AVideo through version 26.0 contains multiple unauthenticated list.json.php endpoints in payment plugins lacking authorization checks, exposing Pay...
vLLM versions >= 0.10.2 and < 0.13.0 are missing sparse tensor validation in multimodal embeddings processing. Because PyTorch disables sparse tens...
vLLM versions >= 0.6.3 and < 0.9.0 contain multiple regular expression denial of service (ReDoS) vulnerabilities. Several regex patterns — in vllm/...
Flowise 3.1.2 Custom MCP Environment Variable Case Bypass PoC This repository documents and validates an authenticated Windows ACE/RCE-class issue ...
No description provided...
Cybersecurity Home Lab Overview This project documents my beginner cybersecurity home lab using VMware, Kali Linux, Metasploitable 2, and DVWA. The...
🚩 CTF / Hackathon Starter Pack A complete, offline-ready toolkit for cyber CTFs and hackathons Hack The Box / picoCTF / TryHackMe style. Everythin...
Capgo before 12.128.2 contains an open redirect vulnerability in the confirm-signup endpoint that allows attackers to redirect users to arbitrary e...
Capgo before 12.128.2 contains an open redirect vulnerability in stripe_portal and stripe_checkout endpoints that accept unvalidated callbackUrl, s...
Capgo before 12.128.2 contains an information disclosure vulnerability in the GET /statistics/app/:app_id endpoint that allows app-limited API keys...
AI-powered asset discovery, dark web monitoring, CVE alerting, and vulnerability scanning — all in one platform.
