Welcome to the ThreatPerspective Security Information Center
Welcome to the Security Information CenterThis is a portal site created by ThreatPerspective to enable our clients and other interested parties to learn more about Information Security. The boxes on the left correlate to free information and tools that realate to Information Security. The boxes on the right are various Information Security related news feeds.CISA Cybersecurity Advisories
https://www.cisa.gov/
Defending Against China-Nexus Covert Networks of Compromised Devices
https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-113a
<div class="SCXW131754345 BCX8">
Iranian-Affiliated Cyber Actors Exploit Programmable Logic Controllers Across US Critical Infrastructure
https://www.cisa.gov/news-events/cybersecurity-advisories/aa26-097a
<h2><strong>Advisory at a Glance</strong></h2>
Pro-Russia Hacktivists Conduct Opportunistic Attacks Against US and Global Critical Infrastructure
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-343a
<h2><strong>Summary</strong></h2>
CISA Shares Lessons Learned from an Incident Response Engagement
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-266a
<h2><strong>Advisory at a Glance</strong></h2>
Countering Chinese State-Sponsored Actors Compromise of Networks Worldwide to Feed Global Espionage System
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-239a
<h2><strong>Executive summary</strong></h2>
CISA and USCG Identify Areas for Cyber Hygiene Improvement After Conducting Proactive Threat Hunt at US Critical Infrastructure Organization
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-212a
<div class="WordSection1">
#StopRansomware: Interlock
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-203a
<h2><strong>Summary</strong></h2>
Ransomware Actors Exploit Unpatched SimpleHelp Remote Monitoring and Management to Compromise Utility Billing Software Provider
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-163a
<h2><strong>Summary</strong></h2>
Russian GRU Targeting Western Logistics Entities and Technology Companies
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141a
<h2><strong>Executive Summary</strong></h2>
Threat Actors Deploy LummaC2 Malware to Exfiltrate Sensitive Data from Organizations
https://www.cisa.gov/news-events/cybersecurity-advisories/aa25-141b
<h2><strong>Summary</strong></h2>
CISA Analysis Reports
https://www.cisa.gov/
FIRESTARTER Backdoor
https://www.cisa.gov/news-events/analysis-reports/ar26-113a
<h2><strong>Malware Analysis Report at a Glance</strong></h2>
BRICKSTORM Backdoor
https://www.cisa.gov/news-events/analysis-reports/ar25-338a
<h2><strong>Malware Analysis at a Glance</strong></h2>
Malicious Listener for Ivanti Endpoint Mobile Management Systems
https://www.cisa.gov/news-events/analysis-reports/ar25-261a
<table class="tablesaw tablesaw-stack" data-tablesaw-mode="stack" data-tablesaw-minimap>
MAR-251132.c1.v1 Exploitation of SharePoint Vulnerabilities
https://www.cisa.gov/news-events/analysis-reports/ar25-218a
<h3>Notification</h3>
MAR-25993211-r1.v2 Ivanti Connect Secure (RESURGE)
https://www.cisa.gov/news-events/analysis-reports/ar25-087a
<h3>Notification</h3>
MAR-10448362-1.v1 Volt Typhoon
https://www.cisa.gov/news-events/analysis-reports/ar24-038a
<h3>Notification</h3>
MAR-10478915-1.v1 Citrix Bleed
https://www.cisa.gov/news-events/analysis-reports/ar23-325a
<p> </p>
MAR-10454006.r5.v1 SUBMARINE, SKIPJACK, SEASPRAY, WHIRLPOOL, and SALTWATER Backdoors
https://www.cisa.gov/news-events/analysis-reports/ar23-250a-0
<p> </p>
MAR-10430311-1.v1 Multiple Nation-State Threat Actors Exploit CVE-2022-47966 and CVE-2022-42475
https://www.cisa.gov/news-events/analysis-reports/ar23-250a
<p> </p>
Infamous Chisel Malware Analysis Report
https://www.cisa.gov/news-events/analysis-reports/ar23-243a
<h4>Infamous Chisel–A collection of components associated with Sandworm designed to enable remote access and exfiltrate information from Android phones.</h4>
Bulletins
https://www.cisa.gov/
Vulnerability Summary for the Week of April 13, 2026
https://www.cisa.gov/news-events/bulletins/sb26-110
<div id="high_v">
Vulnerability Summary for the Week of April 6, 2026
https://www.cisa.gov/news-events/bulletins/sb26-103
<div id="high_v">
Vulnerability Summary for the Week of February 2, 2026
https://www.cisa.gov/news-events/bulletins/sb26-040
<div id="high_v">
Vulnerability Summary for the Week of January 26, 2026
https://www.cisa.gov/news-events/bulletins/sb26-033
<div id="high_v">
Vulnerability Summary for the Week of January 19, 2026
https://www.cisa.gov/news-events/bulletins/sb26-026
<div id="high_v">
Vulnerability Summary for the Week of January 12, 2026
https://www.cisa.gov/news-events/bulletins/sb26-020
<div id="high_v">
Vulnerability Summary for the Week of January 5, 2026
https://www.cisa.gov/news-events/bulletins/sb26-012
<div id="high_v">
Vulnerability Summary for the Week of December 29, 2025
https://www.cisa.gov/news-events/bulletins/sb26-005
<div id="high_v">
Vulnerability Summary for the Week of December 22, 2025
https://www.cisa.gov/news-events/bulletins/sb25-363
<div id="high_v">
Vulnerability Summary for the Week of December 15, 2025
https://www.cisa.gov/news-events/bulletins/sb25-356
<div id="high_v">
CERT Advisories
https://seclists.org/#cert
The <a href="http://www.cert.org/">Computer Emergency Response Team</a> has been responding to security incidents and sharing vulnerability information since the Morris Worm hit in 1986. This archive combines their technical security alerts, tips, and current activity lists.Apple Releases Security Updates for Multiple Products
https://seclists.org/cert/2023/3
<p>Posted by CISA on Mar 28</p>Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow<br>
Apple...<br>CISA Releases Six Industrial Control Systems Advisories
https://seclists.org/cert/2023/2
<p>Posted by CISA on Mar 23</p>Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow<br>
08:00 AM EDT...<br>CISA Releases Eight Industrial Control Systems Advisories
https://seclists.org/cert/2023/1
<p>Posted by CISA on Mar 21</p>Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow<br>
03/21/2023 08:00 AM...<br>CISA and NSA Release Enduring Security Framework Guidance on Identity and Access Management
https://seclists.org/cert/2023/0
<p>Posted by CISA on Mar 21</p>Cybersecurity and Infrastructure Security Agency (CISA) - Defend Today, Secure Tomorrow<br>
CISA and NSA Release Enduring Security Framework Guidance on Identity and Access Management [...<br>Alerts
https://www.cisa.gov/
CISA Adds Four Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2026/04/24/cisa-adds-four-known-exploited-vulnerabilities-catalog
<p>CISA has added four new vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/04/23/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/04/22/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds Eight Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2026/04/20/cisa-adds-eight-known-exploited-vulnerabilities-catalog
<div class="OutlineElement Ltr SCXW178812853 BCX8">
