gbhackers.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-04-23.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-04-23 2026 | Attackers Exploit LMDeploy Flaw in the Wild Within 12 Hours of AdvisorySSRF | Attackers Exploit LMDeploy Flaw in the Wild Within 12 Hours of Advisory https://ift.tt/xWknlfA |
| 2026-04-23 2026 | Checkmarx KICS Docker Repo Hijacked in Malicious Code Injection AttackSupply Chain | Checkmarx KICS Docker Repo Hijacked in Malicious Code Injection Attack https://ift.tt/ocmvb8S |
| 2026-04-23 2026 | Xinference PyPI Breach Exposes Developers to Cloud Credential TheftSupply Chain | Xinference PyPI Breach Exposes Developers to Cloud Credential Theft https://ift.tt/Tqo2NKg |
| 2026-04-22 2026 | Mozilla Firefox 150 Released With Fixes for Multiple Code Execution VulnerabilitiesRCE | Mozilla Firefox 150 Released With Fixes for Multiple Code Execution Vulnerabilities https://ift.tt/6dEs8aC |
| 2026-04-22 2026 | Critical Spring Authorization Server Issue Exposes Systems to XSS and SSRF AttacksSSRF | Critical Spring Authorization Server Issue Exposes Systems to XSS and SSRF Attacks https://ift.tt/y4laiIW |
| 2026-04-21 2026 | Apache Syncope RCE Vulnerability Detailed After Public Exploit Code ReleaseRCE | Apache Syncope RCE Vulnerability Detailed After Public Exploit Code Release https://ift.tt/hT4dgwi |
| 2026-04-21 2026 | Malicious GGUF Models Could Trigger Remote Code Execution on SGLang ServersRCE | Malicious GGUF Models Could Trigger Remote Code Execution on SGLang Servers https://ift.tt/tE3rbwk |
| 2026-04-21 2026 | CISA Warns Compromised Axios npm Package Fueled Major Supply Chain AttackSupply Chain | CISA Warns Compromised Axios npm Package Fueled Major Supply Chain Attack https://ift.tt/3Sh8QXg |
| 2026-04-21 2026 | Lovable AI App Builder Hit by Reported API Flaw Exposing Thousands of ProjectsAPI Sec | Lovable AI App Builder Hit by Reported API Flaw Exposing Thousands of Projects https://ift.tt/asxTLXh |
| 2026-04-20 2026 | Anthropic MCP Hit by Critical Vulnerability Enabling Remote Code ExecutionAI | Anthropic MCP Hit by Critical Vulnerability Enabling Remote Code Execution https://ift.tt/4HM1zP0 |
| 2026-04-16 2026 | Splunk Enterprise and Cloud Platform Exposed to Dangerous RCE VulnerabilityRCE | Splunk Enterprise and Cloud Platform Exposed to Dangerous RCE Vulnerability https://ift.tt/0zW71Ld |
| 2026-04-15 2026 | Top 10 Best API Security Providers Protecting Web Apps in 2026API Sec | Top 10 Best API Security Providers Protecting Web Apps in 2026 https://ift.tt/LP9XlFY |
| 2026-04-15 2026 | Windows Active Directory Flaw Opens Door to Malicious Code ExecutionRCE | Windows Active Directory Flaw Opens Door to Malicious Code Execution https://ift.tt/6sieTME |
| 2026-04-15 2026 | FortiClient Hit by Severe SQL Injection Vulnerability Enabling Database IntrusionSQLi | FortiClient Hit by Severe SQL Injection Vulnerability Enabling Database Intrusion https://ift.tt/ENselVr |
| 2026-04-14 2026 | Critical etcd Vulnerability Allows Unauthorized Access to Sensitive Cluster APIsAPI Sec | Critical etcd Vulnerability Allows Unauthorized Access to Sensitive Cluster APIs https://ift.tt/pe4316C |
| 2026-04-14 2026 | SAP Patch Day Fixes Critical SQL Injection DoS and Code Injection FlawsSQLi | SAP Patch Day Fixes Critical SQL Injection, DoS, and Code Injection Flaws https://ift.tt/wOQTGjW |
| 2026-04-14 2026 | Hackers Exploit Critical ShowDoc RCE Flaw in Ongoing AttacksRCE | Hackers Exploit Critical ShowDoc RCE Flaw in Ongoing Attacks https://ift.tt/ZcO3Y8e |
| 2026-04-14 2026 | CISA Warns Fortinet SQL Injection Flaw Is Being Actively ExploitedSQLi | CISA Warns Fortinet SQL Injection Flaw Is Being Actively Exploited https://ift.tt/3sSd5jK |
| 2026-04-13 2026 | Critical Axios Vulnerability Enables Remote Code Execution PoC ReleasedRCE | Critical Axios Vulnerability Enables Remote Code Execution, PoC Released https://ift.tt/JolDXhx |
| 2026-04-13 2026 | Marimo RCE Vulnerability Exploited Within 10 Hours of Public DisclosureRCE | Marimo RCE Vulnerability Exploited Within 10 Hours of Public Disclosure https://ift.tt/Gw2u758 |
