📄 MCPJam Inspector 1.4.2 Command Injection

This is an advanced Python proof of concept for CVE-2026-23744 demonstrating command injection through a vulnerable MCP API endpoint, leading to remote code execution and reverse shell access. The script supports multiple payload types, endpoint discovery, listener management, and several...

TikTok: Information Disclosure of Advertiser Account on TikTok Ads Portal

In the TikTok Ads portal, if both invited Ad Accounts are part of the same business group, an exposed endpoint could potentially be exploited to view email address, phone number, company, and name of the Ad Account owner. We thank @emanuelharijanto for reporting this to our team and confirming th...