Untangling the Web: Navigating Third-Party Risk in a Hyperconnected World
How I got a Bounty and Hall of Fame for finding easy bugs | by RivuDon | Feb, 2025 | InfoSec Write-ups
How to find bugs in the Microsoft IIS page. | by loyalonlytoday | Feb, 2025 | InfoSec Write-ups
Fixing stdlib 1.18.2 Vulnerabilities in Docker Images: A PostgreSQL Implementation Guide | by M Sadewa Wicaksana | Feb, 2025 | InfoSec Write-ups
PlayStation Network outage has been going on for over 24 hours
Kimsuky Group used custom RDP Wrapper version
Hackers Monetize LLMjacking, Selling Stolen AI Access for $30 per Month
Massive brute force attack uses 2.8 million IPs to target VPN devices
Russia's intelligence recruits Ukrainians for terror attacks via messaging apps
Teen Hacker “Natohub” Caught for NATO, UN, and US Army Breaches
Shellshock — A deep dive into CVE-2014–6271 | by MrXcrypt | Feb, 2025 | InfoSec Write-ups
Stealing Accesses tokens from Cloud Functions in GCP | by Nairuz Abulhul | Feb, 2025 | InfoSec Write-ups
Behind the Message: Two Critical XSS Vulnerabilities in Zoho’s Web Applications | by HackerWithOutHat | Feb, 2025 | InfoSec Write-ups
Best Browser Extensions for Bug Hunting and Cybersecurity | by coffinxp | Feb, 2025 | InfoSec Write-ups
User Interface Says No, Backend Says Yes — Story of Bypassing Email Verification | by 0xSOM3A | Feb, 2025 | Medium
Selecting A Program for Bug Bounty on HackerOne | by the_unlucky_guy | Feb, 2025 | Medium
America’s unfolding cybersecurity catastrophe | by Violet Blue® | Feb, 2025 | Medium
Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection
LLM Hijackers Quickly Incorporate DeepSeek API Keys
SolarWinds to Go Private for $4.4B
CISA warns Trimble Cityworks customers of actively exploited RCE flaw
ASP.NET Vulnerability Lets Hackers Hijack Servers, Inject Malicious Code
Hackers exploit Cityworks RCE bug to breach Microsoft IIS servers
HPE notifies employees of data breach after Russian Office 365 hack
Databarracks Launches Air Gap Recover
Canadian Man Charged in $65M Cryptocurrency Hacking Schemes
Microsoft: 1000s of ASP.NET Keys Allow Web Server RCE
2024 Breaks Records With Highest Ever Ransomware Attacks
How do I perform a Synology RAID 5 data recovery? | by InfoSec Write-ups | Feb, 2025 | InfoSec Write-ups
Campaign exploits outdated WordPress sites to spread password-stealing malware
Hospital Sisters Health System impacted 882,782 individuals
Best Practices for Preparing and Automating Security Questionnaires
US health system notifies 882,000 patients of August 2023 breach
Google's DMARC Push Pays Off, but Challenges Remain
Widespread Android malware campaign hits India
Accounts compromised in data breaches spike
Cyberattack impacts British engineering firm IMI
Cloudflare outage caused by botched blocking of phishing URL
Behavioral Analytics in Cybersecurity: Who Benefits Most?
Cybercrime Forces Local Law Enforcement to Shift Focus
Most UK GDPR Enforcement Actions Targeted Public Sector in 2024
Will AI threaten the role of human creativity in cyber threat detection?
DeepSeek App Transmits Sensitive User and Device Data Without Encryption
7,000 Exposed Ollama APIs Leave DeepSeek AI Models Wide Open to Attack
Microsoft shares workaround for Windows security update issues
7AI Streamlines Security Operations With Autonomous AI Agents
Malicious AI Models on Hugging Face Exploit Novel Attack Technique
CISA Warns of Active Exploits Targeting Trimble Cityworks Vulnerability
Attackers compromise IIS servers by leveraging exposed ASP.NET machine keys
Microsoft Edge update adds AI-powered Scareware Blocker
Microsoft has finally fixed Date & Time bug in Windows 11
Third-Party Risk Management Failures Expose UK Finance Sector
DeepSeek Security, Privacy, and Governance: Hidden Risks in Open-Source AI | by Theori Security Assessment | Feb, 2025 | Theori BLOG
Detecting EDR Bypass using path masquerading | by Rogier Dijkman | Feb, 2025 | Medium
You Should Really Take Care of “That Old Email Address”… It’s Time. | by Will Keefe | Feb, 2025 | Medium
Attackers used a public ASP.NET machine to conduct ViewState code injection attacks
AI-Powered Social Engineering: Reinvented Threats
India's RBI Introduces Exclusive "bank.in" Domain to Combat Digital Banking Fraud
Microsoft Identifies 3,000+ Publicly Disclosed ASP.NET Machine Keys Vulnerable to Code Injection
Cybercriminals Weaponize Graphics Files in Phishing Attacks
Self-sovereign identity could transform fraud prevention, but…
Tesla: Insiders Responsible For Major Data Breach
SpyAgent malware targets crypto wallets by stealing screenshots
Hackers Exploiting SimpleHelp RMM Flaws for Persistent Access and Ransomware
Hackers Leverage Okta Phishing Attacks to Target FCC and Popular Crypto Firms - News
Patients Data Exposed in Phishing Attack Targeting LA County Health Services - Phishing
FIN7 Attempts Phishing at American Automaker’s IT Staff - News
Overconfident execs are making their companies vulnerable to fraud
Ghidra 11.3 released: New features, performance improvements, bug fixes
Infosec pros struggle under growing compliance
New infosec products of the week: February 7, 2025
U.S. CISA adds Microsoft Outlook, Sophos XG Firewall, and other flaws to its Known Exploited Vulnerabilities catalog
S. Korea's Notorious Sex Crime Hub Ya-moon Hacked, User Data Leaked
US Cybersecurity Efforts for Spacecraft Are Up in the Air
Kimsuky shifts tactics from traditional backdoors to RDP, proxies
Microsoft says attackers use exposed ASP.NET keys to deploy malware
Agencies Sound Alarm on Patient Monitors With Backdoor
Researcher Outsmarts, Jailbreaks OpenAI's New o3-mini
DeepSeek Phishing Sites Pursue User Data, Crypto Wallets
NCC Group's Cyber Threat Intelligence Report Reveals Record Ransomware Attacks - Security Spotlight
Critical RCE bug in Microsoft Outlook now exploited in attacks
Kimsuky hackers use new custom RDP Wrapper for remote access
Changing the tide: Reflections on threat data from 2024
Hackers Spoof Microsoft ADFS Login Pages in Phishing Attacks - Security Spotlight
Hack The Box — UnderPass Walkthrough | by Satyam Pathania | Feb, 2025 | InfoSec Write-ups
Ransomware Payments Drop 35%: Chainalysis Reports Victims Refuse to Pay Ransom - Security Spotlight
Connecticut Healthcare Data Breach Exposes 1 Millions Records - Security Spotlight
DeepSeek-R1 LLM Fails Over Half of Jailbreak Attacks in Security Analysis
Code injection attacks using publicly disclosed ASP.NET machine keys
Critical Cisco ISE bug can let attackers run commands as root
DDoS attacks reportedly behind DayZ and Arma network outages
Hackers exploit SimpleHelp RMM flaws to deploy Sliver malware
Europol Cracks Down on Global Child Abuse Network “The Com”
WordPress ASE Plugin Vulnerability Threatens Site Security
Hacking the mind: Why psychology matters to cybersecurity
Fake Google Chrome Sites Distribute ValleyRAT Malware via DLL Hijacking
Expel expands SIEM capabilities to meet mounting data storage needs
British engineering firm IMI discloses breach, shares no details
Cybersecurity Savanna: A Race You Can't Win, but Must Run
Lazarus Group Targets Bitdefender Researcher with LinkedIn Job Scam
Cyber Monitoring Centre Introduces ‘Richter Scale’ for Cyber-Attacks
Suspected hacker arrested for attacks on NATO, US Army
CISA: Actively exploited Linux kernel flaw requires immediate remediation
New AsyncRAT campaign uncovered
Ransomware Extortion Drops to $813.5M in 2024, Down from $1.25B in 2023
Ukraine's largest bank PrivatBank Targeted with SmokeLoader malware
ActiveState accelerates secure software delivery
Corero Network Security unveils automated DDoS-aware resiliency
Ransomware payments plummet as more victims refuse to pay
Google Cloud Platform Data Destruction via Cloud Build
From Demo to Live: Zero-Click Account Takeover via the Same Encryption Algorithm | by can1337 | Feb, 2025 | Medium
“Do you have IOCs for this threat”? | by Andy C | Feb, 2025 | Medium
Cybersecurity Side Hustles: How to Make Money Beyond Your Job | by Taimur Ijlal | Feb, 2025 | Medium
Notorious hacker behind 40+ cyberattacks on strategic organizations arrested
Top 3 Ransomware Threats Active in 2025
North Korean APT Kimsuky Uses forceCopy Malware to Steal Browser-Stored Credentials
