Mastodon 🐘

Pyrzout :vm:Critical Next.js auth bypass vulnerability opens web apps to compromise (CVE-2025-29927) <a href="https://www.helpnetsecurity.com/2025/03/24/critical-next-js-auth-bypass-vulnerability-opens-web-apps-to-compromise-cve-2025-29927/" rel="nofollow noopener" translate="no" target="_blank">https://www.helpnetsecurity.com/2025/03/24/critical-next-js-auth-bypass-vulnerability-opens-web-apps-to-compromise-cve-2025-29927/</a> <a href="https://social.skynetcloud.site/tags/webapplicationsecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#webapplicationsecurity</a> <a href="https://social.skynetcloud.site/tags/ProjectDiscovery" class="mention hashtag" rel="nofollow noopener" target="_blank">#ProjectDiscovery</a> <a href="https://social.skynetcloud.site/tags/webdevelopment" class="mention hashtag" rel="nofollow noopener" target="_blank">#webdevelopment</a> <a href="https://social.skynetcloud.site/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#vulnerability</a> <a href="https://social.skynetcloud.site/tags/Cloudflare" class="mention hashtag" rel="nofollow noopener" target="_blank">#Cloudflare</a> <a href="https://social.skynetcloud.site/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensource</a> <a href="https://social.skynetcloud.site/tags/Don" class="mention hashtag" rel="nofollow noopener" target="_blank">#Don</a>'tmiss <a href="https://social.skynetcloud.site/tags/framework" class="mention hashtag" rel="nofollow noopener" target="_blank">#framework</a> <a href="https://social.skynetcloud.site/tags/Hotstuff" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hotstuff</a> <a href="https://social.skynetcloud.site/tags/Next" class="mention hashtag" rel="nofollow noopener" target="_blank">#Next</a>.js <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#News</a> <a href="https://social.skynetcloud.site/tags/PoC" class="mention hashtag" rel="nofollow noopener" target="_blank">#PoC</a>

🦠Toxic Flange (Gurjeet)🔬⚱️🌚Has anyone used <a href="https://infosec.exchange/tags/projectdiscovery" class="mention hashtag" rel="nofollow noopener" target="_blank">#projectdiscovery</a> suite, or developed Nuclei templates?How well does it work compared to other tools like Greenbone or some other similar scanning suites?It looks.. cumbersome and tech-debt-y full of kludges. I definitely couldn't make anything better or maybe at all, so props for that, however I can see it being a problem in the future, and its weird limitations.<a href="https://infosec.exchange/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a>

Wiz :verified:🚨 Wiz uncovered CVE-2024-43405, a bypass in <a href="https://infosec.exchange/tags/Nuclei" class="mention hashtag" rel="nofollow noopener" target="_blank">#Nuclei</a> enabling code execution. Fixed with <a href="https://infosec.exchange/tags/ProjectDiscovery" class="mention hashtag" rel="nofollow noopener" target="_blank">#ProjectDiscovery</a>. Update to v3.3.2+, Run tools in isolated environments! <a href="https://www.wiz.io/blog/nuclei-signature-verification-bypass" rel="nofollow noopener" translate="no" target="_blank">https://www.wiz.io/blog/nuclei-signature-verification-bypass</a>

Pyrzout :vm:Exploit code for critical GitLab auth bypass flaw released (CVE-2024-45409) <a href="https://www.helpnetsecurity.com/2024/10/09/exploit-cve-2024-45409/" rel="nofollow noopener" translate="no" target="_blank">https://www.helpnetsecurity.com/2024/10/09/exploit-cve-2024-45409/</a> <a href="https://social.skynetcloud.site/tags/ProjectDiscovery" class="mention hashtag" rel="nofollow noopener" target="_blank">#ProjectDiscovery</a> <a href="https://social.skynetcloud.site/tags/authentication" class="mention hashtag" rel="nofollow noopener" target="_blank">#authentication</a> <a href="https://social.skynetcloud.site/tags/securityupdate" class="mention hashtag" rel="nofollow noopener" target="_blank">#securityupdate</a> <a href="https://social.skynetcloud.site/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#vulnerability</a> <a href="https://social.skynetcloud.site/tags/Don" class="mention hashtag" rel="nofollow noopener" target="_blank">#Don</a>'tmiss <a href="https://social.skynetcloud.site/tags/Hotstuff" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hotstuff</a> <a href="https://social.skynetcloud.site/tags/Synactiv" class="mention hashtag" rel="nofollow noopener" target="_blank">#Synactiv</a> <a href="https://social.skynetcloud.site/tags/exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#exploit</a> <a href="https://social.skynetcloud.site/tags/GitLab" class="mention hashtag" rel="nofollow noopener" target="_blank">#GitLab</a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#News</a> <a href="https://social.skynetcloud.site/tags/PoC" class="mention hashtag" rel="nofollow noopener" target="_blank">#PoC</a>

