gbhackers.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-05-14.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-05-14 2026 | Windows DNS Client Security Flaw Exposes Systems to Remote Code ExecutionRCE | A critical security vulnerability has been discovered in the Windows DNS client that could allow remote attackers to execute arbitrary code on affected systems. The flaw, known as CVE-2023-38038, is a remote code execution vulnerability. While the article mentions a critical severity, no specific bug bounty payout amount is stated. This vulnerability requires attackers to trick users into visiting a malicious website or opening a malicious file to exploit. Microsoft has released security updates to address this issue. |
| 2026-05-14 2026 | GitLab Security Flaw Allows Cross-Site Scripting and Unauthenticated DoSXSS | A critical GitLab security vulnerability has been disclosed, enabling both Cross-Site Scripting (XSS) and unauthenticated Denial-of-Service (DoS) attacks. The flaw potentially allows attackers to execute malicious scripts within a user's browser and disrupt GitLab services without needing to log in. Further details regarding the specific exploit and its impact are available in the provided link. No bug bounty payout amount was stated in the content. |
| 2026-05-14 2026 | Critical Exim Mailer Flaw Enables Remote Code Execution AttacksRCE | A critical vulnerability has been discovered in Exim Mailer, a widely used mail transfer agent. This flaw allows for remote code execution, meaning attackers can potentially run unauthorized code on affected servers without any user interaction. This is a serious security risk, as it could enable a variety of malicious activities, including data theft, server takeovers, and the spread of malware. Organizations using Exim are strongly advised to update their software to the latest version to patch this vulnerability and protect their systems. No bounty payout amount is mentioned in the provided content. |
| 2026-05-14 2026 | PoC Released for 18-Year-Old NGINX Flaw Allowing Remote Code ExecutionRCE | A proof-of-concept (PoC) exploit has been released for an 18-year-old vulnerability in NGINX that allows for remote code execution. This discovery highlights the persistent risk of older, unpatched software. The PoC's public availability increases the urgency for users to update their NGINX instances to mitigate potential exploitation. No bounty payout amount is mentioned in the provided content. |
| 2026-05-14 2026 | Langflow CVE-2026-33017 Exploited to Steal AWS Keys Deploy NATS WorkerAPI Sec | Langflow CVE-2026-33017 Exploited to Steal AWS Keys, Deploy NATS Worker https://ift.tt/zdHZtrD |
| 2026-05-13 2026 | JDownloader Hack Spreads New Python RATPython | A new Python Remote Access Trojan (RAT) is being distributed through a hack of the popular JDownloader application. Attackers are leveraging legitimate JDownloader update servers to push the malware, making it appear as a trusted software update. This sophisticated attack vector allows the RAT to gain a foothold on victim systems, potentially leading to data theft or further malicious activity. The distribution method highlights the evolving tactics of cybercriminals in bypassing security measures. |
| 2026-05-13 2026 | New PoC Exploit Published for Microsoft Defender 0-Day FlawBug Bounty | A new Proof of Concept (PoC) exploit has been released for a zero-day flaw in Microsoft Defender. This vulnerability was recently disclosed and allows for remote code execution. The publication of this PoC increases the risk of the vulnerability being exploited in the wild, as it provides a practical demonstration of how to leverage the flaw. Microsoft is likely working on a patch to address this security issue. |
| 2026-05-13 2026 | PHP SOAP Extension Flaw Could Let Attackers Execute Code RemotelyRCE | A critical vulnerability in PHP's SOAP extension allows remote code execution. Attackers can exploit this flaw by sending specially crafted SOAP requests, potentially leading to a complete compromise of affected systems. This could enable attackers to gain unauthorized access, steal sensitive data, or disrupt services. Users are strongly advised to update their PHP installations to the latest version to patch this security risk. |
| 2026-05-12 2026 | SAP Releases Patch for Critical SQL Injection Flaw in S/4HANASQLi | SAP has released a patch to address a critical SQL injection vulnerability in its S/4HANA software. This flaw, identified as CVE-2023-33906, allows unauthorized attackers to execute arbitrary SQL statements, potentially leading to data breaches or system compromise. The vulnerability was discovered by a security researcher. SAP urges all S/4HANA users to apply the patch promptly to mitigate this risk. No specific bug bounty payout amount was mentioned. |
| 2026-05-12 2026 | Open WebUI File Upload Vulnerability Enables 1-Click RCE AttackRCE | A critical file upload vulnerability has been discovered in Open WebUI, allowing for a 1-click Remote Code Execution (RCE) attack. This severe flaw means attackers can potentially gain control of systems running Open WebUI by exploiting this single vulnerability. Further details and the exploit mechanism are available at the provided link. No bounty payout amount was specified in the content. |
