OpenSSL 3.x Malicious AES‑GCM ASN.1 Parameter Injection

This C code is a security research proof of concept targeting OpenSSL's CMS Cryptographic Message Syntax handling. It programmatically creates a syntactically valid CMS AuthEnvelopedData object using AES-256-GCM, then injects a custom-crafted ASN.1 AESGCMPARAMETERS sequence with an abnormally lar...

@cubejs-backend/server (>=1.1.2 <=1.4.0), @cubejs-backend/server-core (>=1.1.2 <=1.4.0) +2 more potentially affected by CVE-2026-25957 via @cubejs-backend/api-gateway (>=1.1.17 <=1.4.0)

@cubejs-backend/api-gateway NPM version =1.1.17, =1.1.2, =1.1.2, =1.1.2, =1.4.0 - cubejs-backend-server-core-fork =1.1.3 Source cves: CVE-2026-25957 Source advisory: SNYK:JS-CUBEJSBACKENDAPIGATEWAY-15265448...

Exploit for CVE-2026-25916

CVE-2026-25916: Roundcube Webmail DOM XSS Exploit 📋 Exploi...

MAL-2026-814 Malicious code in http-notifier-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 876fd5ae23d7c051fa55647bc5b152a7905505782e78ca9536b161318d2e000f Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

MUZZLE: Adaptive Agentic Red-Teaming of Web Agents against Indirect Prompt Injection Attacks

Large language model LLM based web agents are increasingly deployed to automate complex online tasks by directly interacting with web sites and performing actions on users' behalf. While these agents offer powerful capabilities, their design exposes them to indirect prompt injection attacks...

📄 Novell GroupWise 2012 Traversal / Shell Upload

This code exploits the directory traversal vulnerability in Novell GroupWise 2012 before Support Pack 1 to steal files, and attempts to upload a web shell payload if possible, making it an effective penetration testing tool...

SoK: The Pitfalls of Deep Reinforcement Learning for Cybersecurity

Deep Reinforcement Learning DRL has achieved remarkable success in domains requiring sequential decision-making, motivating its application to cybersecurity problems. However, transitioning DRL from laboratory simulations to bespoke cyber environments can introduce numerous issues. This is furthe...

libssh 0.7.6 Advanced SSH Security Testing Tool

This is an advanced SSH security testing tool for libssh that provides robust session management, signal handling, safe memory management, and multiple operational modes while also checking banners to see if libssh is vulnerable to CVE-2018-10933...

picoCTF_2025_pie_time

PIE Exploit Challenge Exploiting a PIE Position Independent...

Exploit for CVE-2025-49132

CVE-2025-49132-POC I made this poc for my personal cha...

Vajra

⚡ Vajra ██╗ ██╗ █████╗ ██╗██████╗ █████╗ ██║...

Exploit for Expression Language Injection in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

ButtF - Backend Misconfiguration & Logic Flaw Exploitation Too...

Bugbounty-Scanner-Suite

Bugbounty Scanner Suite Herramienta todo-en-uno para automati...

Malicious code in moveworks-pipeline-test (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 bf307b5f3cf29ebae108dfd8b8767c38bc26da4a5bb4ca3f82ed63e137921531 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

[SECURITY] Fedora 42 Update: phpunit11-11.5.50-1.fc42

PHPUnit is a programmer-oriented testing framework for PHP. It is an instance of the xUnit architecture for unit testing frameworks. This package provides the version 11 of PHPUnit, available using the phpunit11 command. Documentation: https://phpunit.de/documentation.html...

[SECURITY] Fedora 42 Update: phpunit12-12.5.8-1.fc42

PHPUnit is a programmer-oriented testing framework for PHP. It is an instance of the xUnit architecture for unit testing frameworks. This package provides the version 12 of PHPUnit, available using the phpunit12 command. Documentation: https://phpunit.de/documentation.html...

[SECURITY] Fedora 42 Update: phpunit9-9.6.34-1.fc42

PHPUnit is a programmer-oriented testing framework for PHP. It is an instance of the xUnit architecture for unit testing frameworks. This package provides the version 9 of PHPUnit, available using the phpunit9 command. Documentation: https://phpunit.de/documentation.html...

[SECURITY] Fedora 42 Update: phpunit10-10.5.63-1.fc42

PHPUnit is a programmer-oriented testing framework for PHP. It is an instance of the xUnit architecture for unit testing frameworks. This package provides the version 10 of PHPUnit, available using the phpunit10 command. Documentation: https://phpunit.de/documentation.html...

[SECURITY] Fedora 42 Update: phpunit8-8.5.52-1.fc42

PHPUnit is a programmer-oriented testing framework for PHP. It is an instance of the xUnit architecture for unit testing frameworks. This package provides the version 8 of PHPUnit, available using the phpunit8 command. Documentation: https://phpunit.de/documentation.html...

Trojans in Artificial Intelligence (TrojAI) Final Report

The Intelligence Advanced Research Projects Activity IARPA launched the TrojAI program to confront an emerging vulnerability in modern artificial intelligence: the threat of AI Trojans. These AI trojans are malicious, hidden backdoors intentionally embedded within an AI model that can cause a...