SparkCat Malware Uses OCR to Extract Crypto Wallet Recovery Phrases from Images
The Evolving Role of PAM in Cybersecurity Leadership Agendas for 2025
Suspected NATO, UN, US Army hacker arrested in Spain
NCSC Issues Guidance to Protect UK Research and Innovation
Cyabra Insights protects against AI-driven digital disinformation
Onapsis Control Central secures SAP software development lifecycle
Spanish Police Arrest Suspected NATO and US Army Hacker
My Security and Privacy Checklist: 2025 Edition | by Laura Ward | Jan, 2025 | Code Like A Girl
The Silent Breach: A Story of Leaked Token and PII | by Yash Nimbalkar | Feb, 2025 | Medium
Cisco Patches Critical ISE Vulnerabilities Enabling Root CmdExec and PrivEsc
Enterprises invest heavily in AI-powered solutions
The overlooked risks of poor data hygiene in AI-driven organizations
How to customize Safari for private browsing on iOS
Don’t Trust Gmail in 2025. Top Alternatives to Consider Now | by Anshul Kumar | Bouncin’ and Behavin’ Blogs | Jan, 2025 | Medium
The Bambu Lab Scandal Proves How Much We Hate The Internet | by Attila Vágó | Bricks n’ Brackets | Jan, 2025 | Medium
Explore topics
FFUF Mastery: The Ultimate Web Fuzzing Guide | by coffinxp | Feb, 2025 | OSINT Team
Days at Risk: How Complacency Fuels Catastrophic Outcomes | by Chris Perkins | Jan, 2025 | Medium
Installing and using DeepSeek AI. DeepSeek R1 recently gained notoriety… | by Cristian Souza | Jan, 2025 | Medium
Mastering Linux Monitoring with Tetragon and Wazuh | by SOCFortress | Feb, 2025 | Medium
- YouTube
- YouTube
How cybercriminals make money with cryptojacking - Beelzebub Blog
ROPing our way to RCE / modzero
Security analysis of the Wi-Fi Easy Connect
Redefining Cyber Defense: The Offensive SOC Approach
Hackers exploiting bug in popular Trimble Cityworks tool used by local gov’ts | The Record from Recorded Future News
GitHub - uscneps/Awesome-European-Tech: Up-to-date, community-driven list of Awesome European Tech projects! all focusing on privacy, sustainability, and innovation. The goal is to support European startups and projects (from the EU and EFTA that comply w
- YouTube
Do the CONTEC CMS8000 Patient Monitors Contain a Chinese Backdoor? The Reality is More Complicated… | Claroty
Teen on Musk’s DOGE Team Graduated from ‘The Com’ – Krebs on Security
Exposing Upscale Hacktivist DDoS Tactics – SMBtech
Europol: Financial institutions should switch to quantum-safe cryptography | heise online
CTO at NCSC Summary: week ending February 9th
- YouTube
- YouTube
GitHub - roundyyy/ConsistPass: A Simple but Secure Deterministic Password Generator and Manager
- YouTube
Almost famous: behind the scenes of a feature that didn’t make the cut – Thinkst Thoughts
Windows Telephony Services: 2025 Patch Diffing & Analysis Part 1
Attackers compromise IIS servers by leveraging exposed ASP.NET machine keys - Help Net Security
archive.is
- YouTube
ghidra/Ghidra/Configurations/Public_Release/src/global/docs/WhatsNew.md at Ghidra_11.3_build · NationalSecurityAgency/ghidra · GitHub
Ransomware Payments Decreased by 35% in 2024
Spotify
Advisory: CVE-2024-55957 | Penetration Testing - Red Teaming - Purple Teaming - Security Training | Tier Zero Security, New Zealand
- YouTube
- YouTube
NowSecure Uncovers Multiple Security and Privacy Flaws in DeepSeek iOS Mobile App - NowSecure
How to prove false statements? (Part 2) – A Few Thoughts on Cryptographic Engineering
Chile: Klap plataforma de pago es publicado en un foro de hacking por actor malicioso dice tener 158,795 datos.
ArgFuscator
The Rise of ZombAIs: How Prompt Injection Turns AI into Malware Execution Agents
Police Arrest Hacker Behind Attacks on U.S. and NATO Systems
Kept in the Dark – The 74
Jefferson School District Cancels Classes After Cyberattack
Ransomware payments plummet as more victims refuse to pay - Help Net Security
- YouTube
Crypto Ransomware 2025: 35.82% YoY Decrease in Ransomware Payments
API Penetration Testing 101: A Beginner’s Guide to Securing APIs - Laburity
Spotify
Python 3+ webpage downloader. Proof of concept and for simple web pages.
A demonstration of mult-itab calculator application built for managing and performing more than one set of calculations simultaneously. The core principle of the project is to provide proof of concept for handling states and computations keeping the prima
Proof of concept for a XSS vulnerability in django-gravatar2 1.4.4
Proof-of-concept of a Linux VM setup without graphics adapter, using nothing but the ttyS0 serial interface to interact with the system.
Mabu2 is a health companion bot. The idea is to control the head movements (animatronics) part of Mabu
A robust backend service for managing projects, tasks, and users. Built with **Java** and **Spring Boot**, this system ensures scalability, security, and high performance. It provides RESTful APIs for project creation, task tracking, and user management w
This is platform of windows which helps in ethhical hacking.
Project Chaotic Godot is a Godot game where anyone in the Hack Club server can add anything to the game (as long as it's not purposefully a vandalism pull request or bigotry/hatred). It will be... well, chaotic. I'll try to commit as many pull requests as
A proof of concept X11 Window Manager Inspired by dwm
Hack Hive competition project
🔥 WH4LE CHAT – THE ULTIMATE HACKER CHAT APP 🐳💀 🚀 FOR HACKERS. BY HACKERS. FOR STUDENTS. FOR LATE-NIGHT GRINDERS.
A Proof-of-Concept Private Server for an Anime Fleet Game
ChatBox video game for Hack Duke 2025
preventing and anticipating cyber hacking breaches using random forest and multi layer perceptron
hack JMI 2025
ThinkAlike: Hack the System, Upgrade Humanity. This open-source project is coding a revolution for technological enlightenment - a decentralized platform for ethical AI and authentic connection. Join the fight! #CodedRevolution #KeyboardWarriors #EthicalT
Track the progress of my interprise grade 12U server rack. Built for troubleshooting, user admin, networking, and security labs.
react-security-project
security content & knowledge base
Analyze code quality, security, and compliance
security-digest
Network Security Groups (NSGs) and Powershell
Hackathon Hacky hack hack hacking away
security-iP-
Proof of concept of a XSS vulnerability in django-impersonate 1.9.3
Ready to Automate Penetration Testing with AI? Clone & Start Hacking (Ethically)!
Tartan Hacks 2025 Project
🦴️ A place for software artifacts by @seanpm2001 along with information on their usage, creation, and history.
New plugin for SecuritySpy integration with Indigo
A DeFi-powered competitive space exploration game where players stake assets to explore exoplanets, mine resources, and compete for yields. Play to Earn Stake assets (min 0.1 ETH) Survive to earn yields (up to 10x) Own exoplanet properties Generate passiv
Vision is a truly unique software for Deadlock, developed using advanced technologies and reverse expertise. We proudly present a reliable solution that will give you an edge over your competitors.
h4ck for Fortnite provides powerful tools to elevate your gameplay. With features like aimbots, wallhacks, and resource generators, you can gain an edge over your opponents. Designed for both casual and competitive players, this hack enhances your Fortnit
Advanced SystemCare Ultimate for PC optimization, cleaning, and security. Boost your system’s performance with ease. ⚙️🚀
Security Header Analyzer
This tool includes an HWID spoofer, customizable aimbot, character ESP, and 2D radar for enhanced gameplay. gta-5-hack gta-5-cheat gta-5-mod-menu gta-5 gta-v-mod-menu gta-v-hack gta-online-mod-menu gta-online-hack gta-online-esp gta-5-esp gta-5-aimbot gta
Tor Browser for secure and anonymous browsing. Protect your online privacy and access the internet freely. 🕵️♂️🌐
Repository for Spark Hacks 2025 UIC, Chicago.
Projects that were accomplished as a part of my Master's in Information Systems Security at Concordia University
A comprehensive collection of hands-on projects and exercises focused on mastering Spring Boot and Hibernate concepts. This repository covers topics ranging from RESTful APIs, Spring MVC, and security to advanced Hibernate mappings and AOP, all developed
Proof of Concept of how we can share data between two or more datagrids.