| 2026-05-12 2026 | Cline AI Agent Flaw Allows Attackers to Launch RCE AttacksRCE | A critical vulnerability has been discovered in the Cline AI Agent, allowing attackers to execute arbitrary code remotely (RCE). This flaw potentially exposes users to significant security risks. Further details and mitigation strategies are expected as the situation develops. No specific payout amount for reporting this bug was mentioned. |
| 2026-05-12 2026 | Checkmarx Jenkins AST Plugin Compromised in KICS Supply Chain AttackSupply Chain | Checkmarx Jenkins AST Plugin Compromised in KICS Supply Chain Attack https://ift.tt/5VXPZUo |
| 2026-05-10 2026 | Multiple Critical Flaws Fixed in Next.js and React Server ComponentsSSRF | Next.js and React Server Components have addressed several critical security vulnerabilities. While the specific flaws are not detailed in the provided text, the fix indicates potential risks to applications utilizing these technologies have been mitigated. The content emphasizes the importance of applying these updates to maintain application security. No bug bounty payout amounts are mentioned. |
| 2026-05-07 2026 | Redis Security Flaws Expose Servers to Remote Code Execution RisksRCE | Redis security flaws have been discovered that allow for remote code execution (RCE). These vulnerabilities enable attackers to bypass authentication and execute arbitrary commands on affected Redis servers. This could lead to significant data breaches and system compromises. Users are strongly advised to update their Redis installations to the latest patched versions to mitigate these risks. The severity of these flaws necessitates prompt action to protect sensitive data and infrastructure. |
| 2026-05-07 2026 | Critical vm2 Node.js Library Flaws Enable Arbitrary Code Execution AttacksRCE | Critical vulnerabilities have been discovered in the vm2 Node.js library, enabling attackers to execute arbitrary code. This means that malicious actors could potentially run their own code on systems using the vulnerable library. Further details and the implications of these security flaws can be found in the linked article. |
| 2026-05-05 2026 | Critical Weaver E-cology RCE Exploit Raises Alarm for Enterprise SystemsRCE | A critical Remote Code Execution (RCE) vulnerability has been discovered in Weaver E-cology, a widely used enterprise collaboration platform. This flaw allows attackers to potentially gain unauthorized access and control over sensitive systems. The exploit poses a significant security risk for organizations relying on Weaver E-cology, necessitating urgent patching and security updates to prevent potential breaches and data compromise. Further details on the technical aspects and impact can be found at the provided link. |
| 2026-05-05 2026 | Qualcomm Chipset Vulnerabilities Raise Alarm Over Remote Code Execution RiskMobileRCE | Qualcomm Chipset Vulnerabilities Raise Alarm Over Remote Code Execution Risk https://ift.tt/SDm65Vh |
| 2026-05-05 2026 | Critical Android Zero-Click Vulnerability Enables Remote Shell AccessMobileRCE | A critical zero-click vulnerability in Android allows attackers to gain remote shell access without user interaction. This flaw, disclosed via a brief article, enables unauthorized control over affected devices. The vulnerability's nature suggests a severe security risk, potentially compromising sensitive data and device functionality. Further details on the exploit's technical aspects and the affected Android versions are not provided in this summary. |
| 2026-05-05 2026 | pnpm 11 Enables Default Release-Age Guard to Curb npm Supply Chain AttacksSupply Chain | pnpm version 11 introduces a default release-age guard to mitigate npm supply chain attacks. This new feature aims to enhance security by preventing the installation of packages that haven't been released for a minimum period. The update focuses on bolstering defenses against potential vulnerabilities introduced through the npm ecosystem, promoting a safer development environment. |
| 2026-05-05 2026 | Apache HTTP Server Vulnerability Exposes Millions to Remote Code Execution ThreatsRCE | A critical vulnerability has been discovered in the Apache HTTP Server, potentially exposing millions of users to remote code execution (RCE) threats. The vulnerability, identified in specific versions of the widely used web server software, allows attackers to execute arbitrary code on affected systems. This could lead to data breaches, service disruptions, and further compromise of networks. Users are strongly advised to update their Apache HTTP Server installations to the patched versions as soon as possible to mitigate this significant security risk. Further details and mitigation steps are available at the provided link. |
| 2026-05-04 2026 | New Apache MINA Vulnerabilities Open Door to Remote Code Execution AttacksRCE | New Apache MINA Vulnerabilities Open Door to Remote Code Execution Attacks https://ift.tt/lJo3mVY |
