Power Pwn 4.0.1

Power Pwn is a powerful open‑source toolset designed for red‑teaming and security testing within the Microsoft 365 environment, particularly around Copilot, Copilot Studio, and the Power Platform...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

pocsuite3 Legal Disclaimer Usage of pocsuite3 for attacking targets without prior mutual consent is illegal. pocsuite3 is for security testing purposes only 法律免责声明 未经事先双方同意，使用 pocsuite3 攻击目标是非法的。 pocsuite3 仅用于安全测试目的 Overview pocsuite3 is an open-sourced remote vulnerability testing and...

An Earth-Shattering Kaboom: Bringing a Physical ICS Penetration Testing Environment to Life (Part 1)

Building the Bench This is the first in a three part series on building and using a testing bench for ICS systems. In this series we will build a physical test bench, review program logic to find flaws, perform manual exploitation of commonly used ICS protocols such as Modbus, then develop malwar...

VWAttacker: a Systematic Security Testing Framework for Voice over WiFi User Equipments

We present VWAttacker, the first systematic testing framework for analyzing the security of Voice over WiFi VoWiFi User Equipment UE implementations. VWAttacker includes a complete VoWiFi network testbed that communicates with Commercial-Off-The-Shelf COTS UEs based on a simple interface to test...

Exploit for Use of Hard-coded Cryptographic Key in Gladinet Centrestack

CVE-2025-30406 ViewState Exploit PoC Overview This is a Pr...

Go Assembly Mutation Testing

While maintaining and developing the Go cryptography standard library, we often spend significantly more time on testing than on implementation. That’s good and an important part of how we achieve our excellent security track record. Ideally, this would be especially true for the least safe parts...

Exploit for CVE-2025-2294

CVE-2025-2294 - WordPress Kubio AI Page Builder Request/Res...

Exploit for OS Command Injection in Docker

CDK - Zero Dependency Container Penetration Toolkit English | 简体中文 Legal Disclaimer Usage of CDK for attacking targets without prior mutual consent is illegal. CDK is for security testing purposes only. Overview CDK is an open-sourced container penetration toolkit, designed for offering stable...

Exploit for CVE-2025-49113

CVE-2025-49113 Roundcube Exploit A Python exploit for CVE-202...

Exploit for OS Command Injection in Progress Loadmaster

CVE-2024-1212 - Progress Kemp LoadMaster Unauthenticated Comma...

Automated Attack Testflow Extraction from Cyber Threat Report Using BERT for Contextual Analysis

In the ever-evolving landscape of cybersecurity, the rapid identification and mitigation of Advanced Persistent Threats APTs is crucial. Security practitioners rely on detailed threat reports to understand the tactics, techniques, and procedures TTPs employed by attackers. However, manually...

Exploit for CVE-2024-9014

CVE-2024-9014 - pgAdmin 4 OAuth2 Authentication Bypass Exploit...

sas-top-10

This is an educational guide for organizations adopting serverless architectures. The document, curated by top industry practitioners and security researchers, provides information on the top 10 security risks for serverless applications. The guide aims to assist organizations in building robust,...

Exploit for Path Traversal in Lakernote Easyadmin

CVE-2024-4040 — CrushFTP Authentication Bypass Exploit This r...

Exploit for Code Injection in Crushftp

CVE-2024-4040 — CrushFTP Authentication Bypass Exploit This r...

Exploit for Injection in Cisco Identity_Services_Engine

CVE-2025-20281 - Cisco ISE RCE Vulnerability Checker This scr...

Exploit for Cross-site Scripting in Wondercms

🚨 WonderCMS RCE Exploit Tool CVE-2023-41425 This Python-bas...

Exploit for CVE-2023-5561

PoC CVE-2023-5561 - WordPress User Email Disclosure Descri...

Exploit for OS Command Injection in Php

CVE-2024-4577 PHP CGI Remote Code Execution Exploit Author:...

Beyond the Scope: Security Testing of Permission Management in Team Workspace

Nowadays team workspaces are widely adopted for multi-user collaboration and digital resource management. To further broaden real-world applications, mainstream team workspaces platforms, such as Google Workspace and Microsoft OneDrive, allow third-party applications referred to as add-ons to be...