SpringHelpers is a lightweight SDK designed to simplify and accelerate Spring Boot development. It provides a collection of reusable utilities, extensions, and abstractions that help developers streamline common tasks such as configuration management, log
A simple user authentication system built in PHP that demonstrates user registration, login, and logout functionality. This project uses PDO for secure database interactions, PHP sessions for state management, and password hashing for security.
proof-of-concept
Turning vanilla Arch into my ultimate hacking OS
Carbon Executor is a state-of-the-art Roblox exploit that offers unmatched performance and security, boasting 90% UNC support and Level 8 execution capabilities. Compatible with Windows 7 through 11, it empowers users to unlock the full potential of Roblo
UGA Hacks X Submission
Object-Oriented Programming (OOP) concepts in Java include abstraction, encapsulation, polymorphism, and inheritance. These concepts help programmers write efficient code, prevent security issues, and reuse code.
roblox cheat roblox-lua roblox-scripts roblox-script roblox-api-wrapperroblox-injector roblox-lua-script roblox-uwp injector-roblox roblox-injector-downloadinjector-roblox-download linjector roblox-executor-pc-2024 roblox-uwp-executor-2024 roblox-hack-new
Hack Duke Project 2025
Cross-platform Flutter app for capturing or selecting images, detecting QR codes, and analyzing them with OpenAI. Reveals QR contents (URL, Wi-Fi, etc.) and potential security risks in a user-friendly interface. Perfect for quick, secure QR scanning.
cs2-cheat cheat-cs-go midnight-cs-2 cs-2-cheats fatality midnight counter-strike-2-aimbot-pc counter-strike-2-aimbot-script counter-strike-2-free-aimbot counter-strike-2-recoil-hack counter-strike-2-free-utility cs2-aimlock cs2-glow-hack cs2-weapon-hack c
Apex Legends AI Hack Cheat Triggerbot Noclip silent aimbot esp wallhack wh exploit godmode fly FlickBot Legit SemiRage softaim 2024 inventory skin changer swapper hwid spoofer changer free macros norecoil speedhack undetected injector radar FPS Booster Un
Mobile App for Hack_NCState_25
fortnite AI Hack Cheat Triggerbot Noclip silent aimbot esp wallhack wh exploit godmode fly FlickBot Legit SemiRage softaim 2024 inventory skin changer swapper hwid spoofer changer free download macros norecoil speedhack undetected injector radar FPS Boost
cmu tartan hacks
Tartan Hacks '25
This versatile **WordPress Cracker and Checker** tool validates login credentials, tests password lists silently, and categorizes results into `Good_WP.txt` and `Bad_WP.txt`, offering both credential checking and brute-force cracking capabilities.
UGA Hacks X project
Alan Pham, Charles Hu, Todd Dong CMU Tartan Hacks 2025 Project
Seditio CMS Fast and Security
A comprehensive security testing tool for PDF processing services and viewers. This tool generates PDF files containing various security test payloads to help identify potential vulnerabilities in PDF processing systems.
This tool includes an HWID spoofer, customizable aimbot, character ESP, and 2D radar for enhanced gameplay. gta-5-hack gta-5-cheat gta-5-mod-menu gta-5 gta-v-mod-menu gta-v-hack gta-online-mod-menu gta-online-hack gta-online-esp gta-5-esp gta-5-aimbot gta
Proof of concept of the BBL skip object protocol
Arceus X Exploit & Executor is a universal cheating tool that allows users to activate various cheats, scripts, and hacks within the mobile version of Roblox, available on Android and iOS devices. This program offers a wide range of functions to select fr
This program is for checking your password for strength and reliability, and for hacking!
The goal is to determine the reliability of publications, sources, or references using a credibility score. This proof of concept is based on the Retrieval-Augmented Generation (RAG) technique. The use case includes: ChatBot Integration: Initially, we ha
GuardianScope is a pioneering decentralized content moderation protocol powered by AI Agents and built on EigenLayer's AVS (Actively Validated Service) infrastructure. It enables automated, unbiased, and privacy-preserving content moderation for decentral
Tinker Her Hack Project By Tech Girlies
Devops-and-Cyber-Security
Commercial Website that presents security services
OLX Manual Testing Report Project Overview This repository contains a Manual Testing Report for the OLX platform. The testing process involved verifying key functionalities, performance, security, and compatibility aspects of the platform. The goal was to
Living-memory is a production-ready persistent memory system implementing the Model Context Protocol (MCP). It enables AI models to maintain persistent memory across sessions through a sophisticated file system-based knowledge graph.
Tink-her-hack project
Microsoft Office 2021 Pro Plus is the latest version of the popular productivity suite by Microsoft, offering advanced features for creating documents, spreadsheets, presentations, and more. With improved collaboration tools and enhanced security measures
Demo of securty alarm generation
Tink-her-hack 3.0
Secure DevOps pipeline with automated security integration.
Proof of Concept US Congress DAO Simulation on The Ethereum Blockchain
Its a journal App whole entire backend is made using spring boot with added spring security and storing the data on MongoDb Cloud.
The Real-Time Email Spoofing Checker is a security-focused web application designed to analyze email headers and detect potential email spoofing attacks. It verifies SPF (Sender Policy Framework), DKIM (DomainKeys Identified Mail), and DMARC (Domain-based
This is python script of the proof of concept behind the idea of how to find the (x, y, z) vector to the forward momentum
Proof-of-concept for extracting PyPI package documentation URLs using Rust and uv components
Security Check for implementing CI/CD
Proof of concept for filling multiple PDF forms simultaneously.
Proof of concept chat AI combining the Model Context Protocol (MCP) with Vercel's AI SDK UI
VulnChk is a security tool designed to scan websites for common vulnerabilities such as SQL injection, XSS, and missing security headers. It also checks for known CVEs and provides detailed reports, helping web administrators assess and improve site secur
🚀 Automated Elasticsearch Installation for Cybersecurity & Threat Hunting 🔍 A Bash script to install and configure Elasticsearch on Ubuntu, tailored for cybersecurity use cases, log analysis, and SIEM.
A security tool for updating your Bitwarden vault. Includes a custom API client and schema.
A straightforward proof of concept demonstrating data flow using Apache NiFi and Kafka Streams.
VulnChk is a security tool designed to scan websites for common vulnerabilities such as SQL injection, XSS, and missing security headers. It also checks for known CVEs and provides detailed reports, helping web administrators assess and improve site secur
The Cybersecurity Threat Detection and Response Dashboard is an intuitive application that monitors digital assets in real-time, providing immediate alerts and logging suspicious activities to help users promptly address potential security incidents.
Anomaly-Detection-in-Cyber-Security
A proof of concept to Loqor that Kotlin is good.
Prototype/proof of concept/test of my abilities.
eyERED is an open-source command-line tool for forensic analysis on Linux systems. Built with Python and Bash, it helps security analysts, incident responders, and forensic investigators detect anomalies and collect evidence efficiently.
Universidad del Valle de Guatemala - Security Data Science - Laboratorio 1
sol-check is a powerful Solana network tool that provides comprehensive validation and verification of smart contracts to ensure secure and efficient performance. It offers advanced analysis and debugging capabilities to help developers identify and resol
Proof of concept to get the URL of a Python package
RedShadow is an advanced ethical hacking and red teaming toolkit designed for elite penetration testers, cybersecurity professionals, and ethical hackers. It provides reconnaissance, exploitation, post-exploitation, and evasion capabilities in a modular a
my-hack-project
Project Void is a Bluetooth Low Energy (BLE)-powered ecosystem
Network-Security-and-Penetration-Testingetration
Yantra Hack Renewable Energy forecasting
A curated list of tools, frameworks, and resources for IT compliance, security standards, and regulatory requirements
Kata_PP_3.1.2_springboot_security
Spark Hacks Hackathon Final Project Storage
A sophisticated steganography application for securely embedding messages within images. Built with modern web technologies and running entirely in your browser for maximum privacy and security.
surgu-Information-security
Privasea is a secure and user-friendly platform for encrypted communication and file sharing, designed to protect your sensitive information. With end-to-end encryption and advanced security measures, Privasea ensures your data stays private and safe from
Proof of concept implementation of AppSpaces using the Skip framework
Proof of concept web page containing javascript driven decision tree
NCE Hack the future hackathon project
Arceus X Exploit & Executor is a universal cheating tool that allows users to activate various cheats, scripts, and hacks within the mobile version of Roblox, available on Android and iOS devices. This program offers a wide range of functions to select fr
🚀 CypherScribe: The L33T Speech-to-Code Hack of the Future 💾 "Hack the Planet, One Dictation at a Time"
This labs is completed on web security academy where i practise each vulnerability and test
a messy experiment using Galadriel for inference verification: needs work proof of concept for chain of trust verification from sentience
The model simulates the formation of security queues in the airport.
This Proof of Concept is part of Angular 18 Full Course.