| 2026-04-10 2026 | GitLab Addresses Multiple Vulnerabilities Linked to DoS and Code InjectionRCE | GitLab Addresses Multiple Vulnerabilities Linked to DoS and Code Injection https://ift.tt/7xtgdP5 |
| 2026-04-10 2026 | Burp Suite Professional 2025.2: Built-in AI IntegrationBurp | Burp Suite Professional 2025.2: Built-in AI Integration |
| 2026-04-10 2026 | Critical Zero-Day RCE in Networking Devices Exposes 70,000+ HostsRCE | Critical Zero-Day RCE in Networking Devices Exposes 70,000+ Hosts |
| 2026-04-09 2026 | Multiple SonicWall Flaws Enable SQL Injection and Privilege Escalation AttacksSQLi | Multiple SonicWall Flaws Enable SQL Injection and Privilege Escalation Attacks https://ift.tt/IWwTAuM |
| 2026-04-08 2026 | Claude Identifies Critical 13-Year-Old RCE Vulnerability in Apache ActiveMQRCE | Claude Identifies Critical 13-Year-Old RCE Vulnerability in Apache ActiveMQ https://ift.tt/dEBfCoy |
| 2026-04-07 2026 | CUPS Vulnerabilities Could Allow Remote Attackers to Achieve Root-Level Code ExecutionRCE | CUPS Vulnerabilities Could Allow Remote Attackers to Achieve Root-Level Code Execution https://ift.tt/wYjmefB |
| 2026-04-07 2026 | Windmill Developer Platform Flaws Expose Users to RCE Attacks Proof-of-Concept PublishedRCE | Windmill Developer Platform Flaws Expose Users to RCE Attacks, Proof-of-Concept Published https://ift.tt/TP7IyrR |
| 2026-04-07 2026 | Attackers Exploit Flowise Injection Vulnerability as 15000 Instances Remain ExposedRCE | Attackers Exploit Flowise Injection Vulnerability as 15,000+ Instances Remain Exposed https://ift.tt/FSIN53K |
| 2026-04-07 2026 | 50000 WordPress Sites Running Ninja Forms Vulnerable to Critical File Upload RCERCE | 50,000 WordPress Sites Running Ninja Forms Vulnerable to Critical File Upload RCE https://ift.tt/lyKOd6c |
| 2026-04-06 2026 | 2000 FortiClient EMS Instances Exposed Online as Attackers Exploit Active RCE FlawRCE | 2,000+ FortiClient EMS Instances Exposed Online as Attackers Exploit Active RCE Flaw https://ift.tt/e3stSz8 |
| 2026-04-03 2026 | CISA Warns of Craft CMS Code Injection Flaw Exploited in Active AttacksRCE | CISA Warns of Craft CMS Code Injection Flaw Exploited in Active Attacks https://ift.tt/VpJB7hM |
| 2026-04-03 2026 | New Progress ShareFile Flaws Expose Servers to Unauthorized Remote TakeoverRCE | New Progress ShareFile Flaws Expose Servers to Unauthorized Remote Takeover https://ift.tt/ZupJCrH |
| 2026-04-02 2026 | Top 10 Best Dynamic Application Security Testing (DAST) Platforms in 2026Burp | Top 10 Best Dynamic Application Security Testing (DAST) Platforms in 2026 https://ift.tt/W8V2b1i |
| 2026-03-30 2026 | Stored XSS Vulnerability in Jira Work Management Could Enable Full Organization TakeoverXSS | Stored XSS Vulnerability in Jira Work Management Could Enable Full Organization Takeover https://ift.tt/NBDfQXj |
| 2026-03-17 2026 | Angular XSS Vulnerability Threatens Thousands of Web ApplicationsXSS | Angular XSS Vulnerability Threatens Thousands of Web Applications https://ift.tt/CsxVb9J |
| 2026-03-03 2026 | Angular i18n Flaw Lets Hackers Execute Malicious Code via Critical XSS VulnerabilityXSS | Angular i18n Flaw Lets Hackers Execute Malicious Code via Critical XSS Vulnerability https://ift.tt/Zxys3rh |
| 2026-03-02 2026 | Angular SSR Flaw Enables Unauthorized Server-Side Requests in Web AppsSSRF | A critical vulnerability has been discovered in Angular Server-Side Rendering (SSR) that could allow attackers to perform SSRF. |
| 2026-02-27 2026 | Stored XSS Vulnerability in RustFS Console Puts S3 Admin Credentials at RiskXSS | A stored XSS vulnerability in RustFS Console has been identified, posing a risk to S3 admin credentials. This vulnerability can potentially be exploited to compromise sensitive data stored in S3 buckets. It highlights the importance of addressing security flaws promptly to prevent unauthorized access to critical information. Users are advised to update their systems and take necessary precautions to mitigate the risk of exploitation. |
