Welcome to the ThreatPerspective Security Information Center
Welcome to the Security Information CenterThis is a portal site created by ThreatPerspective to enable our clients and other interested parties to learn more about Information Security. The boxes on the left correlate to free information and tools that realate to Information Security. The boxes on the right are various Information Security related news feeds.CISA Cybersecurity Advisories
https://www.cisa.gov/
Defending Against China-Nexus Covert Networks of Compromised Devices
https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-113a
<div class="SCXW131754345 BCX8">
Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-097a
<h2><strong>Advisory at a Glance</strong></h2>
Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-343a
<h2><strong>Summary</strong></h2>
CISA Shares Lessons Learned from an Incident Response Engagement
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-266a
<h2><strong>Advisory at a Glance</strong></h2>
Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-239a
<h2><strong>Executive summary</strong></h2>
CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-212a
<div class="WordSection1">
#StopRansomware: Interlock
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-203a
<h2><strong>Summary</strong></h2>
Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-163a
<h2><strong>Summary</strong></h2>
Russian GRU Targeting Western Logistics Entities and Technology Companies
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141a
<h2><strong>Executive Summary</strong></h2>
Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141b
<h2><strong>Summary</strong></h2>
CISA Analysis Reports
https://www.cisa.gov/
FIRESTARTER Backdoor
https://www.cisa.gov/news-events/analysis-reports/ar26-113a
<h2><strong>Malware Analysis Report at a Glance</strong></h2>
BRICKSTORM Backdoor
https://www.cisa.gov/news-events/analysis-reports/ar25-338a
<h2><strong>Malware Analysis at a Glance</strong></h2>
Malicious Listener for Ivanti Endpoint Mobile Management Systems
https://www.cisa.gov/news-events/analysis-reports/ar25-261a
<table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap>
MAR-251132.c1.v1 Exploitation of SharePoint Vulnerabilities
https://www.cisa.gov/news-events/analysis-reports/ar25-218a
<h3>Notification</h3>
MAR-25993211-r1.v2 Ivanti Connect Secure (RESURGE)
https://www.cisa.gov/news-events/analysis-reports/ar25-087a
<h3>Notification</h3>
MAR-10448362-1.v1 Volt Typhoon
https://www.cisa.gov/news-events/analysis-reports/ar24-038a
<h3>Notification</h3>
MAR-10478915-1.v1 Citrix Bleed
https://www.cisa.gov/news-events/analysis-reports/ar23-325a
<p> </p>
MAR-10454006.r5.v1 SUBMARINE, SKIPJACK, SEASPRAY, WHIRLPOOL, and SALTWATER Backdoors
https://www.cisa.gov/news-events/analysis-reports/ar23-250a-0
<p> </p>
MAR-10430311-1.v1 Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
https://www.cisa.gov/news-events/analysis-reports/ar23-250a
<p> </p>
Infamous Chisel Malware Analysis Report
https://www.cisa.gov/news-events/analysis-reports/ar23-243a
<h4>Infamous Chisel–A collection of components associated with Sandworm designed to enable remote access and exfiltrate information from Android phones.</h4>
Bulletins
https://www.cisa.gov/
Vulnerability Summary for the Week of June 1, 2026
https://www.cisa.gov/news-events/bulletins/sb26-159
<div id="high_v">
Vulnerability Summary for the Week of May 25, 2026
https://www.cisa.gov/news-events/bulletins/sb26-152
<div id="high_v">
Vulnerability Summary for the Week of May 18, 2026
https://www.cisa.gov/news-events/bulletins/sb26-145
<div id="high_v">
Vulnerability Summary for the Week of May 11, 2026
https://www.cisa.gov/news-events/bulletins/sb26-138
<div id="high_v">
Vulnerability Summary for the Week of May 4, 2026
https://www.cisa.gov/news-events/bulletins/sb26-131
<div id="high_v">
Vulnerability Summary for the Week of April 27, 2026
https://www.cisa.gov/news-events/bulletins/sb26-125
<div id="high_v">
Vulnerability Summary for the Week of April 20, 2026
https://www.cisa.gov/news-events/bulletins/sb26-117
<div id="high_v">
Vulnerability Summary for the Week of April 13, 2026
https://www.cisa.gov/news-events/bulletins/sb26-110
<div id="high_v">
Vulnerability Summary for the Week of April 6, 2026
https://www.cisa.gov/news-events/bulletins/sb26-103
<div id="high_v">
Vulnerability Summary for the Week of February 2, 2026
https://www.cisa.gov/news-events/bulletins/sb26-040
<div id="high_v">
CERT Advisories
https://seclists.org/#cert
The <a href="http://www.cert.org/">Computer Emergency Response Team</a> has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.Apple Releases Security Updates for Multiple Products
https://seclists.org/cert/2023/3
<p>Posted by CISA on Mar 28</p>Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow<br>
Apple...<br>CISA Releases Six Industrial Control Systems Advisories
https://seclists.org/cert/2023/2
<p>Posted by CISA on Mar 23</p>Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow<br>
08:00 AM EDT...<br>CISA Releases Eight Industrial Control Systems Advisories
https://seclists.org/cert/2023/1
<p>Posted by CISA on Mar 21</p>Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow<br>
03/21/2023 08:00 AM...<br>CISA and NSA Release Enduring Security Framework Guidance on Identity and Access Management
https://seclists.org/cert/2023/0
<p>Posted by CISA on Mar 21</p>Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow<br>
CISA and NSA Release Enduring Security Framework Guidance on Identity and Access Management [...<br>Alerts
https://www.cisa.gov/
CISA Adds Two Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2026/06/08/cisa-adds-two-known-exploited-vulnerabilities-catalog
<p>CISA has added two new vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/06/05/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/06/03/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds Two Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2026/06/02/cisa-adds-two-known-exploited-vulnerabilities-catalog