Terraform repository for managing cloud infrastructure, security policies, and automation workflows.
open-source game hack/base/template for Counter-Strike 2 (somewhat of low-quality maybe as I don't care)
Este site é para um grupo de cibersegurança inspirado no DedSec de Watch Dogs. O objetivo é criar um ambiente interativo e seguro para os membros do grupo, oferecendo funcionalidades como um dashboard, fórum interno, ferramentas de hacking, notícias sobre
open-source game hack/base/template for Counter-Strike 2 (somewhat of low-quality maybe as I don't care)
"Securing The Cloud"
security-header-checker
Arceus X Exploit & Executor is a universal cheating tool that allows users to activate various cheats, scripts, and hacks within the mobile version of Roblox, available on Android and iOS devices. This program offers a wide range of functions to select fr
A Streamlit-based web application for SOC teams to generate professional monthly security reports with PDF export capabilities. Streamline your security reporting workflow with customizable templates and real-time preview.
Dangling pointers can lead to unpredictable behavior as they may point to invalid memory locations after the object they pointed to is deallocated. This can cause crashes, data corruption, or security vulnerabilities.
oss-security mailing list Webhook Bot, using LLM for summarization, written in Rust 🦀
Proof-of-concept project for a digital services sales pipeline on Upwork
Carbon Executor is a state-of-the-art Roblox exploit that offers unmatched performance and security, boasting 90% UNC support and Level 8 execution capabilities. Compatible with Windows 7 through 11, it empowers users to unlock the full potential of Roblo
Carbon Executor is a state-of-the-art Roblox exploit that offers unmatched performance and security, boasting 90% UNC support and Level 8 execution capabilities. Compatible with Windows 7 through 11, it empowers users to unlock the full potential of Roblo
This repository serves as a collection of proof-of-concept (PoC) implementations in Java for ePA (electronic patient record) for all.
First-Security-Audit
An AI-powered information retrieval system for Flash Bootloader and Over-The-Air (OTA) update technologies using Retrieval Augmented Generation (RAG). This system helps developers and engineers access relevant information about bootloader configurations,
13-securitygroup-test
securityOAuthSession
Web Security Scanner designed for authorized security assessments, vulnerability detection, and educational purposes. This tool helps identify common web vulnerabilities like SQL Injection, XSS, CSRF, and more, providing clear explanations and Proof of Co
A simple and efficient port scanner designed to identify open ports on remote hosts. This tool helps in network security assessments, troubleshooting, and identifying potential vulnerabilities by scanning specified IP addresses and port ranges. It support
Track your favourite capital market securities an watch for significant patterns and events.
A comprehensive network design proposal for ABC Corporation, focusing on scalability, redundancy, and security using a hierarchical architecture.
AI and ML Security
connect-security-req-tester
vehicle_security
bcb-security
Proof of concept for a Router API that would be the database interface to CRUD path based routes and redirects.
This API provides seamless user and post management functionalities. With this, users can create accounts, manage their profiles, and publish engaging posts. Authentication is required for protected endpoints to ensure security.
build simple REST API use spring security, jwt
use Cursor AI create a basic project of spring boot security
Team for Hack Club Juice!
securityExam-250206
Online Banking System 🏦 A Spring Boot-based online banking system using Thymeleaf, Spring Security, Spring Data JPA, and JavaScript. It includes a User-Front for account management, transfers, and transactions, and an Admin-Portal for user and appointmen
A nuclear-grade proof-of-concept Powershell/Python/Batch payload for experimenting with Windows security features (DO NOT RUN ON A MACHINE YOU WISH TO KEEP)
Sito web Pasta-Cod3 hacking based
boera_security_solutions
This is an Arduino-based security project that controls door access using a password. It integrates a keypad for input, an LCD for feedback, and a servo motor or relay to unlock the door.
Download Sqli Dumper v10.5: The Ultimate Tool for Database Analysis and Security Testing
cli browser-hacking suite
A collection of reusable and practical AWS CloudFormation templates for various use cases. This repository includes templates for networking, security, compute resources, serverless architectures, IAM policies, and more. Designed to simplify AWS infrastru
udemy-30-security
FiveM External cheat, offers various features like aimbot, triggerbot, exploits, and customizable settings, enhancing the gameplay experience. It includes a KeyAuth system for additional security and user management. The cheat is designed to be undetectab
Creating Azure virtual network and network security groups
springboot-security-employee-management
This action uses govulncheck to perform a scan of the code, afterwards it will parse the output and transform it into an Sarif Report, which will be uploaded to Github using the code-scanning API. code-scanner, github-actions, golang-tools, sarif-report,
Repositório para armazenar entregas usadas na definição da área de atuação de cada integrante do time de Cyber Security do Inatel.
Helpful resources regarding the cheap DIY Wi-Fi Pineapple, AKA Wi-Fi Mangoapple to help with supported chipsets, configurations, errors, etc..
Gather SubDomains Reconnaissance Tools Together to Get the Best Result Possible
grpc-proof-of-concept
In the enchanting realm of gaming, DLLX1 reigns supreme as a paragon of excellence. A fully realized internal hack tailored exclusively for Valorant,
Ciber security project, for a weak bank survice, that is meant to be attacked.
This project uses the azure and google speech2text services as a proof of concept
hack, hack tekken 8, tekken 8 cheat, tekken 8 hacks, cheats tekken 8, tekken 8 hack gameplay, fight money hack tekken 8, tekken 8 hack download, download hack tekken 8, tekken 8 cheat download, download cheat tekken 8, free hack tekken 8, free cheat tekke
This project is a Proof of Concept (PoC) for integrating a chatbot with a Laravel application. The chatbot interacts with users, collects basic details (name, email, phone, message), and sends the data to a backend API for storage. The UI is built using B
optimization linux security and network performance
Assalt cube health hack with interface
Documentacion de los retos CTF
this is POC (Proof Of Concept) of a currency exchange web application that can perform multi currency transactions through out the globe.
Proof of concept web game made with c++ and WebAssembly
Full stack application with React js frontend and spring boot backend.and Spring security
LayanKandil-CyberSecurity
Proof-of-concept (POC) program designed to process email leads.
Spring Boot microservice applications with spring security, spring cloud components
DeepSeekShellcoderloader is a robust C++14 application designed for secure and stealthy shellcode execution. It incorporates advanced anti-debugging and anti-sandboxing techniques to evade detection and analysis, making it suitable for penetration testing
This application will enable users to upload, download, and share files with others, all while enforcing stringent security measures. Your mission is to demonstrate your full-stack development expertise and your deep understanding of cybersecurity best pr
minimal siem and ids stack
Security Listener is a Python based Scanner that analyzes security misconfigurations about HTTP Headers, SSL Certificates, DNS and some common web vulnerabilities.
This project was an assignment in university to create a real-life organization structure and network security implementation in packet tracer.
Ensure only trusted connections reach your Velocity proxy with the Velocity IP Whitelist plugin. This lightweight and efficient plugin restricts access to your proxy, allowing only pre-approved IPs to connect. Any non-whitelisted IPs are automatically blo
Introduction to Spring security
In this project, I implemented several features like, Account opening, Money Transfer, Online atm service, atm transaction, loan service,online ekyc, online npci. This project follows strong spring security feature, role based access, jwt authorization an
A Proof of concept for Prime based quantum algorithms.
Spring-Security-6-with-JWT
AsyncRAT stands as a Remote Access Tool (RAT) conceived for the purpose of distant supervision and command over remote computers through an encrypted connection ensuring security.
security_jwt
Submission as part of the application to be on Hack the North 2025's Backend Organizing Team
ed inspired discord client proof of concept lol
A proof of concept (POC) to debug the Flutter module/app when it is invoked from the native side.
use Cursor AI create a basic project of spring boot security
CPMCheats is an advanced hacking tool designed to unlock exclusive features in games. Developed by Rick Developer, it includes Anti-Ban and Anti-Blacklist protections, ensuring a safer experience
Information_security
hack-for-charity-2025
AI Travel Agent proof of concept
MEV Uniswap Bot – A sophisticated bot built for executing MEV-based trading strategies, including sandwich attacks, on Uniswap. Maximizes profitability with high security and compatibility across EVM networks. Perfect for traders and developers looking to
proof_of_concept
A collection of cross-platform Python tools for network security testing and defense, focusing on ARP-based attacks and protections
My hacker Rank questions on C language.
The goal is to develop robust models that address the unique challenges of each transaction type, utilizing geolocation and transaction pattern recognition for improved accuracy. Effective fraud detection not only enhances transaction security but also m
Spring MVC security
SecurityHive – A Curated Collection of Cybersecurity & Privacy Tools.
security-scan-app
A serverless solution using AWS Lambda to monitor and alert on specific security-related events in an AWS environment.
cyber security tools website
This repository contains a Spring Boot application that analyzes Maven dependencies, generates a CycloneDX SBOM, uploads it to Dependency-Track for security analysis, and retrieves vulnerability reports. In case of a critical vulnerability, it will genera
this repository created due to learnig security
A minimal proof-of-concept application that enables a user to upload their CV and receive back a score out of 10 as well as several recommendations for improvement.