Supply Chain Compromise Impacts Axios Node Package Manager
https://www.cisa.gov/news-events/alerts/2026/04/20/supply-chain-compromise-impacts-axios-node-package-manager
<div class="OutlineElement Ltr SCXW232133708 BCX8">
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/04/16/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds Two Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2026/04/14/cisa-adds-two-known-exploited-vulnerabilities-catalog
<p>CISA has added two new vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds Seven Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2026/04/13/cisa-adds-seven-known-exploited-vulnerabilities-catalog
<p>CISA has added seven new vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/04/08/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/04/06/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/04/02/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation. </p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/04/01/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its<a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog"> Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/03/30/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/03/27/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/03/26/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/03/25/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds Five Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2026/03/20/cisa-adds-five-known-exploited-vulnerabilities-catalog
<p>CISA has added five new vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/03/19/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation. </p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/03/18/cisa-adds-one-known-exploited-vulnerability-catalog-0
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/03/18/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Urges Endpoint Management System Hardening After Cyberattack Against US Organization
https://www.cisa.gov/news-events/alerts/2026/03/18/cisa-urges-endpoint-management-system-hardening-after-cyberattack-against-us-organization
<p>CISA is aware of malicious cyber activity targeting endpoint management systems of U.S. organizations based on the March 11, 2026 cyberattack against U.S.-based medical technology firm Stryker Corporation, which affected their Microsoft environment.<a href="#note1"><sup>1</sup></a> To defend against similar malicious cyber activity, CISA urges organizations to harden endpoint management system configurations using the recommendations and resources provided in this alert. CISA is conducting enhanced coordination with federal partners, including the Federal Bureau of Investigation (FBI), to identify additional threats and determine mitigation actions.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/03/16/cisa-adds-one-known-exploited-vulnerability-catalog
<div class="OutlineElement Ltr SCXW244767289 BCX8">
CISA Adds Two Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2026/03/13/cisa-adds-two-known-exploited-vulnerabilities-catalog
<p>CISA has added two new vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/03/11/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds Three Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2026/03/09/cisa-adds-three-known-exploited-vulnerabilities-catalog
<p>CISA has added three new vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds Five Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2026/03/05/cisa-adds-five-known-exploited-vulnerabilities-catalog
<p>CISA has added five new vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA Adds Two Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2026/03/03/cisa-adds-two-known-exploited-vulnerabilities-catalog
<p>CISA has added two new vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
CISA and Partners Release Guidance for Ongoing Global Exploitation of Cisco SD-WAN Systems
https://www.cisa.gov/news-events/alerts/2026/02/25/cisa-and-partners-release-guidance-ongoing-global-exploitation-cisco-sd-wan-systems
<p><em>The purpose of this Alert is to provide resources for organizations with Cisco Software-Defined Wide-Area Networking (SD-WAN) systems, including Federal Civilian Executive Branch (FCEB) agencies, to address ongoing exploitation of multiple vulnerabilities. Notably, the Cybersecurity and Infrastructure Security Agency (CISA) has added </em><a href="https://www.cve.org/CVERecord?id=CVE-2026-20127" target="_blank"><em>CVE-2026-20127</em></a><em> and </em><a href="https://www.cve.org/CVERecord?id=CVE-2022-20775" target="_blank"><em>CVE-2022-20775</em></a><em> to its Known Exploited Vulnerabilities (KEV) Catalog on Feb. 25, 2026. As a result of the malicious cyber activity and vulnerabilities involving Cisco SD-WAN systems, CISA has outlined requirements for FCEB agencies in Emergency Directive (ED) 26-03 to inventory Cisco SD-WAN systems, update them, and assess compromise.</em></p>
CISA Adds Two Known Exploited Vulnerabilities to Catalog
https://www.cisa.gov/news-events/alerts/2026/02/25/cisa-adds-two-known-exploited-vulnerabilities-catalog
<p>CISA has added two new vulnerabilities to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation. </p>
CISA Adds One Known Exploited Vulnerability to Catalog
https://www.cisa.gov/news-events/alerts/2026/02/24/cisa-adds-one-known-exploited-vulnerability-catalog
<p>CISA has added one new vulnerability to its <a href="https://www.cisa.gov/known-exploited-vulnerabilities-catalog" data-entity-type="node" data-entity-uuid="79453b83-86b9-4e2f-b1ec-abf73c6eb291" data-entity-substitution="canonical" title="Known Exploited Vulnerabilities Catalog">Known Exploited Vulnerabilities (KEV) Catalog</a>, based on evidence of active exploitation.</p>
Daily Dave
https://seclists.org/#dailydave
This technical discussion list covers vulnerability research, exploit development, and security events/gossip. It was started by <a href="http://www.immunitysec.com/">ImmunitySec</a> founder Dave Aitel and many security luminaries participate. Many posts simply advertise Immunity products, but you can't really fault Dave for being self-promotional on a list named DailyDave.OpenAI Codex Security
https://seclists.org/dailydave/2026/q1/2
<p>Posted by Dave Aitel via Dailydave on Mar 07</p><a rel="nofollow" href="https://openai.com/index/codex-security-now-in-research-preview/">https://openai.com/index/codex-security-now-in-research-preview/</a><br>
1. Say what...<br>RE//verse, DistrictCon, an Anole Friend
https://seclists.org/dailydave/2026/q1/1
<p>Posted by Dave Aitel via Dailydave on Feb 02</p>Last month was DistrictCon, a great conference that I did not attend<br>
Today it is...<br>feeling the air
https://seclists.org/dailydave/2026/q1/0
<p>Posted by Dave Aitel via Dailydave on Jan 05</p>For reasons I still don’t fully understand, Miami Beach has enormous<br>
them somewhere overhead, wings spread wide, fingers splayed, feeling the...<br>Re: Defense ?
