE-2025-47678 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in FunnelCockpit FunnelCockpit allows Reflected XSS. This issue affects FunnelCockpit: from n/a through 1.4.2.
CVE-2025-47680 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Michel - xiligroup dev xili-tidy-tags allows Reflected XSS. This issue affects xili-tidy-tags: from n/a through 1.12.06.
CVE-2025-47687 -- Unrestricted Upload of File with Dangerous Type vulnerability in StoreKeeper B.V. StoreKeeper for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects StoreKeeper for WooCommerce: from n/a through 14.4.4.
CVE-2025-47690 -- Missing Authorization vulnerability in smackcoders Lead Form Data Collection to CRM allows Privilege Escalation. This issue affects Lead Form Data Collection to CRM: from n/a through 3.1.
CVE-2025-48241 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Soft8Soft LLC Verge3D allows Reflected XSS. This issue affects Verge3D: from n/a through 4.9.3.
CVE-2025-48245 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in fullworks Quick Contact Form allows Reflected XSS. This issue affects Quick Contact Form : from n/a through 8.2.1.
CVE-2025-48271 -- Missing Authorization vulnerability in Leadinfo Leadinfo allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Leadinfo: from n/a through 1.1.
CVE-2025-48273 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wpjobportal WP Job Portal allows Path Traversal. This issue affects WP Job Portal: from n/a through 2.3.2.
CVE-2025-48275 -- Missing Authorization vulnerability in dastan800 Visual Header allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Visual Header: from n/a through 1.3.
CVE-2025-48283 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Majestic Support Majestic Support allows SQL Injection. This issue affects Majestic Support: from n/a through 1.1.0.
CVE-2025-48286 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in catkin ReDi Restaurant Reservation allows Reflected XSS. This issue affects ReDi Restaurant Reservation: from n/a through 24.1209.
CVE-2025-48287 -- Deserialization of Untrusted Data vulnerability in Pagaleve Pix 4x sem juros - Pagaleve allows Object Injection.This issue affects Pix 4x sem juros - Pagaleve: from n/a through 1.6.9.
CVE-2025-48289 -- Deserialization of Untrusted Data vulnerability in AncoraThemes Kids Planet allows Object Injection. This issue affects Kids Planet: from n/a through 2.2.14.
CVE-2025-48292 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in GoodLayers Tourmaster allows PHP Local File Inclusion. This issue affects Tourmaster: from n/a through 5.3.8.
CVE-2025-48375 -- Schule is open-source school management system software. Prior to version 1.0.1, the file forgot_password.php (or equivalent endpoint responsible for email-based OTP generation) lacks proper rate limiting controls, allowing attackers to abuse the OTP requ
CVE-2025-48376 -- DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a malicious SuperUser (Host) could craft a request to use an external url for a site export to then be imported. Version
CVE-2025-48377 -- DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, a specially crafted URL may be constructed which can inject an XSS payload that is triggered by using some module action
CVE-2025-48378 -- DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 9.13.9, uploaded SVG files could contain scripts and if rendered inline those scripts could run allowing XSS attacks. Version 9.
CVE-2025-48695 -- An issue was discovered in CyberDAVA before 1.1.20. A privilege escalation vulnerability allows a low-privileged user to escalate their privilege by abusing the following API due to the lack of access control: /api/v2/users/user/<user id>/role/ROLE/<Targe
CVE-2025-48701 -- openDCIM through 23.04 allows SQL injection in people_depts.php because prepared statements are not used.
CVE-2025-48708 -- gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.
CVE-2025-48708 -- gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript through 10.05.0 lacks argument sanitization for the # case.
CVE-2025-48708 -- gs_lib_ctx_stash_sanitized_arg in base/gslibctx.c in Artifex Ghostscript before 10.05.1 lacks argument sanitization for the # case. A created PDF document includes its password in cleartext.
CVE-2025-48735 -- A SQL Injection issue in the request body processing in BOS IPCs with firmware 21.45.8.2.2_220219 before 21.45.8.2.3_230220 allows remote attackers to obtain sensitive information from the database via crafted input in the request body.
CVE-2025-48738 -- An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password reset feature without limits. This can lead to several
CVE-2025-48739 -- A Server-Side Request Forgery (SSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows remote authenticated attackers with admin permissions (allowing them to access specific A
CVE-2025-48740 -- A Cross-Site Request Forgery (CSRF) vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows a remote attacker to trigger requests on their victim's behalf, if the attacker lures a pr
CVE-2025-48741 -- A Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote, authenticated, and unprivileged users to retrieve alerts, cases, logs, observables, or tasks, regardless of the us
CVE-2025-5096 -- The TablePress plugin for WordPress is vulnerable to DOM-Based Stored Cross-Site Scripting via the 'data-caption', 'data-s-content-padding', 'data-s-title', and 'data-footer' data-attributes in all versions up to, and including, 3.1.2 due to insufficient
CVE-2025-5098 -- PrinterShare Android application allows the capture of Gmail authentication tokens that can be reused to access a user's Gmail account without proper authorization.
CVE-2025-5099 -- An Out of Bounds Write occurs when the native library attempts PDF rendering, which can be exploited to achieve memory corruption and potentially arbitrary code execution.
CVE-2025-5100 -- A double-free condition occurs during the cleanup of temporary image files, which can be exploited to achieve memory corruption and potentially arbitrary code execution.
CVE-2025-5105 -- A vulnerability was found in TOZED ZLT W51 up to 1.4.2 and classified as critical. Affected by this issue is some unknown functionality of the component Service Port 7777. The manipulation leads to improper clearing of heap memory before release. The atta
CVE-2025-5106 -- A vulnerability was found in Fujian Kelixun 1.0. It has been classified as critical. This affects an unknown part of the file /app/fax/fax_view.php of the component Filename Handler. The manipulation of the argument fax_file leads to os command injection.
