The Impact of AI-Assisted Development on Software Security: A Study of Gemini and Developer Experience

The ongoing shortage of skilled developers, particularly in security-critical software development, has led organizations to increasingly adopt AI-powered development tools to boost productivity and reduce reliance on limited human expertise. These tools, often based on large language models, aim...

📄 LINQPad File Overwrite

This Metasploit module exploits a bug in LINQPad up to version 5.48.00. The bug is only exploitable in the paid version of software. The core of the bug is a cache file containing deserialized data, which an attacker can overwrite with a malicious payload. The data gets deserialized every time th...

EUVD-2025-34973

The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it possible for unauthenticated attackers to uplo...

CVE-2025-11391 PPOM – Product Addons & Custom Fields for WooCommerce <= 33.0.15 - Unauthenticated Arbitrary File Upload

The PPOM – Product Addons & Custom Fields for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the image cropper functionality in all versions up to, and including, 33.0.15. This makes it possible for unauthenticated attackers to uplo...

LINQPad Deserialization Exploit

This module exploits a bug in LINQPad up to version 5.52.00. The bug is only exploitable in paid version of software. The core of a bug is cache file containing deserialized data, which attacker can overwrite with malicious payload. The data gets deserialized every time the app restarts. Module...

📄 LINQPad Insecure Deserialization

This Metasploit module exploits a bug in LINQPad up to version 5.48.00. The bug is only exploitable in paid version of software. The core of a bug is cache file containing deserialized data, which attacker can overwrite with malicious payload. The data gets deserialized every time the app restart...

QwixxRAT: New Remote Access Trojan Emerges via Telegram and Discord

A new remote access trojan RAT called QwixxRAT is being advertised for sale by its threat actor through Telegram and Discord platforms. "Once installed on the victim's Windows platform machines, the RAT stealthily collects sensitive data, which is then sent to the attacker's Telegram bot, providi...

WordPress Contact Form Maker 1.13.1 Cross Site Request Forgery Vulnerability

Exploit for php platform in category web applications Exploit Title: Contact Form by WD CSRF → LFI Exploit Author: Panagiotis Vagenas Vendor Homepage: http://web-dorado.com/ Software Link: https://wordpress.org/plugins/contact-form-maker Version: 1.13.1 Tested on: WordPress 5.1.1 Description...

WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery

Exploit Title: Contact Form by WD CSRF → LFI Date: 2019-03-17 Exploit Author: Panagiotis Vagenas Vendor Homepage: http://web-dorado.com/ Software Link: https://wordpress.org/plugins/contact-form-maker Version: 1.13.1 Tested on: WordPress 5.1.1 Description ----------- Plugin implements the followi...

WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery

WordPress Plugin Contact Form Maker 1.13.1 - Cross-Site Request Forgery Exploit Title: Contact Form by WD CSRF → LFI Date: 2019-03-17 Exploit Author: Panagiotis Vagenas Vendor Homepage: http://web-dorado.com/ Software Link: https://wordpress.org/plugins/contact-form-maker Version: 1.13.1 Tested o...

Downline Goldmine paidversion - SQL Injection

Downline Goldmine paidversion - SQL Injection paidversion tr.php id Remote SQL Injection Vulnerability Author: Hussin X Home : www.IQ-TY.com & www.TrYaG.cc script : http://www.downlinegoldmine.com/ DorK : inurl:tr.php?id= Exploit :...