| 2026-05-04 2026 | FreeBSD Systems at Risk From DHCP Client RCE VulnerabilityRCE | FreeBSD systems are vulnerable to a critical Remote Code Execution (RCE) bug in their DHCP client. This vulnerability, identified as CVE-2023-27473, allows an attacker on a local network to gain root privileges. The issue arises from improper handling of crafted DHCP responses. FreeBSD has released patched versions of its operating system (FreeBSD 13.2-RELEASE-p2, FreeBSD 13.1-RELEASE-p7, and FreeBSD 12.3-RELEASE-p8) to address this serious security flaw. Users are strongly advised to update their systems immediately to mitigate the risk. |
| 2026-05-01 2026 | Jenkins Plugin Updates Fix Path Traversal and Stored XSS BugsXSS | Jenkins Plugin Updates Fix Path Traversal and Stored XSS Bugs https://ift.tt/Sz0kM2u |
| 2026-05-01 2026 | Ruby Gems and Go Modules Used in Campaign Targeting GitHub ActionsSupply Chain | Attackers are exploiting Ruby Gems and Go Modules to compromise GitHub Actions. Malicious code, disguised as legitimate dependencies, is being injected into projects. When developers pull these compromised packages, their GitHub Actions workflows can be taken over. This allows attackers to execute arbitrary code, steal secrets, and potentially gain access to sensitive information or further compromise infrastructure. The campaign highlights the risks associated with supply chain attacks on software development pipelines. |
| 2026-04-30 2026 | ProFTPD SQL Injection Flaw Opens Door To Remote Code Execution AttacksRCESQLi | A critical SQL injection vulnerability has been discovered in ProFTPD, a popular FTP server. This flaw allows attackers to execute arbitrary SQL queries, potentially leading to remote code execution (RCE). By manipulating configuration settings that utilize SQL, attackers can bypass authentication and gain unauthorized access to systems. This vulnerability poses a significant risk to servers running vulnerable versions of ProFTPD, enabling them to be compromised and used for malicious purposes. |
| 2026-04-29 2026 | SLOTAGENT Malware Hides API Calls and Strings to Thwart AnalysisAPI Sec | SLOTAGENT, a new malware variant, employs sophisticated techniques to evade detection and analysis. It meticulously hides its API calls and critical strings, making it difficult for security researchers to understand its functionalities. This obfuscation aims to hinder malware analysis and delay the development of effective countermeasures. The specific payout amount for any bug bounty related to SLOTAGENT is not mentioned in the provided content. |
| 2026-04-29 2026 | GitHub.com and Enterprise Server Vulnerability Allows Remote Code ExecutionRCESupply Chain | A critical vulnerability affecting GitHub.com and GitHub Enterprise Server allows for remote code execution (RCE). This means attackers could potentially run arbitrary code on vulnerable systems without needing prior authentication. The severity of this flaw necessitates prompt patching by affected users. Specific details about exploitation or the impact of the vulnerability are limited, but RCE flaws are generally considered high-risk due to their potential for complete system compromise. |
| 2026-04-28 2026 | Hugging Face LeRobot Flaw Opens Door to Remote Code Execution AttacksRCESupply Chain | A critical vulnerability has been discovered in Hugging Face's LeRobot library, potentially allowing remote code execution. The flaw, detailed in a security advisory, enables attackers to exploit the library to gain unauthorized control over systems. This discovery highlights significant security risks for users and developers relying on LeRobot. No specific bounty payout amount was mentioned in the provided content. |
| 2026-04-28 2026 | Critical LiteLLM Flaw Enables Database Attacks Through SQL InjectionSQLi | A critical vulnerability has been discovered in LiteLLM, an open-source library facilitating access to various LLM APIs. This flaw allows for SQL injection attacks, potentially enabling unauthorized access and manipulation of backend databases. Researchers have disclosed this vulnerability, highlighting the significant security risk it poses to applications using LiteLLM. Details of the vulnerability and its implications were published, emphasizing the need for prompt patching and security updates. No specific payout amount was mentioned in the provided content. |
| 2026-04-28 2026 | ClickUp Security Flaw Exposes 959 Emails Linked to Major Fortune 500 FirmsAPI Sec | A security flaw in the project management tool ClickUp has potentially exposed 959 emails associated with employees of major Fortune 500 companies. The vulnerability allowed unauthorized access to this sensitive information, raising concerns about data privacy and security for these large corporations. Details on the specific nature of the flaw or any disclosed payout amounts were not provided in the summary. |
| 2026-04-27 2026 | Critical Gemini CLI Flaw Raises Supply Chain Security ConcernsRCESupply Chain | A critical flaw in the Gemini Command Line Interface (CLI) has been discovered, posing significant supply chain security risks. This vulnerability could allow attackers to compromise systems that use the Gemini CLI. The exact payout amount for the bug bounty is not stated in the provided content. This discovery highlights the ongoing importance of robust security practices within software development pipelines. |
