1655 matches found
GHSA-CH7P-MPV4-4VG4 CoreShop Vulnerable to SQL Injection via Admin Reports
Affected Versions - CoreShop 4.1.2 Demo tested Demo | CoreShop - Earlier versions may also be affected if the same code path exists Summary A blind SQL injection vulnerability exists in the application that allows an authenticated administrator-level user to extract database contents using...
heap-mastery-course
Heap Mastery Course Learn heap vulnerability exploitation t...
Bug-Bounty-and-Learning-Space
Bug Bounty & Learning Space A markdown backup of my personal...
portswigger-labs-writeups
portswigger-labs-writeups Complete writeups for P...
Exploit for CVE-2025-52691
CVE-2025-52691 PoC: SmarterMail Arbitrary File Upload RCE APT...
SQL-Injection-IDPS
Payloads All The Things A list of useful payloads and bypass...
binary-exploitation-learning
No d...
EUVD-2025-204602
InnovaStudio WYSIWYG Editor 5.4 contains an unrestricted file upload vulnerability that allows attackers to bypass file extension restrictions through filename manipulation. Attackers can upload malicious ASP shells by using null byte techniques and alternate file extensions to circumvent upload...
CVE-2023-53877
Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickupid parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to steal information from the database...
PT-2025-51749
Name of the Vulnerable Software and Affected Versions WBCE CMS version 1.6.1 Description WBCE CMS version 1.6.1 contains a cross-site scripting issue that enables attackers to inject malicious HTML and CSS. This allows for the capture of user keystrokes. Attackers can upload a specially crafted...
Welcome to the new Project Zero Blog
Posted by Natalie Silvanovich While on Project Zero, we aim for our research to be leading-edge, our blog design was … not so much. We welcome readers to our shiny new blog! For the occasion, we asked members of Project Zero to dust off old blog posts that never quite saw the light of day. And...
CVE-2023-53877
Bus Reservation System 1.1 contains a SQL injection vulnerability in the pickupid parameter that allows attackers to manipulate database queries. Attackers can exploit boolean-based, error-based, and time-based blind SQL injection techniques to steal information from the database...
PT-2025-51295
Name of the Vulnerable Software and Affected Versions Bus Reservation System version 1.1 Description The Bus Reservation System version 1.1 contains a SQL injection issue in the pickup id parameter. This allows attackers to manipulate database queries using boolean-based, error-based, and...
New PyStoreRAT Malware Targets OSINT Researchers Through GitHub
A new malware called PyStoreRAT is being through fake OSINT tools on GitHub targeting IT and OSINT pros. Read Morphisec's report detailing how it uses AI and evades security...
A Systematic Mapping Study on Risks and Vulnerabilities in Software Containers
Software containers are widely adopted for developing and deploying software applications. Despite their popularity, major security concerns arise during container development and deployment. Software Engineering SE research literature reveals a lack of reviewed, aggregated, and organized knowled...
CVE-2024-58290
Xhibiter NFT Marketplace 1.10.2 (and below) is affected by a SQL injection in the /collections endpoint via the id parameter. Exploitation is described as boolean-based, time-based, and UNION-based injections that can potentially exfiltrate or manipulate database information. A PoC/exploit exists...
PT-2025-50744
Name of the Vulnerable Software and Affected Versions Xhibiter NFT Marketplace version 1.10.2 Description The Xhibiter NFT Marketplace software has a SQL injection issue in the collections endpoint. An attacker can manipulate database queries by using the id parameter. Boolean-based, time-based,...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 Advanced Scanner !Pythonhttps://img.shields.i...
MAL-2025-192385 Malicious code in graphsync (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: kam193 dbb10327d6553750848c2b849abba1ed717438928a6cfdc148b73de73db8e9db This is a malicious copy of the networkx package. It contains an obfuscated script that downloads and runs further scripts from one of multiple locations, and...
📄 ClipBucket 5.5.2 Build 90 Practical Exploitation Tool
An enhanced Python penetration testing tool designed specifically for ClipBucket video sharing platform vulnerability assessment and exploitation. It checks for remote command execution, file upload, SQL injection, local file inclusion, and more. It affects ClipBucket version 5.5.2 Build 90...