<p>CISA has added two new vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/06/01/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/05/29/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
Supply Chain Compromises Impact Nx Console and GitHub Repositories
https://www.cisa.gov/news-events/alerts/2026/05/28/supply-chain-compromises-impact-nx-console-and-github-repositories
<p>CISA is prioritizing the response to multiple emerging software supply chain intrusion campaigns targeting developer ecosystems Continuous Integration/Continuous Development (CI/CD) pipelines. These recent incidents, including the GitHub compromise via a malicious Nx Console Visual Studio Code (VS Code) extension and the “Megalodon” supply chain intrusion campaign, demonstrate how cyber threat actors are abusing tools and processes that support enterprise, cloud, and DevOps environments—specifically CI/CD pipelines, code extensions and workflows. </p>
CISA Adds Three Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2026/05/27/cisa-adds-three-known-exploited-vulnerabilities-catalog
<p>CISA has added three new vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/05/26/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation. </p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/05/22/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds Two Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2026/05/21/cisa-adds-two-known-exploited-vulnerabilities-catalog
<p>CISA has added two new vulnerabilities to its <a href="/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2026/05/20/cisa-adds-seven-known-exploited-vulnerabilities-catalog
<p>CISA has added seven new vulnerabilities to its <a href="/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/05/15/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/05/14/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation. </p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/05/08/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/05/07/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/05/06/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation. </p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/05/01/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/04/30/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation. </p>
CISA Adds Two Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2026/04/28/cisa-adds-two-known-exploited-vulnerabilities-catalog
<p>CISA has added two new vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds Four Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2026/04/24/cisa-adds-four-known-exploited-vulnerabilities-catalog
<p>CISA has added four new vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/04/23/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/04/22/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds Eight Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2026/04/20/cisa-adds-eight-known-exploited-vulnerabilities-catalog
<div class="OutlineElement Ltr SCXW178812853 BCX8">
Supply Chain Compromise Impacts Axios Node Package Manager
https://www.cisa.gov/news-events/alerts/2026/04/20/supply-chain-compromise-impacts-axios-node-package-manager
<div class="OutlineElement Ltr SCXW232133708 BCX8">
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/04/16/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds Two Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2026/04/14/cisa-adds-two-known-exploited-vulnerabilities-catalog
<p>CISA has added two new vulnerabilities to its <a href="/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2026/04/13/cisa-adds-seven-known-exploited-vulnerabilities-catalog
<p>CISA has added seven new vulnerabilities to its <a href="/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/04/08/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/04/06/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
Daily Dave
https://seclists.org/#dailydave
This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by <a href="http://www.immunitysec.com/">ImmunitySec</a> founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.OpenAI Codex Security
https://seclists.org/dailydave/2026/q1/2
<p>Posted by Dave Aitel via Dailydave on Mar 07</p><a rel="nofollow" href="https://openai.com/index/codex-security-now-in-research-preview/">https://openai.com/index/codex-security-now-in-research-preview/</a><br>
1. Say what...<br>RE//verse, DistrictCon, an Anole Friend
https://seclists.org/dailydave/2026/q1/1
<p>Posted by Dave Aitel via Dailydave on Feb 02</p>Last month was DistrictCon, a great conference that I did not attend<br>
Today it is...<br>feeling the air
https://seclists.org/dailydave/2026/q1/0
<p>Posted by Dave Aitel via Dailydave on Jan 05</p>For reasons I still don’t fully understand, Miami Beach has enormous<br>
them somewhere overhead, wings spread wide, fingers splayed, feeling the...<br>Re: Defense ?
https://seclists.org/dailydave/2025/q4/6
<p>Posted by Dean Pierce via Dailydave on Nov 16</p>I like the idea of having a software supply chain that people can pay into<br>
with is a software ecosystem where anyone can build what they need...<br>Re: Defense ?
https://seclists.org/dailydave/2025/q4/5
<p>Posted by Chris Anley via Dailydave on Nov 16</p>(gingerly raises head above parapet)<br>
of 1 per 15 minutes (calendar year 2024), means that patching an enterprise before an...<br>Re: Defense ?
https://seclists.org/dailydave/2025/q4/4
<p>Posted by Alfonso De Gregorio via Dailydave on Nov 16</p>Imbalances in the skills and workforce are real. The gap remains hard<br>
regardless: those imbalances are a byproduct of the...<br>Re: Defense ?
https://seclists.org/dailydave/2025/q4/3
<p>Posted by Conan Dooley via Dailydave on Nov 16</p>Reduce complexity, duplication, and scope in your infrastructure. Your<br>
say, just...<br>Re: Defense ?
https://seclists.org/dailydave/2025/q4/2
<p>Posted by etojake--- via Dailydave on Nov 16</p>The content of this message was lost. It was probably cross-posted to<br>
multiple lists and previously handled on another list.<br>Defense ?