| 2026-04-27 2026 | Metabase Enterprise RCE Flaw Now Has Public Proof-of-Concept ExploitRCE | A critical Remote Code Execution (RCE) vulnerability has been discovered in Metabase Enterprise. A public proof-of-concept (PoC) exploit is now available, meaning attackers can leverage this flaw to compromise Metabase instances. This poses a significant security risk for organizations using the affected enterprise version. Users are strongly advised to update to the latest version to patch this vulnerability. No specific bounty payout amount was mentioned. |
| 2026-04-24 2026 | GPT-5.5 Bio Bug Bounty Program Aims to Improve AI Safety and PerformanceAIBug Bounty | OpenAI has launched a bug bounty program for its GPT-5.5 Bio model, seeking to enhance AI safety and performance. The program encourages researchers to identify and report vulnerabilities. Details about specific payout amounts are not provided in the content. The initiative aims to proactively address potential issues before widespread deployment. |
| 2026-04-24 2026 | Python Vulnerability Enables Out-of-Bounds Write on WindowsPython | A vulnerability has been discovered in Python that allows for an out-of-bounds write when using the `uuid` module on Windows. This flaw could potentially lead to denial-of-service conditions or even remote code execution under specific circumstances. The vulnerability arises from how Python handles certain UUID formats on Windows. Further details and a technical breakdown are available via the provided link. The content does not specify a bug bounty payout amount. |
| 2026-04-23 2026 | Attackers Exploit LMDeploy Flaw in the Wild Within 12 Hours of AdvisorySSRF | Attackers Exploit LMDeploy Flaw in the Wild Within 12 Hours of Advisory https://ift.tt/xWknlfA |
| 2026-04-23 2026 | Checkmarx KICS Docker Repo Hijacked in Malicious Code Injection AttackSupply Chain | Checkmarx KICS Docker Repo Hijacked in Malicious Code Injection Attack https://ift.tt/ocmvb8S |
| 2026-04-23 2026 | Xinference PyPI Breach Exposes Developers to Cloud Credential TheftSupply Chain | Xinference PyPI Breach Exposes Developers to Cloud Credential Theft https://ift.tt/Tqo2NKg |
| 2026-04-22 2026 | Mozilla Firefox 150 Released With Fixes for Multiple Code Execution VulnerabilitiesRCE | Mozilla Firefox 150 Released With Fixes for Multiple Code Execution Vulnerabilities https://ift.tt/6dEs8aC |
| 2026-04-22 2026 | Critical Spring Authorization Server Issue Exposes Systems to XSS and SSRF AttacksSSRF | Critical Spring Authorization Server Issue Exposes Systems to XSS and SSRF Attacks https://ift.tt/y4laiIW |
| 2026-04-21 2026 | Apache Syncope RCE Vulnerability Detailed After Public Exploit Code ReleaseRCE | Apache Syncope RCE Vulnerability Detailed After Public Exploit Code Release https://ift.tt/hT4dgwi |
| 2026-04-21 2026 | Malicious GGUF Models Could Trigger Remote Code Execution on SGLang ServersRCE | Malicious GGUF Models Could Trigger Remote Code Execution on SGLang Servers https://ift.tt/tE3rbwk |
| 2026-04-21 2026 | CISA Warns Compromised Axios npm Package Fueled Major Supply Chain AttackSupply Chain | CISA Warns Compromised Axios npm Package Fueled Major Supply Chain Attack https://ift.tt/3Sh8QXg |
| 2026-04-21 2026 | Lovable AI App Builder Hit by Reported API Flaw Exposing Thousands of ProjectsAPI Sec | Lovable AI App Builder Hit by Reported API Flaw Exposing Thousands of Projects https://ift.tt/asxTLXh |
| 2026-04-20 2026 | Anthropic MCP Hit by Critical Vulnerability Enabling Remote Code ExecutionAI | Anthropic MCP Hit by Critical Vulnerability Enabling Remote Code Execution https://ift.tt/4HM1zP0 |
| 2026-04-16 2026 | Splunk Enterprise and Cloud Platform Exposed to Dangerous RCE VulnerabilityRCE | Splunk Enterprise and Cloud Platform Exposed to Dangerous RCE Vulnerability https://ift.tt/0zW71Ld |
| 2026-04-15 2026 | Top 10 Best API Security Providers Protecting Web Apps in 2026API Sec | Top 10 Best API Security Providers Protecting Web Apps in 2026 https://ift.tt/LP9XlFY |
| 2026-04-15 2026 | Windows Active Directory Flaw Opens Door to Malicious Code ExecutionRCE | Windows Active Directory Flaw Opens Door to Malicious Code Execution https://ift.tt/6sieTME |
| 2026-04-15 2026 | FortiClient Hit by Severe SQL Injection Vulnerability Enabling Database IntrusionSQLi | FortiClient Hit by Severe SQL Injection Vulnerability Enabling Database Intrusion https://ift.tt/ENselVr |
| 2026-04-14 2026 | Critical etcd Vulnerability Allows Unauthorized Access to Sensitive Cluster APIsAPI Sec | Critical etcd Vulnerability Allows Unauthorized Access to Sensitive Cluster APIs https://ift.tt/pe4316C |
| 2026-04-14 2026 | SAP Patch Day Fixes Critical SQL Injection DoS and Code Injection FlawsSQLi | SAP Patch Day Fixes Critical SQL Injection, DoS, and Code Injection Flaws https://ift.tt/wOQTGjW |
| 2026-04-14 2026 | Hackers Exploit Critical ShowDoc RCE Flaw in Ongoing AttacksRCE | Hackers Exploit Critical ShowDoc RCE Flaw in Ongoing Attacks https://ift.tt/ZcO3Y8e |
| 2026-04-14 2026 | CISA Warns Fortinet SQL Injection Flaw Is Being Actively ExploitedSQLi | CISA Warns Fortinet SQL Injection Flaw Is Being Actively Exploited https://ift.tt/3sSd5jK |
| 2026-04-13 2026 | Critical Axios Vulnerability Enables Remote Code Execution PoC ReleasedRCE | Critical Axios Vulnerability Enables Remote Code Execution, PoC Released https://ift.tt/JolDXhx |
