152 matches found
Hunting-Bugs
2026 Practical Bug Bounty Guide Built on real-world experie...
strix-advanced
⚡ Strix-Advanced AI-Powered Security Testing Platform An...
Exploit for Double Free in Apache Http_Server
☣️ CVE-2026-23918-Elite-Auditor ☣️ Professional Intelligenc...
Exploit for Cross-site Scripting in Exclusiveaddons Exclusive_Addons_For_Elementor
WP-Hunter MCP - Autonomous Bug Bounty Hunting MCP SERVER...
Exploit for Deserialization of Untrusted Data in Facebook React
React2Shell CVE-2025-55182 POC High Fidelity Detection & Expl...
CVE-2026-31382
CVE-2026-31382 (Gainsight Assist) is a reflected XSS in the error_description parameter. An attacker can bypass a domain WAF using a Safari-specific onpagereveal payload, enabling HTML/script injection. Public sources in the connected set confirm the vulnerability type as reflected XSS/HTML injec...
CVE-2026-31382 Gainsight Assist reflected XSS/HTML injection
The errordescription parameter is vulnerable to Reflected XSS. An attacker can bypass the domain's WAF using a Safari-specific onpagereveal payload...
SQLInject
Sqlinject 💉 Advanced SQL Injection Scanner with WAF Bypass...
Duplicate Advisory: HTTP Request Smuggling via Premature Upgrade
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-xq2h-p299-vjwv. This link is maintained to preserve external references. Original Description An HTTP request smuggling vulnerability CWE-444 was found in Pingora's handling of HTTP/1.1 connection upgrades. The...
injectproof
InjectProof The SQL injection scanner that finds what sqlma...
CVE-2026-25481 Langroid has WAF Bypass Leading to RCE in TableChatAgent
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.59.32, there is a bypass to the fix for CVE-2025-46724. TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code...
CVE-2026-25481 Langroid has WAF Bypass Leading to RCE in TableChatAgent
Langroid is a framework for building large-language-model-powered applications. Prior to version 0.59.32, there is a bypass to the fix for CVE-2025-46724. TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code...
GHSA-X34R-63HX-W57F Langroid has WAF Bypass Leading to RCE in TableChatAgent
Affected Scope langroid = 0.59.31 Vulnerability Description CVE-2025-46724 fix bypass: TableChatAgent can call pandaseval tool to evaluate the expression. There is a WAF in langroid/utils/pandasutils.py introduced to block code injection CVE-2025-46724. However it can be bypassed due to literalok...
CVE-2022-38381
An improper handling of malformed request vulnerability CWE-228 exists in FortiADC 5.0 all versions, 6.0.0 all versions, 6.1.0 all versions, 6.2.0 through 6.2.3, and 7.0.0 through 7.0.2. This may allow a remote attacker without privileges to bypass some Web Application Firewall WAF protection suc...
CVE-2023-45132
NAXSI is an open-source maintenance web application firewall WAF for NGINX. An issue present starting in version 1.3 and prior to version 1.6 allows someone to bypass the WAF when a malicious X-Forwarded-For IP matches IgnoreIP IgnoreCIDR rules. This old code was arranged to allow older NGINX...
Exploit for Deserialization of Untrusted Data in Facebook React
CVE-2025-55182 - Tool React2Shell React2Shell Ultimate Sca...
Exploit for Deserialization of Untrusted Data in Facebook React
react2shell-scanner-bypasswaf A command-line tool for detecti...
Exploit for Deserialization of Untrusted Data in Facebook React
React2Shell Scanner – with PoC CVE-2025-55182 – React Ser...
Exploit for Deserialization of Untrusted Data in Facebook React
React2Shell – Advanced Discovery & Exploitation Framework An...
Exploit for Deserialization of Untrusted Data in Facebook React
next88 - React Server Components RCE Scanner High-performance...