Chatwoot Scanner

This is a security assessment tool designed to evaluate authentication status, response behavior, and possible exposure indicators in Chatwoot conversation filtering functionality...

CVE-2025-10238

During an internal security assessment, a potential out-of-bounds write vulnerability was discovered in the BIOS of some ThinkPad products could allow a privileged local user to execute code in System Management Mode SMM...

CVE-2025-10237

CVE-2025-10237 involves ThinkPad embedded controller firmware. A potential vulnerability could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions. The available connected records confirm a LOCAL attack vector with HIGH impact on confidentiality, integr...

PT-2026-48430

During an internal security assessment, a potential vulnerability was discovered in some ThinkPad embedded controller firmware that could allow a privileged local user to perform arbitrary reads or writes to privileged memory regions...

PT-2026-48455

During an internal security assessment, a potential vulnerability was discovered in Lenovo Accessories and Display Manager for Enterprise for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges...

Exploit for Improper Authentication in Wordpress

CVE-2008-1930 Exploitation Documentation Guide Document In...

FIFOFox: Windows Named-Pipe Security Auditor and Fuzzer

FIFOFox is a Windows named-pipe security assessment tool for identifying weak pipe permissions, pipe-squatting exposure, and named-pipe impersonation attack paths. It combines passive auditing with authorized active testing, including fuzzing and interception-style capture, to help defenders find...

FortiClient EMS 7.4.6 Detection Scanner

FortiClient EMS CVE-2026-35616 Detection Scanner is a non-destructive security assessment module designed to identify whether Fortinet hotfix protections for CVE-2026-35616 are properly applied on FortiClient EMS servers. The scanner performs safe behavioral validation by comparing server respons...

Apache ActiveMQ Jolokia Security Auditor

This is a security assessment tool for Apache ActiveMQ deployments that expose the Jolokia management interface. It verifies connectivity, evaluates authentication status, retrieves Jolokia agent information, and identifies accessible ActiveMQ broker instances through JMX endpoints...

"What Is the Problem Space?" Defining Host-Space Adversarial Perturbations against Network Intrusion Detection Systems

Network Intrusion Detection Systems NIDS are now increasingly leveraging Machine Learning ML techniques to detect malicious network activities. Numerous papers have scrutinized the security of ML-based NIDS ML-NIDS by testing them against various attacks involving adversarial perturbations. The...

GHSA-JF2Q-463C-6F52 androidqf: Zip entry Name Injection in APK bundle (Zip Slip for zip consumers)

Summary generateZipPath constructs zip entry names for collected APKs using device controlled content from extractFileName. Since extractFileName does not reject traversal sequences, the resulting zip entry name can contain ../. AndroidQF itself does not extract the zip it creates, but any forens...

PT-2026-42598

Summary The fileID field from Manifest.db a SQLite database inside iOS backups, generated by the device is used directly in filesystem path construction without validation. This affects two commands through a shared code path: - mvt-ios decrypt-backup decrypt.py: file id is used to construct both...

📄 S2M Forgot Password Endpoint Token Exposure

This Python script demonstrates a security assessment targeting a forgot-password API endpoint in a digital payment platform operated by S2M, a company specializing in secure electronic transactions and payment processing solutions. The script sends a crafted POST request using a known email...

EthicalHacking

No d...

When RAG Chatbots Expose Their Backend: An Anonymized Case Study of Privacy and Security Risks in Patient-Facing Medical AI

Background: Patient-facing medical chatbots based on retrieval-augmented generation RAG are increasingly promoted to deliver accessible, grounded health information. AI-assisted development lowers the barrier to building them, but they still demand rigorous security, privacy, and governance...

listmonk Admin Authentication / Password Flow Security Assessment Module

This Metasploit auxiliary module is a web application security testing tool designed to evaluate authentication and password management logic in a Listmonk admin panel deployment...

recon2exploit

recon2exploit recon2exploit is a single-file security ass...

📄 OpenEMR 8.0.0.2 SQL Injection

This Metasploit auxiliary module targets a potential SQL injection vulnerability in OpenEMR version 8.0.0.2. ================================================================================================================================== | Title : OpenEMR 8.0.0.2 Exploitation Tool | | Author :...

Exploit for Deserialization of Untrusted Data in Facebook React

🕵️ CVE-2025-55182 — React Vulnerability Analysis Security...

CVE-2026-4134

During an internal security assessment, a potential vulnerability was discovered in Lenovo Software Fix, that during installation could allow a local authenticated user to execute code with elevated privileges...