This repository holds all my work from the Sector 21 100-day cyber security workshop, including notes, projects, and other resources.
CyberSecurity
Jwt_Security_Project
Repositorio para el primer laboratorio del curso de Security Data Science.
Quickly get up to speed with the basics of Spring Security.
A secure messaging platform where two users share a unique address|seed pair to communicate. Designed to resist replay attacks, brute force, and sniffing—even if the server is compromised. Security is handled entirely on the client side, with messages enc
Static Webpage for Cyber Security clUB
A powerful and scalable full-stack solution built with React, Spring Boot, MySQL, Spring Security, and JWT. Designed for seamless appointment scheduling, medical record management, and hospital administration, ensuring efficiency and security for patients
spring-security-study
The initial framework for an LLM App Based Security System. Intended to improve measures used by SecGPT to guard against malicious LLM apps with isolated execution spaces
Iterated Prisoner's Dillema runner for Hack Club
This project is a proof-of-concept game that explores computer vision and extended reality as an alternative to conventional input devices like joysticks and gaming gadgets. Players control in-game elements using hand gestures, making the gameplay more im
FastLLM - Rust based LLM Inference API
Rom hack of Desert Strike for the Mega Drive adding 6button + SRAM support
SpringSecurity
🛜 A basic Windows Python local WiFi cracker, using netsh.
A (un)hackable Bank website
Hacks around Diablo II savegames
securityHomework1
My GitHub CVE repository showcases documented security vulnerabilities, including analysis, exploit demonstrations, and mitigation strategies. It reflects your expertise in ethical hacking, penetration testing, and responsible disclosure, serving as a val
Applications of ML to cyber security problems
Generate Azure DNS Domain Lists for usage with Azure DNS Security Policy for your Azure Private DNS Zones used by Azure Private Link
SecurityParser
Proof of concept for PWA water chlorination project
Hardware Security project for encrypting and decrypting in various cases
MIT Reality Hack'25
This project focuses on identifying encryption algorithms and providing recommendations using machine learning (ML) and deep learning (DL) techniques. It leverages advanced models to analyse encrypted data, ensuring enhanced security and optimized algorit
Master Hacker Chapter 5
Replication Package of TOSEM Submission " Securing the Foundation of AI: A Deep Dive into Dependency Management and Security in Deep Learning Frameworks"
Information_Security
This repository contains all the information I have learnt and the steps I have taken in Hack The Box labs from the beginning. Enjoy and happy hacking!
This project demonstrates a Proof of Concept (PoC) for deploying Security Onion on AWS to gain hands-on experience in building a Security Operations Center (SOC) environment. Security Onion is an open-source Linux distribution designed for intrusion detec
SecurityHero
hacking_tools
This project is an API designed to store example bot commands for Discord. It is implemented with a focus on security, simplicity, and a scalable architecture.
Information_and_Network_Security_Lab_Programs
Code Examples for FSU CIS5370
Spring-Security-Implementation
spring-boot-security-basics
👋 Hi, I'm Prathamesh Kamble | DevOps & Networking Enthusiast 🚀 Aspiring DevOps Engineer | Networking & Cloud Enthusiast | Security Aware I am a computer engineering fresher passionate about DevOps, cloud infrastructure, automation, and networking.
IP Finder tool, ipfinder collects ip address from different sources like Shodan, Zoomeye, Viewdns, dig command, etc.
Coding exercises from Code Wars, Hacker Rank, and LeetCode
A project about Container Security
🔎 Static code analysis engine to find security issues in code.
Remove "sudo" access from your user to improve security
Spring Securuty(다중 토큰) Template
Automatically audit your Linux/macOS/Windows machine for basic security hygiene.
📚 Information System Security Course Project | A GitHub Page for submitting assignments and showcasing work for the Information System Security course.
Project Zomboid Hack 41.78+ | Spawn Items, Admin Access and more
This module provisions dedicated hosts and dedicated host groups, which are designed to provide total isolation, control, and security for your heavy, mission-critical workloads.
Olá! 👋 Sou o Louis Desenvolvedor e programador de 13 anos, com experiência em desenvolvimento web, redes e hacking ético. Sempre buscando aprender e crescer na área de tecnologia!
Define security in your APIs. Pluggable auth, authz, and rate limiting for Connect/gRPC services via Protobuf options.
This tool includes an HWID spoofer, customizable aimbot, character ESP, and 2D radar for enhanced gameplay. gta-5-hack gta-5-cheat gta-5-mod-menu gta-5 gta-v-mod-menu gta-v-hack gta-online-mod-menu gta-online-hack gta-online-esp gta-5-esp gta-5-aimbot gta
Infrastructure for the Cyber Security Club at The Ohio State University
A free and open-source utility modification for PixelGun3D featuring AimBot, ESP, Infinite Ammo, Rapid Fire, and more. Created for educational and security research purposes, this software includes various enhancements and cheats for the game. Always avai
Proof of Concept to get a grip on some load testing with Gatling in Kotlin
Software for stm-midi-poc1 - STM MIDI Synthesizer Proof of Concept 1 hardware
Proof of Concept for RIP-7755
daily-reports for QB Networks and Masscollabs Services and all
Default open source projects templates (CONTRIBUTING.md, CODE_OF_CONDUCT.md, SECURITY.md, etc.).
Api_securitytest_framework
A cloud-based volunteer management system that connects users with non-profit organizations. Designed for scalability, security, and high availability using AWS Services.
Security Terms
RACFu (RACF universal) - A unified and standardized interface to RACF callable services.
Open source O-RAN 5G security testing tool
Roblox Specter Hacks.
自分用hack the boxのメモ
A mod for teardown that adds a handheld version of the laser from quilez security
郑州大学网络空间安全学院信息安全专业本科生实验报告及资料分享(个人)
DVO is a blockchain-powered voting platform designed to bring transparency, security, and efficiency to elections. Whether for student governments, organizations, or large-scale institutions, DVO ensures a tamper-proof, verifiable, and user-friendly votin
Provide examples of proof of concepts in Java.
jwt-apigateway-security
Security audits, disclosures and keys
Kevin's Security Attic (dandylife.net in the past)
The CyberTalents repository is a collection of solutions and write-ups for challenges sourced from the CyberTalents platform. Organized topic, this repository serves as a resource for cybersecurity enthusiasts seeking to enhance their skills and understa
A very hackable python venv manager with tab completion written entirely in bash
Project for the course INSE 6130: Operating Systems Security, Fall 2024
Decentra Vision - On-chain Security: Offering my services as an independent smart contract security researcher
GitHub Actions for trivy config
Hacking-Scripts
A simple socket library supporting TCP and TLS in C++ (Windows/Linux)
A repository of notebooks and data sources for data engineers, data analysts and data scientists, chiefly proof of concept level
Application secrets and configuration management for developers.
proof of concept for small multiplayer games based on aspect-js and xml-micro-exchange
Command line client for Eppie — an encrypted p2p email
NetworkSecurity
Eppie — open protocol encrypted p2p email
Proof of concept using the Google Cloud SDK to generate JSON for Pulumi import
PREVENTS/AVO multidisciplinary graphing (proof-of-concept)
Secure firmware framework focusing on developer experience
my AKS related scripts / hacks
security-against-web
Harden Windows Safely, Securely using Official Supported Microsoft methods and proper explanation | Always up-to-date and works with the latest build of Windows | Provides tools and Guides for Personal, Enterprise, Government and Military security levels
Shoddy and rudimentary UDP P2P client that I wrote for university. It has no security or anything like that. Avoid!
Educational class and my research blog on web security/privacy.
This is hacking software that combines two popular hacking software Nmap and Hydra
Decentralized P2P marketplace for Monero users (proof of concept)
Proof of concept C to C# and C# to C code transpiler using LLVM and Roslyn
github-workflow-supply-chain-security-validation
A proof-of-concept greedy trading algorithm.
The ultimate customizable dash-cam platform, with ALPR and object recognition capabilities
portchecker.io is a free online utility to check the port status of a given hostname or IP address.
Proof of concept of job-shop-collection's Job Set Editor's interactions with other parts of the app.
🧪 Homepage for Testausserveri - community of young Finnish hackers
Learning the basics of the iOS defacto language for proof of concepts using Kotlin Multiplatofrm Mobile (KMM).
Advanced API Toolkit for Digital Securities Issuance and Management on the ibet Network 🚀
MaxSecurity
Powerful application passwords manager for WordPress with role-based usage control and full analytics reporting capabilities.
portal for hackers at nwplus hackathons
Free-online-security-services
Icinga plugin to fetch security vulnerabilities for a GitHub organization.