CVE-2025-5107 -- A vulnerability was found in Fujian Kelixun 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /app/xml_cdr/xml_cdr_details.php. The manipulation of the argument uuid leads to sql injection. The attack can be initia
CVE-2025-5108 -- A vulnerability was found in zongzhige ShopXO 6.5.0. It has been rated as critical. This issue affects the function Upload of the file app/admin/controller/Payment.php of the component ZIP File Handler. The manipulation of the argument params leads to unr
CVE-2025-5109 -- A vulnerability classified as critical has been found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component STATUS Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploi
CVE-2025-5110 -- A vulnerability classified as critical was found in FreeFloat FTP Server 1.0. Affected by this vulnerability is an unknown functionality of the component VERBOSE Command Handler. The manipulation leads to buffer overflow. The attack can be launched remote
CVE-2025-5111 -- A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. Affected by this issue is some unknown functionality of the component TYPE Command Handler. The manipulation leads to buffer overflow. The attack may be launche
CVE-2025-5112 -- A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. This affects an unknown part of the component MGET Command Handler. The manipulation leads to buffer overflow. It is possible to initiate the attack remotely. The ex
CVE-2025-5114 -- A vulnerability has been found in easysoft zentaopms 21.5_20250307 and classified as critical. This vulnerability affects the function Edit of the file /index.php?m=editor&f=edit&filePath=cGhhcjovLy9ldGMvcGFzc3dk&action=edit of the component Committer. Th
CVE-2025-5119 -- A vulnerability has been found in Emlog Pro 2.5.11 and classified as critical. This vulnerability affects unknown code of the file /include/controller/api_controller.php. The manipulation of the argument tag leads to sql injection. The attack can be initi
CVE-2003-5004 -- Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
CVE-2023-47466 -- TagLib before 2.0 allows a segmentation violation and application crash during tag writing via a crafted WAV file in which an id3 chunk is the only valid chunk.
CVE-2024-12093 -- An issue has been discovered in GitLab CE/EE affecting all versions from 11.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Improper XPath validation allows modified SAML response to bypass 2FA requirement under specialized conditions.
CVE-2024-13928 -- SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if session administrator credentials become compromised.
CVE-2024-13929 -- Servlet injection vulnerabilities in ASPECT allow remote code execution if session administrator credentials become compromised.
CVE-2024-13930 -- An Unchecked Loop Condition in ASPECT provides an attacker the ability to maliciously consume system resources if session administrator credentials become compromised
CVE-2024-13931 -- Relative Path Traversal vulnerabilities in ASPECT allow access to file resources if session administrator credentials become compromised.
CVE-2024-13946 -- DLL's are not digitally signed when loaded in ASPECT's configuration toolset exposing the application to binary planting during device commissioning.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVE-2024-13947 -- Device commissioning parameters in ASPECT may be modified by an external source if administrative credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVE-2024-13948 -- Windows permissions for ASPECT configuration toolsets are not fully secured allow-ing exposure of configuration informationThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVE-2024-13950 -- Log injection vulnerabilities in ASPECT provide attacker access to inject malicious browser scripts if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVE-2024-13951 -- One way hash with predictable salt vulnerabilities in ASPECT may expose sensitive information to a potential attackerThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVE-2024-13953 -- Sensitive device logger information in ASPECT may be exposed if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVE-2024-13954 -- Serialized configuration information may be disclosed during device commissioning while using ASPECT's configuration toolsetThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVE-2024-13955 -- 2nd Order SQL injection vulnerabilities in ASPECT allow unintended access and manipulation of database repositories if administrator credentials become compromised.This issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series
CVE-2024-13956 -- SSL Verification Bypass vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVE-2024-13957 -- SSRF Server Side Request Forgery vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVE-2024-13958 -- Stored Cross Site Scripting vulnerabilities exist in ASPECT if administrator creden-tials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVE-2024-25010 -- Ericsson RAN Compute
CVE-2024-40458 -- An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets.
CVE-2024-40458 -- An issue in Ocuco Innovation Tracking.exe v.2.10.24.51 allows a local attacker to escalate privileges via the modification of TCP packets.
CVE-2024-40459 -- An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function
CVE-2024-40459 -- An issue in Ocuco Innovation APPMANAGER.EXE v.2.10.24.51 allows a local attacker to escalate privileges via the application manager function
CVE-2024-40460 -- An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE
CVE-2024-40460 -- An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the JOBENTRY.EXE
CVE-2024-40461 -- An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the STOCKORDERENTRY.EXE component
CVE-2024-40461 -- An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the STOCKORDERENTRY.EXE component
CVE-2024-40462 -- An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the SETTINGSVATIGATOR.EXE component
CVE-2024-40462 -- An issue in Ocuco Innovation v.2.10.24.51 allows a local attacker to escalate privileges via the SETTINGSVATIGATOR.EXE component
CVE-2024-41195 -- An issue in Ocuco Innovation - INNOVASERVICEINTF.EXE v2.10.24.17 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVE-2024-41195 -- An issue in Ocuco Innovation - INNOVASERVICEINTF.EXE v2.10.24.17 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVE-2024-41196 -- An issue in Ocuco Innovation - REPORTSERVER.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVE-2024-41197 -- An issue in Ocuco Innovation - INVCLIENT.EXE v2.10.24.5 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVE-2024-41197 -- An issue in Ocuco Innovation - INVCLIENT.EXE v2.10.24.5 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVE-2024-41198 -- An issue in Ocuco Innovation - REPORTS.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVE-2024-41198 -- An issue in Ocuco Innovation - REPORTS.EXE v2.10.24.13 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVE-2024-41199 -- An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVE-2024-41199 -- An issue in Ocuco Innovation - JOBMANAGER.EXE v2.10.24.16 allows attackers to bypass authentication and escalate privileges to Administrator via a crafted TCP packet.
CVE-2024-48848 -- Large content vulnerabilities are present in ASPECT exposing a device to disk overutilization on a system if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3
CVE-2024-48850 -- Absolute File Traversal vulnerabilities in ASPECT allows access and modification of unintended resources.
CVE-2024-48853 -- An escalation of privilege vulnerability in ASPECT could provide an attacker root access to a server when logged in as a "non" root ASPECT user. This issue affects ASPECT-Enterprise: through 3.08.03; NEXUS Series: through 3.08.03; MATRIX Series: through 3
CVE-2024-51552 -- Weak password storage vulnerabilities exist in ASPECT if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*.
CVE-2024-51553 -- Predictable filename vulnerabilities in ASPECT may expose sensitive information to a potential attacker if administrator credentials become compromisedThis issue affects ASPECT-Enterprise: through 3.*; NEXUS Series: through 3.*; MATRIX Series: through 3.*
CVE-2024-52874 -- In Infoblox NETMRI before 7.6.1, authenticated users can perform SQL injection attacks.
CVE-2024-54188 -- Infoblox NETMRI before 7.6.1 has a vulnerability allowing remote authenticated users to read arbitrary files with root access.
