linux-privesc-linpeas

🐧 linux-privesc-linpeas End-to-end Linux privilege escalati...

cve-research

CVE Research Personal repository for CVE analysis, proof-of-c...

cybersec-mcp

🛡️ Cybersecurity Professor MCP Server Prof. Null — Tu pro...

Towards Demystifying and Repairing LLM-In-The-Loop Vulnerabilities

Large Language ModelsLLMs have been actively integrated into modern software systems as critical components. LLM-in-the-loop vulnerabilities, where vulnerabilities are introduced by LLMs and their dependent downstream components, such as frameworks, introduce new risks. Although some benchmark...

Exploit for Improper Handling of Exceptional Conditions in Apache Struts

LAB 1 — Apache Struts2 OGNL Injection CVE-2017-5638 / S2-045...

FuzzingBrain V2: A Multi-Agent LLM System for Automated Vulnerability Discovery and Reproduction

Software vulnerabilities pose critical security threats, with nearly 50,000 CVEs reported in 2025. While Large Language Models LLMs show promise for automated vulnerability detection, three key challenges remain. First, LLM-generated vulnerability reports suffer from high false positive rates and...

claude-skills-exploit

Security Research Skills Reusable skills for vulnerability an...

Exploit for SQL Injection in Progress Moveit_Cloud

CVE-2023-34362 MOVEit Transfer Vulnerability Analysis Proj...

cve-deep-dive

Report Bug · Request Feature Table of Contents a...

PatchChain-Multi-Agent-Agentic-Pipeline-for-Autonomous-Code-Vulnerability-Analysis

No d...

Exploit for Deserialization of Untrusted Data in Facebook React

🕵️ CVE-2025-55182 — React Vulnerability Analysis Security...

patchbot

patchbot patchbot is an AI-assisted security reviewer for p...

Time-Domain Voice Identity Morphing (TD-VIM): A Signal-Level Approach to Morphing Attacks on Speaker Verification Systems

In biometric systems, it is a common practice to associate each sample or template with a specific individual. Nevertheless, recent studies have demonstrated the feasibility of generating "morphed" biometric samples capable of matching multiple identities. These morph attacks have been recognized...

METATRON AI Penetration Testing

Metatron is a CLI-based AI penetration testing assistant that runs entirely on your local machine - no cloud, no API keys, no subscriptions. You give it a target IP or domain. It runs real recon tools nmap, whois, whatweb, curl, dig, nikto, feeds all results to a locally running AI model, and the...

SkillAttack: Automated Red Teaming of Agent Skills through Attack Path Refinement

LLM-based agent systems increasingly rely on agent skills sourced from open registries to extend their capabilities, yet the openness of such ecosystems makes skills difficult to thoroughly vet. Existing attacks rely on injecting malicious instructions into skills, making them easily detectable b...

Cross-Ecosystem Vulnerability Analysis for Python Applications

Python applications depend on native libraries that may be vendored within package distributions or installed on the host system. When vulnerabilities are discovered in these libraries, determining which Python packages are affected requires cross-ecosystem analysis spanning Python dependency...

Detecting Data Poisoning in Code Generation LLMs Via Black-Box, Vulnerability-Oriented Scanning

Code generation large language models LLMs are increasingly integrated into modern software development workflows. Recent work has shown that these models are vulnerable to backdoor and poisoning attacks that induce the generation of insecure code, yet effective defenses remain limited. Existing...

IBM: Potential Subdomain Takeover on IBM.com domain.

A potential subdomain takeover on an IBM.com domain was reported to IBM, analyzed, and remediated...

Exploit for Use After Free in Linux Linux_Kernel

cve-2024-1086-lpe Technical analysis and proof-of-concept for...

📄 Skyvern 0.1.84 Template Injection / Code Execution

Skyvern version 0.1.84 remote code execution proof of concept exploit that leverages a vulnerability in workflow creation functionality where user-supplied input in the prompt field is processed through Jinja2 templating engine without proper sanitization, allowing attackers to execute arbitrary...