https://seclists.org/dailydave/2025/q4/1
<p>Posted by Dave Aitel via Dailydave on Nov 15</p>How would one actually move the actual bar in defense? A big part of me<br>
Like...<br>Offensive AI Con
https://seclists.org/dailydave/2025/q4/0
<p>Posted by Dave Aitel via Dailydave on Oct 08</p>So I just got back from "Offensive AI Conference" in San Diego and it was a<br>
FOMO, but also, when a conference is "invite only" then you...<br>BreachExchange
https://seclists.org/#dataloss
BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.Educause Security Discussion
https://seclists.org/#educause
Securing networks and computers in an academic environment.Full Disclosure
https://seclists.org/#fulldisclosure
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.[REVIVE-SA-2026-002] Revive Adserver Vulnerabilities
https://seclists.org/fulldisclosure/2026/Jun/0
<p>Posted by Matteo Beccati on Jun 04</p>========================================================================<br>
Versions...<br>CyberDanube Security Research 20260528-0 | Multiple Vulnerabilities in Multiple Vulnerabilities in Mennekes Amtron Series
https://seclists.org/fulldisclosure/2026/May/25
<p>Posted by Thomas Weber | CyberDanube via Fulldisclosure on May 31</p>CyberDanube Security Research 20260528-0<br>
found|...<br> bmcweb (OpenBMC web server): four vulnerabilities — two unfixed, GHSA without a CVE
https://seclists.org/fulldisclosure/2026/May/24
<p>Posted by binreaper via Fulldisclosure on May 31</p>Hi all,<br>
A Baseboard Management Controller boots before the host CPU, has full control over the server...<br>Re: Dovecot Security Advisory OXDC-2026-0002
https://seclists.org/fulldisclosure/2026/May/23
<p>Posted by Noel Butler via Fulldisclosure on May 25</p>So when is the fix for dovecot 2.3 source code due to be released?<br>
serious fixes have been made in recent times.<br> SSRF in Anthropic mcp-server-fetch and Microsoft playwright-mcp — publicly disclosed via GitHub issues
https://seclists.org/fulldisclosure/2026/May/22
<p>Posted by outreach on May 25</p>-----BEGIN SECURITY ADVISORY-----<br>
All versions as of May...<br>[SECURITY ADVISORY] CVE-2021-21735 - ZTE ZXHN H168N V3.5 Unauthenticated Admin Credential Leak
https://seclists.org/fulldisclosure/2026/May/21
<p>Posted by m.nageh on May 25</p>-----BEGIN SECURITY ADVISORY-----<br>
Public URL:...<br>[SECURITY ADVISORY] CVE-2026-34474 - ZTE H298A/H108N Unauthenticated Admin Credential Exposure
https://seclists.org/fulldisclosure/2026/May/20
<p>Posted by m.nageh on May 25</p>-----BEGIN SECURITY ADVISORY-----<br>
Public URL:...<br>[SECURITY ADVISORY] CVE-2026-34472 - ZTE ZXHN H188A V6 Authentication Bypass via Pre-Login Wizard
https://seclists.org/fulldisclosure/2026/May/19
<p>Posted by m.nageh on May 25</p>-----BEGIN SECURITY ADVISORY-----<br>
Public URL:...<br>[SECURITY ADVISORY] CVE-2026-34473 - Unauthenticated DoS in 17+ ZTE Router Models (140K+ Devices)
https://seclists.org/fulldisclosure/2026/May/18
<p>Posted by m.nageh on May 25</p>-----BEGIN SECURITY ADVISORY-----<br>
Contact: minanageh379 () gmail...<br>Multiple vulnerabilities in Sparx Pro Cloud Server and Enterprise Architect
https://seclists.org/fulldisclosure/2026/May/17
<p>Posted by Adamczyk Blazej on May 25</p>━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━<br>
General...<br>APPLE-SA-05-13-2026-1 Safari 26.5
https://seclists.org/fulldisclosure/2026/May/16
<p>Posted by Apple Product Security via Fulldisclosure on May 17</p>APPLE-SA-05-13-2026-1 Safari 26.5<br>
Impact: Processing maliciously crafted web content may prevent Content...<br>APPLE-SA-05-11-2026-11 visionOS 26.5
https://seclists.org/fulldisclosure/2026/May/15
<p>Posted by Apple Product Security via Fulldisclosure on May 17</p>APPLE-SA-05-11-2026-11 visionOS 26.5<br>
Description:...<br>APPLE-SA-05-11-2026-10 watchOS 26.5
https://seclists.org/fulldisclosure/2026/May/14
<p>Posted by Apple Product Security via Fulldisclosure on May 17</p>APPLE-SA-05-11-2026-10 watchOS 26.5<br>
Description:...<br>APPLE-SA-05-11-2026-9 tvOS 26.5
https://seclists.org/fulldisclosure/2026/May/13
<p>Posted by Apple Product Security via Fulldisclosure on May 17</p>APPLE-SA-05-11-2026-9 tvOS 26.5<br>
