RT EFF: Compete in EFF's Tech Trivia at @DEFCON on August 12th and see which champion hive mind will take home the coveted 1st Place Prize!

RT RedTeamVillage: BREAKING NEWS! The @aivillage_dc and the Red Team Village will host a panel discussion on The Use of AI/ML in Offensive Security Op...

RT Rogues Village: This year's Rogues Village @DEFCON badges aren't just for decoration, they're tools of a hidden trade. Order yours today and get pr...

RT Anton G. 🇺🇦✊: The #DEFCON30 stickers are here. Find me in LV if you want one. @dcstickerswap @defcon

CVE-2022-35569 Blogifier v3.0 was discovered to contain an arbitrary file upload vulnerability at /api/storage/upload/PostImage. This vulnerability al...

CVE-2022-29923 Authenticated (admin or higher user role) Reflected Cross-Site Scripting (XSS) vulnerability in ThingsForRestaurants Quick Restaurant R...

CVE-2022-31160 jQuery UI is a curated set of user interface interactions, effects, widgets, and themes built on top of jQuery. Versions prior to 1.13....

CVE-2022-29454 Cross-Site Request Forgery (CSRF) vulnerability in WordPlus Better Messages plugin <= 1.9.9.148 at WordPress allows attackers to upload...

CVE-2022-26138 The Atlassian Questions For Confluence app for Confluence Server and Data Center creates a Confluence user account in the confluence-us...

CVE-2022-26136 A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to bypass Servlet Filters used by first and th...

CVE-2022-26137 A vulnerability in multiple Atlassian products allows a remote, unauthenticated attacker to cause additional Servlet Filters to be invo...

CVE-2022-22424 IBM QRadar SIEM 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information from the TLS key file due to incorrect file ...

CVE-2021-38936 IBM QRadar SIEM 7.3, 7.4, and 7.5 could disclose highly sensitive information to a privileged user. IBM X-Force ID: 210893.

CVE-2021-36849 Authenticated (admin+) Stored Cross-Site Scripting (XSS) vulnerability in René Hermenau's Social Media Share Buttons plugin <= 3.8.1 a...

CVE-2021-29755 IBM QRadar SIEM 7.3, 7.4, and 7.5 does not preform proper certificate validation for some inter-host communications. IBM X-Force ID: 20...

CVE-2020-21406 An issue was discovered in RK Smart TV Box MAX and V88 SmartTV box that allows attackers to cause a denial of service via the switchNex...

CVE-2020-21405 An issue was discovered in H96 Smart TV Box H96 Pro Plus allows attackers to corrupt files via calls to the saveDeepColorAttr service.u...

Re @L3onid1s The event handler is OnFocusIn not Autofocus. There's no equal sign after Autofocus either.

'Open-Source API Firewall: New Features & Functionalities' #BHUSA arsenal session is on Wednesday, August 10 at 4:00 PM. To learn more about the sessi...

Re @drb0n3z Thanks for flagging this. Can you please report this to our CERT Portal (

Re @Fozisimi143 Best of luck buddy.

Re @mogtabaidris1 للآسف جوجل حذفت القناة.

Re @newlife0004 @HackersMarathi @ADITYASHENDE17 @InsiderPhD @GodfatherOrwa Amazing. Congrats brother.

RT bounter: Hacking 6.5+ million websites 🔥🔥🔥🔥 CVE-2022-29455 Writeup 🔥🔥🔥 #bugbountytips #bugbountytip #bugbounty

RT Muhammad Daffa: Created a medium post about "Subfinder", a subdomain enumeration tool created by @pdiscoveryio team I hope you enjoyed it :D #bugbo...

RT Iceman: Looks like @0xFFFF2 and I be going to Vegas @defcon You will most likely find me around @rfhackers , RF Village, feel free to say hi, invit...

RT Nikita Kronenberg: The @defcon OG's will appreciate this, when we went virtual for DC28 the hotel put us in their system somewhere as cancelled, it...

Re @arekfurt Pretty sure the DOJ is also a major factor in that regard.

Re @cerbersec @_xpn_ Outrageous

Re @domchell @jorgeorchilles @chvancooten @Cneelis My condolences to your sanity

Re @runtim33 @redsentry_tech Yes

CVE-2022-34150 The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and param...

CVE-2022-33944 The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object references vulnerability on endpoint and POST...

CVE-2022-2199 The main MiCODUS MV720 GPS tracker web server has a reflected cross-site scripting vulnerability that could allow an attacker to gain co...

CVE-2022-2179 The X-Frame-Options header in Rockwell Automation MicroLogix 1100/1400 Versions 21.007 and prior is not configured in the HTTP response,...

CVE-2022-2141 SMS-based GPS commands can be executed by MiCODUS MV720 GPS tracker without authentication.

CVE-2022-34049 An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows unauthenticated attackers to download log files and configuratio...

CVE-2022-34048 Wavlink WN533A8 M33A8.V5030.190716 was discovered to contain a reflected cross-site scripting (XSS) vulnerability via the login_page pa...

CVE-2022-34047 An access control issue in Wavlink WN530HG4 M30HG4.V5030.191116 allows attackers to obtain usernames and passwords via view-source:http...

CVE-2022-34046 An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http:/...

CVE-2022-34045 Wavlink WN530HG4 M30HG4.V5030.191116 was discovered to contain a hardcoded encryption/decryption key for its configuration files at /et...

CVE-2022-34042 Barangay Management System v1.0 was discovered to contain a SQL injection vulnerability via the hidden_id parameter at /pages/household...

CVE-2022-2107 The MiCODUS MV720 GPS tracker API server has an authentication mechanism that allows devices to use a hard-coded master password. This m...

CVE-2022-33320 Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 vers...

CVE-2022-33319 Out-of-bounds Read vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 versions 4.04E (10....

CVE-2022-33318 Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 vers...

CVE-2022-33317 Inclusion of Functionality from Untrusted Control Sphere vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi E...

CVE-2022-33316 Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 vers...

CVE-2022-33315 Deserialization of Untrusted Data vulnerability in ICONICS GENESIS64 versions 10.97.1 and prior and Mitsubishi Electric MC Works64 vers...

CVE-2022-1766 Anchore Enterprise anchorectl version 0.1.4 improperly stored credentials when generating a Software Bill of Materials. anchorectl will ...