CVE-2024-5962 -- A reflected cross-site scripting (XSS) vulnerability exists in the authentication endpoint of multiple WSO2 products due to missing output encoding of user-supplied input. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript int
CVE-2024-6914 -- An incorrect authorization vulnerability exists in multiple WSO2 products due to a business logic flaw in the account recovery-related SOAP admin service. A malicious actor can exploit this vulnerability to reset the password of any user account, leading
CVE-2024-7103 -- A reflected cross-site scripting (XSS) vulnerability exists in the sub-organization login flow of WSO2 Identity Server 7.0.0 due to improper input validation. A malicious actor can exploit this vulnerability to inject arbitrary JavaScript into the login f
CVE-2024-7487 -- An improper authentication vulnerability exists in WSO2 Identity Server 7.0.0 due to an implementation flaw that allows app-native authentication to be bypassed when an invalid object is passed.
CVE-2024-9544 -- The MapSVG plugin for WordPress is vulnerable to Stored Cross-Site Scripting via SVG File uploads in all versions up to, and including, 8.6.4 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, w
CVE-2024-9639 -- Remote Code Execution vulnerabilities are present in ASPECT if session administra-tor credentials become compromised.
CVE-2025-0605 -- An issue has been discovered in GitLab CE/EE affecting all versions from 16.8 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Group access controls could allow certain users to bypass two-factor authentication requirements.
CVE-2025-0679 -- An issue has been discovered in GitLab CE/EE affecting all versions from 17.1 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. Under certain conditions un-authorised users can view full email addresses that should be partially obscured.
CVE-2025-0993 -- An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. This could allow an authenticated attacker to cause a denial of service condition by exhausting server resources.
CVE-2025-1110 -- An issue has been discovered in GitLab CE/EE affecting all versions from 18.0 before 18.0.1. In certain circumstances, a user with limited permissions could access Job Data via a crafted GraphQL query.
CVE-2025-2272 -- Uncontrolled Search Path Element vulnerability in Forcepoint FIE Endpoint allows Privilege Escalation, Code Injection, Hijacking a privileged process.This issue affects FIE Endpoint: before 25.05.
CVE-2025-23182 -- CWE-203: Observable Discrepancy
CVE-2025-23183 -- CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
CVE-2025-2409 -- File corruption vulnerabilities in ASPECT provide attackers access to overwrite sys-tem files if session administrator credentials become compromised
CVE-2025-2410 -- Port manipulation vulnerabilities in ASPECT provide attackers with the ability to con-trol TCP/IP port access if session administrator credentials become compromised.
CVE-2025-2506 -- When pglogical attempts to replicate data, it does not verify it is using a replication connection, which means a user with CONNECT access to a database configured for replication can execute the pglogical command to obtain read access to replicated table
CVE-2025-2759 -- GStreamer Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of GStreamer. An attacker must first obtain the ability to execute low-privilege
CVE-2025-2853 -- An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of proper validation in GitLab could allow an authenticated user to cause a denial of service condition.
CVE-2025-30169 -- File upload and execute vulnerabilities in ASPECT allow PHP script injection if session administrator credentials become compromised.
CVE-2025-30170 -- Exposure of file path, file size or file existence vulnerabilities in ASPECT provide attackers access to file system information if session administrator credentials become compromised.
CVE-2025-30171 -- System File Deletion vulnerabilities in ASPECT provide attackers access to delete system files if session administrator credentials become compromised.
CVE-2025-30172 -- Remote Code Execution vulnerabilities are present in ASPECT if session administrator credentials become compromised
CVE-2025-30173 -- File upload vulnerabilities are present in ASPECT if session administrator credentials become compromised
CVE-2025-3111 -- An issue has been discovered in GitLab CE/EE affecting all versions from 10.2 before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. A lack of input validation in the Kubernetes integration could allow an authenticated user to cause denial of servi
CVE-2025-32813 -- An issue was discovered in Infoblox NETMRI before 7.6.1. Remote Unauthenticated Command Injection can occur.
CVE-2025-32814 -- An issue was discovered in Infoblox NETMRI before 7.6.1. Unauthenticated SQL Injection can occur.
CVE-2025-32815 -- An issue was discovered in Infoblox NETMRI before 7.6.1. Authentication Bypass via a Hardcoded credential can occur.
CVE-2025-32915 -- Packages downloaded by Checkmk's automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk < 2.4.0p1, < 2.3.0p32, < 2.2.0p42 and <= 2.1.0p49 (EOL). This allows a local attacker to read sensitive data.
CVE-2025-33136 -- IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to improper protection of assumed immutable data.
CVE-2025-33137 -- IBM Aspera Faspex 5.0.0 through 5.0.12 could allow an authenticated user to obtain sensitive information or perform unauthorized actions on behalf of another user due to client-side enforcement of server-side security.
CVE-2025-33138 -- IBM Aspera Faspex 5.0.0 through 5.0.12 is vulnerable to HTML injection. A remote attacker could inject malicious HTML code, which when viewed, would be executed in the victim's Web browser within the security context of the hosting site.
CVE-2025-3444 -- Zohocorp ManageEngine ServiceDesk Plus MSP and SupportCenter Plus versions below 14920 are vulnerable to authenticated Local File Inclusion (LFI) in the Admin module, where help card content is loaded.
CVE-2025-3480 -- MedDream WEB DICOM Viewer Cleartext Transmission of Credentials Information Disclosure Vulnerability. This vulnerability allows network-adjacent attackers to disclose sensitive information on affected installations of MedDream WEB DICOM Viewer. Authentica
CVE-2025-3484 -- MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required
CVE-2025-3486 -- Allegra isZipEntryValide Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability.
CVE-2025-3836 -- Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection in the logon events aggregate report.
CVE-2025-3881 -- eCharge Hardy Barth cPH2 check_req.php ntp Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authe
CVE-2025-3882 -- eCharge Hardy Barth cPH2 nwcheckexec.php dest Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Au
CVE-2025-3883 -- eCharge Hardy Barth cPH2 index.php Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of eCharge Hardy Barth cPH2 charging stations. Authenticatio
CVE-2025-3884 -- Cloudera Hue Ace Editor Directory Traversal Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Cloudera Hue. Authentication is not required to exploit this vulner
CVE-2025-3885 -- Harman Becker MGU21 Bluetooth Improper Input Validation Denial-of-Service Vulnerability. This vulnerability allows network-adjacent attackers to create a denial-of-service condition on affected installations of Harman Becker MGU21 devices. Authentication
CVE-2025-3887 -- GStreamer H265 Codec Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GStreamer. Interaction with this library is required to exploit
CVE-2025-3936 -- Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Niagara
CVE-2025-3937 -- Use of Password Hash With Insufficient Computational Effort vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.
