Exploit for Incorrect Authorization in Vercel Next.Js

CVE-2025-29927 Research and Safe Testing Framework This repos...

IoTFuzzSentry: a Protocol Guided Mutation Based Fuzzer for Automatic Vulnerability Testing in Commercial IoT Devices

Protocol fuzzing is a scalable and cost-effective technique for identifying security vulnerabilities in deployed Internet of Things devices. During their operational phase, IoT devices often run lightweight servers to handle user interactions, such as video streaming or image capture in smart...

GHSA-R4H8-HFP2-GGMF Hoverfly is vulnerable to Remote Code Execution through an insecure middleware implementation

Summary It has been discovered that the middleware functionality in Hoverfly is vulnerable to command injection through its /api/v2/hoverfly/middleware endpoint due to insufficient validation and sanitization in user input. Details The vulnerability exists in the middleware management API endpoin...

PT-2025-46612

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw within the f2fs file system related to handling page cache during inode destruction. Specifically, the issue arises in the f2fs truncate function where...

Exploit for CVE-2024-28397

CVE-2024-28397 js2py Sandbox Escape Exploit - CodePartTwo - H...

CVE-2025-10065

A weakness has been identified in itsourcecode POS Point of Sale System 1.0. Impacted is an unknown function of the file /inventory/main/vendors/datatables/unittesting/templates/domdatath.php. This manipulation of the argument scripts causes cross site scripting. The attack is possible to be...

CVE-2025-10064

A security flaw has been discovered in itsourcecode POS Point of Sale System 1.0. This issue affects some unknown processing of the file /inventory/main/vendors/datatables/unittesting/templates/domdatatwoheaders.php. The manipulation of the argument scripts results in cross site scripting. The...

Guided Reasoning in LLM-Driven Penetration Testing Using Structured Attack Trees

Recent advances in Large Language Models LLMs have driven interest in automating cybersecurity penetration testing workflows, offering the promise of faster and more consistent vulnerability assessment for enterprise systems. Existing LLM agents for penetration testing primarily rely on self-guid...

POS Point of Sale System 6776.php File Cross-Site Scripting Vulnerability

POS Point of Sale System is a pos point of sale system. POS Point of Sale System suffers from a cross-site scripting vulnerability that originates from the lack of effective filtering and escaping of user-supplied data in the scripts parameter of the...

Empirical Security Analysis of Software-Based Fault Isolation through Controlled Fault Injection

We use browsers daily to access all sorts of information. Because browsers routinely process scripts, media, and executable code from unknown sources, they form a critical security boundary between users and adversaries. A common attack vector is JavaScript, which exposes a large attack surface d...

com.adobe.cq.commerce:cq-commerce-hybris-impl (>=5.6.100 <=6.4.4), com.adobe.cq.media:cq-media-publishing-dps-integration (=5.6.16) +119 more potentially affected by CVE-2025-58782 via org.apache.jackrabbit:jackrabbit-core (>=1.2.1 <=2.22.1)

org.apache.jackrabbit:jackrabbit-core MAVEN version =1.2.1, =5.6.100, =2.0.6, =1.0.10, =1.0.8, =2.0.5, =2.0.0, =0.0.1, =2.1.1, =2.5.0, =2.1.1, =2.5.0, =2.1.1, =4.3.5 and more Source cves: CVE-2025-58782 Source advisory: OSV:GHSA-CXVC-G8F2-4GMM...

applications_hap

It is an offensive tool for mobile applications. The repository contains a collection of HAP HarmonyOS Application Package files, which are likely used for testing or demonstrating various mobile applications on the HarmonyOS platform. The files include demos for features such as flashlight, medi...

CVE-2025-10067

CVE-2025-10067 affects itsourcecode POS Point of Sale System 1.0. The vulnerability exists in the file /inventory/main/vendors/datatables/unit_testing/templates/empty_table.php where manipulating the scripts argument leads to cross-site scripting. The issue can be exploited remotely and, per mult...

CVE-2025-10066

A security vulnerability has been detected in itsourcecode POS Point of Sale System 1.0. The affected element is an unknown function of the file /inventory/main/vendors/datatables/unittesting/templates/dymanictable.php. Such manipulation of the argument scripts leads to cross site scripting. The...

CVE-2025-10066

CVE-2025-10066 affects itsourcecode POS Point of Sale System 1.0. The vulnerability is an XSS in an unknown function within /inventory/main/vendors/datatables/unit_testing/templates/dymanic_table.php caused by improper handling of the scripts argument. This could allow remote attackers to execute...

payloadsallthethings

This is an offensive tool for AWS exploitation. The repository contains a collection of tools and scripts for testing the security of Amazon Web Services AWS environments. The tools include: Pacu: an AWS exploitation framework designed for testing the security of AWS environments Bucket Finder: a...

CVE-2025-10063

A vulnerability was identified in itsourcecode POS Point of Sale System 1.0. This vulnerability affects unknown code of the file /inventory/main/vendors/datatables/unittesting/templates/deferredtable.php. The manipulation of the argument scripts leads to cross site scripting. Remote exploitation ...

Exploit for Unprotected Alternate Channel in Crushftp

CVE-2025-54309Enhancedexploit This is a enhanced version o...

metasploit-framework

This is an offensive tool for penetration testing. It is the Metasploit Framework, a comprehensive platform for developing and executing exploits. The framework is written in Ruby and provides a wide range of features for penetration testing, including exploit development, vulnerability scanning,...

PayloadsAllTheThings

It is an offensive tool for Web Application Security and Pentest/CTF. This repository contains a list of useful payloads and bypass techniques for web application security and penetration testing/CTF. The payloads are likely used for testing and exploiting vulnerabilities in web applications. The...