Impact: An app may be able to cause a denial-of-service...<br>APPLE-SA-05-11-2026-8 macOS Sonoma 14.8.7
https://seclists.org/fulldisclosure/2026/May/7
<p>Posted by Apple Product Security via Fulldisclosure on May 17</p>APPLE-SA-05-11-2026-8 macOS Sonoma 14.8.7<br>
Description: A...<br>Funsec
https://seclists.org/#funsec
While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security communityInfo Security News
https://seclists.org/#isn
Carries news items (generally from mainstream sources) that relate to security.Metasploit
https://seclists.org/#metasploit
Development discussion for <a href="http://metasploit.com/">Metasploit</a>, the premier open source remote exploitation toolMicrosoft Sec Notification
https://seclists.org/#microsoft
Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.Nmap Development
https://seclists.org/#nmap-dev
Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to <a href="https://nmap.org">Nmap</A> and related projects. <a href="https://nmap.org/mailman/listinfo/dev">Subscribe to nmap-dev here</a>.[PATCH] nselib/bitcoin: add address classification helpers (refs #2857, PR #3371)
https://seclists.org/nmap-dev/2026/q2/6
<p>Posted by Melo via dev on May 25</p>PR #3371 adds three functions to nselib/bitcoin.lua:<br>
Issue:...<br>[NSE] matter-identify: identify Matter smart-home devices via mDNS
https://seclists.org/nmap-dev/2026/q2/5
<p>Posted by Balázs Zoltán on May 11</p> Hi,<br>
TXT records are decoded into VID,...<br>Re:
https://seclists.org/nmap-dev/2026/q2/4
<p>Posted by Rahmat Ramadhan on May 01</p>gaa<br>
juanjoserodriguezmontoya35 () gmail com> menulis:<br>[PATCH 0/5] ALPN-based HTTP/2 service detection improvements
https://seclists.org/nmap-dev/2026/q2/3
<p>Posted by Urval Kheni on Apr 14</p>Hi,<br>
1. Fix OpenSSL provider...<br>Bug Report: ssl-enum-ciphers fails (EOF) on CloudFront/ECDSA targets supporting TLS 1.2
https://seclists.org/nmap-dev/2026/q2/2
<p>Posted by Jack Seredyniecki via dev on Apr 14</p>Hello nmap dev team,<br>
NSE: [ssl-enum-ciphers...<br>[PATCH] Support Linux capabilities for non-root raw packet scanning
https://seclists.org/nmap-dev/2026/q2/1
<p>Posted by Ali Norouzi via dev on Apr 14</p>Hi everyone,<br>
Ali<br>Fix for issue #3326
https://seclists.org/nmap-dev/2026/q2/0
<p>Posted by advait deshmukh on Apr 14</p>Issue link <<a rel="nofollow" href="https://github.com/nmap/nmap/issues/3326">https://github.com/nmap/nmap/issues/3326</a>><br>
Since the user has explicitly specified -6 in the command, it...<br>Interview Invitation for Educational Research
https://seclists.org/nmap-dev/2026/q1/5
<p>Posted by Muhammad Hassan Tanveer via dev on Mar 31</p>Hello Everyone!<br>
invite you to participate in a ~45-minute online...<br>Re: GSoC 2026: Password Security Wizard - Optimizing the NSE Brute Library
https://seclists.org/nmap-dev/2026/q1/4
<p>Posted by Adithya Shetty on Mar 13</p>Ah, my mistake.<br>
Thanks for letting me know Gordon<br>[no subject]
https://seclists.org/nmap-dev/2026/q1/3
<p>Posted by Juan jose Rodriguez on Mar 08</p>Contraseña<br>GSoC 2026: Password Security Wizard - Optimizing the NSE Brute Library
https://seclists.org/nmap-dev/2026/q1/2
<p>Posted by Adithya Shetty on Mar 02</p>Hi Nmap Development Team and Fotis,<br>
several of the -brute.nse scripts (specifically focusing on...<br>Question about Nmap and GSoC 2026
https://seclists.org/nmap-dev/2026/q1/1
<p>Posted by Sweekar on Jan 29</p>Hi Nmap developers,<br>
Sweekar<br>PR #3277: Clean up and harden POP3 helper login functions
https://seclists.org/nmap-dev/2026/q1/0
<p>Posted by Sweekar on Jan 23</p>Hello Nmap Developers,<br>
Normalized...<br>Nmap Announce
https://seclists.org/#nmap-announce
Moderated list for the most important new releases and announcements regarding the <a href="https://nmap.org">Nmap Security Scanner</a> and related projects. We recommend that all Nmap users <a href="https://nmap.org/mailman/listinfo/announce">subscribe to stay informed</a>.Npcap Version 1.82 Released with VLAN Tagging and More
https://seclists.org/nmap-announce/2025/0
<p>Posted by Gordon Fyodor Lyon on Apr 28</p>Dear Nmap Community,<br>
useful for Wireshark users. You can also now send...<br>Nmap 7.95 released: OS and service detection signatures galore!