| 2026-02-26 2026 | Firefox 148 Unveils New Sanitizer API to Mitigate XSS Attacks in Web ApplicationsXSS | Firefox version 148 introduces a new Sanitizer API to combat XSS (cross-site scripting) attacks in web applications. This new feature aims to enhance security by sanitizing user input and preventing malicious scripts from executing. XSS attacks are a common vulnerability exploited by attackers to inject harmful code into websites. The Sanitizer API in Firefox 148 offers a proactive defense mechanism to safeguard web applications and protect users from potential security threats. |
| 2026-02-20 2026 | Critical Jenkins Flaw Exposes Build Environments to XSS AttacksXSS | A critical flaw in Jenkins exposes build environments to cross-site scripting (XSS) attacks. The vulnerability could allow attackers to inject malicious scripts into Jenkins builds, potentially leading to unauthorized access or data theft. Jenkins users are advised to update their software to the latest version to mitigate the risk of exploitation. |
| 2026-02-17 2026 | Langchain Community SSRF Bypass Vulnerability Exposes Internal Services to Unauthorized AccessSSRF | The Langchain Community SSRF Bypass Vulnerability allows unauthorized access to internal services. This vulnerability exposes sensitive information to potential attackers. It is crucial for Langchain Community to address this issue promptly to prevent unauthorized access and protect their internal services from exploitation. |
| 2026-02-13 2026 | Zimbra Issues Security Update to Address XSS XXE and LDAP Injection FlawsXSS | Zimbra has released a security update to fix vulnerabilities including XSS, XXE, and LDAP injection flaws. These flaws could potentially be exploited by attackers to compromise the security of Zimbra systems. Users are advised to promptly apply the security update to protect their systems from these vulnerabilities. |
| 2026-02-11 2026 | GitLab Patches Multiple Vulnerabilities Enabling DoS and Cross-Site Scripting AttacksXSS | GitLab has addressed several vulnerabilities that could lead to Denial of Service (DoS) and Cross-Site Scripting (XSS) attacks. These vulnerabilities have been patched to prevent potential exploitation. It is crucial for GitLab users to update their systems promptly to mitigate the risks associated with these security flaws. |
| 2026-02-04 2026 | CISA Warns of Exploited GitLab Community and Enterprise SSRF VulnerabilitySSRF | The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a serious Server-Side Request Forgery (SSRF) vulnerability in GitLab Community and Enterprise editions that is being actively exploited. This vulnerability could allow attackers to send unauthorized requests from the server, potentially leading to data breaches or server compromise. Organizations using GitLab are advised to update to the latest version to patch this vulnerability and enhance their security posture. |
| 2026-01-17 2026 | Critical XSS Vulnerabilities in Meta Conversion API Enable Zero-Click Account TakeoverXSS | The content discusses critical Cross-Site Scripting (XSS) vulnerabilities found in Meta Conversion API that allow attackers to take over accounts without any user interaction, known as Zero-Click Account Takeover. These vulnerabilities pose a significant security risk and highlight the importance of addressing XSS issues promptly to prevent unauthorized access to user accounts. |
| 2026-01-13 2026 | New Angular Vulnerability Allows Attackers to Execute Malicious PayloadsXSS | A new vulnerability in Angular has been discovered, enabling attackers to execute malicious payloads. This security flaw poses a risk to systems using Angular, potentially allowing unauthorized code execution. Organizations using Angular should be vigilant and apply patches or updates to mitigate this vulnerability. It is crucial to stay informed about security risks and promptly address any vulnerabilities to protect systems and data from exploitation by malicious actors. |
| 2026-01-12 2026 | Critical Apache Struts 2 Flaw Could Let Attackers Steal Sensitive DataSSRF | A critical vulnerability in Apache Struts 2 has been identified, allowing attackers to potentially steal sensitive data. The flaw poses a significant security risk and could lead to data breaches if exploited. Users of Apache Struts 2 are advised to update their systems immediately to patch the vulnerability and prevent potential attacks. Vigilance and prompt action are crucial to safeguard sensitive information and protect against unauthorized access. |
