Academic proof-of-concept demonstrating CVE-2025-14847 for authorized security research.
-
Updated
Dec 29, 2025 - Python
Academic proof-of-concept demonstrating CVE-2025-14847 for authorized security research.
Academic proof-of-concept demonstrating CVE-2026-21445 [LangFlow] for authorized security research.
🛠 Exploit the CVE-2025-14847 vulnerability in MongoDB to disclose sensitive heap memory using a Python script that analyzes responses for new leaked data.
Crawl4AI is an open-source LLM friendly web crawler & scraper. Prior to 0.8.7, the _safe_eval_expression() function in the computed fields feature uses an AST validator that only blocks attributes starting with underscore.
motionEye's Absolute Path Traversal in Media File Handlers Allows Arbitrary File Read
Gogs has Path Traversal in organization name that results in RCE through Git hooks
Gorse < 0.5.10 contains an authentication bypass caused by empty admin_api_key in /api/dump and /api/restore endpoints, letting unauthenticated remote attackers access and modify protected data, exploit requires default empty admin_api_key configuration.
Add a description, image, and links to the codeb0ss topic page so that developers can more easily learn about it.
To associate your repository with the codeb0ss topic, visit your repo's landing page and select "manage topics."