https://seclists.org/dailydave/2025/q4/6
<p>Posted by Dean Pierce via Dailydave on Nov 16</p>I like the idea of having a software supply chain that people can pay into<br>
with is a software ecosystem where anyone can build what they need...<br>Re: Defense ?
https://seclists.org/dailydave/2025/q4/5
<p>Posted by Chris Anley via Dailydave on Nov 16</p>(gingerly raises head above parapet)<br>
of 1 per 15 minutes (calendar year 2024), means that patching an enterprise before an...<br>Re: Defense ?
https://seclists.org/dailydave/2025/q4/4
<p>Posted by Alfonso De Gregorio via Dailydave on Nov 16</p>Imbalances in the skills and workforce are real. The gap remains hard<br>
regardless: those imbalances are a byproduct of the...<br>Re: Defense ?
https://seclists.org/dailydave/2025/q4/3
<p>Posted by Conan Dooley via Dailydave on Nov 16</p>Reduce complexity, duplication, and scope in your infrastructure. Your<br>
say, just...<br>Re: Defense ?
https://seclists.org/dailydave/2025/q4/2
<p>Posted by etojake--- via Dailydave on Nov 16</p>The content of this message was lost. It was probably cross-posted to<br>
multiple lists and previously handled on another list.<br>Defense ?
https://seclists.org/dailydave/2025/q4/1
<p>Posted by Dave Aitel via Dailydave on Nov 15</p>How would one actually move the actual bar in defense? A big part of me<br>
Like...<br>Offensive AI Con
https://seclists.org/dailydave/2025/q4/0
<p>Posted by Dave Aitel via Dailydave on Oct 08</p>So I just got back from "Offensive AI Conference" in San Diego and it was a<br>
FOMO, but also, when a conference is "invite only" then you...<br>BreachExchange
https://seclists.org/#dataloss
BreachExchange focuses on all things data breach. Topics include actual data breaches, cyber insurance, risk management, metrics and more. This archive includes its predecessor, the Data Loss news and discussion lists.Educause Security Discussion
https://seclists.org/#educause
Securing networks and computers in an academic environment.Full Disclosure
https://seclists.org/#fulldisclosure
A public, vendor-neutral forum for detailed discussion of vulnerabilities and exploitation techniques, as well as tools, papers, news, and events of interest to the community. The relaxed atmosphere of this quirky list provides some comic relief and certain industry gossip. More importantly, fresh vulnerabilities sometimes hit this list many hours or days before they pass through the Bugtraq moderation queue.CyberDanube Security Research 20260408-1 | Multiple Vulnerabilities in Siemens SICAM A8000
https://seclists.org/fulldisclosure/2026/Apr/7
<p>Posted by Thomas Weber | CyberDanube via Fulldisclosure on Apr 14</p>CyberDanube Security Research 20260408-1<br>
found|...<br>CyberDanube Security Research 20260408-0 | Remote Operation Denial of Service in Siemens SICAM A8000
https://seclists.org/fulldisclosure/2026/Apr/6
<p>Posted by Thomas Weber | CyberDanube via Fulldisclosure on Apr 14</p>CyberDanube Security Research 20260408-0<br>
homepage| <a rel="nofollow" href="https://siemens.com/">https://siemens.com/</a>...<br>SEC Consult SA-20260414-0 :: Improper Enforcement of Locked Accounts in WebUI (SSO) in Kiuwan SAST on-premise (KOP) & cloud/SaaS
https://seclists.org/fulldisclosure/2026/Apr/5
<p>Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 14</p>SEC Consult Vulnerability Lab Security Advisory < 20260414-0 ><br>
impact: medium...<br>SEC Consult SA-20260401-0 :: Broken Access Control in Open WebUI
https://seclists.org/fulldisclosure/2026/Apr/4
<p>Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 02</p>SEC Consult Vulnerability Lab Security Advisory < 20260401-0 ><br>
found: 2026-02-06...<br>SEC Consult SA-20260326-0 :: Local Privilege Escalation in Vienna Assistant (MacOS) - Vienna Symphonic Library
https://seclists.org/fulldisclosure/2026/Apr/3
<p>Posted by SEC Consult Vulnerability Lab via Fulldisclosure on Apr 02</p>SEC Consult Vulnerability Lab Security Advisory < 20260326-0 ><br>
...<br> Apple OHTTP Relay: 14 Third-Party Endpoints, 6 Countries, Zero User Visibility
https://seclists.org/fulldisclosure/2026/Apr/2
<p>Posted by Joseph Goydish II via Fulldisclosure on Apr 02</p>SUMMARY<br>
This is shared infrastructure. All devices using Live...<br>[KIS-2026-06] MetInfo CMS <= 8.1 (weixinreply.class.php) PHP Code Injection Vulnerability
https://seclists.org/fulldisclosure/2026/Apr/1
<p>Posted by Egidio Romano on Apr 02</p>---------------------------------------------------------------------------<br>
The vulnerable code is located into the...<br>[CVE-2026-33691] OWASP CRS whitespace padding bypass vulnerability
https://seclists.org/fulldisclosure/2026/Apr/0
<p>Posted by cyber security on Apr 02</p>A vulnerability was identified in OWASP CRS where whitespace padding<br>
practical on Windows backends that normalize whitespace in filenames...<br>APPLE-SA-03-24-2026-10 Xcode 26.4
https://seclists.org/fulldisclosure/2026/Mar/25
<p>Posted by Apple Product Security via Fulldisclosure on Mar 28</p>APPLE-SA-03-24-2026-10 Xcode 26.4<br>