| 2026-01-09 2026 | OWASP CRS Vulnerability Enables Charset Validation BypassXSS | The content discusses a vulnerability in the OWASP CRS (Core Rule Set) that allows attackers to bypass charset validation. This vulnerability could potentially be exploited by malicious actors to evade security measures and launch attacks. It highlights the importance of addressing and patching vulnerabilities promptly to enhance cybersecurity defenses and protect systems from potential threats. |
| 2025-12-19 2025 | New Kibana Vulnerabilities Allow Attackers to Embed Malicious ScriptsXSS | New vulnerabilities in Kibana allow attackers to insert malicious scripts. This poses a security risk as attackers can potentially execute harmful actions through these scripts. It is important for users of Kibana to be aware of these vulnerabilities and take necessary precautions to prevent unauthorized access and protect their systems from potential attacks. Regularly updating Kibana and implementing security best practices can help mitigate the risk of exploitation through these vulnerabilities. |
| 2025-11-27 2025 | Apache SkyWalking Flaw Allows Attackers to Launch XSS AttacksXSS | A vulnerability in Apache SkyWalking allows attackers to carry out Cross-Site Scripting (XSS) attacks. This flaw can be exploited by malicious actors to inject and execute malicious scripts on web pages viewed by users, potentially leading to unauthorized data access or manipulation. Organizations using Apache SkyWalking should be aware of this security issue and take necessary precautions to mitigate the risk of XSS attacks. Regularly updating software and implementing security best practices can help protect against such vulnerabilities. |
| 2025-11-13 2025 | Kibana Vulnerabilities Expose Systems to SSRF and XSS AttacksXSS | Kibana, a data visualization tool, has vulnerabilities that can lead to Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) attacks. These vulnerabilities expose systems to potential security risks. It is crucial for users of Kibana to be aware of these vulnerabilities and take necessary steps to mitigate the risks associated with SSRF and XSS attacks. |
| 2025-11-13 2025 | Citrix NetScaler ADC and Gateway Flaw Allows Cross-Site Scripting (XSS) AttacksXSS | A vulnerability in Citrix NetScaler ADC and Gateway allows for Cross-Site Scripting (XSS) attacks. This flaw can be exploited by attackers to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized access, data theft, or other security risks. Organizations using these Citrix products should be aware of this vulnerability and take necessary steps to mitigate the risk, such as applying patches or implementing security measures to prevent XSS attacks. |
| 2025-11-12 2025 | Hackers Exploit SSRF Flaw in Custom GPTs to Steal ChatGPT SecretsSSRF | Hackers have utilized a Server-Side Request Forgery (SSRF) vulnerability in customized GPTs to access and steal confidential information from ChatGPT. This security flaw allowed unauthorized individuals to exploit the system and extract sensitive data. It highlights the importance of addressing vulnerabilities promptly to safeguard against cyber threats and protect valuable information. |
| 2025-10-30 2025 | Reflected XSS Flaw Enables Attackers to Evade Amazon CloudFront Protection Using SafariXSS | A reflected XSS flaw has been identified that allows attackers to bypass Amazon CloudFront protection when using Safari. This vulnerability poses a risk as it enables attackers to execute malicious scripts on websites, potentially compromising user data and security. It highlights the importance of staying vigilant against such vulnerabilities and regularly updating security measures to protect against cyber threats. |
| 2025-10-21 2025 | CISA Warns of Oracle E-Business Suite SSRF Vulnerability Actively Exploited in AttacksSSRF | The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a vulnerability in Oracle E-Business Suite known as SSRF, which is being actively exploited in attacks. This vulnerability allows attackers to send unauthorized requests from the affected system, potentially leading to further compromise. Organizations using Oracle E-Business Suite are advised to apply security patches and take necessary precautions to protect their systems from exploitation. |