Pyrzout :vm:Critical Zimbra RCE vulnerability under mass exploitation (CVE-2024-45519) <a href="https://www.helpnetsecurity.com/2024/10/02/cve-2024-45519-exploited/" rel="nofollow noopener" translate="no" target="_blank">https://www.helpnetsecurity.com/2024/10/02/cve-2024-45519-exploited/</a> <a href="https://social.skynetcloud.site/tags/ProjectDiscovery" class="mention hashtag" rel="nofollow noopener" target="_blank">#ProjectDiscovery</a> <a href="https://social.skynetcloud.site/tags/vulnerability" class="mention hashtag" rel="nofollow noopener" target="_blank">#vulnerability</a> <a href="https://social.skynetcloud.site/tags/Proofpoint" class="mention hashtag" rel="nofollow noopener" target="_blank">#Proofpoint</a> <a href="https://social.skynetcloud.site/tags/Don" class="mention hashtag" rel="nofollow noopener" target="_blank">#Don</a>'tmiss <a href="https://social.skynetcloud.site/tags/Hotstuff" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hotstuff</a> <a href="https://social.skynetcloud.site/tags/exploit" class="mention hashtag" rel="nofollow noopener" target="_blank">#exploit</a> <a href="https://social.skynetcloud.site/tags/Synacor" class="mention hashtag" rel="nofollow noopener" target="_blank">#Synacor</a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#News</a> <a href="https://social.skynetcloud.site/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE</a> <a href="https://social.skynetcloud.site/tags/PoC" class="mention hashtag" rel="nofollow noopener" target="_blank">#PoC</a>

MassivelyOPFor Science: EVE Online ramps up cancer-fighting Project Discovery with new minigames and rewards 🔗 <a href="https://massivelyop.com/2024/07/30/for-science-eve-online-ramps-up-cancer-fighting-project-discovery-with-new-minigames-and-rewards" rel="nofollow noopener" translate="no" target="_blank">https://massivelyop.com/2024/07/30/for-science-eve-online-ramps-up-cancer-fighting-project-discovery-with-new-minigames-and-rewards</a> <a href="https://mastodon.social/tags/EVEOnline" class="mention hashtag" rel="nofollow noopener" target="_blank">#EVEOnline</a> <a href="https://mastodon.social/tags/ProjectDiscovery" class="mention hashtag" rel="nofollow noopener" target="_blank">#ProjectDiscovery</a> <a href="https://mastodon.social/tags/CitizenScience" class="mention hashtag" rel="nofollow noopener" target="_blank">#CitizenScience</a> <a href="https://mastodon.social/tags/MMORPG" class="mention hashtag" rel="nofollow noopener" target="_blank">#MMORPG</a>

garyinstall go <a href="https://infosec.exchange/tags/golang" class="mention hashtag" rel="nofollow noopener" target="_blank">#golang</a> <a href="https://infosec.exchange/tags/rust" class="mention hashtag" rel="nofollow noopener" target="_blank">#rust</a> <a href="https://infosec.exchange/tags/mold" class="mention hashtag" rel="nofollow noopener" target="_blank">#mold</a> <a href="https://infosec.exchange/tags/projectdiscovery" class="mention hashtag" rel="nofollow noopener" target="_blank">#projectdiscovery</a>/nuclei <a href="https://royzsec.medium.com/install-go-1-21-0-in-ubuntu-22-04-2-in-5-minutes-468a5330c64e" rel="nofollow noopener" translate="no" target="_blank">https://royzsec.medium.com/install-go-1-21-0-in-ubuntu-22-04-2-in-5-minutes-468a5330c64e</a>

