📄 MISP 2.5.27 Workflow Engine Cross Site Scripting

This Metasploit auxiliary module targets a potential stored cross site scripting vulnerability in the MISP Workflow Engine. It is designed to interact with the MISP API, create workflows, and inject malicious payloads into workflow data fields...

Luban-2040

Luban 2040 v1 Advanced CVE & Exploit Finder Author: m...

FortiClient EMS 7.4.6 Vulnerability Assessment Tool

CVE-2026-35616 is a pre-authentication API bypass in FortiClient EMS 7.4.5 and 7.4.6 that allows remote, unauthenticated attackers to bypass certificate-based authentication through HTTP header spoofing. The Django application trusts user-controllable HTTP headers X-SSL-CLIENT-VERIFY,...

APTRS 安全漏洞

APTRS Automated Penetration Testing Reporting System is an open-source automated reporting tool based on Python and Django. It is designed specifically for penetration testers and security organizations. Versions of APTRS prior to 2.0.1 contained a security vulnerability. This vulnerability stemm...

CVE-2026-33502

WWBN AVideo is an open source video platform. In versions up to and including 26.0, an unauthenticated server-side request forgery vulnerability in plugin/Live/test.php allows any remote user to make the AVideo server send HTTP requests to arbitrary URLs. This can be used to probe...

Exploit for Argument Injection in Gnu Inetutils

Telnet Vulnerability Scanner CVE-2026-24061 & CVE-2026-32746...

Exploit for CVE-2026-0709

Hikvision Wireless AP – CVE-2026-0709 Authenticated RCE Tool...

Exploit for OS Command Injection in Frigate

⚠️ CVE-2026-25643 - Detect and Analyze Remote Code Execution...

📄 Novell GroupWise 2012 Traversal / Shell Upload

This code exploits the directory traversal vulnerability in Novell GroupWise 2012 before Support Pack 1 to steal files, and attempts to upload a web shell payload if possible, making it an effective penetration testing tool...

Exploit for CVE-2025-40554

CVE-2025-40554 Exploitation Suite A comprehensive security te...

SploitGPT

🤖 SploitGPT - Your Penetration Testing Companion 🚀 Getting...

Exploit for Deserialization of Untrusted Data in Facebook React

🔍 Next.js Security Testing Tool Professiona...

Exploit for Deserialization of Untrusted Data in Facebook React

🛡️ CVE-2025-55184Testing - Simple Tool for Security Scanning...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell R2S - CVE-2025-55182 Testing Tool !R2S Banne...

Exploit for CVE-2025-55182

一个简单的 CVE-2025-55182 & CVE-2025-66478 GUI漏洞利用工具 Vulnerability S...

XSS-

It is an offensive tool for web application security testing. Th...

Xss-Wordlist

It is an offensive tool for web application security testing. Th...

CVE-2025-62413 MQTTX vulnerable to cross-site scripting via improper message payload rendering

MQTTX is an MQTT 5.0 desktop client and MQTT testing tool. A Cross-Site Scripting XSS vulnerability was introduced in MQTTX v1.12.0 due to improper handling of MQTT message payload rendering. Malicious payloads containing HTML or JavaScript could be rendered directly in the MQTTX message viewer. ...

xss.yaml

It is an offensive tool for web application security testing. Th...

Janusec-Application-Gateway

It is an offensive tool for web application security testing. The repository contains a tool for testing web application security, specifically for identifying vulnerabilities in web applications. The tool is designed to test for various types of vulnerabilities, including SQL injection, cross-si...