CVE-2025-3938 -- Missing Cryptographic Step vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.
CVE-2025-3939 -- Observable Response Discrepancy vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Cryptanalysis. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before
CVE-2025-3940 -- Improper Use of Validation Framework vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before
CVE-2025-3941 -- Improper Handling of Windows ::DATA Alternate Data Stream vulnerability in Tridium Niagara Framework on Windows, Tridium Niagara Enterprise Security on Windows allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.1
CVE-2025-3942 -- Improper Output Neutralization for Logs vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Input Data Manipulation. This issue affects Niagara Framework: before 4.14.2, befo
CVE-2025-3943 -- Use of GET Request Method With Sensitive Query Strings vulnerability in Tridium Niagara Framework on Windows, Linux, QNX, Tridium Niagara Enterprise Security on Windows, Linux, QNX allows Parameter Injection. This issue affects Niagara Framework: before 4
CVE-2025-3944 -- Incorrect Permission Assignment for Critical Resource vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows File Manipulation. This issue affects Niagara Framework: before 4.14.2, before 4.15.1, before 4.10.1
CVE-2025-3945 -- Improper Neutralization of Argument Delimiters in a Command ('Argument Injection') vulnerability in Tridium Niagara Framework on QNX, Tridium Niagara Enterprise Security on QNX allows Command Delimiters. This issue affects Niagara Framework: before 4.14.2
CVE-2025-4123 -- A cross-site scripting (XSS) vulnerability exists in Grafana caused by combining a client path traversal and open redirect. This allows attackers to redirect users to a website that hosts a frontend plugin that will execute arbitrary JavaScript. This vuln
CVE-2025-4133 -- The Blog2Social: Social Media Auto Post & Scheduler WordPress plugin before 8.4.0 does not escape the title of posts when outputting them in a dashboard, which could allow users with the contributor role to perform Cross-Site Scripting attacks.
CVE-2025-41403 -- Zohocorp ManageEngine ADAudit Plus versions 8510 and prior are vulnerable to authenticated SQL injection while fetching service account audit data.
CVE-2025-4280 -- MacOS version of Poedit bundles a Python interpreter that inherits the Transparency, Consent, and Control (TCC) permissions
CVE-2025-4338 -- Lantronix Device installer is vulnerable to XML external entity (XXE) attacks in configuration files read from the network device. An attacker could obtain credentials, access these network devices, and modify their configurations. An attacker may also ga
CVE-2025-43596 -- An insecure file system permissions vulnerability in MSP360 Backup 8.0 allows a low privileged user to execute commands with SYSTEM level privileges using a specially crafted file with an arbitrary file backup target. Upgrade to MSP360 Backup 8.1.1.19 (re
CVE-2025-4366 -- A request smuggling vulnerability identified within Pingora’s proxying framework, pingora-proxy, allows malicious HTTP requests to be injected via manipulated request bodies on cache HITs, leading to unauthorized request execution and potential cache pois
CVE-2025-4405 -- The Hot Random Image plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the ‘link’ parameter in all versions up to, and including, 1.9.2 due to insufficient input sanitization and output escaping. This makes it possible for authenticate
CVE-2025-4419 -- The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the 'path' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to access arbitrar
CVE-2025-45468 -- Insecure permissions in fc-stable-diffusion-plus v1.0.18 allows attackers to escalate privileges and compromise the customer cloud account.
CVE-2025-45471 -- Insecure permissions in measure-cold-start v1.4.1 allows attackers to escalate privileges and compromise the customer cloud account.
CVE-2025-45472 -- Insecure permissions in autodeploy-layer v1.2.0 allows attackers to escalate privileges and compromise the customer cloud account.
CVE-2025-4575 -- Issue summary: Use of -addreject option with the openssl x509 application adds
CVE-2025-46713 -- Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 0.0.1 and prior to 1.15.12, API_SET_SECURE_PARAM may have an arithmetic overflow deep in the memory allocation subsystem that wou
CVE-2025-46714 -- Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to 1.15.12, API_GET_SECURE_PARAM has an arithmetic overflow leading to a small memory allocation and then a extre
CVE-2025-46715 -- Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_GetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointe
CVE-2025-46716 -- Sandboxie is a sandbox-based isolation software for 32-bit and 64-bit Windows NT-based operating systems. Starting in version 1.3.0 and prior to version 1.15.12, Api_SetSecureParam fails to sanitize incoming pointers, and implicitly trusts that the pointe
CVE-2025-47779 -- Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, SIP requests of the type MESSAGE (RFC 3428) authentication do not g
CVE-2025-47780 -- Asterisk is an open-source private branch exchange (PBX). Prior to versions 18.26.2, 20.14.1, 21.9.1, and 22.4.1 of Asterisk and versions 18.9-cert14 and 20.7-cert5 of certified-asterisk, trying to disallow shell commands to be run via the Asterisk comman
CVE-2025-48061 -- wire-webapp is the web application for the open-source messaging service Wire. A change caused a regression resulting in sessions not being properly invalidated. A user that logged out of the Wire webapp, could have been automatically logged in again afte
CVE-2025-48061 -- wire-webapp is the web application for the open-source messaging service Wire. A change introduced in version 2025-05-14-production.0 caused a regression resulting in sessions not being properly invalidated. A user that logged out of the Wire webapp, coul
CVE-2025-48066 -- wire-webapp is the web application for the open-source messaging service Wire. A bug fix caused a regression causing an issue with function to delete local data. Instructing the client to delete its local database on user logout does not result in deletio
CVE-2025-48075 -- Fiber is an Express-inspired web framework written in Go. Starting in version 2.52.6 and prior to version 2.52.7, `fiber.Ctx.BodyParser` can map flat data to nested slices using `key[idx]value` syntax, but when idx is negative, it causes a panic instead o
CVE-2025-48366 -- Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a stored and blind XSS vulnerability exists in the Phone Number field of the user profile within the GroupOffice application. This al
CVE-2025-48368 -- Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a DOM-based Cross-Site Scripting (XSS) vulnerability exists in the GroupOffice application, allowing attackers to execute arbitrary J
CVE-2025-48369 -- Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.119 and 25.0.20, a persistent Cross-Site Scripting (XSS) vulnerability exists in Groupoffice's tasks comment functionality, allowing attackers to exec
CVE-2025-48371 -- OpenFGA is an authorization/permission engine. OpenFGA versions 1.8.0 through 1.8.12 (corresponding to Helm chart openfga-0.2.16 through openfga-0.2.30 and docker 1.8.0 through 1.8.12) are vulnerable to authorization bypass when certain Check and ListObje
CVE-2025-48372 -- Schule is open-source school management system software. The generateOTP() function generates a 4-digit numeric One-Time Password (OTP). Prior to version 1.0.1, even if a secure random number generator is used, the short length and limited range (1000–999
CVE-2025-48373 -- Schule is open-source school management system software. The application relies on client-side JavaScript (index.js) to redirect users to different panels based on their role. Prior to version 1.0.1, this implementation poses a serious security risk becau
CVE-2025-48374 -- zot is ancontainer image/artifact registry based on the Open Container Initiative Distribution Specification. Prior to version 2.1.3 (corresponding to pseudoversion 1.4.4-0.20250522160828-8a99a3ed231f), when using Keycloak as an oidc provider, the clients
CVE-2025-4975 -- When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device.