Use DOMPurify on server and client in the same way
A CLI project wrapping application security testing (AST) APIs
OWASP Security Bot - Lambda methods for Jira
Repository to store my Python code and hacks
Garie plugin for security headers check
The CVE Binary Tool helps you determine if your system includes known vulnerabilities. You can scan binaries for over 350 common, vulnerable components (openssl, libpng, libxml2, expat and others), or if you know the components used, you can get a list of
Directory of security contacts for blockchain companies
Random code examples and proof of concepts
Authentication and Authorization library for scalecube services.
Proof-of-concept pilot implementation of the SysML v2 textual notation and visualization
Securing REST API with Spring Security OAuth2
This is an example project where a Spring REST API is secured using JSON Web Tokens. Since there are relatively few examples available for Java and there are some pitfalls (such as most sources pointing to a Java lib that's not straightforward to use) I d
Utilidades y herramientas de explotación SSH ( hackingyseguridad.com )
Find, verify, and analyze leaked credentials
Quick and simple security for Flask applications
syzkaller is an unsupervised coverage-guided kernel fuzzer
Cloud Security Posture Management (CSPM)
USBGuard is a software framework for implementing USB device authorization policies (what kind of USB devices are authorized) as well as method of use policies (how a USB device may interact with the system)
a set of tools for hacking some old school videogames
The easiest, and most secure way to access and protect all of your infrastructure.
Official OpenMage LTS codebase | Migrate easily from Magento Community Edition in minutes! Download the source code for free or contribute to OpenMage LTS | Security vulnerability patches, bug fixes, performance improvements and more.
A lightweight, cryptography-powered, open-source toolkit built to enforce Zero Trust security for infrastructure, applications, and data in the AI-driven world.
Example applications using the wolfSSL lightweight SSL/TLS library
SUSE Hack Week tools and data
CVE-2024-13850 -- The Simple add pages or posts plugin for WordPress is vulnerable to Stored Cross-Site Scripting in all versions up to, and including, 2.0.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, wit
CVE-2024-54176 -- IBM DevOps Deploy 8.0 through 8.0.1.4, 8.1 through 8.1.0.0 and IBM UrbanCode Deploy (UCD) 7.0 through 7.0.5.25, 7.1 through 7.1.2.21, 7.2 through 7.2.3.14 and 7.3 through 7.3.2 could allow an authenticated user to obtain sensitive information about other
CVE-2025-0169 -- The DWT - Directory & Listing WordPress Theme is vulnerable to Stored Cross-Site Scripting via shortcodes in versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possibl
CVE-2025-0316 -- The WP Directorybox Manager plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 2.5. This is due to incorrect authentication in the 'wp_dp_enquiry_agent_contact_form_submit_callback' function. This makes it possib
CVE-2025-1115 -- A vulnerability classified as problematic was found in RT-Thread up to 5.1.0. Affected by this vulnerability is the function sys_thread_create of the file rt-thread/components/lwp/lwp_syscall.c. The manipulation of the argument arg[0] leads to information
CVE-2025-1116 -- A vulnerability, which was classified as critical, has been found in Dreamvention Live AJAX Search Free up to 1.0.6 on OpenCart. Affected by this issue is the function searchresults/search of the file /?route=extension/live_search/module/live_search.searc
CVE-2025-1117 -- A vulnerability, which was classified as critical, was found in CoinRemitter 0.0.1/0.0.2 on OpenCart. This affects an unknown part. The manipulation of the argument coin leads to sql injection. It is possible to initiate the attack remotely. The exploit h
CVE-2021-27017 -- Utilization of a module presented a security risk by allowing the deserialization of untrusted/user supplied data. This is resolved in the Puppet Agent 7.4.0 release.
CVE-2021-41527 -- An error related to the 2-factor authorization (2FA) on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to bypass the 2FA. The vulnerability requires that the 2FA setup hasn’t been completed.
CVE-2021-41528 -- An error when handling authorization related to the import / export interfaces on the RISC Platform prior to the saas-2021-12-29 release can potentially be exploited to access the import / export functionality with low privileges.
CVE-2022-26388 -- A use of hard-coded password vulnerability may allow authentication abuse.This issue affects ELI 380 Resting Electrocardiograph:
CVE-2022-26389 -- An improper access control vulnerability may allow privilege escalation.This issue affects: 
CVE-2024-10383 -- An issue has been discovered in the gitlab-web-ide-vscode-fork component distributed over CDN affecting all versions prior to 1.89.1-1.0.0-dev-20241118094343and used by all versions of GitLab CE/EE starting from 15.11 prior to 17.3 and which also temporar
CVE-2024-13352 -- The Legull WordPress plugin through 1.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVE-2024-13352 -- The Legull WordPress plugin through 1.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVE-2024-13492 -- The Guten Free Options WordPress plugin through 0.9.5 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
CVE-2024-13841 -- The Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 1.0.0 via the 'bse-elementor-template' shortcode due to insufficient restricti
CVE-2024-35106 -- NEXTU FLETA AX1500 WIFI6 v1.0.3 was discovered to contain a buffer overflow at /boafrm/formIpQoS. This vulnerability allows attackers to cause a Denial of Service (DoS) or potentially arbitrary code execution via a crafted POST request.
CVE-2024-48091 -- Tally Prime Edit Log v2.1 was discovered to contain a DLL hijacking vulnerability via the component TextShaping.dll. This vulnerability allows attackers to execute arbitrary code via a crafted DLL.
CVE-2024-52881 -- An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to the use of a hard-coded key, an attacker is able to decrypt sensitive data such as passwords extracted from the topology file.
CVE-2024-52882 -- An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to improper neutralization of input via the devices API, an attacker can inject malicious JavaScript code (XSS) to attack logged-in administrator sessions.
CVE-2024-52883 -- An issue was discovered in AudioCodes One Voice Operations Center (OVOC) before 8.4.582. Due to a path traversal vulnerability, sensitive data can be read without any authentication.
CVE-2024-52884 -- An issue was discovered in AudioCodes Mediant Session Border Controller (SBC) before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access to configuration exports (INI) is able to decrypt the passwords.
CVE-2024-52884 -- An issue was discovered in AudioCodes Mediant Session Border Controller (SBC) before 7.40A.501.841. Due to the use of weak password obfuscation/encryption, an attacker with access to configuration exports (INI) is able to decrypt the passwords.
CVE-2024-55213 -- Directory Traversal vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the File Listing function.
CVE-2024-55214 -- Local File Inclusion vulnerability in dhtmlxFileExplorer v.8.4.6 allows a remote attacker to obtain sensitive information via the file download functionality.
CVE-2024-55215 -- An issue in trojan v.2.0.0 through v.2.15.3 allows a remote attacker to escalate privileges via the initialization interface /auth/register.
CVE-2024-55272 -- An issue in Brainasoft Braina v2.8 allows a remote attacker to obtain sensitive information via the chat window function.
CVE-2024-55630 -- Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. Joplin's HTML sanitizer allows the `name` attribute to be specified. If `name` is set to the same value as an existing `doc
CVE-2024-57248 -- Directory Traversal in File Upload in Gleamtech FileVista 9.2.0.0 allows remote attackers to achieve Code Execution, Information Disclosure, and Escalation of Privileges via injecting malicious payloads in HTTP requests to manipulate file paths, bypass ac
CVE-2024-57249 -- Incorrect Access Control in the Preview Function of Gleamtech FileVista 9.2.0.0 allows remote attackers to gain unauthorized access via exploiting a vulnerability in access control mechanisms by removing authentication-related HTTP headers, such as the Co
CVE-2024-57278 -- A reflected Cross-Site Scripting (XSS) vulnerability exists in /webscan/sqlmap/index.html in QingScan <=v1.8.0. The vulnerability is caused by improper input sanitization of the query parameter, allowing an attacker to inject malicious JavaScript payloads
CVE-2024-57279 -- A reflected Cross-Site Scripting (XSS) vulnerability has been identified in the LDAP User Manager <= ce92321, specifically in the /setup/index.php endpoint via the returnto parameter. This vulnerability arises due to improper sanitization of user-supplied
CVE-2024-57357 -- An issue in TPLINK TL-WPA 8630 TL-WPA8630(US)_V2_2.0.4 Build 20230427 allows a remote attacker to execute arbitrary code via function sub_4256CC, which allows command injection by injecting 'devpwd'.
CVE-2024-57606 -- SQL injection vulnerability in Beijing Guoju Information Technology Co., Ltd JeecgBoot v.3.7.2 allows a remote attacker to obtain sensitive information via the getTotalData component.
CVE-2024-57707 -- An issue in DataEase v1 allows an attacker to execute arbitrary code via the user account and password components.
