PT-2026-35820

Name of the Vulnerable Software and Affected Versions Snap One WattBox 800 and 820 series versions prior to 2.10.0.0 Description Undisclosed diagnostic HTTP endpoints require only the device MAC address and service tag for authentication. Both values are printed in plaintext on the physical devic...

CVE-2025-22168

Jira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of sensitive information. For example, a low-level user was able to read the steps of another user's private checklist...

Exploit for Out-of-bounds Read in Citrix Netscaler_Application_Delivery_Controller

CVE-2025-5777 Exploit Tool 🔥 A powerful educational tool...

Hidden Backdoors in npm Packages Let Attackers Wipe Entire Systems

Malicious npm packages found with hidden endpoints that wipe systems on command. Devs warned to check dependencies for express-api-sync, system-health-sync-api...

CVE-2022-23008

On NGINX Controller API Management versions 3.18.0-3.19.0, an authenticated attacker with access to the "user" or "admin" role can use undisclosed API endpoints on NGINX Controller API Management to inject JavaScript code that is executed on managed NGINX data plane instances. Note: Software...

SourceWolf - Amazingly Fast Response Crawler To Find Juicy Stuff In The Source Code!

Tested environments: Windows, MAC, linux, and windows subsystem for linux WSL What can SourceWolf do? Crawl through responses to find hidden endpoints, either by sending requests, or from the local response files if any. Create a list of javascript variables found in the source Extract all the...