345 matches found
Malicious code in ect-987654-ctf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6f07a32f7f265a234c3b4e84eda91976ba6cdb73f979ef22104a70af28bf4a0 The package ect-987654-ctf was found to contain malicious code. Source: ossf-package-analysis...
MAL-2025-48953 Malicious code in ect-987654-ctf (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector d6f07a32f7f265a234c3b4e84eda91976ba6cdb73f979ef22104a70af28bf4a0 The package ect-987654-ctf was found to contain malicious code. Source: ossf-package-analysis...
writeups
Hi there! This is a repo containing some of my security writeup...
Cybersecurity AI: Evaluating Agentic Cybersecurity in Attack/Defense CTFs
We empirically evaluate whether AI systems are more effective at attacking or defending in cybersecurity. Using CAI Cybersecurity AI's parallel execution framework, we deployed autonomous agents in 23 Attack/Defense CTF battlegrounds. Statistical analysis reveals defensive agents achieve 54.3%...
MAL-2025-48511 Malicious code in test-postinstall-package-for-ctf-nfrejnfvjenjner (npm)
The package communicates with a domain associated with malicious activity...
Exploit for CVE-2025-39946
README This is an exploit for CVE-2025-39946. It...
EUVD-2022-52728
Malicious code in bioql PyPI...
EUVD-2022-51701
Malicious code in bioql PyPI...
Exploit for Out-of-bounds Write in Polkit_Project Polkit
🛡️ pwnkit-helper - Elevate Your Hacking Skills Safely !Down...
CVE-2025-59932
Flag Forge is a Capture The Flag CTF platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the...
CVE-2025-59932 FlagForgeCTF Unauthenticated Resource Modification/Deletion
Flag Forge is a Capture The Flag CTF platform. From versions 2.0.0 to before 2.3.1, the /api/resources endpoint previously allowed POST and DELETE requests without proper authentication or authorization. This could have enabled unauthorized users to create, modify, or delete resources on the...
CVE-2025-59932
Summary: CVE-2025-59932 affects Flag Forge (FlagForgeCTF). From versions 2.0.0 up to before 2.3.1, the /api/resources endpoint allowed POST and DELETE requests without proper authentication or authorization, enabling unauthorized users to create, modify, or delete resources. The issue has been fi...
CVE-2025-59843 FlagForgeCTF Exposes User Emails via Public /api/user/[username] API
Flag Forge is a Capture The Flag CTF platform. From versions 2.0.0 to before 2.3.2, the public endpoint /api/user/username returns user email addresses in its JSON response. The fix, intended for release in 2.3.1 but only available starting in version 2.3.2, removes email addresses from public AP...
CVE-2025-59833
Flag Forge is a Capture The Flag CTF platform. In versions from 2.1.0 to before 2.3.0, the API endpoint GET /api/problems/:id returns challenge hints in plaintext within the question object, regardless of whether the user has unlocked them via point deduction. Users can view all hints for free,...
CVE-2025-59826 FlagForgeCTF Vulnerable to Unauthorized Problem Creation
Flag Forge is a Capture The Flag CTF platform. In version 2.1.0, non-admin users can create arbitrary challenges, potentially introducing malicious, incorrect, or misleading content. This issue has been patched in version 2.2.0...
Exploit for CVE-2024-58239
CVE-2024-58239 mitigation exploit This is my first 1-day expl...
pwntools
This is a CTF framework and exploit development library. It is a Python library for exploit development and reverse engineering. The library provides a set of tools for creating and executing exploits, as well as for analyzing and debugging binary files. The library is designed to be extensible a...
Zeratool
This repository, Zeratool, is an automatic exploit generation tool for exploitable CTF Capture The Flag problems. It uses the angr concolic analysis engine to analyze binaries and identify vulnerabilities, and then weaponizes these vulnerabilities for remote code execution through pwntools. The...
Malicious code in ctf-q21-empire-tmp-test125 (PyPI)
--- -= Per source details. Do not edit below this line.=-...
MAL-2025-41656 Malicious code in ctf-q21-empire-tmp-test125 (PyPI)
--- -= Per source details. Do not edit below this line.=-...