https://seclists.org/nmap-announce/2024/0
<p>Posted by Gordon Fyodor Lyon on May 05</p>Dear Nmap Community,<br>
Additions include iOS 15...<br>OpenVAS
http://seclists.org/#openvas
Development and announcements regarding <a href="http://www.openvas.com/">OpenVAS</a>, a free network security scanner which forked from Nessus. This is a combination of the English openvas-announce, openvas-devel, openvas-discuss, and openvas-plugins lists.Re: Help with openvas setup
http://seclists.org/openvas/2013/q3/107
<p>Posted by Florent THOMAS on Aug 23</p>+1 I agree, it's precious.<br>
Regards<br>Re: Help with openvas setup
http://seclists.org/openvas/2013/q3/106
<p>Posted by Hariharan Madhavan on Aug 23</p>The best way to get openvas running is by adding the atomic corp repository and installing using yum... There is no <br>
Am running Backtrack R3 which...<br>SCAP plugins and OpenVAS
http://seclists.org/openvas/2013/q3/105
<p>Posted by Rajesh Bhavsar on Aug 23</p>Hi all,<br>
<br>Re: Help with openvas setup
http://seclists.org/openvas/2013/q3/104
<p>Posted by Florent THOMAS on Aug 22</p>Hy,<br>
Regards<br>Re: Help with openvas setup
http://seclists.org/openvas/2013/q3/103
<p>Posted by Samuel Mwai on Aug 22</p>Am running Backtrack R3 which installed fine. Stumbled on this blog, check<br>
K () sper<br>Help with openvas setup
http://seclists.org/openvas/2013/q3/102
<p>Posted by Russell, Sean on Aug 22</p>Hello all.<br>
I run openvasmd --rebuild, then run openvas-check-setup again, but I...<br>Easy startup script for self-compiled OpenVAS
http://seclists.org/openvas/2013/q3/101
<p>Posted by Winfried Neessen on Aug 21</p>Hi,<br>
each service. Also you can kill one service of OpenVAS, run the startup...<br>OpenVAS Feed Server: Load and Cron
http://seclists.org/openvas/2013/q3/100
<p>Posted by Jan-Oliver Wagner on Aug 21</p>Hello OpenVAS users,<br>
If your...<br>"Issue" for create schedule
http://seclists.org/openvas/2013/q3/99
<p>Posted by Florent THOMAS on Aug 20</p>Hy,<br>
regards<br>Re: Create credential failed
http://seclists.org/openvas/2013/q3/98
<p>Posted by Florent THOMAS on Aug 20</p>I think I found the problem.<br>
regards<br>Get_schedules not show task information
http://seclists.org/openvas/2013/q3/97
<p>Posted by Rodrigo Seguel on Aug 19</p>after execute get_schedules command with option details="1", the output xml<br>
<get_schedules_response status="200" status_text="OK"><schedule...<br>Re: cannot connect to the manager
http://seclists.org/openvas/2013/q3/96
<p>Posted by brad on Aug 19</p>I even brought the ports up one at a time like so,<br>
There is only one error I can find, but little on...<br>Re: cannot connect to the manager
http://seclists.org/openvas/2013/q3/95
<p>Posted by brad on Aug 19</p>Here is the output of my openvasmd --rebuild -v <br>
From: Openvas-discuss...<br>Re: Create credential failed
http://seclists.org/openvas/2013/q3/94
<p>Posted by Florent THOMAS on Aug 18</p>Thanks for your answer. I'm not sure of the use of this. My french level <br>
Thanks for your help<br>Re: Create credential failed
http://seclists.org/openvas/2013/q3/93
<p>Posted by Michael Meyer on Aug 18</p>*** Florent THOMAS wrote:<br>
Micha<br>Open Source Security
https://seclists.org/#oss-sec
Discussion of security flaws, concepts, and practices in the Open Source community[oss-security][CVE-2026-9669] CPython: bz2.BZ2Decompressor reuse after error can cause a stack buffer overflow
https://seclists.org/oss-sec/2026/q2/846
<p>Posted by Alan Coopersmith on Jun 08</p>The CVE record currently lists versions "affected from 0 before 3.16.0"<br>
There is a HIGH severity...<br>CVE-2026-49975: Apache HTTP Server: mod_http2 denial of service
https://seclists.org/oss-sec/2026/q2/845
<p>Posted by Eric Covener on Jun 08</p>Severity: moderate <br>
References:...<br>CVE-2026-48913: Apache HTTP Server: mod_http2 memory corruption when file handles exhausted
https://seclists.org/oss-sec/2026/q2/844
<p>Posted by Eric Covener on Jun 08</p>Severity: low <br>
<a rel="nofollow" href="https://httpd.apache.org/">https://httpd.apache.org/</a>...<br>CVE-2026-44631: Apache HTTP Server: Heap Underflow in `ap_regname` via Signed Char Overflow
https://seclists.org/oss-sec/2026/q2/843
<p>Posted by Eric Covener on Jun 08</p>Severity: low <br>
References:...<br>CVE-2026-44186: Apache HTTP Server: Loop in `proxy_ftp_handler` in mod_proxy_ftp
https://seclists.org/oss-sec/2026/q2/842
<p>Posted by Eric Covener on Jun 08</p>Severity: moderate <br>
Zhenpeng (Leo) Lin at...<br>CVE-2026-44185: Apache HTTP Server: Stack Buffer Over-Read in mod_ssl OCSP `send_request`
https://seclists.org/oss-sec/2026/q2/841
<p>Posted by Eric Covener on Jun 08</p>Severity: low <br>
