linux-malware-toolbox

Linux Malware Samples - Educational Repository ⚠️ IMPORTAN...

Exploit for Use After Free in Google Chrome

⚠️ CVE-2026-2441-PoC - Test Chrome Vulnerability Safely !Do...

CVE-2026-27468

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, actions performed by a FASP to subscribe to account/content lifecycle events or to backfill content...

vulnerability-assessment-lab

vulnerability-assessment-lab Controlled security test...

Exploit for CVE-2018-8581

CVE-2018-8581 Testing Environment This directory contains a r...

Exploit for Missing Authorization in Valvepress Wordpress_Automatic_Plugin

CVE-2021-4374 Testing Environment Complete testing package fo...

EUVD-2023-43732

Malicious code in bioql PyPI...

Exploit for Improper Input Validation in Tvt Td-2108Ts-Cl_Firmware

CVE-2025-34036 - TVT DVR Simulation This repository contains...

Faraday 5.15.2

Faraday is a tool that introduces a new concept called IPE, or Integrated Penetration-Test Environment. It is a multiuser penetration test IDE designed for distribution, indexation and analysis of the generated data during the process of a security audit. The main purpose of Faraday is to re-use...

Exploit for Missing Authorization in Gitlab

CVE-2023-5612 – GitLab SSRF via Webhook URL PoC & Analysis...

WordPress Security Research Series: Setting Up Your Research Lab

Welcome to Part 3 of the WordPress Security Research Beginner Series! If you haven’t yet, take a minute to check out the series introduction to get a sense of what this series is all about. You’ll also want to catch up on Part 1, where we dig into WordPress request architecture and hooks, and Par...

UniRide Vehicle Booking Management System 1.0 Insecure Direct Object Reference

UniRide Vehicle Booking Management System version 1.0 suffers from an insecure direct object reference vulnerability. ============================================================================================================================================= | Title : UniRide Vehicle Booking...

Judge0 1.13.0 Code Execution

Judge0 version 1.13.0 suffers from a code execution vulnerability. ============================================================================================================================================= | Title : Judge0 v 1.13.0 PHP Code Injection Vulnerability | | Author : indoushka | |...

Exploit for Improper Encoding or Escaping of Output in Apache Http_Server

CVE-2024-38473 Nuclei Template !imagehttps://github.com/us...

Exploit for Command Injection in Nikhil-Bhalerao Poultry_Farm_Management_System

PoC exploit for CVE-2024-40110, an arbitrary file upload vulnera...

Exploit for Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG) in Apache Streampipes

CVE-2024-29868: Use of Cryptographically Weak PRNG in Recovery...

Exploit for Improper Input Validation in Microsoft

CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnera...

Exploit for Expression Language Injection in Atlassian Confluence_Data_Center

CVE-2022-26134 Installation Download the Python scri...

Reflected XSS via "stuffid" parameter

Description The value for the stuffid parameter is reflected in the web context without proper filtering in place resulting in possibility to execute malicious javascript code. Testing Environment 1. Windows OS 2. Firefox Browser Proof of Concept 1. Visit...

`temporary` makes use of uninitialized memory

Uninitialized memory is used as a RNG seed in temporary. This has been resolved in the 0.6.4 release. The crate is not intended to be used outside of a testing environment. For a general purpose crate to create temporary directories, tempfile is an alternative for this crate...