| 2026-04-13 2026 | Marimo RCE Vulnerability Exploited Within 10 Hours of Public DisclosureRCE | Marimo RCE Vulnerability Exploited Within 10 Hours of Public Disclosure https://ift.tt/Gw2u758 |
| 2026-04-10 2026 | GitLab Addresses Multiple Vulnerabilities Linked to DoS and Code InjectionRCE | GitLab Addresses Multiple Vulnerabilities Linked to DoS and Code Injection https://ift.tt/7xtgdP5 |
| 2026-04-10 2026 | Burp Suite Professional 2025.2: Built-in AI IntegrationBurp | Burp Suite Professional 2025.2: Built-in AI Integration |
| 2026-04-10 2026 | Critical Zero-Day RCE in Networking Devices Exposes 70,000+ HostsRCE | Critical Zero-Day RCE in Networking Devices Exposes 70,000+ Hosts |
| 2026-04-09 2026 | Multiple SonicWall Flaws Enable SQL Injection and Privilege Escalation AttacksSQLi | Multiple SonicWall Flaws Enable SQL Injection and Privilege Escalation Attacks https://ift.tt/IWwTAuM |
| 2026-04-08 2026 | Claude Identifies Critical 13-Year-Old RCE Vulnerability in Apache ActiveMQRCE | Claude Identifies Critical 13-Year-Old RCE Vulnerability in Apache ActiveMQ https://ift.tt/dEBfCoy |
| 2026-04-07 2026 | CUPS Vulnerabilities Could Allow Remote Attackers to Achieve Root-Level Code ExecutionRCE | CUPS Vulnerabilities Could Allow Remote Attackers to Achieve Root-Level Code Execution https://ift.tt/wYjmefB |
| 2026-04-07 2026 | Windmill Developer Platform Flaws Expose Users to RCE Attacks Proof-of-Concept PublishedRCE | Windmill Developer Platform Flaws Expose Users to RCE Attacks, Proof-of-Concept Published https://ift.tt/TP7IyrR |
| 2026-04-07 2026 | Attackers Exploit Flowise Injection Vulnerability as 15000 Instances Remain ExposedRCE | Attackers Exploit Flowise Injection Vulnerability as 15,000+ Instances Remain Exposed https://ift.tt/FSIN53K |
| 2026-04-07 2026 | 50000 WordPress Sites Running Ninja Forms Vulnerable to Critical File Upload RCERCE | 50,000 WordPress Sites Running Ninja Forms Vulnerable to Critical File Upload RCE https://ift.tt/lyKOd6c |
| 2026-04-06 2026 | 2000 FortiClient EMS Instances Exposed Online as Attackers Exploit Active RCE FlawRCE | 2,000+ FortiClient EMS Instances Exposed Online as Attackers Exploit Active RCE Flaw https://ift.tt/e3stSz8 |
| 2026-04-03 2026 | CISA Warns of Craft CMS Code Injection Flaw Exploited in Active AttacksRCE | CISA Warns of Craft CMS Code Injection Flaw Exploited in Active Attacks https://ift.tt/VpJB7hM |
| 2026-04-03 2026 | New Progress ShareFile Flaws Expose Servers to Unauthorized Remote TakeoverRCE | New Progress ShareFile Flaws Expose Servers to Unauthorized Remote Takeover https://ift.tt/ZupJCrH |
| 2026-04-02 2026 | Top 10 Best Dynamic Application Security Testing (DAST) Platforms in 2026Burp | Top 10 Best Dynamic Application Security Testing (DAST) Platforms in 2026 https://ift.tt/W8V2b1i |
| 2026-03-30 2026 | Stored XSS Vulnerability in Jira Work Management Could Enable Full Organization TakeoverXSS | Stored XSS Vulnerability in Jira Work Management Could Enable Full Organization Takeover https://ift.tt/NBDfQXj |
| 2026-03-17 2026 | Angular XSS Vulnerability Threatens Thousands of Web ApplicationsXSS | Angular XSS Vulnerability Threatens Thousands of Web Applications https://ift.tt/CsxVb9J |
| 2026-03-03 2026 | Angular i18n Flaw Lets Hackers Execute Malicious Code via Critical XSS VulnerabilityXSS | Angular i18n Flaw Lets Hackers Execute Malicious Code via Critical XSS Vulnerability https://ift.tt/Zxys3rh |
| 2026-03-02 2026 | Angular SSR Flaw Enables Unauthorized Server-Side Requests in Web AppsSSRF | A critical vulnerability has been discovered in Angular Server-Side Rendering (SSR) that could allow attackers to perform SSRF. |
| 2026-02-27 2026 | Stored XSS Vulnerability in RustFS Console Puts S3 Admin Credentials at RiskXSS | A stored XSS vulnerability in RustFS Console has been identified, posing a risk to S3 admin credentials. This vulnerability can potentially be exploited to compromise sensitive data stored in S3 buckets. It highlights the importance of addressing security flaws promptly to prevent unauthorized access to critical information. Users are advised to update their systems and take necessary precautions to mitigate the risk of exploitation. |
| 2026-02-26 2026 | Firefox 148 Unveils New Sanitizer API to Mitigate XSS Attacks in Web ApplicationsXSS | Firefox version 148 introduces a new Sanitizer API to combat XSS (cross-site scripting) attacks in web applications. This new feature aims to enhance security by sanitizing user input and preventing malicious scripts from executing. XSS attacks are a common vulnerability exploited by attackers to inject harmful code into websites. The Sanitizer API in Firefox 148 offers a proactive defense mechanism to safeguard web applications and protect users from potential security threats. |
| 2026-02-20 2026 | Critical Jenkins Flaw Exposes Build Environments to XSS AttacksXSS | A critical flaw in Jenkins exposes build environments to cross-site scripting (XSS) attacks. The vulnerability could allow attackers to inject malicious scripts into Jenkins builds, potentially leading to unauthorized access or data theft. Jenkins users are advised to update their software to the latest version to mitigate the risk of exploitation. |