CVE-2025-4979 -- An issue has been discovered in GitLab CE/EE affecting all versions before 17.10.7, 17.11 before 17.11.3, and 18.0 before 18.0.1. An attacker may be able to reveal masked or hidden CI variables (that they did not author) in the WebUI, by simply creating t
CVE-2025-5024 -- A flaw was found in gnome-remote-desktop. Once gnome-remote-desktop listens for RDP connections, an unauthenticated attacker can exhaust system resources and repeatedly crash the process. There may be a resource leak after many attacks, which will also re
CVE-2025-5062 -- The WooCommerce plugin for WordPress is vulnerable to PostMessage-Based Cross-Site Scripting via the 'customize-store' page in all versions up to, and including, 9.4.2 due to insufficient input sanitization and output escaping on PostMessage data. This ma
CVE-2025-5073 -- A vulnerability, which was classified as critical, has been found in FreeFloat FTP Server 1.0. This issue affects some unknown processing of the component MKDIR Command Handler. The manipulation leads to buffer overflow. The attack may be initiated remote
CVE-2025-5074 -- A vulnerability, which was classified as critical, was found in FreeFloat FTP Server 1.0. Affected is an unknown function of the component PROMPT Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The
CVE-2025-5075 -- A vulnerability has been found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the component DEBUG Command Handler. The manipulation leads to buffer overflow. The attack can be launched
CVE-2025-5076 -- A vulnerability was found in FreeFloat FTP Server 1.0 and classified as critical. Affected by this issue is some unknown functionality of the component SEND Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. T
CVE-2025-5077 -- A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been classified as critical. This affects an unknown part of the file /admin/edit-subcategory.php. The manipulation of the argument Category leads to sql injection. It is possible t
CVE-2025-5078 -- A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /admin/subcategory.php. The manipulation of the argument Category leads to sql injection. The attack c
CVE-2025-5079 -- A vulnerability was found in Campcodes Online Shopping Portal 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/updateorder.php. The manipulation of the argument remark leads to sql injection. The attack may
CVE-2025-5080 -- A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. Affected is the function webExcptypemanFilter of the file /goform/webExcptypemanFilter. The manipulation of the argument page leads to stack-based buffer overflow. It is possibl
CVE-2025-5081 -- A vulnerability classified as critical was found in Campcodes Cybercafe Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /adminprofile.php. The manipulation of the argument mobilenumber leads to sql injection.
The Department of Government Efficiency’s access to vast amounts of sensitive data stored at the Consumer Financial Protection Bureau is raising alarms about the potential ramifications of a leak. https://therecord.media/doge-access-cfpb-data-market… -- KorbenD_Intel
I would help #malware analysts to bypass anti-analysis measures by concealing their processes, like x64dbg or procmon Excited to introduce hollowise! check this out: https://github.com/reecdeep/hollowise… #CyberSecurity #CyberSec #informationsecurity # -- reecdeep
Excellent blog post on arbitrary file write (AFW) in python based web applications https://siunam321.github.io/research/python-dirty-arbitrary-file-write-to-rce-via-writing-shared-object-files-or-overwriting-bytecode-files/… Credits @siunam321 #infosec -- 0xor0ne
Short introduction on how to intercept Linux system calls https://blog.mggross.com/intercepting-syscalls/… #cybersecurity #Linux -- 0xor0ne
ESP32 based IoT device: reverse engineering and security analysis https://jmswrnr.com/blog/hacking-a-smart-home-device… Credits @jmswrnr #esp32 #infosec -- 0xor0ne
Exploiting a use-after-free vulnerability in Linux kernel io_uring using Dirty Pagetable method (CVE-2024-0582) https://kuzey.rs/posts/Dirty_Page_Table/… Credits @kuzeyardabulut #infosec #Linux -- 0xor0ne
同感 -- 58_158_177_102
見つけたゼロデイ脆弱性は仕事で使うので公開しないって公言してる人たちが語るセキュリティとは -- 58_158_177_102
China-backed threat groups were the most active nation-state hackers in Latin America last year, targeting both government agencies and private sector organizations across the region. https://darkreading.com/cyber-risk/pandas-galore-chinese-hackers-attack -- 780thC
CrowdStrike 2025 Latin America Threat Landscape Report: A Deep Dive into an Evolving Region | https://crowdstrike.com/en-us/blog/2025-latam-threat-landscape-report-deep-dive/… @CrowdStrike -- 780thC
ViciousTrap – Infiltrate, Control, Lure: Turning edge devices into honeypots en masse | The actor is likely of Chinese-speaking origin | https://blog.sekoia.io/vicioustrap-infiltrate-control-lure-turning-edge-devices-into-honeypots-en-masse/… @sekoia_io -- 780thC
Microsoft’s DCU seized and facilitated the takedown, suspension, and blocking of approximately 2,300 malicious domains that formed the backbone of Lumma’s infrastructure. https://blogs.microsoft.com/on-the-issues/2025/05/21/microsoft-leads-global-action-a -- 780thC
Threat Actors Deploy LummaC2 Malware to May 21, 2025, @FBI | @CISAgov | https://cisa.gov/sites/default/files/2025-05/aa25-141b-threat-actors-deploy-lummac2-malware-to-exfiltrate-sensitive-data-from-organizations.pdf… -- 780thC
Talos has found intrusions in enterprise networks of local governing bodies in the United States | Talos assesses with high confidence that UAT-6382 is a Chinese-speaking threat actor. https://blog.talosintelligence.com/uat-6382-exploits-cityworks-vulnera -- 780thC
In @DarkReading : Arctic Wolf VP of Threat Research and Intelligence Ismael Valenzuela joins the Dark Reading Confidential podcast to share his most improbable Advanced Persistent Threat detection stories from his time as a security researcher. -- aboutsecurity
