exploit-validator

$repo Production-grade offensive security tool for Purpose...

CVE-2026-49191

The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages...

CVE-2026-49191

The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages...

EUVD-2026-34210

The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages...

CVE-2026-49191 Exposed Hard-coded M3WebServer Backend API Key

The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages...

PT-2026-46149

The production build of the M3WebServer hard-codes its backend API keys, which can be easily intercepted through verbose error handling pages...

CVE-2026-36616

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary...

Exploit for Prototype Pollution in Cure53 Dompurify

DOMPurify re-clone bypass. Instead of relying on easily str...

CVE-2026-36616

Mercusys AC12G EU V1 with firmware AC12GEUV1200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary...

CVE-2026-36616

CVE-2026-36616 affects the Mercusys AC12G (EU) V1 with firmware AC12G(EU)_V1_200909. The issue is the presence of hardcoded WiFi driver credentials embedded in the production firmware binary: a RADIUS shared secret, a WPS test key, and a default PSK. The vulnerability arises from these sensitive ...

PT-2026-46003

Mercusys AC12G EU V1 with firmware AC12GEU V1 200909 contains hardcoded WiFi driver credentials including a RADIUS shared secret, WPS test key, and default PSK embedded in the production firmware binary...

Operationalizing Cyber Attack Prediction: A Gap-Prioritized Framework with Dataset and Model Selection Guidelines

While AI and machine learning for cyber attack prediction have advanced, a critical gap persists between theoretical research and practical operational deployment. Building on Ankalaki et al. 2025, this paper provides a comprehensive analysis of 150+ benchmark datasets and 200+ studies to identif...

How to Get the Most From Your Explainer Video Production Services

Video can simplify a hard offer, shorten sales conversations, and improve recall. Those gains depend on disciplined planning…...

Malicious Package

Overview Sicoob-Cooperativa.Sicoob.Investimentos is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizatio...

Malicious Package

Overview Sicoob-Cooperativa.Sicoob.ContaCorrente is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organizatio...

CVE-2026-5071

The CVE-2026-5071 entry concerns the SocketCAN implementation (Zephyr context) where a user-provided buffer containing a socketcan_frame is validated only by a NET_ASSERT in zcan_sendto_ctx() and then dereferenced in socketcan_to_can_frame(). In production builds with assertions disabled, a users...

GCVE: A Decentralized Model for Vulnerability Identification, Publication, and Operational Enrichment

The Global CVE initiative GCVE proposes a decentralized, open, and extensible model for vulnerability identification, publication, and enrichment. It addresses a gap in today's vulnerability ecosystem: centralized systems provide rigorous control and widely recognized identifiers, while many...

Zephyr 安全漏洞

Zephyr is an open-source, scalable real-time operating system RTOS developed by Zephyr. There is a security vulnerability in Zephyr, which stems from the use of NETASSERT for verifying buffer length only in the zcansendtoctx function. Disabling this feature in production builds may lead to...

GHSA-W7PM-9G55-MXFM stigmem-node's unsigned plugin override could be enabled without a second explicit acknowledgment

Impact A single configuration flag could disable plugin signature enforcement. If an operator unintentionally carried that setting into an environment where plugin paths are writable by less-trusted users, unsigned plugin code could be loaded. Patches Patched in 0.9.0a2. Disabling plugin signatur...

stigmem-node's unsigned plugin override could be enabled without a second explicit acknowledgment

Impact A single configuration flag could disable plugin signature enforcement. If an operator unintentionally carried that setting into an environment where plugin paths are writable by less-trusted users, unsigned plugin code could be loaded. Patches Patched in 0.9.0a2. Disabling plugin signatur...