MassivelyOPFor Science: EVE Online’s Project Discovery initiative opens signups for mobile testing 🔗 <a href="https://massivelyop.com/2024/04/03/for-science-eve-onlines-project-discovery-initiative-opens-signups-for-mobile-testing" rel="nofollow noopener" translate="no" target="_blank">https://massivelyop.com/2024/04/03/for-science-eve-onlines-project-discovery-initiative-opens-signups-for-mobile-testing</a> <a href="https://mastodon.social/tags/EVEOnline" class="mention hashtag" rel="nofollow noopener" target="_blank">#EVEOnline</a> <a href="https://mastodon.social/tags/ProjectDiscovery" class="mention hashtag" rel="nofollow noopener" target="_blank">#ProjectDiscovery</a>

rffusteCvemap from ProjectDiscovery IntroductionCvemap is a new tool developed by Project Discovery to deliver a structured and easily navigable interface to Common Vulnerabilities and Exposures (CVEs) within multiple databases.It takes a comprehensive approach to prioritize CVEs, moving beyond the usual Common Vulnerability Scoring System (CVSS) score. It looks at <a href="https://www.rffuste.com/2024/02/05/cvemap-from-projectdiscovery/" rel="nofollow noopener" translate="no" target="_blank">https://www.rffuste.com/2024/02/05/cvemap-from-projectdiscovery/</a> <a href="https://infosec.exchange/tags/General" class="mention hashtag" rel="nofollow noopener" target="_blank">#General</a> <a href="https://infosec.exchange/tags/Tutoriales" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tutoriales</a> <a href="https://infosec.exchange/tags/cve" class="mention hashtag" rel="nofollow noopener" target="_blank">#cve</a> <a href="https://infosec.exchange/tags/cvemap" class="mention hashtag" rel="nofollow noopener" target="_blank">#cvemap</a> <a href="https://infosec.exchange/tags/projectDiscovery" class="mention hashtag" rel="nofollow noopener" target="_blank">#projectDiscovery</a> <a href="https://infosec.exchange/tags/tools" class="mention hashtag" rel="nofollow noopener" target="_blank">#tools</a>

Pyrzout :vm:CVEMap: Open-source tool to query, browse and search CVEs <a href="https://www.helpnetsecurity.com/2024/02/01/cvemap-query-browse-search-cve/" rel="nofollow noopener" translate="no" target="_blank">https://www.helpnetsecurity.com/2024/02/01/cvemap-query-browse-search-cve/</a> <a href="https://social.skynetcloud.site/tags/ProjectDiscovery" class="mention hashtag" rel="nofollow noopener" target="_blank">#ProjectDiscovery</a> <a href="https://social.skynetcloud.site/tags/cybersecurity" class="mention hashtag" rel="nofollow noopener" target="_blank">#cybersecurity</a> <a href="https://social.skynetcloud.site/tags/opensource" class="mention hashtag" rel="nofollow noopener" target="_blank">#opensource</a> <a href="https://social.skynetcloud.site/tags/Don" class="mention hashtag" rel="nofollow noopener" target="_blank">#Don</a>'tmiss <a href="https://social.skynetcloud.site/tags/HackerOne" class="mention hashtag" rel="nofollow noopener" target="_blank">#HackerOne</a> <a href="https://social.skynetcloud.site/tags/Hotstuff" class="mention hashtag" rel="nofollow noopener" target="_blank">#Hotstuff</a> <a href="https://social.skynetcloud.site/tags/software" class="mention hashtag" rel="nofollow noopener" target="_blank">#software</a> <a href="https://social.skynetcloud.site/tags/GitHub" class="mention hashtag" rel="nofollow noopener" target="_blank">#GitHub</a> <a href="https://social.skynetcloud.site/tags/News" class="mention hashtag" rel="nofollow noopener" target="_blank">#News</a> <a href="https://social.skynetcloud.site/tags/CISA" class="mention hashtag" rel="nofollow noopener" target="_blank">#CISA</a> <a href="https://social.skynetcloud.site/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE</a>