| 2026-02-17 2026 | Langchain Community SSRF Bypass Vulnerability Exposes Internal Services to Unauthorized AccessSSRF | The Langchain Community SSRF Bypass Vulnerability allows unauthorized access to internal services. This vulnerability exposes sensitive information to potential attackers. It is crucial for Langchain Community to address this issue promptly to prevent unauthorized access and protect their internal services from exploitation. |
| 2026-02-13 2026 | Zimbra Issues Security Update to Address XSS XXE and LDAP Injection FlawsXSS | Zimbra has released a security update to fix vulnerabilities including XSS, XXE, and LDAP injection flaws. These flaws could potentially be exploited by attackers to compromise the security of Zimbra systems. Users are advised to promptly apply the security update to protect their systems from these vulnerabilities. |
| 2026-02-11 2026 | GitLab Patches Multiple Vulnerabilities Enabling DoS and Cross-Site Scripting AttacksXSS | GitLab has addressed several vulnerabilities that could lead to Denial of Service (DoS) and Cross-Site Scripting (XSS) attacks. These vulnerabilities have been patched to prevent potential exploitation. It is crucial for GitLab users to update their systems promptly to mitigate the risks associated with these security flaws. |
| 2026-02-04 2026 | CISA Warns of Exploited GitLab Community and Enterprise SSRF VulnerabilitySSRF | The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a serious Server-Side Request Forgery (SSRF) vulnerability in GitLab Community and Enterprise editions that is being actively exploited. This vulnerability could allow attackers to send unauthorized requests from the server, potentially leading to data breaches or server compromise. Organizations using GitLab are advised to update to the latest version to patch this vulnerability and enhance their security posture. |
| 2026-01-17 2026 | Critical XSS Vulnerabilities in Meta Conversion API Enable Zero-Click Account TakeoverXSS | The content discusses critical Cross-Site Scripting (XSS) vulnerabilities found in Meta Conversion API that allow attackers to take over accounts without any user interaction, known as Zero-Click Account Takeover. These vulnerabilities pose a significant security risk and highlight the importance of addressing XSS issues promptly to prevent unauthorized access to user accounts. |
| 2026-01-13 2026 | New Angular Vulnerability Allows Attackers to Execute Malicious PayloadsXSS | A new vulnerability in Angular has been discovered, enabling attackers to execute malicious payloads. This security flaw poses a risk to systems using Angular, potentially allowing unauthorized code execution. Organizations using Angular should be vigilant and apply patches or updates to mitigate this vulnerability. It is crucial to stay informed about security risks and promptly address any vulnerabilities to protect systems and data from exploitation by malicious actors. |
| 2026-01-12 2026 | Critical Apache Struts 2 Flaw Could Let Attackers Steal Sensitive DataSSRF | A critical vulnerability in Apache Struts 2 has been identified, allowing attackers to potentially steal sensitive data. The flaw poses a significant security risk and could lead to data breaches if exploited. Users of Apache Struts 2 are advised to update their systems immediately to patch the vulnerability and prevent potential attacks. Vigilance and prompt action are crucial to safeguard sensitive information and protect against unauthorized access. |
| 2026-01-09 2026 | OWASP CRS Vulnerability Enables Charset Validation BypassXSS | The content discusses a vulnerability in the OWASP CRS (Core Rule Set) that allows attackers to bypass charset validation. This vulnerability could potentially be exploited by malicious actors to evade security measures and launch attacks. It highlights the importance of addressing and patching vulnerabilities promptly to enhance cybersecurity defenses and protect systems from potential threats. |
| 2025-12-19 2025 | New Kibana Vulnerabilities Allow Attackers to Embed Malicious ScriptsXSS | New vulnerabilities in Kibana allow attackers to insert malicious scripts. This poses a security risk as attackers can potentially execute harmful actions through these scripts. It is important for users of Kibana to be aware of these vulnerabilities and take necessary precautions to prevent unauthorized access and protect their systems from potential attacks. Regularly updating Kibana and implementing security best practices can help mitigate the risk of exploitation through these vulnerabilities. |
| 2025-11-27 2025 | Apache SkyWalking Flaw Allows Attackers to Launch XSS AttacksXSS | A vulnerability in Apache SkyWalking allows attackers to carry out Cross-Site Scripting (XSS) attacks. This flaw can be exploited by malicious actors to inject and execute malicious scripts on web pages viewed by users, potentially leading to unauthorized data access or manipulation. Organizations using Apache SkyWalking should be aware of this security issue and take necessary precautions to mitigate the risk of XSS attacks. Regularly updating software and implementing security best practices can help protect against such vulnerabilities. |