CVE-2024-7419 -- The WP ALL Export Pro plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1.9.1 via the custom export fields. This is due to the missing input validation and sanitization of user-supplied data. This makes it p
CVE-2024-7425 -- The WP ALL Export Pro plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to improper user input validation and sanitization in all versions up to, and including, 1.9.1. This makes it possible
CVE-2024-9661 -- The WP All Import Pro plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 4.9.7. This is due to missing nonce validation on the delete_and_edit function. This makes it possible for unauthenticated attacke
CVE-2024-9664 -- The WP All Import Pro plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 4.9.7 via deserialization of untrusted input from an import file. This makes it possible for authenticated attackers, with Administrator
CVE-2025-0302 -- in OpenHarmony v4.1.2 and prior versions allow a local attacker cause DOS through integer overflow.
CVE-2025-0303 -- in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through buffer overflow.
CVE-2025-0304 -- in OpenHarmony v4.1.2 and prior versions allow a local attacker cause the common permission is upgraded to root and sensitive information leak through use after free.
CVE-2025-0674 -- Multiple Elber products are affected by an authentication bypass
CVE-2025-0675 -- Multiple Elber products suffer from an unauthenticated device configuration and client-side hidden functionality disclosure.
CVE-2025-1061 -- The Nextend Social Login Pro plugin for WordPress is vulnerable to authentication bypass in versions up to, and including, 3.1.16. This is due to insufficient verification on the user being supplied during the Apple OAuth authenticate request through the
CVE-2025-1072 -- A Denial of Service (DoS) issue has been discovered in GitLab CE/EE affecting all versions starting from 7.14.1 prior to 17.3.7, 17.4 prior to 17.4.4, and 17.5 prior to 17.5.2. A denial of service could occur upon importing maliciously crafted content usi
CVE-2025-1077 -- A security vulnerability has been identified in the IBL Software Engineering Visual Weather and derived products (NAMIS, Aero Weather, Satellite Weather). The vulnerability is present in the Product Delivery Service (PDS) component in specific server conf
CVE-2025-1084 -- A vulnerability, which was classified as problematic, has been found in Mindskip xzs-mysql ????????? 3.9.0. Affected by this issue is some unknown functionality. The manipulation leads to cross-site request forgery. The attack may be launched remotely. Th
CVE-2025-1085 -- A vulnerability, which was classified as problematic, was found in Animati PACS up to 1.24.12.09.03. This affects an unknown part of the file /login. The manipulation of the argument p leads to cross site scripting. It is possible to initiate the attack r
CVE-2025-1086 -- A vulnerability has been found in Safetytest Cloud-Master Server up to 1.1.1 and classified as critical. This vulnerability affects unknown code of the file /static/. The manipulation leads to path traversal: '../filedir'. The attack can be initiated remo
CVE-2025-1103 -- A vulnerability, which was classified as problematic, was found in D-Link DIR-823X 240126/240802. This affects the function set_wifi_blacklists of the file /goform/set_wifi_blacklists of the component HTTP POST Request Handler. The manipulation of the arg
CVE-2025-1104 -- A vulnerability has been found in D-Link DHP-W310AV 1.04 and classified as critical. This vulnerability affects unknown code. The manipulation leads to authentication bypass by spoofing. The attack can be initiated remotely. The exploit has been disclosed
CVE-2025-1105 -- A vulnerability was found in SiberianCMS 4.20.6. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /app/sae/design/desktop/flat of the component HTTP GET Request Handler. The manipulation leads to cross sit
CVE-2025-1106 -- A vulnerability classified as critical has been found in CmsEasy 7.7.7.9. This affects the function deletedir_action/restore_action in the library lib/admin/database_admin.php. The manipulation leads to path traversal. It is possible to initiate the attac
CVE-2025-1107 -- Unverified password change vulnerability in Janto, versions prior to r12. This could allow an unauthenticated attacker to change another user's password without knowing their current password. To exploit the vulnerability, the attacker must create a speci
CVE-2025-1108 -- Insufficient data authenticity verification vulnerability in Janto, versions prior to r12. This allows an unauthenticated attacker to modify the content of emails sent to reset the password. To exploit the vulnerability, the attacker must create a POST re
CVE-2025-1113 -- A vulnerability was found in taisan tarzan-cms up to 1.0.0. It has been rated as critical. This issue affects the function upload of the file /admin#themes of the component Add Theme Handler. The manipulation leads to deserialization. The attack may be in
CVE-2025-1114 -- A vulnerability classified as problematic has been found in newbee-mall 1.0. Affected is the function save of the file /admin/categories/save of the component Add Category Page. The manipulation of the argument categoryName leads to cross site scripting.
CVE-2025-22402 -- Dell Update Manager Plugin, version(s) 1.5.0 through 1.6.0, contain(s) an Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerabilit
CVE-2025-22880 -- Delta Electronics CNCSoft-G2 lacks proper validation of the length of user-supplied data prior to copying it to a fixed-length heap-based buffer. If a target visits a malicious page or opens a malicious file an attacker can leverage this vulnerability to
CVE-2025-23085 -- A memory leak could occur when a remote peer abruptly closes the socket without sending a GOAWAY notification. Additionally, if an invalid header was detected by nghttp2, causing the connection to be terminated by the peer, the same leak was triggered. Th
CVE-2025-24028 -- Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by differences between how Joplin's HTML sanitizer handles comments and how the browser handle
CVE-2025-24366 -- SFTPGo is an open source, event-driven file transfer solution. SFTPGo supports execution of a defined set of commands via SSH. Besides a set of default commands some optional commands can be activated, one of them being `rsync`. It is disabled in the defa
CVE-2025-24980 -- pimcore/admin-ui-classic-bundle provides a Backend UI for Pimcore. In affected versions an error message discloses existing accounts and leads to user enumeration on the target via "Forgot password" function. No generic error message has been implemented.
CVE-2025-25069 -- A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks.
CVE-2025-25071 -- Cross-Site Request Forgery (CSRF) vulnerability in topplugins Vignette Ads allows Stored XSS. This issue affects Vignette Ads: from n/a through 0.2.
CVE-2025-25072 -- Cross-Site Request Forgery (CSRF) vulnerability in thunderbax WP Admin Custom Page allows Stored XSS. This issue affects WP Admin Custom Page: from n/a through 1.5.0.
CVE-2025-25073 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Vasilis Triantafyllou Easy WP Tiles allows Stored XSS. This issue affects Easy WP Tiles: from n/a through 1.
CVE-2025-25074 -- Cross-Site Request Forgery (CSRF) vulnerability in Nirmal Kumar Ram WP Social Stream allows Stored XSS. This issue affects WP Social Stream: from n/a through 1.1.
CVE-2025-25075 -- Cross-Site Request Forgery (CSRF) vulnerability in Venugopal Show notice or message on admin area allows Stored XSS. This issue affects Show notice or message on admin area: from n/a through 2.0.
CVE-2025-25076 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in nicholaswilson Graceful Email Obfuscation allows Stored XSS. This issue affects Graceful Email Obfuscation: from n/a through 0.2.2.
CVE-2025-25077 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in dugbug Easy Chart Builder for WordPress allows Stored XSS. This issue affects Easy Chart Builder for WordPress: from n/a through 1.3.
CVE-2025-25078 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Andrew Norcross Google Earth Embed allows Stored XSS. This issue affects Google Earth Embed: from n/a through 1.0.
CVE-2025-25079 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Garrett Grimm Simple Select All Text Box allows Stored XSS. This issue affects Simple Select All Text Box: from n/a through 3.2.
CVE-2025-25080 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in gubbigubbi Kona Gallery Block allows Stored XSS. This issue affects Kona Gallery Block: from n/a through 1.7.
CVE-2025-25081 -- Missing Authorization vulnerability in DeannaS Embed RSS allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Embed RSS: from n/a through 3.1.
CVE-2025-25082 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Max Chirkov FlexIDX Home Search allows Stored XSS. This issue affects FlexIDX Home Search: from n/a through 2.1.2.
CVE-2025-25085 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in matt_mcbrien WP SimpleWeather allows Stored XSS. This issue affects WP SimpleWeather: from n/a through 0.2.5.
CVE-2025-25088 -- Cross-Site Request Forgery (CSRF) vulnerability in blackus3r WP Keyword Monitor allows Stored XSS. This issue affects WP Keyword Monitor: from n/a through 1.0.5.
CVE-2025-25091 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in zackdesign NextGen Cooliris Gallery allows Stored XSS. This issue affects NextGen Cooliris Gallery: from n/a through 0.7.
CVE-2025-25093 -- Cross-Site Request Forgery (CSRF) vulnerability in paulswarthout Child Themes Helper allows Path Traversal. This issue affects Child Themes Helper: from n/a through 2.2.7.
CVE-2025-25094 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Amitythemes.com Breaking News Ticker allows Stored XSS. This issue affects Breaking News Ticker: from n/a through 2.4.4.
CVE-2025-25095 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in reverbnationdev ReverbNation Widgets allows Stored XSS. This issue affects ReverbNation Widgets: from n/a through 2.1.