SΛNJΛYMENØNCVEmapA command-line interface (CLI) tool designed to provide a structured and easily navigable interface to various vulnerability databases<a href="https://blog.projectdiscovery.io/announcing-cvemap-from-projectdiscovery" rel="nofollow noopener" translate="no" target="_blank">https://blog.projectdiscovery.io/announcing-cvemap-from-projectdiscovery</a><a href="https://mastodon.social/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#bugbounty</a> <a href="https://mastodon.social/tags/cve" class="mention hashtag" rel="nofollow noopener" target="_blank">#cve</a> <a href="https://mastodon.social/tags/infosec" class="mention hashtag" rel="nofollow noopener" target="_blank">#infosec</a> <a href="https://mastodon.social/tags/projectdiscovery" class="mention hashtag" rel="nofollow noopener" target="_blank">#projectdiscovery</a> <a href="https://mastodon.social/tags/security" class="mention hashtag" rel="nofollow noopener" target="_blank">#security</a>

Michael WeberLooks like the good folks at Project Discovery have implemented the full F5 RCE attack chain in a Nuclei Template already. That didn't take long at all, I suspect we'll be posting the rest of the blog this week.<a href="https://github.com/projectdiscovery/nuclei-templates/pull/8496" rel="nofollow noopener" translate="no" target="_blank">https://github.com/projectdiscovery/nuclei-templates/pull/8496</a><a href="https://infosec.exchange/tags/CVE202346747" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE202346747</a> <a href="https://infosec.exchange/tags/f5" class="mention hashtag" rel="nofollow noopener" target="_blank">#f5</a> <a href="https://infosec.exchange/tags/nuclei" class="mention hashtag" rel="nofollow noopener" target="_blank">#nuclei</a> <a href="https://infosec.exchange/tags/projectdiscovery" class="mention hashtag" rel="nofollow noopener" target="_blank">#projectdiscovery</a>

:hacker_z: :hacker_o: :hacker_d: :hacker_s: :hacker_e: :hacker_c: 0xD :verified:Best Nuclei scan for beginners. sudo nuclei -u example. com -as This uses wapalyzer to check what technologies it can detect then automatically choose the tags and templates for you. <a href="https://infosec.exchange/tags/z0ds3c" class="mention hashtag" rel="nofollow noopener" target="_blank">#z0ds3c</a> <a href="https://infosec.exchange/tags/nuclei" class="mention hashtag" rel="nofollow noopener" target="_blank">#nuclei</a> <a href="https://infosec.exchange/tags/projectdiscovery" class="mention hashtag" rel="nofollow noopener" target="_blank">#projectdiscovery</a> <a href="https://infosec.exchange/tags/webhacking" class="mention hashtag" rel="nofollow noopener" target="_blank">#webhacking</a> <a href="https://infosec.exchange/tags/webscan" class="mention hashtag" rel="nofollow noopener" target="_blank">#webscan</a>

MassivelyOPEVE Fanfest 2023: EVE players will help cure cancer with new Project Discovery minigame <a href="https://massivelyop.com/2023/09/23/eve-fanfest-2023-eve-players-will-help-cure-cancer-with-new-project-discovery-minigame" rel="nofollow noopener" translate="no" target="_blank">https://massivelyop.com/2023/09/23/eve-fanfest-2023-eve-players-will-help-cure-cancer-with-new-project-discovery-minigame</a> <a href="https://mastodon.social/tags/EVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#EVE</a> <a href="https://mastodon.social/tags/EVEOnline" class="mention hashtag" rel="nofollow noopener" target="_blank">#EVEOnline</a> <a href="https://mastodon.social/tags/EVEFanfest" class="mention hashtag" rel="nofollow noopener" target="_blank">#EVEFanfest</a> <a href="https://mastodon.social/tags/EVEFanfest2023" class="mention hashtag" rel="nofollow noopener" target="_blank">#EVEFanfest2023</a> <a href="https://mastodon.social/tags/ProjectDiscovery" class="mention hashtag" rel="nofollow noopener" target="_blank">#ProjectDiscovery</a>