After the announcement of seizure of some of the Lumma Stealer panel domains, new ones were opened shortly in the following hours. Please remember that the whole activity has not ceased /yuriy-andropov.com @ViriBack -- alvieriD
First thoughts about #Lumma Stealer "disruption" (?): There's no need in calling big names on something that (from what I've read and tested) has not happened in the magnitude I'm watching on the media At the moment, Lumma still works, still has working -- alvieriD
Dire situation New Dire Wolf leak site /direwolfcdkv5whaz2spehizdg22jsuf5aeje4asmetpbt6ri4jnd4qd[.]onion -- alvieriD
This is Bad News — A new wave of ransomware attacks is on the way Whenever there is a leak or publication of ransomware code or builders, there is a spree of attacks using it. It happened with LockBit Black/3.0 and Babuk for ESXi. -- bushidotoken
#Dero miner zombies biting through Docker APIs to build a cryptojacking horde https://kas.pr/sb5e -- e_kaspersky
Ransomware Alert: Bronx Pro Group, LLC (http://bronxprogroup.com), a women-owned, neighborhood-based real estate development firm, based in USA, has fallen victim to Akira ransomware. Key Details: Threat Actor: Akira Reported on: May 22, 2025 Data -- FalconFeedsio
DDoS Alert Moroccan Black Cyber Army claims to have targeted multiple websites : - Tel Aviv Pharma - Institute for National Security Studies - Israel Academy of Sciences and Humanities - MediGence -- FalconFeedsio
Qilin Ransomware Alert Maussins-Nollet Medical Imaging Network (http://radiologue.paris), a Paris based medical imaging network specializing in musculoskeletal radiology and sports traumatology, has fallen victim to Qilin ransomware Key Details: Th -- FalconFeedsio
Welcome Mitchem Boles, Intezer’s new field CISO. He brings 15+ years of experience and joins us at a critical time as AI transforms the SOC. Read the news release for more: https://einpresswire.com/article/814469398/intezer-bolsters-its-leadership-team-w -- IntezerLabs
Technical overview of Lumma Stealer service (Storm-2477) by colleagues across several teams: https://aka.ms/Lumma-Stealer Provided capabilities for at least Octo Tempest, Storm-1607, Storm-1113, and Storm-1674. Info on Microsoft attorneys' legal action f -- ItsReallyNick
Joint action from tech / security / service providers is the way. Several more big companies I'd love to see collab'ing with each other or with law enforcement on this stuff. Use exclusive visibility for exclusive capabilities (adversary surprise & impact -- ItsReallyNick
#ESETresearch, in collaboration with #Microsoft, BitSight, Lumen, Cloudflare, CleanDNS, and GMO Registry, has helped disrupt #LummaStealer – a notorious malware-as-a-service infostealer. @JamesTomanek https://welivesecurity.com/en/eset-research/eset-takes -- ItsReallyNick
VanHelsing ransomware builder leaked on hacking forum - @LawrenceAbrams https://bleepingcomputer.com/news/security/vanhelsing-ransomware-builder-leaked-on-hacking-forum/… -- Manu_De_Lucia
it seems that the source code release was voluntarily decided by the operators as they are "already working on version 2". Perhaps in response to internal disagreements involving a former group's developer trying to sell them. -- Manu_De_Lucia
Over the past year, Microsoft Threat Intelligence observed the persistent growth and operational sophistication of Lumma Stealer, an infostealer malware used by multiple financially motivated threat actors to target various industries. -- MsftSecIntel
Our investigation into Lumma Stealer’s distribution infrastructure reveals a dynamic and resilient ecosystem that spans phishing, malvertising, abuse of trusted platforms, and traffic distribution systems. Lumma Stealer operators continually refine their -- MsftSecIntel
Microsoft has partnered with others across industry and international law enforcement and facilitated a disruption of Lumma infrastructure and the marketplaces in which the stealer malware was sold to other cybercriminals. -- MsftSecIntel
This was a fun write-up! I go through open-source obfuscator, Alcatraz and walk through its obfuscation techniques and how to approach de-obfuscation. Hopefully it can help some people! -- SBousseaden
Sidewinder CCPI in April 2025.docx 6705887aaa47aa5a77838da1e93b8f51 C2 www-cbsl-gov-lk[.]dwnlld[.]com #Sidewinder #APT #IOC -- suyog41
Python Stealer Sora AI.lnkk d4b1f86b0d722935bda299d37f7a2663 GitHub github[.]com/ArimaTheH #PythonStealer #Stealer #IOC -- suyog41
Packit Stealer b103209146cd1ac388297ae8bd656a42 from the developer of #Prysmax Stealer Telegram https://t[.]me/lawxsz https://t[.]me/lawxszdev Github https://github[.]com/lawxsz/Packit removed #Packit #Stealer #IOC -- suyog41
A file uploaded today named 'Accept_EULA.rtf' from #Hungary. This one looks like a simple CVE-2017-11882, but the contacted domain is the same: hxxp://advisory(.)army-govbd(.)info/ISPR/7201a146 @abuse_ch https://bazaar.abuse.ch/sample/e4afb43a13e043d -- suyog41
We uncovered a sophisticated TDS supporting UP-X, a Russian language online gambling platform. This dynamic redirection network of more than 1,000 short-lived DGA domains evades detection and resists takedowns. Details at https://bit.ly/43oXeu1 -- unit42_intel
A #CypherIT crypter is being used in #LummaStealer infections. This campaign is spread via various sources. The binaries use NSIS installers and AutoIt scripts. From an infection, we also saw a clipper payload targeting cryptocurrency wallets. Details at -- unit42_intel
New #ClickFix activity: User is asked to run PowerShell script that retrieves and runs an MSI file in memory. This infection chain performs #DLLSideLoading using legitimate "NVIDIA Notification.exe" to load a malicious DLL named libcef.dll. More info at h -- unit42_intel
Chat, I'm going to be that guy for a second. Maybe, and this is just speculation, but just maybe it was a poor decision by Coinbase to out source labor to 3rd world South Asian workers whom they exploit momentarily? What if Coinbase hired people, treate -- vxunderground