Description: An...<br>APPLE-SA-03-24-2026-9 Safari 26.4
https://seclists.org/fulldisclosure/2026/Mar/24
<p>Posted by Apple Product Security via Fulldisclosure on Mar 28</p>APPLE-SA-03-24-2026-9 Safari 26.4<br>
Security...<br>APPLE-SA-03-24-2026-8 visionOS 26.4
https://seclists.org/fulldisclosure/2026/Mar/23
<p>Posted by Apple Product Security via Fulldisclosure on Mar 28</p>APPLE-SA-03-24-2026-8 visionOS 26.4<br>
intercept...<br>APPLE-SA-03-24-2026-7 watchOS 26.4
https://seclists.org/fulldisclosure/2026/Mar/22
<p>Posted by Apple Product Security via Fulldisclosure on Mar 28</p>APPLE-SA-03-24-2026-7 watchOS 26.4<br>
intercept...<br>APPLE-SA-03-24-2026-6 tvOS 26.4
https://seclists.org/fulldisclosure/2026/Mar/21
<p>Posted by Apple Product Security via Fulldisclosure on Mar 28</p>APPLE-SA-03-24-2026-6 tvOS 26.4<br>
intercept...<br>APPLE-SA-03-24-2026-5 macOS Sonoma 14.8.5
https://seclists.org/fulldisclosure/2026/Mar/20
<p>Posted by Apple Product Security via Fulldisclosure on Mar 28</p>APPLE-SA-03-24-2026-5 macOS Sonoma 14.8.5<br>
intercept network...<br>APPLE-SA-03-24-2026-4 macOS Sequoia 15.7.5
https://seclists.org/fulldisclosure/2026/Mar/19
<p>Posted by Apple Product Security via Fulldisclosure on Mar 28</p>APPLE-SA-03-24-2026-4 macOS Sequoia 15.7.5<br>
intercept...<br>Funsec
https://seclists.org/#funsec
While most security lists ban off-topic discussion, Funsec is a haven for free community discussion and enjoyment of the lighter, more humorous side of the security communityInfo Security News
https://seclists.org/#isn
Carries news items (generally from mainstream sources) that relate to security.Metasploit
https://seclists.org/#metasploit
Development discussion for <a href="http://metasploit.com/">Metasploit</a>, the premier open source remote exploitation toolMicrosoft Sec Notification
https://seclists.org/#microsoft
Beware that MS often uses these security bulletins as marketing propaganda to downplay serious vulnerabilities in their products—note how most have a prominent and often-misleading "mitigating factors" section.Nmap Development
https://seclists.org/#nmap-dev
Unmoderated technical development forum for debating ideas, patches, and suggestions regarding proposed changes to <a href="https://nmap.org">Nmap</A> and related projects. <a href="https://nmap.org/mailman/listinfo/dev">Subscribe to nmap-dev here</a>.[PATCH 0/5] ALPN-based HTTP/2 service detection improvements
https://seclists.org/nmap-dev/2026/q2/3
<p>Posted by Urval Kheni on Apr 14</p>Hi,<br>
1. Fix OpenSSL provider...<br>Bug Report: ssl-enum-ciphers fails (EOF) on CloudFront/ECDSA targets supporting TLS 1.2
https://seclists.org/nmap-dev/2026/q2/2
<p>Posted by Jack Seredyniecki via dev on Apr 14</p>Hello nmap dev team,<br>
NSE: [ssl-enum-ciphers...<br>[PATCH] Support Linux capabilities for non-root raw packet scanning
https://seclists.org/nmap-dev/2026/q2/1
<p>Posted by Ali Norouzi via dev on Apr 14</p>Hi everyone,<br>
Ali<br>Fix for issue #3326
https://seclists.org/nmap-dev/2026/q2/0
<p>Posted by advait deshmukh on Apr 14</p>Issue link <<a rel="nofollow" href="https://github.com/nmap/nmap/issues/3326">https://github.com/nmap/nmap/issues/3326</a>><br>
Since the user has explicitly specified -6 in the command, it...<br>Interview Invitation for Educational Research
https://seclists.org/nmap-dev/2026/q1/5
<p>Posted by Muhammad Hassan Tanveer via dev on Mar 31</p>Hello Everyone!<br>
invite you to participate in a ~45-minute online...<br>Re: GSoC 2026: Password Security Wizard - Optimizing the NSE Brute Library
https://seclists.org/nmap-dev/2026/q1/4
<p>Posted by Adithya Shetty on Mar 13</p>Ah, my mistake.<br>
Thanks for letting me know Gordon<br>[no subject]
https://seclists.org/nmap-dev/2026/q1/3
<p>Posted by Juan jose Rodriguez on Mar 08</p>Contraseña<br>GSoC 2026: Password Security Wizard - Optimizing the NSE Brute Library
https://seclists.org/nmap-dev/2026/q1/2
<p>Posted by Adithya Shetty on Mar 02</p>Hi Nmap Development Team and Fotis,<br>
several of the -brute.nse scripts (specifically focusing on...<br>Question about Nmap and GSoC 2026
https://seclists.org/nmap-dev/2026/q1/1
<p>Posted by Sweekar on Jan 29</p>Hi Nmap developers,<br>
Sweekar<br>PR #3277: Clean up and harden POP3 helper login functions
https://seclists.org/nmap-dev/2026/q1/0
<p>Posted by Sweekar on Jan 23</p>Hello Nmap Developers,<br>
Normalized...<br>Nmap Announce
https://seclists.org/#nmap-announce
Moderated list for the most important new releases and announcements regarding the <a href="https://nmap.org">Nmap Security Scanner</a> and related projects. We recommend that all Nmap users <a href="https://nmap.org/mailman/listinfo/announce">subscribe to stay informed</a>.Npcap Version 1.82 Released with VLAN Tagging and More
https://seclists.org/nmap-announce/2025/0
<p>Posted by Gordon Fyodor Lyon on Apr 28</p>Dear Nmap Community,<br>
useful for Wireshark users. You can also now send...<br>Nmap 7.95 released: OS and service detection signatures galore!