| 2025-10-18 2025 | Critical Zimbra SSRF Flaw Exposes Sensitive DataSSRF | A critical security flaw in Zimbra has been identified, allowing Server-Side Request Forgery (SSRF) attacks that can expose sensitive data. This vulnerability poses a significant risk to data security. Users of Zimbra should be aware of this flaw and take immediate action to mitigate the potential impact on their sensitive information. |
| 2025-09-10 2025 | Multiple Vulnerabilities in GitLab Patched Blocking DoS and SSRF Attack VectorsSSRF | GitLab recently patched multiple vulnerabilities, preventing Denial of Service (DoS) and Server-Side Request Forgery (SSRF) attack vectors. These vulnerabilities posed potential security risks to GitLab users. The patches implemented by GitLab aim to enhance the platform's security and protect users from these types of attacks. Users are advised to update their GitLab installations promptly to ensure they are protected against these vulnerabilities. |
| 2025-08-14 2025 | Top 500 Most Important XSS Cheat Sheet for Web Application PentestingXSS | The content is a list of the top 500 most important XSS cheat sheet items for web application pentesting. It likely includes key information and techniques related to cross-site scripting vulnerabilities that can be used by security professionals to test the security of web applications. |
| 2025-08-14 2025 | XSSer automated framework to detect, exploit and report XSS vulnerabilitiesXSS | XSSer is an automated framework designed to identify, exploit, and report cross-site scripting (XSS) vulnerabilities. It streamlines the process of detecting and exploiting XSS vulnerabilities, making it easier for security professionals to identify and address these issues efficiently. By automating these tasks, XSSer helps enhance the security of web applications by identifying potential vulnerabilities and providing reports on them. |
| 2025-08-14 2025 | XSSight - Automated XSS Scanner And Payload Injector - GBHackers On SecuritXSS | XSSight is an automated XSS scanner and payload injector featured on GBHackers On Security. It is a tool designed to detect and exploit cross-site scripting vulnerabilities in web applications. XSSight streamlines the process of identifying XSS flaws and injecting payloads to test the security of websites. This tool can help security professionals and ethical hackers in finding and addressing XSS vulnerabilities efficiently. |
| 2025-08-11 2025 | Xerox FreeFlow Flaws Enable SSRF and Remote Code ExecutionSSRF | The Xerox FreeFlow software has been found to have vulnerabilities that allow for Server-Side Request Forgery (SSRF) and remote code execution. These flaws can potentially be exploited by attackers to manipulate server requests and execute malicious code remotely. It is crucial for users of Xerox FreeFlow to be aware of these vulnerabilities and take necessary precautions to secure their systems against potential attacks. |
| 2025-06-19 2025 | Open Next SSRF Flaw in Cloudflare Lets Hackers Fetch Data from Any HostSSRF | A new SSRF (Server-Side Request Forgery) vulnerability in Cloudflare allows hackers to retrieve data from any host. This flaw poses a security risk as it enables unauthorized access to sensitive information. It is important for Cloudflare to address and patch this vulnerability promptly to prevent exploitation by malicious actors. |
| 2025-05-05 2025 | Hackers Exploit Email Fields to Launch XSS and SSRF AttacksSSRF | Hackers are using email fields to launch XSS (Cross-Site Scripting) and SSRF (Server-Side Request Forgery) attacks. By manipulating email fields, attackers can inject malicious code into websites or trick servers into making unauthorized requests. These attacks can lead to data breaches, unauthorized access, and other security threats. Organizations should implement security measures to protect against these exploits, such as input validation, sanitization of user inputs, and monitoring for suspicious activities in email fields. Vigilance and proactive security measures are crucial to prevent these types of attacks. |
