37 matches found
XSS-Payload-Generator
XSS-Payload-Generator user guide 0. This script is an XSS payl...
Bypassing On-Camera Age-Verification Checks
Some AI-based video age-verification checks can be fooled with a fake mustache...
CORScanner
CORS Exploiter Automated CORS misconfiguration scanner with...
Exploit for CVE-2025-60021
CVE-2025-60021 Roundup Vulnerability Summary CVE-2025-60...
SQL-Injection-IDPS
Payloads All The Things A list of useful payloads and bypass...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 Advanced Scanner !Pythonhttps://img.shields.i...
📄 ClipBucket 5.5.2 Build 90 Practical Exploitation Tool
An enhanced Python penetration testing tool designed specifically for ClipBucket video sharing platform vulnerability assessment and exploitation. It checks for remote command execution, file upload, SQL injection, local file inclusion, and more. It affects ClipBucket version 5.5.2 Build 90...
Exploit for Deserialization of Untrusted Data in Facebook React
Next.js/React RSC Scanner & Exploit - RCE...
PayloadsAllTheThings
It is an offensive tool for Web Application Security and Pentest/CTF. This repository contains a list of useful payloads and bypass techniques for web application security and penetration testing/CTF. The payloads are likely used for testing and exploiting vulnerabilities in web applications. The...
binary-exploitation
Binary Exploitation Guide Learning binary exploitation from b...
R1dacted: Investigating Local Censorship in DeepSeek'S R1 Language Model
DeepSeek recently released R1, a high-performing large language model LLM optimized for reasoning tasks. Despite its efficient training pipeline, R1 achieves competitive performance, even surpassing leading reasoning models like OpenAI's o1 on several benchmarks. However, emerging reports suggest...
LM-Scout: Analyzing the Security of Language Model Integration in Android Apps
Developers are increasingly integrating Language Models LMs into their mobile apps to provide features such as chat-based assistants. To prevent LM misuse, they impose various restrictions, including limits on the number of queries, input length, and allowed topics. However, if the LM integration...
GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks
A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors. "In this campaign,...
MTE As Implemented, Part 2: Mitigation Case Studies
By Mark Brand, Project Zero Background In 2018, in the v8.5a version of the ARM architecture, ARM proposed a hardware implementation of tagged memory, referred to as MTE Memory Tagging Extensions. In Part 1 we discussed testing the technical and implementation limitations of MTE on the hardware...
PayloadsAllTheThings
It is an offensive tool for Web Application Security and Pentest/CTF. This repository contains a list of useful payloads and bypass techniques for web application security and penetration testing/CTF. The payloads are likely used to exploit vulnerabilities and bypass security measures. Not...
PayloadsAllTheThings
It is an offensive tool for Web Application Security. The repository, PayloadsAllTheThings, contains a list of useful payloads and bypass techniques for web application security and penetration testing/CTF. The provided code snippet is a GitHub funding model configuration file .github/FUNDING.yml...
PayloadsAllTheThings
It is an offensive tool for Web Application Security and Pentest/CTF. The repository contains a list of useful payloads and bypass techniques. The primary CVE ID is not explicitly mentioned, but it appears to be a collection of various exploits and tools. The target product/service or framework i...
Active Exploitation of Pulse Connect Secure Zero-Day (CVE-2021-22893)
On Tuesday, April 20, 2021, security firm FireEye published detailed analysis of multiple threat campaigns targeting Ivanti’s Pulse Connect Secure VPN. According to FireEye’s analysis, threat actors have been leveraging multiple techniques to bypass single- and multi-factor authentication on Puls...
Gotestwaf - Go Test WAF Is A Tool To Test Your WAF Detection Capabilities Against Different Types Of Attacks And By-Pass Techniques
An open-source Go project to test different web application firewalls WAF for detection logic and bypasses. How it works It is a 3-steps requests generation process that multiply amount of payloads to encoders and placeholders. Let's say you defined 2 payloads, 3 encoders Base64, JSON, and...
PayloadsAllTheThings
This repository is an offensive tool for Web Application Security and Pentest/CTF. It contains a list of useful payloads and bypass for various web application security vulnerabilities. The repository includes tools and exploits for vulnerabilities such as CRLF injection, CSRF injection, and CORS...