References:...<br>CVE-2026-44119: Apache HTTP Server: escalation of privilege through expressions in .htaccess in multiple modules
https://seclists.org/oss-sec/2026/q2/840
<p>Posted by Eric Covener on Jun 08</p>Severity: moderate <br>
as3617...<br>CVE-2026-43951: Apache HTTP Server: OOB Read in `merge_response_headers` can cause crash
https://seclists.org/oss-sec/2026/q2/839
<p>Posted by Eric Covener on Jun 08</p>Severity: moderate <br>
<a rel="nofollow" href="https://httpd.apache.org/">https://httpd.apache.org/</a>...<br>CVE-2026-42536: Apache HTTP Server: mod_xml2enc heap overflow
https://seclists.org/oss-sec/2026/q2/838
<p>Posted by Eric Covener on Jun 08</p>Severity: low <br>
References:...<br>CVE-2026-42535: Apache HTTP Server: mod_dav_fs protected directory access
https://seclists.org/oss-sec/2026/q2/837
<p>Posted by Eric Covener on Jun 08</p>Severity: moderate <br>
References:...<br>CVE-2026-34356: Apache HTTP Server: ProxyPassReverseCookieMap buffer overflow
https://seclists.org/oss-sec/2026/q2/836
<p>Posted by Eric Covener on Jun 08</p>Severity: low <br>
References:...<br>CVE-2026-34355: Apache HTTP Server: mod_proxy_html buffer overflow
https://seclists.org/oss-sec/2026/q2/835
<p>Posted by Eric Covener on Jun 08</p>Severity: moderate <br>
<a rel="nofollow" href="https://httpd.apache.org/">https://httpd.apache.org/</a>...<br>CVE-2026-29170: Apache HTTP Server: mod_proxy_ftp XSS
https://seclists.org/oss-sec/2026/q2/834
<p>Posted by Eric Covener on Jun 08</p>Severity: low <br>
Pavel Kohout, Aisle Research, Aisle.com (finder)...<br>CVE-2026-29167: Apache HTTP Server: mod_ldap per-dir use-after-free
https://seclists.org/oss-sec/2026/q2/833
<p>Posted by Eric Covener on Jun 08</p>Severity: low <br>
References:...<br>offlineimap 8.0.3 fixes CVE-2020-37248 (STARTTLS stripping)
https://seclists.org/oss-sec/2026/q2/832
<p>Posted by Sebastian Pipping on Jun 08</p>Hello oss-security,<br>
The key fix commit is…...<br>PaulDotCom
https://seclists.org/#pauldotcom
General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.Penetration Testing
https://seclists.org/#pen-test
While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.Exploit-DB.com RSS Feed
https://www.exploit-db.com
The Exploit Database - Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more.[webapps] OpenEMR 7.0.2 - Arbitrary File Read
https://www.exploit-db.com/exploits/52610
OpenEMR 7.0.2 - Arbitrary File Read[webapps] WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection
https://www.exploit-db.com/exploits/52609
WordPress Contest Gallery 28.1.4 - Unauthenticated Blind SQL Injection[webapps] Drupal Core 10.5.5 - Error-Based SQL Injection
https://www.exploit-db.com/exploits/52608
Drupal Core 10.5.5 - Error-Based SQL Injection[webapps] WordPress OrderConvo 14 - Path Traversal
https://www.exploit-db.com/exploits/52607
WordPress OrderConvo 14 - Path Traversal[remote] Notepad++ 8.9.6 - Arbitrary Code Execution
https://www.exploit-db.com/exploits/52606
Notepad++ 8.9.6 - Arbitrary Code Execution[webapps] YAMCS yamcs-core 5.12.7 - No Rate Limiting
https://www.exploit-db.com/exploits/52605
YAMCS yamcs-core 5.12.7 - No Rate Limiting[webapps] YAMCS yamcs-core 5.12.7 - User Enumeration
https://www.exploit-db.com/exploits/52604
YAMCS yamcs-core 5.12.7 - User Enumeration[webapps] YAMCS yamcs-core 5.12.7 - LDAP Injection
https://www.exploit-db.com/exploits/52603
YAMCS yamcs-core 5.12.7 - LDAP Injection[remote] Microsoft - NTLMv2 Hash Capture
https://www.exploit-db.com/exploits/52601
Microsoft - NTLMv2 Hash Capture[webapps] MikroORM 7.0.13 - SQL Injection
https://www.exploit-db.com/exploits/52600
MikroORM 7.0.13 - SQL Injection[webapps] Prodigy Commerce 3.3.0 - Local File Inclusion
https://www.exploit-db.com/exploits/52598
Prodigy Commerce 3.3.0 - Local File Inclusion[webapps] Langflow 1.3.0 - Remote Code Execution
https://www.exploit-db.com/exploits/52597
Langflow 1.3.0 - Remote Code Execution[webapps] Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution
https://www.exploit-db.com/exploits/52596
Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution[local] ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion
https://www.exploit-db.com/exploits/52595
ImageMagick - Infinite Loop in the MIFF decoder can lead to CPU exhaustion[local] ZTE Routers - Unauthenticated Denial of Service
https://www.exploit-db.com/exploits/52594
ZTE Routers - Unauthenticated Denial of Service[local] ZTE ZXHN H188A V6 - Authentication Bypass
https://www.exploit-db.com/exploits/52593
ZTE ZXHN H188A V6 - Authentication Bypass[local] ZTE H298A / H108N - Unauthenticated Credential Exposure
https://www.exploit-db.com/exploits/52592
ZTE H298A / H108N - Unauthenticated Credential Exposure[local] Linux Kernel - Local Privilege Escalation
https://www.exploit-db.com/exploits/52591
