Aggregator

GitAlerts GitHub repositories created under any organization can be controlled by the GitHub administrators. However, any repository created under an organization’s user account is not controllable unless the organization has adopted the GitHub enterprise-managed...

The post git-alerts: detect and monitor GitHub org users’ public repositories for secrets and sensitive files appeared first on Penetration Testing Tools.

知情人士回应余承东卸任车 BU 董事长：并非不管汽车业务，更加聚焦华为终端与鸿蒙智行

知情人士回应余承东卸任车 BU 董事长：并非不管汽车业务，更加聚焦华为终端与鸿蒙智行

知情人士回应余承东卸任车 BU 董事长：并非不管汽车业务，更加聚焦华为终端与鸿蒙智行

HashDB IDA Plugin Malware string hash lookup plugin for IDA Pro. This plugin connects to the OALABS HashDB Lookup Service. Adding New Hash Algorithms The hash algorithm database is open source and new algorithms can...

The post hashdb-ida: Malware string hash lookup plugin for IDA Pro appeared first on Penetration Testing Tools.

Next.js Middleware 15.2.2 - Authorization Bypass

Kubio AI Page Builder 2.5.1 - Local File Inclusion (LFI)

Exclusive Addons for Elementor 2.6.9 - Stored Cross-Site Scripting (XSS)

Royal Elementor Addons and Templates 1.3.78 - Unauthenticated Arbitrary File Upload

Microchip TimeProvider 4100 Grandmaster (Data plot modules) 2.4.6 - SQL Injection

IBM Security Verify Access 10.0.0 - Open Redirect during OAuth Flow

Currently trending CVE - Hype Score: 1 - Specifically crafted MongoDB wire protocol messages can cause mongos to crash during command validation. This can occur without using an authenticated connection. This issue affects MongoDB v5.0 versions prior to 5.0.31,  MongoDB v6.0 versions prior to 6.0.20 and MongoDB v7.0 ...

Currently trending CVE - Hype Score: 10 - VyOS 1.3 through 1.5 (fixed in 1.4.2) or any Debian-based system using dropbear in combination with live-build has the same Dropbear private host keys across different installations. Thus, an attacker can conduct active man-in-the-middle attacks against SSH connections if ...

Currently trending CVE - Hype Score: 10 - This vulnerability involves command injection in tcpdump within Moxa products, enabling an authenticated attacker with console access to exploit improper input validation to inject and execute systems commands. Successful exploitation could result in privilege escalation, ...

Currently trending CVE - Hype Score: 1 - A vulnerability classified as critical has been found in 1902756969 reggie 1.0. Affected is the function download of the file src/main/java/com/itheima/reggie/controller/CommonController.java. The manipulation of the argument name leads to path traversal. It is possible to ...

This daily article is intended to make it easier for those who want to stay updated with my regular Dark Web Informer and X/Twitter posts.

Threat Attack Daily - 4th of April 2025