techgig.com
Resources curated from this publisher and indexed across appsec.fyi topic pages. Last item added: 2026-07-17.
| Date Added | Resource | Excerpt |
|---|---|---|
| 2026-07-17 2026 | Intruder's AI pipeline automates zero-day vulnerability discoverySQLi | Library employing LLMs and Joern for automated zero-day vulnerability discovery and exploitation, including program slicing to address the 'focus problem' in large codebases. This pipeline recently identified CVE-2026-3985, a SQL injection in the WordPress Creative Mail plugin, demonstrating fully automated exploitation without human input, signaling a need for security teams to adapt to AI-driven threats. |
| 2026-06-19 2026 | Microsoft AntiSSRF Library Blocks Server-Side Request ForgerySSRF | Library that validates URLs and network connections for .NET and Node.js applications, mitigating server-side request forgery (SSRF) risks. AntiSSRF acts as a drop-in component, checking untrusted input against policies that can define allowed/denied addresses, block plain-text HTTP, and enforce header requirements, preventing data leakage, service disruption, and remote code execution. |
| 2026-06-15 2026 | Spring Boot 4.1 Adds gRPC Auto-Configuration SSRF MitigationSSRF | Library update Spring Boot 4.1 introduces gRPC auto-configuration for both server and client, alongside HTTP-client SSRF mitigation via an `InetAddressFilter` for enhanced security. It also upgrades Kotlin to 2.3, adds lazy datasource connections for faster startup, and improves OpenTelemetry support. Dependency updates include Micrometer 1.17, Reactor 2025.0.6, and gRPC Java 1.80.0. |
| 2026-06-10 2026 | OpenSSL patches critical vulnerability enabling remote code executionRCE | Library patches address 18 vulnerabilities, including critical CVE-2026-45447, a heap user-after-free bug in PKCS#7 verification that can lead to remote code execution. Moderate flaws allow decryption and forgery, with one bypassing authentication via fake certificates. Low-severity issues also resolved, impacting DoS and private key security. |
| 2026-05-25 2026 | Ghost CMS Users Under Attack: Why Developers Must Act FastSQLi | Writeup on CVE-2026-26980, an actively exploited SQL injection vulnerability in Ghost CMS, impacting over 700 domains. Attackers leverage this flaw, combined with ClickFix social engineering tactics, to steal admin API keys and inject JavaScript. Mitigation involves upgrading to Ghost 6.19.1, rotating keys, auditing admin access, monitoring server logs, and training teams against suspicious prompts. |