https://seclists.org/nmap-announce/2024/0
<p>Posted by Gordon Fyodor Lyon on May 05</p>Dear Nmap Community,<br>
Additions include iOS 15...<br>OpenVAS
http://seclists.org/#openvas
Development and announcements regarding <a href="http://www.openvas.com/">OpenVAS</a>, a free network security scanner which forked from Nessus. This is a combination of the English openvas-announce, openvas-devel, openvas-discuss, and openvas-plugins lists.Re: Help with openvas setup
http://seclists.org/openvas/2013/q3/107
<p>Posted by Florent THOMAS on Aug 23</p>+1 I agree, it's precious.<br>
Regards<br>Re: Help with openvas setup
http://seclists.org/openvas/2013/q3/106
<p>Posted by Hariharan Madhavan on Aug 23</p>The best way to get openvas running is by adding the atomic corp repository and installing using yum... There is no <br>
Am running Backtrack R3 which...<br>SCAP plugins and OpenVAS
http://seclists.org/openvas/2013/q3/105
<p>Posted by Rajesh Bhavsar on Aug 23</p>Hi all,<br>
<br>Re: Help with openvas setup
http://seclists.org/openvas/2013/q3/104
<p>Posted by Florent THOMAS on Aug 22</p>Hy,<br>
Regards<br>Re: Help with openvas setup
http://seclists.org/openvas/2013/q3/103
<p>Posted by Samuel Mwai on Aug 22</p>Am running Backtrack R3 which installed fine. Stumbled on this blog, check<br>
K () sper<br>Help with openvas setup
http://seclists.org/openvas/2013/q3/102
<p>Posted by Russell, Sean on Aug 22</p>Hello all.<br>
I run openvasmd --rebuild, then run openvas-check-setup again, but I...<br>Easy startup script for self-compiled OpenVAS
http://seclists.org/openvas/2013/q3/101
<p>Posted by Winfried Neessen on Aug 21</p>Hi,<br>
each service. Also you can kill one service of OpenVAS, run the startup...<br>OpenVAS Feed Server: Load and Cron
http://seclists.org/openvas/2013/q3/100
<p>Posted by Jan-Oliver Wagner on Aug 21</p>Hello OpenVAS users,<br>
If your...<br>"Issue" for create schedule
http://seclists.org/openvas/2013/q3/99
<p>Posted by Florent THOMAS on Aug 20</p>Hy,<br>
regards<br>Re: Create credential failed
http://seclists.org/openvas/2013/q3/98
<p>Posted by Florent THOMAS on Aug 20</p>I think I found the problem.<br>
regards<br>Get_schedules not show task information
http://seclists.org/openvas/2013/q3/97
<p>Posted by Rodrigo Seguel on Aug 19</p>after execute get_schedules command with option details="1", the output xml<br>
<get_schedules_response status="200" status_text="OK"><schedule...<br>Re: cannot connect to the manager
http://seclists.org/openvas/2013/q3/96
<p>Posted by brad on Aug 19</p>I even brought the ports up one at a time like so,<br>
There is only one error I can find, but little on...<br>Re: cannot connect to the manager
http://seclists.org/openvas/2013/q3/95
<p>Posted by brad on Aug 19</p>Here is the output of my openvasmd --rebuild -v <br>
From: Openvas-discuss...<br>Re: Create credential failed
http://seclists.org/openvas/2013/q3/94
<p>Posted by Florent THOMAS on Aug 18</p>Thanks for your answer. I'm not sure of the use of this. My french level <br>
Thanks for your help<br>Re: Create credential failed
http://seclists.org/openvas/2013/q3/93
<p>Posted by Michael Meyer on Aug 18</p>*** Florent THOMAS wrote:<br>
Micha<br>Open Source Security
https://seclists.org/#oss-sec
Discussion of security flaws, concepts, and practices in the Open Source communityrust-openssl-v0.10.78 fixes 5 CVEs
https://seclists.org/oss-sec/2026/q2/214
<p>Posted by Alan Coopersmith on Apr 24</p><a rel="nofollow" href="https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78">https://github.com/rust-openssl/rust-openssl/releases/tag/openssl-v0.10.78</a><br>
<a rel="nofollow" href="https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-8c75-8mhr-p7r9">https://github.com/rust-openssl/rust-openssl/security/advisories/GHSA-8c75-8mhr-p7r9</a> cautions:...<br>CVE-2026-40690: Apache Airflow: Assets graph view bypasses DAG level access control displaying unrelated topologies and all DAGs names to unauthorized users
https://seclists.org/oss-sec/2026/q2/213
<p>Posted by Rahul Vats on Apr 24</p>Severity: low <br>
Users are recommended to upgrade to version 3.2.1, which...<br>CVE-2026-38743: Apache Airflow: Dags endpoint might provide access to otherwise inaccessible entities
https://seclists.org/oss-sec/2026/q2/212
<p>Posted by Rahul Vats on Apr 24</p>Severity: low <br>
HITL...<br>CVE-2025-62233: Apache DolphinScheduler: Deserialization of untrusted data in RPC
https://seclists.org/oss-sec/2026/q2/211
<p>Posted by Wenjun Ruan on Apr 23</p>Severity: Moderate <br>
Attackers who can access the Master or Worker nodes can compromise the system by creating a StandardRpcRequest,...<br>CVE-2026-23902: Apache DolphinScheduler: Users are able to use tenants that are not defined on the platform during workflow execution.