| 2025-03-18 2025 | Hackers Exploit SSRF Vulnerability to Attack OpenAIs ChatGPT InfrastructureSSRF | Hackers targeted OpenAI's ChatGPT infrastructure by exploiting a Server-Side Request Forgery (SSRF) vulnerability. This vulnerability allowed attackers to manipulate the server into making requests on their behalf, potentially leading to unauthorized access or data theft. The attack highlights the importance of addressing and securing SSRF vulnerabilities to protect sensitive systems and data from malicious exploitation. |
| 2025-03-12 2025 | Java Axios Package Vulnerability Threatens Millions of Servers with SSRF ExploitSSRF | A vulnerability in the Java Axios package poses a serious threat to millions of servers due to a Server-Side Request Forgery (SSRF) exploit. This vulnerability could allow attackers to manipulate a server into making unauthorized requests, potentially leading to data breaches or server compromise. Server administrators are advised to update their Java Axios package to the latest version to mitigate this security risk. |
| 2025-03-12 2025 | Over 400 IPs Actively Exploiting Multiple SSRF Vulnerabilities in the WildSSRF | The content highlights that more than 400 IPs are currently exploiting various Server-Side Request Forgery (SSRF) vulnerabilities in the wild. This indicates a significant threat to online security as attackers are actively targeting these vulnerabilities. It emphasizes the importance of addressing and patching SSRF vulnerabilities to prevent potential cyber attacks and protect sensitive data. |
| 2025-01-16 2025 | Veeam Azure Backup Vulnerability Allows Attackers to Utilize SSRF & Send Unauthorized RequestsSSRF | A vulnerability in Veeam Azure Backup enables attackers to exploit Server-Side Request Forgery (SSRF) to send unauthorized requests. This vulnerability poses a security risk as it allows attackers to manipulate requests and potentially access unauthorized data or services. It is crucial for users of Veeam Azure Backup to be aware of this vulnerability and take necessary precautions to mitigate the risk of unauthorized access and data breaches. |
| 2024-12-05 2024 | ChatGPT Next Web vulnerability Let Attackers exploit endpoint to Perform SSRFSSRF | The ChatGPT Next Web vulnerability allows attackers to exploit an endpoint for Server-Side Request Forgery (SSRF) attacks. This vulnerability could potentially be used by malicious actors to manipulate the server into making unauthorized requests on their behalf. It poses a security risk by enabling attackers to abuse the system through SSRF, a technique that can lead to data breaches or unauthorized access. It is crucial for system administrators and developers to address this vulnerability promptly to prevent exploitation and protect sensitive data. |
| 2020-06-06 2020 | Top 500 Most Important XSS Cheat Sheet for Web Application PentestingXSS | The content discusses the significance of Cross-Site Scripting (XSS) vulnerabilities in web applications and introduces the Top 500 Most Important XSS Cheat Sheet for Web Application Pentesting. XSS is a prevalent vulnerability that can be exploited widely. The cheat sheet likely contains essential information and techniques for identifying and mitigating XSS vulnerabilities during penetration testing. |
| 2017-06-20 2017 | XSSer automated framework to detect, exploit and report XSS vulnerabilitiesXSS | XSSer is an automated framework designed to identify, exploit, and report XSS vulnerabilities. It includes tools like XSS Scanner and Vulnerability Scanner to detect and exploit XSS flaws. The framework also supports Hash Injection techniques. |
| 2017-04-08 2017 | XSSight - Automated XSS Scanner And Payload Injector - GBHackers On SecuritXSS | XSSight is an automated tool that functions as both an XSS scanner and payload injector. It helps detect and exploit cross-site scripting vulnerabilities through payload injection. The tool is designed for vulnerability scanning and identifying XSS issues on websites. |