| 2025-11-13 2025 | Kibana Vulnerabilities Expose Systems to SSRF and XSS AttacksXSS | Kibana, a data visualization tool, has vulnerabilities that can lead to Server-Side Request Forgery (SSRF) and Cross-Site Scripting (XSS) attacks. These vulnerabilities expose systems to potential security risks. It is crucial for users of Kibana to be aware of these vulnerabilities and take necessary steps to mitigate the risks associated with SSRF and XSS attacks. |
| 2025-11-13 2025 | Citrix NetScaler ADC and Gateway Flaw Allows Cross-Site Scripting (XSS) AttacksXSS | A vulnerability in Citrix NetScaler ADC and Gateway allows for Cross-Site Scripting (XSS) attacks. This flaw can be exploited by attackers to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized access, data theft, or other security risks. Organizations using these Citrix products should be aware of this vulnerability and take necessary steps to mitigate the risk, such as applying patches or implementing security measures to prevent XSS attacks. |
| 2025-11-12 2025 | Hackers Exploit SSRF Flaw in Custom GPTs to Steal ChatGPT SecretsSSRF | Hackers have utilized a Server-Side Request Forgery (SSRF) vulnerability in customized GPTs to access and steal confidential information from ChatGPT. This security flaw allowed unauthorized individuals to exploit the system and extract sensitive data. It highlights the importance of addressing vulnerabilities promptly to safeguard against cyber threats and protect valuable information. |
| 2025-10-30 2025 | Reflected XSS Flaw Enables Attackers to Evade Amazon CloudFront Protection Using SafariXSS | A reflected XSS flaw has been identified that allows attackers to bypass Amazon CloudFront protection when using Safari. This vulnerability poses a risk as it enables attackers to execute malicious scripts on websites, potentially compromising user data and security. It highlights the importance of staying vigilant against such vulnerabilities and regularly updating security measures to protect against cyber threats. |
| 2025-10-21 2025 | CISA Warns of Oracle E-Business Suite SSRF Vulnerability Actively Exploited in AttacksSSRF | The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about a vulnerability in Oracle E-Business Suite known as SSRF, which is being actively exploited in attacks. This vulnerability allows attackers to send unauthorized requests from the affected system, potentially leading to further compromise. Organizations using Oracle E-Business Suite are advised to apply security patches and take necessary precautions to protect their systems from exploitation. |
| 2025-10-18 2025 | Critical Zimbra SSRF Flaw Exposes Sensitive DataSSRF | A critical security flaw in Zimbra has been identified, allowing Server-Side Request Forgery (SSRF) attacks that can expose sensitive data. This vulnerability poses a significant risk to data security. Users of Zimbra should be aware of this flaw and take immediate action to mitigate the potential impact on their sensitive information. |
| 2025-09-10 2025 | Multiple Vulnerabilities in GitLab Patched Blocking DoS and SSRF Attack VectorsSSRF | GitLab recently patched multiple vulnerabilities, preventing Denial of Service (DoS) and Server-Side Request Forgery (SSRF) attack vectors. These vulnerabilities posed potential security risks to GitLab users. The patches implemented by GitLab aim to enhance the platform's security and protect users from these types of attacks. Users are advised to update their GitLab installations promptly to ensure they are protected against these vulnerabilities. |
| 2025-08-14 2025 | Top 500 Most Important XSS Cheat Sheet for Web Application PentestingXSS | The content is a list of the top 500 most important XSS cheat sheet items for web application pentesting. It likely includes key information and techniques related to cross-site scripting vulnerabilities that can be used by security professionals to test the security of web applications. |
| 2025-08-14 2025 | XSSer automated framework to detect, exploit and report XSS vulnerabilitiesXSS | XSSer is an automated framework designed to identify, exploit, and report cross-site scripting (XSS) vulnerabilities. It streamlines the process of detecting and exploiting XSS vulnerabilities, making it easier for security professionals to identify and address these issues efficiently. By automating these tasks, XSSer helps enhance the security of web applications by identifying potential vulnerabilities and providing reports on them. |
| 2025-08-14 2025 | XSSight - Automated XSS Scanner And Payload Injector - GBHackers On SecuritXSS | XSSight is an automated XSS scanner and payload injector featured on GBHackers On Security. It is a tool designed to detect and exploit cross-site scripting vulnerabilities in web applications. XSSight streamlines the process of identifying XSS flaws and injecting payloads to test the security of websites. This tool can help security professionals and ethical hackers in finding and addressing XSS vulnerabilities efficiently. |
| 2025-08-11 2025 | Xerox FreeFlow Flaws Enable SSRF and Remote Code ExecutionSSRF | The Xerox FreeFlow software has been found to have vulnerabilities that allow for Server-Side Request Forgery (SSRF) and remote code execution. These flaws can potentially be exploited by attackers to manipulate server requests and execute malicious code remotely. It is crucial for users of Xerox FreeFlow to be aware of these vulnerabilities and take necessary precautions to secure their systems against potential attacks. |
