684 matches found
EUVD-2006-2094
Malware in sbrugna...
EUVD-2017-2250
Malware in sbrugna...
Remote-Local-Exploitation-Lab-
š Remote & Local Exploitation Lab š Objective Exploit a vu...
EUVD-2025-4563
Malicious code in bioql PyPI...
EUVD-2024-2358
Malicious code in bioql PyPI...
pentest-automation-suite
Penetration Testing Automation Tools š“ Automated Penetratio...
STAF: Leveraging LLMs for Automated Attack Tree-Based Security Test Generation
In modern automotive development, security testing is critical for safeguarding systems against increasingly advanced threats. Attack trees are widely used to systematically represent potential attack vectors, but generating comprehensive test cases from these trees remains a labor-intensive,...
xss.yaml
It is an offensive tool for web application security testing. Th...
Janusec-Application-Gateway
It is an offensive tool for web application security testing. The repository contains a tool for testing web application security, specifically for identifying vulnerabilities in web applications. The tool is designed to test for various types of vulnerabilities, including SQL injection, cross-si...
disable_eval
This is a Ruby gem called "disableeval" that provides a method to protect against eval-related security vulnerabilities. The gem is designed to prevent remote code execution RCE attacks by disabling the eval method and its variants. The gem provides two main components: 1. A Rack middleware that...
marshalsec
It is an offensive tool for Java deserialization vulnerabilities. The repository contains a Java tool called "marshalsec" that exploits Java object deserialization vulnerabilities, allowing for remote code execution. The tool includes payload generators for various Java serialization libraries,...
IoTFuzzSentry: a Protocol Guided Mutation Based Fuzzer for Automatic Vulnerability Testing in Commercial IoT Devices
Protocol fuzzing is a scalable and cost-effective technique for identifying security vulnerabilities in deployed Internet of Things devices. During their operational phase, IoT devices often run lightweight servers to handle user interactions, such as video streaming or image capture in smart...
Empirical Security Analysis of Software-Based Fault Isolation through Controlled Fault Injection
We use browsers daily to access all sorts of information. Because browsers routinely process scripts, media, and executable code from unknown sources, they form a critical security boundary between users and adversaries. A common attack vector is JavaScript, which exposes a large attack surface d...
payloadsallthethings
This is an offensive tool for AWS exploitation. The repository contains a collection of tools and scripts for testing the security of Amazon Web Services AWS environments. The tools include: Pacu: an AWS exploitation framework designed for testing the security of AWS environments Bucket Finder: a...
vulhub
This is a pre-built vulnerable environment based on Docker-Compose, provided by the Vulhub project. The repository contains a collection of vulnerable applications and services, along with their corresponding Dockerfiles and configuration files. The vulnerable environments are designed to help...
bb-tool-poc
Bug Bounty POC Tools Collect...
WAF-XSS-Evasion
WAF Evasion for XSS - Python Script š¹ About This project e...
Adversarial Bug Reports As a Security Risk in Language Model-Based Automated Program Repair
Large Language Model LLM - based Automated Program Repair APR systems are increasingly integrated into modern software development workflows, offering automated patches in response to natural language bug reports. However, this reliance on untrusted user input introduces a novel and underexplored...
PT-2025-35522
Name of the Vulnerable Software and Affected Versions: MobSF version 4.4.0 Description: MobSF is a mobile application security testing tool. An authenticated user who uploaded a specially prepared one.a file could write arbitrary files to any directory writable by the user of the MobSF process...
trashhost
xss tool and sqli detector...