CVE-2025-25096 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in titusbicknell RSS in Page allows Stored XSS. This issue affects RSS in Page: from n/a through 2.9.1.
CVE-2025-25097 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in kwiliarty External Video For Everybody allows Stored XSS. This issue affects External Video For Everybody: from n/a through 2.1.1.
CVE-2025-25098 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Zack Katz Links in Captions allows Stored XSS. This issue affects Links in Captions: from n/a through 1.2.
CVE-2025-25101 -- Cross-Site Request Forgery (CSRF) vulnerability in MetricThemes Munk Sites allows Cross Site Request Forgery. This issue affects Munk Sites: from n/a through 1.0.7.
CVE-2025-25103 -- Cross-Site Request Forgery (CSRF) vulnerability in bnielsen Indeed API allows Cross Site Request Forgery. This issue affects Indeed API: from n/a through 0.5.
CVE-2025-25104 -- Cross-Site Request Forgery (CSRF) vulnerability in mraliende URL-Preview-Box allows Cross Site Request Forgery. This issue affects URL-Preview-Box: from n/a through 1.20.
CVE-2025-25105 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in coffeestudios Pop Up allows Stored XSS. This issue affects Pop Up: from n/a through 0.1.
CVE-2025-25106 -- Cross-Site Request Forgery (CSRF) vulnerability in FancyWP Starter Templates by FancyWP allows Cross Site Request Forgery. This issue affects Starter Templates by FancyWP: from n/a through 2.0.0.
CVE-2025-25107 -- Cross-Site Request Forgery (CSRF) vulnerability in sainwp OneStore Sites allows Cross Site Request Forgery. This issue affects OneStore Sites: from n/a through 0.1.1.
CVE-2025-25110 -- Missing Authorization vulnerability in Metagauss Event Kikfyre allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Event Kikfyre: from n/a through 2.1.8.
CVE-2025-25111 -- Cross-Site Request Forgery (CSRF) vulnerability in WP Spell Check WP Spell Check allows Cross Site Request Forgery. This issue affects WP Spell Check: from n/a through 9.21.
CVE-2025-25116 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in sudipto Link to URL / Post allows Blind SQL Injection. This issue affects Link to URL / Post: from n/a through 1.3.
CVE-2025-25117 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Alex Polonski Smart Countdown FX allows Stored XSS. This issue affects Smart Countdown FX: from n/a through 1.5.5.
CVE-2025-25120 -- Missing Authorization vulnerability in Melodic Media Slide Banners allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Slide Banners: from n/a through 1.3.
CVE-2025-25123 -- Cross-Site Request Forgery (CSRF) vulnerability in xdark Easy Related Posts allows Stored XSS. This issue affects Easy Related Posts: from n/a through 2.0.2.
CVE-2025-25125 -- Cross-Site Request Forgery (CSRF) vulnerability in CyrilG Fyrebox Quizzes allows Stored XSS. This issue affects Fyrebox Quizzes: from n/a through 2.7.
CVE-2025-25126 -- Cross-Site Request Forgery (CSRF) vulnerability in zmseo ZMSEO allows Stored XSS. This issue affects ZMSEO: from n/a through 1.14.1.
CVE-2025-25128 -- Cross-Site Request Forgery (CSRF) vulnerability in orlandolac Facilita Form Tracker allows Stored XSS. This issue affects Facilita Form Tracker: from n/a through 1.0.
CVE-2025-25135 -- Cross-Site Request Forgery (CSRF) vulnerability in Victor Barkalov Custom Links On Admin Dashboard Toolbar allows Stored XSS. This issue affects Custom Links On Admin Dashboard Toolbar: from n/a through 3.3.
CVE-2025-25136 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in shujahat21 Optimate Ads allows Stored XSS. This issue affects Optimate Ads: from n/a through 1.0.3.
CVE-2025-25138 -- Cross-Site Request Forgery (CSRF) vulnerability in Rishi On Page SEO + Whatsapp Chat Button allows Stored XSS. This issue affects On Page SEO + Whatsapp Chat Button: from n/a through 2.0.0.
CVE-2025-25139 -- Cross-Site Request Forgery (CSRF) vulnerability in Cynob IT Consultancy WP Custom Post RSS Feed allows Stored XSS. This issue affects WP Custom Post RSS Feed: from n/a through 1.0.0.
CVE-2025-25140 -- Cross-Site Request Forgery (CSRF) vulnerability in Scriptonite Simple User Profile allows Stored XSS. This issue affects Simple User Profile: from n/a through 1.9.
CVE-2025-25141 -- Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in zankover Fami Sales Popup allows PHP Local File Inclusion. This issue affects Fami Sales Popup: from n/a through 2.0.0.
CVE-2025-25143 -- Cross-Site Request Forgery (CSRF) vulnerability in ibasit GlobalQuran allows Cross Site Request Forgery. This issue affects GlobalQuran: from n/a through 1.0.
CVE-2025-25144 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in theasys Theasys allows Stored XSS. This issue affects Theasys: from n/a through 1.0.1.
CVE-2025-25145 -- Cross-Site Request Forgery (CSRF) vulnerability in jordan.hatch Infusionsoft Analytics allows Cross Site Request Forgery. This issue affects Infusionsoft Analytics: from n/a through 2.0.
CVE-2025-25146 -- Cross-Site Request Forgery (CSRF) vulnerability in saleandro Songkick Concerts and Festivals allows Cross Site Request Forgery. This issue affects Songkick Concerts and Festivals: from n/a through 0.9.7.
CVE-2025-25147 -- Cross-Site Request Forgery (CSRF) vulnerability in Phillip.Gooch Auto SEO allows Stored XSS. This issue affects Auto SEO: from n/a through 2.5.6.
CVE-2025-25148 -- Cross-Site Request Forgery (CSRF) vulnerability in ElbowRobo Read More Copy Link allows Stored XSS. This issue affects Read More Copy Link: from n/a through 1.0.2.
CVE-2025-25149 -- Cross-Site Request Forgery (CSRF) vulnerability in Danillo Nunes Login-box allows Stored XSS. This issue affects Login-box: from n/a through 2.0.4.
CVE-2025-25151 -- Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in StylemixThemes uListing allows SQL Injection. This issue affects uListing: from n/a through 2.1.6.
CVE-2025-25152 -- Cross-Site Request Forgery (CSRF) vulnerability in LukaszWiecek Smart DoFollow allows Stored XSS. This issue affects Smart DoFollow: from n/a through 1.0.2.
CVE-2025-25153 -- Cross-Site Request Forgery (CSRF) vulnerability in djjmz Simple Auto Tag allows Stored XSS. This issue affects Simple Auto Tag: from n/a through 1.1.
CVE-2025-25154 -- Cross-Site Request Forgery (CSRF) vulnerability in scweber Custom Comment Notifications allows Stored XSS. This issue affects Custom Comment Notifications: from n/a through 1.0.8.
CVE-2025-25155 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in efreja Music Sheet Viewer allows Path Traversal. This issue affects Music Sheet Viewer: from n/a through 4.1.
CVE-2025-25156 -- Cross-Site Request Forgery (CSRF) vulnerability in Stanko Metodiev Quote Comments allows Stored XSS. This issue affects Quote Comments: from n/a through 2.2.1.
CVE-2025-25159 -- Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in robert_kolatzek WP doodlez allows Stored XSS. This issue affects WP doodlez: from n/a through 1.0.10.
CVE-2025-25160 -- Cross-Site Request Forgery (CSRF) vulnerability in Mark Barnes Style Tweaker allows Stored XSS. This issue affects Style Tweaker: from n/a through 0.11.
CVE-2025-25163 -- Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Zach Swetz Plugin A/B Image Optimizer allows Path Traversal. This issue affects Plugin A/B Image Optimizer: from n/a through 3.3.
CVE-2025-25166 -- Cross-Site Request Forgery (CSRF) vulnerability in gabrieldarezzo InLocation allows Stored XSS. This issue affects InLocation: from n/a through 1.8.
CVE-2025-25167 -- Missing Authorization vulnerability in blackandwhitedigital BookPress – For Book Authors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects BookPress – For Book Authors: from n/a through 1.2.7.
CVE-2025-25168 -- Cross-Site Request Forgery (CSRF) vulnerability in blackandwhitedigital BookPress – For Book Authors allows Cross-Site Scripting (XSS). This issue affects BookPress – For Book Authors: from n/a through 1.2.7.
CVE-2025-25183 -- vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Maliciously constructed statements can lead to hash collisions, resulting in cache reuse, which can interfere with subsequent responses and cause unintended behavior. Pr
CVE-2025-25187 -- Joplin is a free, open source note taking and to-do application, which can handle a large number of notes organised into notebooks. This vulnerability is caused by adding note titles to the document using React's `dangerouslySetInnerHTML`, without first e