| 2025-06-19 2025 | Open Next SSRF Flaw in Cloudflare Lets Hackers Fetch Data from Any HostSSRF | A new SSRF (Server-Side Request Forgery) vulnerability in Cloudflare allows hackers to retrieve data from any host. This flaw poses a security risk as it enables unauthorized access to sensitive information. It is important for Cloudflare to address and patch this vulnerability promptly to prevent exploitation by malicious actors. |
| 2025-05-05 2025 | Hackers Exploit Email Fields to Launch XSS and SSRF AttacksSSRF | Hackers are using email fields to launch XSS (Cross-Site Scripting) and SSRF (Server-Side Request Forgery) attacks. By manipulating email fields, attackers can inject malicious code into websites or trick servers into making unauthorized requests. These attacks can lead to data breaches, unauthorized access, and other security threats. Organizations should implement security measures to protect against these exploits, such as input validation, sanitization of user inputs, and monitoring for suspicious activities in email fields. Vigilance and proactive security measures are crucial to prevent these types of attacks. |
| 2025-03-18 2025 | Hackers Exploit SSRF Vulnerability to Attack OpenAIs ChatGPT InfrastructureSSRF | Hackers targeted OpenAI's ChatGPT infrastructure by exploiting a Server-Side Request Forgery (SSRF) vulnerability. This vulnerability allowed attackers to manipulate the server into making requests on their behalf, potentially leading to unauthorized access or data theft. The attack highlights the importance of addressing and securing SSRF vulnerabilities to protect sensitive systems and data from malicious exploitation. |
| 2025-03-12 2025 | Java Axios Package Vulnerability Threatens Millions of Servers with SSRF ExploitSSRF | A vulnerability in the Java Axios package poses a serious threat to millions of servers due to a Server-Side Request Forgery (SSRF) exploit. This vulnerability could allow attackers to manipulate a server into making unauthorized requests, potentially leading to data breaches or server compromise. Server administrators are advised to update their Java Axios package to the latest version to mitigate this security risk. |
| 2025-03-12 2025 | Over 400 IPs Actively Exploiting Multiple SSRF Vulnerabilities in the WildSSRF | The content highlights that more than 400 IPs are currently exploiting various Server-Side Request Forgery (SSRF) vulnerabilities in the wild. This indicates a significant threat to online security as attackers are actively targeting these vulnerabilities. It emphasizes the importance of addressing and patching SSRF vulnerabilities to prevent potential cyber attacks and protect sensitive data. |
| 2025-01-16 2025 | Veeam Azure Backup Vulnerability Allows Attackers to Utilize SSRF & Send Unauthorized RequestsSSRF | A vulnerability in Veeam Azure Backup enables attackers to exploit Server-Side Request Forgery (SSRF) to send unauthorized requests. This vulnerability poses a security risk as it allows attackers to manipulate requests and potentially access unauthorized data or services. It is crucial for users of Veeam Azure Backup to be aware of this vulnerability and take necessary precautions to mitigate the risk of unauthorized access and data breaches. |
| 2024-12-05 2024 | ChatGPT Next Web vulnerability Let Attackers exploit endpoint to Perform SSRFSSRF | The ChatGPT Next Web vulnerability allows attackers to exploit an endpoint for Server-Side Request Forgery (SSRF) attacks. This vulnerability could potentially be used by malicious actors to manipulate the server into making unauthorized requests on their behalf. It poses a security risk by enabling attackers to abuse the system through SSRF, a technique that can lead to data breaches or unauthorized access. It is crucial for system administrators and developers to address this vulnerability promptly to prevent exploitation and protect sensitive data. |
| 2020-06-06 2020 | Top 500 Most Important XSS Cheat Sheet for Web Application PentestingXSS | The content discusses the significance of Cross-Site Scripting (XSS) vulnerabilities in web applications and introduces the Top 500 Most Important XSS Cheat Sheet for Web Application Pentesting. XSS is a prevalent vulnerability that can be exploited widely. The cheat sheet likely contains essential information and techniques for identifying and mitigating XSS vulnerabilities during penetration testing. |
| 2017-06-20 2017 | XSSer automated framework to detect, exploit and report XSS vulnerabilitiesXSS | XSSer is an automated framework designed to identify, exploit, and report XSS vulnerabilities. It includes tools like XSS Scanner and Vulnerability Scanner to detect and exploit XSS flaws. The framework also supports Hash Injection techniques. |
| 2017-04-08 2017 | XSSight - Automated XSS Scanner And Payload Injector - GBHackers On SecuritXSS | XSSight is an automated tool that functions as both an XSS scanner and payload injector. It helps detect and exploit cross-site scripting vulnerabilities through payload injection. The tool is designed for vulnerability scanning and identifying XSS issues on websites. |