CVE-2026-40566 FreeScout vulnerable to SSRF via IMAP/SMTP Connection Test Endpoints

FreeScout is a free self-hosted help desk and shared mailbox. Versions prior to 1.8.213 have a Server-Side Request Forgery SSRF vulnerability in the IMAP/SMTP connection test functionality of FreeScout's MailboxesController. Three AJAX actions fetchtest line 731, sendtest line 682, and imapfolder...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-010689)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-010689 advisory. In the Linux kernel, the following vulnerability has been resolved: arch/arm64: Fix topology initialization for core scheduling Arm64 systems rely on storecputopolog...

Camaleon CMS 2.9.1 Automated Admin Login, Version Detection, and Profile Update Script

This is a version detection and profile updating script for Camaleon CMS. It does not exploit any issue but can be useful for security testing to see if a vulnerable version is in use...

DNG File Fuzzer for Robustness

This Python script is a mutation-based fuzzing tool designed to test the robustness of DNG Digital Negative / TIFF-based file parsers by generating large numbers of corrupted or semi-valid image files. It works by starting from a minimal valid DNG structure, then applying random mutations to...

API Security Testing and Vulnerability Assessment

APIs now carry more sensitive data than traditional web interfaces. Payment details, health records, authentication tokens, and customer databases all flow through API endpoints that attackers can probe without ever touching a browser. A single misconfigured endpoint can expose millions of record...

Mythos: An AI tool too powerful for public release

Anthropic’s most capable model to date, Claude Mythos Preview aka Mythos, has been described as a “step change” in AI performance, especially on cybersecurity tasks. Anthropic tried to keep Mythos a secret until a few weeks ago, when a data leak revealed the existence of what the company said was...

ExploitIQ

⚡ ExploitIQ Autonomous AI-Powered Penetration Testing Assis...

Exploit for CVE-2026-3462

CVE-2026-3462 Acrobat Reader | Improperly Controlled Modifica...

📄 WordPress Kali Forms 2.4.9 Remote Code Execution

WordPress Kali Forms plugin version 2.4.9 suffers from a remote code execution vulnerability. ================================================================================================================================== | Title : WordPress Kali Forms 2.4.9 Remote Code Execution Assessment | ...

MetInfo CMS 8.1 XML Endpoint Behavior Analysis Tool

This script is a PHP-based analysis tool designed to interact with MetInfo CMS 8.1 endpoints through an XML-based interface. It uses cURL to send structured requests to a specific MetInfo module endpoint and evaluates the HTTP responses for basic fingerprinting indicators such as known keywords a...

AppleSEPKeyStore Stress Tester / Fuzzer

This code is not a fully functional exploit, but rather a concurrency stress test and race-condition trigger targeting the Apple Secure Enclave key management driver AppleSEPKeyStore...

Luban-2040

Luban 2040 v1 Advanced CVE & Exploit Finder Author: m...

Exploit for Special Element Injection in Apache Apisix

CVE-2026-31908 - Apache APISIX Header Injection Exploit !Se...

tachyon

Tachyon Tachyon is a Go-based command-line web vulnerability...

Exploit for CVE-2007-2447

Samba CVE-2007-2447 Exploit Username Map Script Este reposi...

cruxss-bb-agent

CRUXSS Bug Bounty Agent A semi-autonomous bug bounty hunting...

Dahua Security Assessment Tool - Authentication, Scan, and Exposure Testing Script

This Python script is a security assessment tool designed to evaluate the exposure and potential vulnerabilities of Dahua-based devices commonly IP cameras and NVR systems. It combines multiple testing modules into one CLI utility...

Exploit for Cross-site Scripting in Roundcube Webmail

CVE-2024-42009 – Roundcube Stored XSS Docker PoC 📌 Overv...

EUVD-2026-22895

Missing Authorization vulnerability in Nelio Software Nelio AB Testing nelio-ab-testing allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Nelio AB Testing: from n/a through = 8.2.8...

CVE-2025-12141

In Grafana's alerting system, users with edit permissions for a contact point, specifically the permissions “alert.notifications:write” or “alert.notifications.receivers:test” that are granted as part of the fixed role "Contact Point Writer", which is part of the basic role Editor - can edit...