Coinbase was compromised December 26th, 2024. Initially it was reported they were compromised in early to mid-May. The (to the best of our knowledge) unidentified Threat Actors(s) maintained persistent access for nearly 6 months. -- vxunderground
Coinbase was compromised December 26th, 2024. Initially it was reported they were compromised in early to mid-May. The (to the best of our knowledge) unidentified Threat Actors(s) maintained persistent access for nearly 6 months. -- vxunderground
idk wtf a dMSA is -- vxunderground
Some governments did a thing and fucked up Lumma stealer, they seized like, I don't know, a bunch of stuff and sent customers messages about something scary -- vxunderground
There is my detailed report on Operation Endgame. I couldn't have gotten more exact figures, attached some pictures, and made the post longer. But I've got a newborn baby heap spraying milk out his face and I'm just standing in the corner, on my phone, in -- vxunderground
Xiaomi Xring 01 chip disassembly #xiaomi #Xiaomi15SPro #Xring01 -- 0dayDB
#Xiaomi Yu7 SUV interior, priced from $42,253 #XiaomiYU7 -- 0dayDB
#Xiaomi Yu7 SUV sales will beat #Tesla Model Y in China, Tesla FSD beats Xiaomi's intelligent driving assistance, LiDAR can never replace Tesla FSD pure vision #XiaomiYU7 @Tesla -- 0dayDB
Xiaomi Yu7 MAX 0-100KM/H 3.23S Top speed 253KM/H Xiaomi end-to-end intelligent assisted driving configuration: 700TOPS NVIDIA Thor TM chip x1 Lidar x1 4D millimeter-wave radar x1 HD camera x11 Ultrasonic radar x12 #Xiaomi #XiaomiYU7 -- 0dayDB
Xiaomi's first pure electric SUV, Yu7, released #XiaomiYU7 -- 0dayDB
First thoughts about #Lumma Stealer "disruption" (?): There's no need in calling big names on something that (from what I've read and tested) has not happened in the magnitude I'm watching on the media At the moment, Lumma still works, still has working -- abuse_ch
Attention | Platform integrators of @abuse_ch 's data. From June 30, 2025, users of our data will be required to use an authentication key to access our APIs. This means that any user accessing the @abuse_ch 's data from your platform will require fun -- abuse_ch
The European Council has issued sanctions against Stark Industries, a hosting company registered in the UK , as "they have been acting as enablers of various Russian state-sponsored and affiliated actors to conduct destabilising activities including, inf -- abuse_ch
#ItsNewFeatureTuesday! (That’s a thing, right?) You can now share searches with 3rd parties without them needing to authenticate to view the results! It’s a neat feature that will save time and hassle. Here's how it works 1) User (authenticated!) searc -- abuse_ch
Top companies and services faked in #phishing attacks on businesses and individuals We closely monitor all ongoing phishing campaigns and activities. Based on our data, we’ve listed brands most often faked by #threatactors in #phish lures. Check ou -- anyrun_app
Unlock Threat Intelligence Lookup with 2x value: double search requests quota for more threat investigations. Celebrate with us and power up your team! Explore all #ANYRUN’s Birthday deals, ending May 31: https://app.any.run/contact-us?utm_source=twitt -- anyrun_app
#StealthFalcon activity Update https://github.com/blackorbird/APT_REPORT/blob/master/summary/2025/eset-apt-activity-report-q4-2024-q1-2025.pdf… -- blackorbird
#patchwork #bitter #sidewinder #donot https://mp.weixin.qq.com/s/F2ZgjW_d3jbTpzz37Pj9PA… -- blackorbird
#bitter group steals Browser Credentials https://mp.weixin.qq.com/s/d_bYkerQrlyHw33Fc4OUUQ… -- blackorbird
#APT28 IOCs Credential Guessing/Brute Force + Spearphishing + Connections to Targeting of IP Cameras https://github.com/blackorbird/APT_REPORT/blob/master/APT28/CSA_RUSSIAN_GRU_TARGET_LOGISTICS.pdf… -- blackorbird
Black screen of #DRM: Privacy-first messenger blocks #MicrosoftRecall #Recall, #Microsoft’s AI tool that watches everything you do, is back. But the team behind private messaging app #Signal aren’t happy. @TheFuturumGroup @TechstrongGroup @SecurityBlvd -- cyb3rops
Adding some context to the #BadSuccessor situation: 1. Microsoft didn’t say they won’t fix it - they confirmed the vuln and are actively working on a patch. 2. This isn’t just about patching a flawed function. The likely fix involves delegation models and -- cyb3rops
#BadSuccessor - a textbook example of why the security ecosystem is broken - A privilege escalation vuln in Windows Server 2025 AD (via dMSA) - Full domain compromise with default config - Microsoft was told, agreed it’s real, but rated it "moderate" - N -- cyb3rops
Use Dapr Workflows & Agents to build AI apps and win up to $3000 in the Dapr AI Hackathon! Show off your skills and compete for top prizes. Register today: https://buff.ly/XDsr5aY #Dapr #AI #Hackathon -- cyb3rward0g
Don’t miss @Cyb3rWard0g 's talk at #x33fcon that dives into LLM-based AI agents, showcasing how to create adaptive, intelligent systems for blue and red team challenges using Python. Learn reasoning loops, critic agents, and orchestration for autonomou -- cyb3rward0g
We have launched the official http://urlscan.io Python library, encoding some best practices around error handling and retries and making it easy for newcomers to get started. Check it out: https://urlscan.io/blog/2025/05/21/urlscan-python-library/… - Fee -- DrunkBinary
Gonna be a banger...Sttyk got the juice -- DrunkBinary
Yay! My talk accepted for BlackHat USA 2025 Briefings! We accessed amount of internal material on North Korean IT workers and have investigated them in unprecedented levels of detail. https://blackhat.com/us-25/briefings/schedule/#behind-the-screen-unmask -- DrunkBinary
I just asked Starmer if he thought imprisoning a young mother for one foolish social media post, soon deleted, was an efficient or fair use of prison. His answer was quite frankly pathetic. -- hackerfantastic