Linux Kernel - Local Privilege Escalation[webapps] MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution
https://www.exploit-db.com/exploits/52590
MixPHP Framework 2.2.17 - Unsafe Deserialization Remote Code Execution[remote] Wing FTP Server 8.1.3 - Authenticated Remote Code Execution
https://www.exploit-db.com/exploits/52589
Wing FTP Server 8.1.3 - Authenticated Remote Code Execution[webapps] CubeCart < 6.7.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)
https://www.exploit-db.com/exploits/52588
CubeCart < 6.7.0 - Reflected Cross-Site Scripting (XSS) (Unauthenticated)[remote] strongSwan 5.9.13 - libsimaka EAP-SIM/AKA heap buffer overflow
https://www.exploit-db.com/exploits/52587
strongSwan 5.9.13 - libsimaka EAP-SIM/AKA heap buffer overflow[dos] strongSwan 5.9.13 - DoS
https://www.exploit-db.com/exploits/52586
strongSwan 5.9.13 - DoS[local] Linux Kernel - Local Privilege Escalation
https://www.exploit-db.com/exploits/52585
Linux Kernel - Local Privilege Escalation[webapps] Casdoor 3.54.1 - Arbitrary File Write via Path Traversal
https://www.exploit-db.com/exploits/52584
Casdoor 3.54.1 - Arbitrary File Write via Path Traversal[webapps] EspoCRM 9.3.3 - SSRF
https://www.exploit-db.com/exploits/52583
EspoCRM 9.3.3 - SSRF[webapps] scramble - Remote Code Execution
https://www.exploit-db.com/exploits/52582
scramble - Remote Code Execution[hardware] MeiG Smart FORGE_SLT711 - OS Command Injection
https://www.exploit-db.com/exploits/52581
MeiG Smart FORGE_SLT711 - OS Command Injection[local] Realtek rtl819x - Local Privilege
https://www.exploit-db.com/exploits/52580
Realtek rtl819x - Local Privilege[webapps] OpenCATS 0.9.7.4 - SQL Injection
https://www.exploit-db.com/exploits/52579
OpenCATS 0.9.7.4 - SQL Injection[webapps] Grav CMS 2.0.0-beta.2 - Remote Code Execution
https://www.exploit-db.com/exploits/52578
Grav CMS 2.0.0-beta.2 - Remote Code Execution[webapps] Apache HTTP Server 2.4.66 - 'mod_http2' Double-Free Denial of Service
https://www.exploit-db.com/exploits/52577
Apache HTTP Server 2.4.66 - 'mod_http2' Double-Free Denial of Service[hardware] D-Link DSL2600U - 'rom-0' Admin Password Disclosure
https://www.exploit-db.com/exploits/52576
D-Link DSL2600U - 'rom-0' Admin Password Disclosure[webapps] Wordpress Temporary Login Plugin 1.0.0 - 'temp-login-token' Authentication Bypass to Account Takeover
https://www.exploit-db.com/exploits/52575
Wordpress Temporary Login Plugin 1.0.0 - 'temp-login-token' Authentication Bypass to Account Takeover[webapps] cPanel - CRLF Injection
https://www.exploit-db.com/exploits/52574
cPanel - CRLF Injection[local] Linux Kernel 6.8 - Local Privilege Escalation
https://www.exploit-db.com/exploits/52573
Linux Kernel 6.8 - Local Privilege Escalation[webapps] Cockpit 359 - RCE
https://www.exploit-db.com/exploits/52572
Cockpit 359 - RCE[webapps] BookStack 25.12.1 - Denial of Service
https://www.exploit-db.com/exploits/52571
BookStack 25.12.1 - Denial of Service[local] Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path
https://www.exploit-db.com/exploits/52570
Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path[webapps] solaredge - (CSRF-OOB-Injection)
https://www.exploit-db.com/exploits/52569
solaredge - (CSRF-OOB-Injection)[webapps] FUXA 1.2.9 - RCE
https://www.exploit-db.com/exploits/52568
FUXA 1.2.9 - RCE[local] Windows Snipping Tool - NTLMv2 Hash Hijack
https://www.exploit-db.com/exploits/52567
Windows Snipping Tool - NTLMv2 Hash Hijack[local] Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Directory Listing
https://www.exploit-db.com/exploits/52566
Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Directory Listing[local] Remote Sunrise Helper for Windows 2026.14 - Remote Code Execution
https://www.exploit-db.com/exploits/52565
Remote Sunrise Helper for Windows 2026.14 - Remote Code Execution[webapps] WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI
https://www.exploit-db.com/exploits/52564
WordPress Plugin Supsystic Contact Form 1.7.36 - SSTI[webapps] Apache HertzBeat 1.8.0 - Remote Code Execution
https://www.exploit-db.com/exploits/52563
Apache HertzBeat 1.8.0 - Remote Code Execution[webapps] ePati Antikor NGFW 2.0.1301 - Authentication Bypass
https://www.exploit-db.com/exploits/52562
ePati Antikor NGFW 2.0.1301 - Authentication Bypass[webapps] PJPROJECT 2.16 - Heap Bufferoverflow
https://www.exploit-db.com/exploits/52561
PJPROJECT 2.16 - Heap Bufferoverflow[webapps] Ninja Forms Uploads - Unauthenticated PHP File Upload
https://www.exploit-db.com/exploits/52560
Ninja Forms Uploads - Unauthenticated PHP File Upload[webapps] glances 4.5.2 - command injection
https://www.exploit-db.com/exploits/52559
glances 4.5.2 - command injectionSecure Coding
https://seclists.org/#securecoding
