ProjectDiscovery Blog

🎃Happy Halloween, PD community! The team are back again this month to share our latest developments, updates and releases we’ve been working on, as well as news from across the cybersecurity space. Of course, this October also saw the return of Hacktoberfest, and we couldn’t be happier with

We’re thrilled to unveil our latest milestones: over 9,000 stars and 900 unique contributors on the templates project, along with a staggering 20,000 stars on the Nuclei repository. This phenomenal growth is a testament to our community’s unwavering dedication to security and their shared passion for

Introduction In this blog post, we will analyze CVE-2024-45409, a critical vulnerability impacting Ruby-SAML, OmniAuth-SAML libraries, which effectively affects GitLab. This vulnerability allows an attacker to bypass SAML authentication mechanisms and gain unauthorized access by exploiting a flaw in how SAML responses are handled. The issue arises due to weaknesses

With Autumn well underway and the days getting shorter, the team here at ProjectDiscovery are still hard at work with new developments on our tools, as well as some exciting next steps for the community. In this September edition of the PD Community Newsletter, we’ll dip into the latest

Today, we're excited to share some big news: the launch of the Pioneers Ambassador Program. This program is all about recognizing, connecting, and appreciating our active contributors and advocates. If you’re passionate about security, contributing to open-source projects, and collaborating with like-minded professionals, then you’ll want

Zimbra, a widely used email and collaboration platform, recently released a critical security update addressing a severe vulnerability in its postjournal service. This vulnerability, identified as CVE-2024-45519, allows unauthenticated attackers to execute arbitrary commands on affected Zimbra installations. In this blog post, we delve into the nature of this vulnerability,

XSS (Cross-Site Scripting) detection has long been a challenge, balancing accuracy with avoiding excessive false positives. Traditionally, this meant creating specific reflection based string matchers for each target, leading to complex and hard-to-maintain configurations. But with headless modes, we can simplify and improve XSS detection in a more intuitive and

We're excited to tell you about Nuclei Templates release v10.0.0! This new version includes newly added Azure Config Review templates. In this blog post, we'll discuss automating azure cloud misconfiguration review, creating custom Azure checks, and sharing results on the PDCP Cloud for review.

The most widely used ProjectDiscovery tool, httpx, has been an essential asset in the arsenal of security professionals and researchers. Known for its ability to probe live hosts and capture crucial information. httpx has long been a go-to solution for: * Response data (status, server, location, etc.) * Technology detection * Extra metadata