@semic/testing (=2.2.11), @vendure/dashboard (>=3.2.2 <=3.4.4) potentially affected by CVE-2026-25050 via @vendure/core (>=3.0.0 <=3.4.4)

@vendure/core NPM version =3.0.0, =3.2.2, =3.4.4 Source cves: CVE-2026-25050 Source advisory: SNYK:JS-VENDURECORE-15166603...

📄 Oracle E-Business Suite 12.2.3 Request Smuggling

This script is a refined proof of concept targeting Oracle E‑Business Suite EBS vulnerability CVE‑2025‑61882. It corrects logical flaws in request smuggling payload construction, particularly around request termination and CRLF preservation, ensuring reliable proxy/backend desynchronization. The...

The Semantic Trap: Do Fine-Tuned LLMs Learn Vulnerability Root Cause or Just Functional Pattern?

LLMs demonstrate promising performance in software vulnerability detection after fine-tuning. However, it remains unclear whether these gains reflect a genuine understanding of vulnerability root causes or merely an exploitation of functional patterns. In this paper, we identify a critical failur...

WiFiPenTester: Advancing Wireless Ethical Hacking with Governed GenAI

Wireless ethical hacking relies heavily on skilled practitioners manually interpreting reconnaissance results and executing complex, time-sensitive sequences of commands to identify vulnerable targets, capture authentication handshakes, and assess password resilience; a process that is inherently...

Exploit for CVE-2026-24134

CVE-2026-24134-PoC Overview This repository contains the...

@amazeelabs/bridge-waku (>=1.1.9 <=2.0.1), @amazeelabs/executors (>=3.1.12 <=3.1.14) +20 more potentially affected by CVE-2026-23864 via react-server-dom-webpack (>=19.0.0 <=19.0.1)

react-server-dom-webpack NPM version =19.0.0, =1.1.9, =3.1.12, =1.4.7, =1.1.3, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859, =1.0.0-canary.12859,...

Exploit for CVE-2020-1472

Active Directory Attack Path Suggestion Engine !Python Versi...

BurpSuitePro

Burp Suite Bambda Scripts - Vulnerability Testing Toolkit v2.0...

CVE-2026-24765

A flaw was found in PHPUnit, a testing framework for PHP. This vulnerability involves unsafe deserialization of code coverage data during PHPT test execution. An attacker with local file write access can exploit this by placing a malicious serialized object into the file system. This can lead to...

GHSA-VVJ3-C3RP-C85P PHPUnit Vulnerable to Unsafe Deserialization in PHPT Code Coverage Handling

Overview A vulnerability has been discovered involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the cleanupForCoverage method, which deserializes code coverage files without validation, potentially allowing remote code execution if malicious...

EUVD-2026-4725

PHPUnit is a testing framework for PHP. A vulnerability has been discovered in versions prior to 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52 involving unsafe deserialization of code coverage data in PHPT test execution. The vulnerability exists in the cleanupForCoverage method, which deserialize...

Exploit for Argument Injection in Gnu Inetutils

Telnetd Auth Bypass Scanner CVE-2026-24061 A Python-based s...

netty-security-poc

Netty Security PoC — Deprecated API Risk & Patched API Validat...

PT-2026-4912

Pix-Link LV-WR21Q does not enforce any form of authentication for endpoint /goform/getHomePageInfo. Remote unauthenticated attacker is able to use this endpoint to e.g: retrieve cleartext password to the access point. The vendor was notified early about this vulnerability, but didn't respond with...

PHPUnit code issues and vulnerabilities

PHPUnit is a PHP unit testing framework developed by Sebastian Bergmann. There were code-related vulnerabilities in versions prior to PHPUnit 12.5.8, 11.5.50, 10.5.62, 9.6.33, and 8.5.52. These vulnerabilities stemmed from insecure deserialization of code coverage data during PHPUnit testing, whi...

XAMPP and PHPMyAdmin Web Security Research Playbook

This is a comprehensive security testing guide for XAMPP services. It follows a structured approach: 1 Reconnaissance and Information Gathering, 2 Initial Access Attempts, 3 Post-Authentication Exploitation. Each scenario includes realistic commands and expected outcomes for professional security...

MAL-2026-510 Malicious code in radishwxm5 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 4cbabb01d98bcad5705b98f5aac22b9d8f53e8c97e2fe5ab8bca66661e6c0644 Installing the package or importing the module exfiltrates basic information about the host, and the package has no other purpose. --- Category: PROBABLYPENTES...

CVE-2025-52024

A vulnerability exists in the Aptsys POS Platform Web Services module thru 2025-05-28, which exposes internal API testing tools to unauthenticated users. By accessing specific URLs, an attacker is presented with a directory-style index listing all available backend services and POS web services,...

Malicious code in test-poc-package-for-session-2 (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 0b7003b7bd9585bbb25ce1f957ffef83603883d550f07f77443780a7d47a7f20 Packages that might be part of testing for pentesting / malicious activity / joy, with suspicious activity that does not present any real harm. --- Category:...

[SECURITY] Fedora 43 Update: python3.9-3.9.25-3.fc43

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...