Jonas LejonJag har testat verktyget Katana från Project Discovery som kan spindla/crawla webbsidor. Bra för den som vill analysera attackytan mot en sajt eller webbtjänst <a href="https://penetrationstest.se/katana-fran-project-discovery/" rel="nofollow noopener" translate="no" target="_blank">https://penetrationstest.se/katana-fran-project-discovery/</a><a href="https://infosec.exchange/tags/projectdiscovery" class="mention hashtag" rel="nofollow noopener" target="_blank">#projectdiscovery</a> <a href="https://infosec.exchange/tags/katana" class="mention hashtag" rel="nofollow noopener" target="_blank">#katana</a> <a href="https://infosec.exchange/tags/bugbounty" class="mention hashtag" rel="nofollow noopener" target="_blank">#bugbounty</a> <a href="https://infosec.exchange/tags/bugbountytips" class="mention hashtag" rel="nofollow noopener" target="_blank">#bugbountytips</a> <a href="https://bird.makeup/users/pdiscoveryio" class="u-url mention" rel="nofollow noopener" target="_blank">@pdiscoveryio</a>

Tedi HeriyantoAll ProjectDiscovery Tools explained in 30 minutes: <a href="https://www.youtube.com/watch?v=cBkfk0VbvLw" rel="nofollow noopener" translate="no" target="_blank">https://www.youtube.com/watch?v=cBkfk0VbvLw</a><a href="https://infosec.exchange/tags/pentesting" class="mention hashtag" rel="nofollow noopener" target="_blank">#pentesting</a> <a href="https://infosec.exchange/tags/projectdiscovery" class="mention hashtag" rel="nofollow noopener" target="_blank">#projectdiscovery</a>

Eden 💀 Chaos WranglerA few words of advice to those building and contributing to <a href="https://defcon.social/tags/projectdiscovery" class="mention hashtag" rel="nofollow noopener" target="_blank">#projectdiscovery</a> / <a href="https://defcon.social/tags/nuclei" class="mention hashtag" rel="nofollow noopener" target="_blank">#nuclei</a>1. Save yourself from making the same mistake I did. Little did I know that Nuclei cares a lot about the difference between .yml and .yamlGo with .yaml2. If you're basing your template off of a CVE, make sure you don't need to be authenticated to exploit it :') Kind of makes your template useless. Learned my lesson with <a href="https://defcon.social/tags/CVE" class="mention hashtag" rel="nofollow noopener" target="_blank">#CVE</a>-2023-30777Regardless, next template I build I'll know better for next time ^_^

rffustePdtm by Project Discovery Project Discovery is an open-source software company that builds tools for cybersecurity.They are under nuclei, subfinder, httpx, katana or naabu.Recently they have published pdtm.Pdtm is a simple and easy-to-use golang based tool for managing open-source projects from ProjectDiscovery.Install go1.19 is required to install successfully pdtm.$ <a href="https://www.rffuste.com/2023/03/13/pdtm-by-project-discovery/" rel="nofollow noopener" target="_blank">https://www.rffuste.com/2023/03/13/pdtm-by-project-discovery/</a> <a href="https://infosec.exchange/tags/Tutoriales" class="mention hashtag" rel="nofollow noopener" target="_blank">#Tutoriales</a> <a href="https://infosec.exchange/tags/pdtm" class="mention hashtag" rel="nofollow noopener" target="_blank">#pdtm</a> <a href="https://infosec.exchange/tags/projectDiscovery" class="mention hashtag" rel="nofollow noopener" target="_blank">#projectDiscovery</a> <a href="https://infosec.exchange/tags/tools" class="mention hashtag" rel="nofollow noopener" target="_blank">#tools</a>

Recent searches

Search options

Administered by:

Server stats:

#projectdiscovery