https://seclists.org/oss-sec/2026/q2/210
<p>Posted by Wenjun Ruan on Apr 23</p>Severity: moderate <br>
Users are recommended to...<br>CVE-2026-41044: Apache ActiveMQ, Apache ActiveMQ Broker, Apache ActiveMQ All: Authenticated user can perform RCE via DestinationView MBean exposed by Jolokia
https://seclists.org/oss-sec/2026/q2/209
<p>Posted by Christopher L. Shannon on Apr 23</p>Severity: important <br>
- Apache ActiveMQ All...<br>CVE-2026-41043: Apache ActiveMQ, Apache ActiveMQ Web: ActiveMQ Web Console - XSS vulnerability when browsing queues
https://seclists.org/oss-sec/2026/q2/208
<p>Posted by Christopher L. Shannon on Apr 23</p>Severity: important <br>
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache...<br>CVE-2026-40466: Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Possible bypass of CVE-2026-34197 via HTTP discovery second-stage URI
https://seclists.org/oss-sec/2026/q2/207
<p>Posted by Christopher L. Shannon on Apr 23</p>Severity: important <br>
- Apache ActiveMQ...<br>PowerDNS Authoritative Server 4.9.14 and 5.0.4 released
https://seclists.org/oss-sec/2026/q2/206
<p>Posted by Miod Vallat on Apr 23</p>Today, we are releasing two new versions of the PowerDNS Authoritative<br>
* CVE-2026-33257 An attacker can send a web request that...<br>CVE-2026-41564: CryptX versions before 0.088 for Perl do not reseed the Crypt::PK PRNG state after forking
https://seclists.org/oss-sec/2026/q2/205
<p>Posted by Stig Palmquist on Apr 23</p>========================================================================<br>
CryptX versions before 0.088 for Perl do not...<br>PowerDNS Security Advisory 2026-03 for PowerDNS Recursor: Multiple issues
https://seclists.org/oss-sec/2026/q2/204
<p>Posted by Otto Moerbeek on Apr 23</p> We have released PowerDNS Recursor 5.2.9, 5.3.6 and 5.4.1.<br>
*...<br>[vim-security] OS Command Injection in netrw affects Vim < 9.2.0383
https://seclists.org/oss-sec/2026/q2/203
<p>Posted by Christian Brabandt on Apr 22</p>OS Command Injection in netrw affects Vim < 9.2.0383<br>
plugin bundled with Vim. By inducing a user to open a crafted URL (e.g.,...<br>Re: CVE-2017-20230: Storable versions before 3.05 for Perl has a stack overflow
https://seclists.org/oss-sec/2026/q2/202
<p>Posted by Steffen Nurpmeso on Apr 22</p>Sam James wrote in<br>
|>> VCS Repo: <a rel="nofollow" href="https://github.com/Perl/perl5/">https://github.com/Perl/perl5/</a>...<br>CVE-2026-41651: TOCTOU vulnerability in PackageKit <= 1.3.4 leads to local root exploit
https://seclists.org/oss-sec/2026/q2/201
<p>Posted by Matthias Klumpp on Apr 22</p>Hello everyone!<br>
to a local root exploit on most systems....<br>[SECURITY] CVE-2026-40542: Apache HttpClient 5.6 SCRAM-SHA-256 mutual authentication bypass
https://seclists.org/oss-sec/2026/q2/200
<p>Posted by Arturo Bernal on Apr 22</p>Severity: important<br>
References:...<br>PaulDotCom
https://seclists.org/#pauldotcom
General discussion of security news, research, vulnerabilities, and the PaulDotCom Security Weekly podcast.Penetration Testing
https://seclists.org/#pen-test
While this list is intended for "professionals", participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.Exploit-DB.com RSS Feed
https://www.exploit-db.com
The Exploit Database - Exploits, Shellcode, 0days, Remote Exploits, Local Exploits, Web Apps, Vulnerability Reports, Security Articles, Tutorials and more.[local] Throttlestop Kernel Driver - Kernel Out-of-Bounds Write Privilege Escalation
https://www.exploit-db.com/exploits/52512
Throttlestop Kernel Driver - Kernel Out-of-Bounds Write Privilege Escalation[webapps] WordPress Plugin 5.2.0 - Broken Access Control
https://www.exploit-db.com/exploits/52511
WordPress Plugin 5.2.0 - Broken Access Control[local] AVAST Antivirus 25.11 - Unquoted Service Path
https://www.exploit-db.com/exploits/52510
AVAST Antivirus 25.11 - Unquoted Service Path[local] NetBT e-Fatura - Privilege Escalation
https://www.exploit-db.com/exploits/52509
NetBT e-Fatura - Privilege Escalation[webapps] D-Link DIR-650IN - Authenticated Command Injection
https://www.exploit-db.com/exploits/52508
D-Link DIR-650IN - Authenticated Command Injection[webapps] React Server 19.2.0 - Remote Code Execution
https://www.exploit-db.com/exploits/52506
React Server 19.2.0 - Remote Code Execution[webapps] RomM 4.4.0 - XSS_CSRF Chain
https://www.exploit-db.com/exploits/52505
RomM 4.4.0 - XSS_CSRF Chain[webapps] Jumbo Website Manager - Remote Code Execution
https://www.exploit-db.com/exploits/52504
Jumbo Website Manager - Remote Code Execution[local] ZSH 5.9 - RCE
https://www.exploit-db.com/exploits/52503
ZSH 5.9 - RCE[webapps] FortiWeb 8.0.2 - Remote Code Execution
https://www.exploit-db.com/exploits/52502
FortiWeb 8.0.2 - Remote Code Execution[local] 7-Zip 24.00 - Directory Traversal
https://www.exploit-db.com/exploits/52501
7-Zip 24.00 - Directory Traversal[webapps] xibocms 3.3.4 - RCE
https://www.exploit-db.com/exploits/52500
xibocms 3.3.4 - RCE[local] SQLite 3.50.1 - Heap Overflow
https://www.exploit-db.com/exploits/52499
SQLite 3.50.1 - Heap Overflow[local] Microsoft MMC MSC EvilTwin - Local Admin Creation
