Exploit for Race Condition in Canonical Ubuntu_Linux

500+ Pentest One-Liners & Commands for Every Hacking Scenario...

[SECURITY] Fedora 42 Update: python3.6-3.6.15-53.fc42

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

[SECURITY] Fedora 43 Update: python3.6-3.6.15-53.fc43

Python 3.6 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.6, see other distributions that support it, such as CentOS or RHEL with Software...

Evasive Intelligence: Lessons from Malware Analysis for Evaluating AI Agents

Artificial intelligence AI systems are increasingly adopted as tool-using agents that can plan, observe their environment, and take actions over extended time periods. This evolution challenges current evaluation practices where the AI models are tested in restricted, fully observable settings. I...

web-attack-payloads

Web Attack Payloads Collection !Cybersecurityhttps://img.s...

web-vulnerability-scanner

web-vulnerability-scanner A Python-based web vulnerability sca...

redteam-sqli-payloads

redteam-sqli-payloads A ca...

PT-2026-25586

Summary Prior to Memray 1.19.2, Memray rendered the command line of the tracked process directly into generated HTML reports without escaping. Because there was no escaping, attacker-controlled command line arguments were inserted as raw HTML into the generated report. This allowed JavaScript...

comp5003-sweeny-pentest

COMP5003: Sweeny Barbers Penetration Test Full ethical hackin...

Exploit for CVE-2026-29000

CVE-2026-29000: pac4j-jwt Authentication Bypass POC This repo...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE Exploitation Arsenal Professional penetration testing too...

Microsoft Windows Service Binary Misconfiguration Tester

This document and included Metasploit module analyze the security risks associated with improper Windows service configurations, specifically focusing on writable service binary paths that may lead to privilege escalation. Note that this condition does not occur on a default Windows installation...

Shadowaudit

Shado...

Exploit for Deserialization of Untrusted Data in Nextgen Mirth_Connect

Mirth Connect PoC Script Simple Python script for security re...

The Face of Penetration Testing is Changing: Announcing Metasploit Pro 5.0.0

The role and demand for red-teaming capabilities are growing, as more exploitable CVEs make their way into criminal hands. Being proactive is no longer a capability that can be reserved for annual tests, but a continuous assessment to determine exposure and even through the validation of an...

AEGIS: No Tool Call Left Unchecked -- a Pre-Execution Firewall and Audit Layer for AI Agents

AI agents increasingly act through external tools: they query databases, execute shell commands, read and write files, and send network requests. Yet in most current agent stacks, model-generated tool calls are handed to the execution layer with no framework-agnostic control point in between...

📄 Microsoft Windows LNK File Remote Code Execution

This PHP script is a proof of concept exploit that demonstrates how to create a Windows LNK shortcut file that executes a PowerShell command in this example, launches calc.exe...

Microsoft Windows Service Installation Persistence

This is a Microsoft Windows persistent service installer for creating backdoor services that automatically start payloads upon system boot. This tool is designed for authorized penetration testing and security research purposes. This variant from the author is written in PHP...

VisualLeakBench: Auditing the Fragility of Large Vision-Language Models against PII Leakage and Social Engineering

As Large Vision-Language Models LVLMs are increasingly deployed in agent-integrated workflows and other deployment-relevant settings, their robustness against semantic visual attacks remains under-evaluated -- alignment is typically tested on explicit harmful content rather than privacy-critical...

Microsoft Graph Cloud Intelligence Collector

The Microsoft Graph Cloud Intelligence Collector is a Metasploit Auxiliary module designed to interact with the Microsoft Graph API to gather information from Microsoft 365 and Microsoft Azure Active Directory environments. The module authenticates using the OAuth2 Client Credentials flow with a...