Just look at my happy face :) So, my speech ended, thank you very much for coming and listening! I hope it was interesting You can watch my talk “Tricky obfuscation techniques for C2 communication? Just detect them all!” here https://youtube.com/live/O -- malwrhunterteam
"AntiVirus-new-update.library-ms-" seen from Slovakia: b1e7b934504d30e9886bb396f96c1271317eb3e7d560f39b748ffd3229d5c174 appliance-periodically-butler-wanting.trycloudflare[.]com -- malwrhunterteam
"memfd:a (deleted)": aee6e1912fe1222417109fc90d1c200988fefd629767d1e09216cd4063f2f05c 106.15.105[.]78 -- malwrhunterteam
"Title 17.31.27.dmg": a26a6c688c9247b1aec830e9b9ec88c028bdf9b437c68b120fb83a1e12ce5e92 -- malwrhunterteam
Join us for Day 2 of #gitexeurope ! -- QuoIntelligence
#APT #BITTER 58hz.rar e55758d6e30b262c8652cb97dfdc9039 bd0b21fc82d432f27bf6b184b0c4a859 inizdesignstudio[.]com -- ShadowChasing1
The #Lazarus #APT group used a file disguised as a Python package for poisoning. #C2 #IOC: 144.172.101.45:1224 144.172.103.97:1224 216.126.229.166:1224 https://threatbook.io/ip/144.172.101.45… https://threatbook.io/ip/144.172.103.97… https://threatbook.io -- ShadowChasing1
#Sidewinder #APT is dropping its favorite RTF file while launching multiple phishing campaigns. Target countries: We have consolidated all infra and are available at: https://pastebin.com/VFbNag7T @500mk500 (for update if any new infra) #Malwar -- ShadowChasing1
#APT #SUSP 95fc3891ce910f34080d4781bc7641be323ba6b761ec48ef50ab2f0b74f5a5b7 174.138.186[.]157:5511 & 7788 & 9558 rr7.tmp: hxxp://www.travelyoichi[.]jp/okinawa/showphoto[.]php REG Run name: PUpdate(H3628.js), runkey(rr7.tmp) Taskschd: AMicrosoftEdgeUpdate -- ShadowChasing1
We just released my research on BadSuccessor - a new unpatched Active Directory privilege escalation vulnerability It allows compromising any user in AD, it works with the default config, and.. Microsoft currently won't fix it Read Here - https://akamai -- snovvcrash
On this week’s Talos Takes, Edmund Brumaghin joins Hazel to talk about the growing trend of threat actors compartmentalizing their attacks, and how defenders can adjust threat modeling: http://cs.co/6011NvN7R -- talossecurity
How secure are your cloud environments? Cisco Talos built on Tenable’s discovery of a Google Cloud Platform vulnerability to uncover how attackers could exploit similar techniques across AWS and Azure: https://blog.talosintelligence.com/duping-cloud-funct -- talossecurity
"Analysis of command-line activity reveals the threat actor’s use of specific PowerShell cmdlets for discovering and interacting with virtual machines. 1/4 -- TheDFIRReport
The pipeline further extended to Get-DiskImage -ImagePath $_.Path and Dismount-DiskImage, suggesting a process of accessing and then unlinking VHD contents. Commands to halt virtual machine operations (Get-VM | Stop-VM) were also noted." Report: https:// -- TheDFIRReport
Interested in receiving private reports similar to this report? Contact us for pricing - https://thedfirreport.com/contact/ 4/4 -- TheDFIRReport
Summoning #infosec folks. Want to test your skills against REAL-WORLD threats? @TheDFIRReport is dropping their epic CTF challenge on June 7 (1630-2030 UTC) and I've got 5 FREE TICKETS to give away! Why you should participate? Because you'll tackle actu -- TheDFIRReport
Break free from #infosec complacency. Learn how security leaders can align strategy with business goals, evaluate metrics, and stop running on information security hamster wheels. Check out our latest blog post from @HugovdToorn . https://ghst.ly/3YX -- specterops
Defenders have platforms like VirusTotal, but offense lacks a similarly tailored tool. Enter: Nemesis 2.0. Join @tifkin_ & @harmj0y at #x33fcon as they showcase the offensive file analysis platform that replaces disjointed tools w/ streamlined automat -- specterops
Take a journey in Administrative Unit Attack Paths! Check out @_sigil 's #SOCON2025 talk, which starts w/ scoped role assignments for privilege escalation against users & groups and finishes w/ protecting accounts using Restricted Management AUs. : htt -- specterops
Why vote for BloodHound Enterprise? Because identity is the new perimeter—and defenders need tools that reduce risk, not just report on it. We're proud to be a finalist for #CyberScoop50 Innovation of the Year! Place your vote before July 25. : https -- specterops
Ding dong, the 2010s called – they want their TTPs back. Amazing how you can still completely own companies using decade-old techniques: - PSExec for RDP prep - Mimikatz dumped in C:\PerfLogs - LOLbin-fueled network recon - A scheduled task beaconing to -- threatable
CISA has published a joint advisory highlighting a Russian state-sponsored cyber campaign targeting Western logistics entities and technology companies involved in the coordination, transport and delivery of foreign assistance to Ukraine. https://cisa.gov -- virusbtn
Trend Micro researcher Junestherry Dela Cruz describes a TikTok campaign that uses possibly AI-generated videos to lure victims into executing PowerShell commands that lead to Vidar and StealC information stealers. https://trendmicro.com/en_us/research/25 -- virusbtn
Criminals are using Teams and impersonating help desk personnel to deliver an #AdaptixC2 beacon. Attackers utilized #QuickAssist to run an update.ps1 file that downloads and runs an AdaptixC2 beacon using tech-system[.]online for its C2 server. Details at -- virusbtn
UNC5221 China-Nexus Threat Actor Actively Exploiting Ivanti EPMM (CVE-2025-4428). Victims include: Germany's top telecom provider & defense contractors UK healthcare institutions tied to NHS U.S. pharma, aviation, and mobile security companies Leadin -- virusbtn
CVSS 9.8 is the new participation trophy given out to every vulnerability -- KorbenD_Intel
“Hey, I noticed your Teams status is yellow. Just wanted to make sure you’re still online.” -- threatable