https://www.exploit-db.com/exploits/52498
Microsoft MMC MSC EvilTwin - Local Admin Creation[webapps] Horilla v1.3 - RCE
https://www.exploit-db.com/exploits/52497
Horilla v1.3 - RCE[local] is-localhost-ip 2.0.0 - SSRF
https://www.exploit-db.com/exploits/52496
is-localhost-ip 2.0.0 - SSRF[webapps] Fortinet FortiWeb v8.0.1 - Auth Bypass
https://www.exploit-db.com/exploits/52495
Fortinet FortiWeb v8.0.1 - Auth Bypass[local] Windows Kernel - Elevation of Privilege
https://www.exploit-db.com/exploits/52494
Windows Kernel - Elevation of Privilege[local] Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation
https://www.exploit-db.com/exploits/52493
Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation[webapps] ASP.net 8.0.10 - Bypass
https://www.exploit-db.com/exploits/52492
ASP.net 8.0.10 - Bypass[webapps] Grafana 11.6.0 - SSRF
https://www.exploit-db.com/exploits/52491
Grafana 11.6.0 - SSRF[webapps] Zhiyuan OA - arbitrary file upload leading
https://www.exploit-db.com/exploits/52490
Zhiyuan OA - arbitrary file upload leading[webapps] WBCE CMS 1.6.4 - Remote Code Execution
https://www.exploit-db.com/exploits/52489
WBCE CMS 1.6.4 - Remote Code Execution[webapps] RiteCMS 3.1.0 - Authenticated Remote Code Execution
https://www.exploit-db.com/exploits/52488
RiteCMS 3.1.0 - Authenticated Remote Code Execution[webapps] WordPress Madara - Local File Inclusion
https://www.exploit-db.com/exploits/52487
WordPress Madara - Local File Inclusion[webapps] WordPress Backup Migration 1.3.7 - Remote Command Execution
https://www.exploit-db.com/exploits/52486
WordPress Backup Migration 1.3.7 - Remote Command Execution[webapps] mailcow 2025-01a - Host Header Password Reset Poisoning
https://www.exploit-db.com/exploits/52485
mailcow 2025-01a - Host Header Password Reset Poisoning[webapps] Easy File Sharing Web Server v7.2 - Buffer Overflow
https://www.exploit-db.com/exploits/52484
Easy File Sharing Web Server v7.2 - Buffer Overflow[webapps] WeGIA 3.5.0 - SQL Injection
https://www.exploit-db.com/exploits/52483
WeGIA 3.5.0 - SQL Injection[webapps] Boss Mini v1.4.0 - Local File Inclusion (LFI)
https://www.exploit-db.com/exploits/52482
Boss Mini v1.4.0 - Local File Inclusion (LFI)[webapps] motionEye 0.43.1b4 - RCE
https://www.exploit-db.com/exploits/52481
motionEye 0.43.1b4 - RCE[remote] Windows 10.0.17763.7009 - spoofing vulnerability
https://www.exploit-db.com/exploits/52480
Windows 10.0.17763.7009 - spoofing vulnerability[local] glibc 2.38 - Buffer Overflow
https://www.exploit-db.com/exploits/52479
glibc 2.38 - Buffer Overflow[remote] windows 10/11 - NTLM Hash Disclosure Spoofing
https://www.exploit-db.com/exploits/52478
windows 10/11 - NTLM Hash Disclosure Spoofing[remote] Redis 8.0.2 - RCE
https://www.exploit-db.com/exploits/52477
Redis 8.0.2 - RCE[webapps] OctoPrint 1.11.2 - File Upload
https://www.exploit-db.com/exploits/52476
OctoPrint 1.11.2 - File Upload[remote] Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE
https://www.exploit-db.com/exploits/52475
Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE[webapps] aiohttp 3.9.1 - directory traversal PoC
https://www.exploit-db.com/exploits/52474
aiohttp 3.9.1 - directory traversal PoC[webapps] FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution
https://www.exploit-db.com/exploits/52473
FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution[local] Docker Desktop 4.44.3 - Unauthenticated API Exposure
https://www.exploit-db.com/exploits/52472
Docker Desktop 4.44.3 - Unauthenticated API Exposure[webapps] Piranha CMS 12.0 - Stored XSS in Text Block
https://www.exploit-db.com/exploits/52471
Piranha CMS 12.0 - Stored XSS in Text Block[webapps] RPi-Jukebox-RFID 2.8.0 - Stored Cross-Site Scripting (XSS)
https://www.exploit-db.com/exploits/52470
RPi-Jukebox-RFID 2.8.0 - Stored Cross-Site Scripting (XSS)[hardware] D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS)
https://www.exploit-db.com/exploits/52469
D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow (DoS)[webapps] RPi-Jukebox-RFID 2.8.0 - Remote Command Execution
https://www.exploit-db.com/exploits/52468
RPi-Jukebox-RFID 2.8.0 - Remote Command Execution[webapps] Siklu EtherHaul Series EH-8010 - Arbitrary File Upload
https://www.exploit-db.com/exploits/52467
Siklu EtherHaul Series EH-8010 - Arbitrary File Upload[webapps] Siklu EtherHaul Series EH-8010 - Remote Command Execution
https://www.exploit-db.com/exploits/52466
Siklu EtherHaul Series EH-8010 - Remote Command Execution[webapps] WordPress Quiz Maker 6.7.0.56 - SQL Injection
https://www.exploit-db.com/exploits/52465
WordPress Quiz Maker 6.7.0.56 - SQL Injection[webapps] Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie
https://www.exploit-db.com/exploits/52464
Chained Quiz 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie[webapps] FreeBSD rtsold 15.x - Remote Code Execution via DNSSL
https://www.exploit-db.com/exploits/52463
FreeBSD rtsold 15.x - Remote Code Execution via DNSSL[webapps] Summar Employee Portal 3.98.0 - Authenticated SQL Injection
https://www.exploit-db.com/exploits/52462
