Exploit for Use After Free in Google Chrome

⚠️ CVE-2026-2441-PoC - Test Chrome Vulnerability Safely !Do...

Malicious Package

Overview testing-package-xdsfdsfsc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization and this...

OSV-2026-338 Use-of-uninitialized-value in pjsip_auth_clt_init_req

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=488721002 Crash type: Use-of-uninitialized-value Crash state: pjsipauthcltinitreq fuzz-sip.c fuzz-sip.c...

Google Chrome 145.0.7632.117 WebGPU Tint Security Test

This is a proof of concept designed to test how the WebGPU Tint compiler handles an out-of-bounds memory access attempt in WGSL. The shader intentionally uses an invalid array index to simulate an out-of-bounds write operation. The purpose is to observe whether WebGPU validation, sandboxing, and...

📄 WeGIA 3.5.0 SQL Injection

Proof of concept remote SQL injection exploit for WeGIA versions 3.5.0 and below. Exploit Title: WeGIA 3.5.0 - SQL Injection Date: 2025-10-14 Exploit Author: Onur Demir OnurDemir-Dev Vendor Homepage: https://www.wegia.org Software Link: https://github.com/LabRedesCefetRJ/WeGIA/ Version: " echo...

WeGIA 3.5.0 - SQL Injection

Exploit Title: WeGIA 3.5.0 - SQL Injection Date: 2025-10-14 Exploit Author: Onur Demir OnurDemir-Dev Vendor Homepage: https://www.wegia.org Software Link: https://github.com/LabRedesCefetRJ/WeGIA/ Version: " echo "Example: $0 http://127.0.0.1/WeGIA/ "admin" "wegia" "version"" exit 1 fi...

EUVD-2026-9265

Observable timing discrepancy in AES-CCM decryption in AWS-LC allows an unauthenticated user to potentially determine authentication tag validity via timing analysis. The impacted implementations are through the EVP CIPHER API: EVPaes128ccm, EVPaes192ccm, and EVPaes256ccm. Customers of AWS servic...

Exploit for SQL Injection in Mjdm Majordomo

CVE-2026-27179 Proof of Concept Academic & Defensive Resea...

Can LLMs Hack Enterprise Networks? -- Replicated Computational Results (RCR) Report

This is the Replicated Computational Results RCR Report for the paper "Can LLMs Hack Enterprise Networks?" The paper empirically investigates the efficacy and effectiveness of different LLMs for penetration-testing enterprise networks, i.e., Microsoft Active Directory Assumed-Breach Simulations...

AWE: Adaptive Agents for Dynamic Web Penetration Testing

Modern web applications are increasingly produced through AI-assisted development and rapid no-code deployment pipelines, widening the gap between accelerating software velocity and the limited adaptability of existing security tooling. Pattern-driven scanners fail to reason about novel contexts,...

[SECURITY] Fedora 42 Update: python3.9-3.9.25-6.fc42

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

[SECURITY] Fedora 43 Update: python3.9-3.9.25-6.fc43

Python 3.9 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, see other distributions that support it, such as CentOS or RHEL or older Fedo...

Exploit for CVE-2026-23550

CVE-2026-23550 Dedsec WordPress Exploitation Author:...

📄 OpenBabel 3.1.1 Parsing Issues

This Metasploit auxiliary module generates specially crafted proof of concept files targeting potential parsing vulnerabilities in OpenBabel version 3.1.1 such as NULL pointer dereference and out-of-bounds read conditions...

MightyBots

🦠 MightyBots An Educational Post-Exploitation Framework fo...

Security_Testing_Task3

No d...

MulCovFuzz: A Multi-Component Coverage-Guided Greybox Fuzzer for 5G Protocol Testing

As mobile networks transition to 5G infrastructure, ensuring robust security becomes more important due to the complex architecture and expanded attack surface. Traditional security testing approaches for 5G networks rely on black-box fuzzing techniques, which are limited by their inability to...

📄 SPIP Gadget Chain Insecure Deserialization

SPIP Gadget Chain versions prior to 4.4.9 suffer from a potential PHP object deserialization vulnerability. ============================================================================================================================================= | Title : SPIP Gadget Chain before 4.4.9...

CVE-2026-27477 Mastodon has SSRF via unvalidated FASP Provider base_url

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, an unauthenticated attacker can register a FASP with an attacker-chosen baseurl that includes or...

CVE-2026-27468

Mastodon is a free, open-source social network server based on ActivityPub. FASP registration requires manual approval by an administrator. In versions 4.4.0 through 4.4.13 and 4.5.0 through 4.5.6, actions performed by a FASP to subscribe to account/content lifecycle events or to backfill content...