274230 matches found
vlnr
vlnr: Autonomous Vulnerability Discovery Pipeline !Python 3...
hangover-ctf-wolfpack-deals
🎰 The Hangover CTF — Machine 1: Wolfpack Deals "What happe...
Exploit for Path Traversal in Jenkins
jenkinsscan Find jenkins environment and checks for CVE-2024-...
hospital-waf-mcp
Hospital WAF Management System Release: v1.0.0 Languag...
📄 FortiWeb 8.0.1 Authentication Bypass / Code Execution
This Metasploit module targets a critical remote code execution vulnerability in FortiWeb's management interface by chaining multiple weaknesses. It goes from authentication bypass to path traversal to arbitrary file upload to remote code execution...
📄 Keras 3.13.0 Malicious ML Model Server HDF5 Shape Bomb
This script is a Flask-based web server that distributes .keras machine learning model files, but it is designed in a malicious way for security research/testing scenarios. The main idea is a denial of service via memory exhaustion, where generated Keras models contain artificially declared...
📄 Keras 3.13.0 HDF5 Shape Bomb Denial of Service
This script is a security research tool demonstrating a denial of service vulnerability in Keras model loading through malicious HDF5 shape bombs. It generates .keras model archives containing artificially declared extremely large tensor shapes designed to force excessive memory allocation during...
📄 Forcepoint One Endpoint macOS 25.08.5008 Forcepoint DLP Endpoint Process Suspension Bypass
This Metasploit auxiliary module targets Forcepoint Data Loss Prevention DLP Endpoint on macOS and attempts to manipulate or suspend related security processes. ================================================================================================================================== | Tit...
📄 Ghost CMS 6.19.0 SQL Injection
This is a Metasploit auxiliary module targeting a blind, unauthenticated SQL injection vulnerability in the Ghost CMS Content API that affects versions 3.24.0 through 6.19.0...
📄 SocialEngine 7.8.0 SQL Injection
SocialEngine versions 7.8.0 and below suffer from a remote SQL injection vulnerability. User input passed through the text request parameter to the /activity/index/get-memberall endpoint is not properly sanitized before being used to construct an SQL query...
📄 Langflow Remote Code Execution
The CSV Agent node in Langflow hardcodes allowdangerouscode=True, which automatically exposes the LangChains Python REPL tool pythonreplast. As a result, an attacker can execute arbitrary Python and OS commands on the server via prompt injection, leading to full remote code execution. This module...
📄 SocialEngine 7.8.0 Server-Side Request Forgery
SocialEngine versions 7.8.0 and below suffer from a blind server-side request forgery vulnerability. User input passed through the uri request parameter to the /core/link/preview endpoint is not properly sanitized before being used as URL to send an HTTP request from the web server...
📄 Hoverfly 1.11.3 Remote Command Execution
This Python script is an exploitation tool targeting a vulnerable Hoverfly API endpoint, specifically the /api/v2/hoverfly/middleware functionality, which allows execution of user-supplied input through a backend binary...
📄 Grav CMS 1.7.49.5 Shell Upload
This script targets a Grav CMS administrative panel by first authenticating, then checking version information to estimate vulnerability exposure. If conditions are met, it generates a malicious PHP plugin containing a base64-encoded payload and uploads it as a ZIP package through the “direct...
📄 Langflow 1.8.4 Traversal / Remote Code Execution
This Metasploit module targets a path traversal vulnerability in Langflow versions 1.8.4 and below that allows attackers to write arbitrary files on the system through the /api/v2/files endpoint...
Web-Application-Pentest-Report
Web-Application-Pentest-Report OWASP methodology penetration t...
Exploit for Improper Input Validation in Microsoft
Overview Python exploit for CVE-2026-32201 - improper input va...
Exploit for Deserialization of Untrusted Data in Siemens 6Bk1602-0Aa12-0Tp0_Firmware
No d...
Exploit for Out-of-bounds Write in Google Chrome
all credit goes to DARKNAVY's scripthttps://gi...
Web-Security-Notes
Web-Security-Notes Per...