Summar Employee Portal 3.98.0 - Authenticated SQL InjectionSecure Coding
https://seclists.org/#securecoding
The Secure Coding list (SC-L) is an open forum for the discussion on developing secure applications. It is moderated by the authors of <a href="http://www.amazon.com/dp/0596002424?tag=secbks-20">Secure Coding: Principles and Practices</a>.Snort
https://seclists.org/#snort
Everyone's favorite open source IDS, <a href="http://www.snort.org/">Snort</a>. This archive combines the snort-announce, snort-devel, snort-users, and snort-sigs lists.Snort Subscriber Rules Update 2026-04-23
https://seclists.org/snort/2026/q2/6
<p>Posted by Research via Snort-sigs on Apr 23</p>Talos Snort Subscriber Rules Update<br>
<a rel="nofollow" href="https://www.snort.org/advisories">https://www.snort.org/advisories</a><br>Snort Subscriber Rules Update 2026-04-21
https://seclists.org/snort/2026/q2/5
<p>Posted by Research via Snort-sigs on Apr 21</p>Talos Snort Subscriber Rules Update<br>
<a rel="nofollow" href="https://www.snort.org/advisories">https://www.snort.org/advisories</a><br>Snort Subscriber Rules Update 2026-04-16
https://seclists.org/snort/2026/q2/4
<p>Posted by Research via Snort-sigs on Apr 16</p>Talos Snort Subscriber Rules Update<br>
<a rel="nofollow" href="https://www.snort.org/advisories">https://www.snort.org/advisories</a><br>Snort Subscriber Rules Update 2026-04-14
https://seclists.org/snort/2026/q2/3
<p>Posted by Research via Snort-sigs on Apr 14</p>Talos Snort Subscriber Rules Update<br>
Snort 3: GID...<br>Snort Subscriber Rules Update 2026-04-09
https://seclists.org/snort/2026/q2/2
<p>Posted by Research via Snort-sigs on Apr 09</p>Talos Snort Subscriber Rules Update<br>
<a rel="nofollow" href="https://www.snort.org/advisories">https://www.snort.org/advisories</a><br>Snort Subscriber Rules Update 2026-04-07
https://seclists.org/snort/2026/q2/1
<p>Posted by Research via Snort-sigs on Apr 07</p>Talos Snort Subscriber Rules Update<br>
<a rel="nofollow" href="https://www.snort.org/advisories">https://www.snort.org/advisories</a><br>Snort Subscriber Rules Update 2026-04-02
https://seclists.org/snort/2026/q2/0
<p>Posted by Research via Snort-sigs on Apr 02</p>Talos Snort Subscriber Rules Update<br>
<a rel="nofollow" href="https://www.snort.org/advisories">https://www.snort.org/advisories</a><br>Snort Subscriber Rules Update 2026-03-31
https://seclists.org/snort/2026/q1/27
<p>Posted by Research via Snort-sigs on Mar 31</p>Talos Snort Subscriber Rules Update<br>
<a rel="nofollow" href="https://www.snort.org/advisories">https://www.snort.org/advisories</a><br>Re: Error in registered TalosLightSPD ruleset released on 2026-03-24?
https://seclists.org/snort/2026/q1/26
<p>Posted by Dheeraj Gupta via Snort-devel on Mar 29</p>Following up on this,<br>
there is something missing in the registered ruleset (The...<br>Snort Subscriber Rules Update 2026-03-26
https://seclists.org/snort/2026/q1/25
<p>Posted by Research via Snort-sigs on Mar 26</p>Talos Snort Subscriber Rules Update<br>
<a rel="nofollow" href="https://www.snort.org/advisories">https://www.snort.org/advisories</a><br>Error in registered TalosLightSPD ruleset released on 2026-03-24?
https://seclists.org/snort/2026/q1/24
<p>Posted by Dheeraj Gupta via Snort-devel on Mar 26</p>Hi,<br>
release, there is a reference to 3.1.25 (which was not...<br>Error in registered TalosLightSPD ruleset released on 2026-03-24?
https://seclists.org/snort/2026/q1/23
<p>Posted by Dheeraj Gupta via Snort-sigs on Mar 24</p>Hi,<br>
release, there is a reference to 3.1.25 (which was not...<br>Snort Subscriber Rules Update 2026-03-24
https://seclists.org/snort/2026/q1/22
<p>Posted by Research via Snort-sigs on Mar 24</p>Talos Snort Subscriber Rules Update<br>
<a rel="nofollow" href="https://www.snort.org/advisories">https://www.snort.org/advisories</a><br>Snort Subscriber Rules Update 2026-03-05
https://seclists.org/snort/2026/q1/21
<p>Posted by Research via Snort-sigs on Mar 05</p>Talos Snort Subscriber Rules Update<br>
<a rel="nofollow" href="https://www.snort.org/advisories">https://www.snort.org/advisories</a><br>Snort Subscriber Rules Update 2026-03-03
https://seclists.org/snort/2026/q1/20
<p>Posted by Research via Snort-sigs on Mar 03</p>Talos Snort Subscriber Rules Update<br>
<a rel="nofollow" href="https://www.snort.org/advisories">https://www.snort.org/advisories</a><br>VulnWatch
https://seclists.org/#vulnwatch
A non-discussion, non-patch, all-vulnerability annoucement list supported and run by a community of volunteer moderators distributed around the world.Web App Security
https://seclists.org/#webappsec
Provides insights on the unique challenges which make web applications notoriously hard to secure, as well as attack methods including SQL injection, cross-site scripting (XSS), cross-site request forgery, and more.Wireshark
https://seclists.org/#wireshark
Discussion of the free and open source <a href="http://www.wireshark.org/">Wireshark</a> network sniffer. No other sniffer (commercial or otherwise) comes close. This archive combines the Wireshark announcement, users, and developers mailing lists.