Exploit for CVE-2012-0053

This repository is an offensive tool for web application exploitation, specifically for cross-site scripting XSS attacks. It contains a collection of payloads and scripts that can be used to exploit vulnerabilities in web applications. The payloads are designed to be injected into a vulnerable we...

cpvst

🛡️ CPVST - Cyber Prince Vulnerability Scanner Tool !Python...

OESA-2025-2260 golang security update

. Security Fixes: The go command may execute unexpected commands when operating in untrusted VCS repositories. This occurs when possibly dangerous VCS configuration is present in repositories. This can happen when a repository was fetched via one VCS e.g. Git, but contains metadata for another VC...

OESA-2025-2233 skopeo security update

A command line utility that performs various operations on container images and image repositories Security Fixes: A flaw was found in the github.com/containers/image library. This flaw allows attackers to trigger unexpected authenticated registry accesses on behalf of a victim user, causing...

InstantCMS Code Issues Vulnerabilities

InstantCMS is a free and open source content management system. A security vulnerability exists in InstantCMS 2.17.3 and earlier versions, which stems from the package parameter in the installer function not effectively filtering user input. The vulnerability can be exploited by an attacker to sc...

Erlang/OTP (Erlang OTP) Buffer Read Overflow Vulnerability (Sep 2025) - Windows

Erlang/OTP Erlang OTP is prone to a buffer read overflow vulnerability in the erts component. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only C...

InstantCMS 代码问题漏洞

InstantCMS is a free and open source content management system. A security vulnerability exists in InstantCMS 2.17.3 and earlier versions, which stems from the package parameter in the installer function not effectively filtering user input. The vulnerability can be exploited by an attacker to sc...

GHSA-JGW4-CR84-MQXG Picklescan Bypass is Possible via File Extension Mismatch

Summary Picklescan can be bypassed, allowing the detection of malicious pickle files to fail, when a standard pickle file is given a PyTorch-related file extension e.g., .bin. This occurs because the scanner prioritizes PyTorch file extension checks and errors out when parsing a standard pickle...

GHSA-MJQP-26HC-GRXG Picklescan: ZIP archive scan bypass is possible through non-exhaustive Cyclic Redundancy Check

Summary Picklescan's ability to scan ZIP archives for malicious pickle files is compromised when the archive contains a file with a bad Cyclic Redundancy Check CRC. Instead of attempting to scan the files within the archive, whatever the CRC is, Picklescan fails in error and returns no results...

GHSA-F7QQ-56WW-84CR Picklescan is Vulnerable to Unsafe Globals Check Bypass through Subclass Imports

Summary The vulnerability allows malicious actors to bypass PickleScan's unsafe globals check, leading to potential arbitrary code execution. The issue stems from PickleScan's strict check for full module names against its list of unsafe globals. By using subclasses of dangerous imports instead o...

Vulnerability-identification-and-Mitigation

It is an offensive tool for source code and SMS message analysis...

Exploit for Interpretation Conflict in Git-Scm Git

It is an offensive tool for scanning vulnerabilities. This PoC e...

Amazon Linux 2023 : golang, golang-bin, golang-misc (ALAS2023-2025-1161)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-1161 advisory. os/exec: LookPath may return unexpected paths. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath , ., and...

Important: golang

Issue Overview: os/exec: LookPath may return unexpected paths. If the PATH environment variable contains paths which are executables rather than just directories, passing certain strings to LookPath "", ".", and "..", can result in the binaries listed in the PATH being unexpectedly returned...

DependencyCheck

This is an open-source project for a software composition analysis utility that detects publicly disclosed vulnerabilities in application dependencies. The project is called OWASP dependency-check. The project is written in Java and is designed to be used in a variety of environments, including...

ossindex-maven-plugin

It is an offensive tool for dependency audit. The primary CVE ID is not present in the provided context. The target product/service or framework is Maven, and the vulnerability class/vector is dependency audit. Notable dependencies/tooling include the OSS Index REST API v2.0. The execution contex...

Exploit for CVE-2021-1675

It Was All A Dream A CVE-2021-34527 a.k.a PrintNightmare Python Scanner. Allows you to scan entire subnets for the PrintNightmare RCE not the LPE and generates a CSV report with the results. Tests exploitability over MS-PAR and MS-RPRN. This tool has "de-fanged" versions of the Python exploits, i...

UBUNTU-CVE-2025-39690

In the Linux kernel, the following vulnerability has been resolved: iio: accel: sca3300: fix uninitialized iio scan data Fix potential leak of uninitialized stack data to userspace by ensuring that the channels array is zeroed before use...

CVE-2025-39690 iio: accel: sca3300: fix uninitialized iio scan data

In the Linux kernel, the following vulnerability has been resolved: iio: accel: sca3300: fix uninitialized iio scan data Fix potential leak of uninitialized stack data to userspace by ensuring that the channels array is zeroed before use...

CVE-2025-39690

The CVE-2025-39690 issue affects the Linux kernel: iio: accel: sca3300, where uninitialized iio scan data could leak via the channels array. The root cause is that the channels array was not zeroed before use, potentially exposing stack data to userspace. A fix was applied in the Linux kernel (公开...