The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of <a href="http://www.amazon.com/dp/0596002424?tag=secbks-20">Secure Coding: Principles and Practices</a>.Snort
https://seclists.org/#snort
Everyone's favorite open source IDS, <a href="http://www.snort.org/">Snort</a>. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.Re: Snort Subscriber Rules Update 2026-06-04
https://seclists.org/snort/2026/q2/20
<p>Posted by Jonathan Lee via Snort-sigs on Jun 08</p>Hello Snort Team ET issued a bug last night and it was cause the engine to not start. <br>
Rule SID 2054074 (ET EXPLOIT Kingdee Cloud Star...<br>Snort Subscriber Rules Update 2026-06-04
https://seclists.org/snort/2026/q2/19
<p>Posted by Research via Snort-sigs on Jun 04</p>Talos Snort Subscriber Rules Update<br>
<a rel="nofollow" href="https://www.snort.org/advisories">https://www.snort.org/advisories</a><br>Snort Subscriber Rules Update 2026-06-02
https://seclists.org/snort/2026/q2/18
<p>Posted by Research via Snort-sigs on Jun 02</p>Talos Snort Subscriber Rules Update<br>
<a rel="nofollow" href="https://www.snort.org/advisories">https://www.snort.org/advisories</a><br>Snort Subscriber Rules Update 2026-05-28
https://seclists.org/snort/2026/q2/17
<p>Posted by Research via Snort-sigs on May 28</p>Talos Snort Subscriber Rules Update<br>
<a rel="nofollow" href="https://www.snort.org/advisories">https://www.snort.org/advisories</a><br>Snort Subscriber Rules Update 2026-05-26
https://seclists.org/snort/2026/q2/16
<p>Posted by Research via Snort-sigs on May 26</p>Talos Snort Subscriber Rules Update<br>
<a rel="nofollow" href="https://www.snort.org/advisories">https://www.snort.org/advisories</a><br>Snort Subscriber Rules Update 2026-05-21
https://seclists.org/snort/2026/q2/15
<p>Posted by Research via Snort-sigs on May 21</p>Talos Snort Subscriber Rules Update<br>
<a rel="nofollow" href="https://www.snort.org/advisories">https://www.snort.org/advisories</a><br>Snort Subscriber Rules Update 2026-05-19
https://seclists.org/snort/2026/q2/14
<p>Posted by Research via Snort-sigs on May 19</p>Talos Snort Subscriber Rules Update<br>
<a rel="nofollow" href="https://www.snort.org/advisories">https://www.snort.org/advisories</a><br>Snort Subscriber Rules Update 2026-05-14
https://seclists.org/snort/2026/q2/13
<p>Posted by Research via Snort-sigs on May 14</p>Talos Snort Subscriber Rules Update<br>
<a rel="nofollow" href="https://www.snort.org/advisories">https://www.snort.org/advisories</a><br>Snort Subscriber Rules Update 2026-05-12
https://seclists.org/snort/2026/q2/12
<p>Posted by Research via Snort-sigs on May 12</p>Talos Snort Subscriber Rules Update<br>
Snort 2: GID 1, SIDs 66438 through...<br>Sharing my Stack Overflow Blog article on SnortML and agentic AI
https://seclists.org/snort/2026/q2/11
<p>Posted by Samaresh Kumar Singh via Snort-sigs on May 12</p>Hello Snort community,<br>
architecture. I tried to explore how AI can...<br>Snort Subscriber Rules Update 2026-05-07
https://seclists.org/snort/2026/q2/10
<p>Posted by Research via Snort-sigs on May 07</p>Talos Snort Subscriber Rules Update<br>
<a rel="nofollow" href="https://www.snort.org/advisories">https://www.snort.org/advisories</a><br>Snort Subscriber Rules Update 2026-05-05
https://seclists.org/snort/2026/q2/9
<p>Posted by Research via Snort-sigs on May 05</p>Talos Snort Subscriber Rules Update<br>
<a rel="nofollow" href="https://www.snort.org/advisories">https://www.snort.org/advisories</a><br>Snort Subscriber Rules Update 2026-04-30
https://seclists.org/snort/2026/q2/8
<p>Posted by Research via Snort-sigs on Apr 30</p>Talos Snort Subscriber Rules Update<br>
<a rel="nofollow" href="https://www.snort.org/advisories">https://www.snort.org/advisories</a><br>Snort Subscriber Rules Update 2026-04-28
https://seclists.org/snort/2026/q2/7
<p>Posted by Research via Snort-sigs on Apr 28</p>Talos Snort Subscriber Rules Update<br>
<a rel="nofollow" href="https://www.snort.org/advisories">https://www.snort.org/advisories</a><br>Snort Subscriber Rules Update 2026-04-23
https://seclists.org/snort/2026/q2/6
<p>Posted by Research via Snort-sigs on Apr 23</p>Talos Snort Subscriber Rules Update<br>
<a rel="nofollow" href="https://www.snort.org/advisories">https://www.snort.org/advisories</a><br>VulnWatch
https://seclists.org/#vulnwatch
A non-discussion, non-patch, all-vulnerability annoucement list supported and run by a community of volunteer moderators distributed around the world.Web App Security
https://seclists.org/#webappsec
Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.Wireshark
https://seclists.org/#wireshark
Discussion of the free and open source <a href="http://www.wireshark.org/">Wireshark</a> network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.