aniket.

Looking for a very specific CVE? Introducing cWee an advanced CVE (Common Vulnerabilities and Exposures) searching tool, built on top of the powerful nvdlib library. try it out: cwee.awwfensive.site (p.s. It's a fun side project, building it to save some time)

This is the third vulnerability I'm disclosing in BullFrog, this one is a fundamental design flaw, the kind that doesn't have a quick patch because it stems from *how* the filtering is architected. devansh.bearblog.dev/virtual-hostin…

𝗡𝗲𝘄 𝗕𝗹𝗼𝗴 𝗥𝗲𝗹𝗲𝗮𝘀𝗲𝗱 📢 Hey everyone! I have released a new blog on the analysis of the react2shell vulnerability. 𝘊𝘩𝘦𝘤𝘬 𝘪𝘵 𝘰𝘶𝘵 𝘩𝘦𝘳𝘦: vxsnipe.xyz/posts/react2sh…

React2Shell has plenty of coverage now, but I wanted to actually understand it end-to-end. I spent time digging into CVE-2025-55182 and have documented my work. This article focuses on why this vulnerability exists and how the exploit works. awwfensive.site/blogs/CVE-2025…

A really detailed article by @JoshWComeau on react server components, explains CSR, SSR and then finally RSC. joshwcomeau.com/react/server-c…

Hi, I’m Rishi 👋 I regularly share alerts and vulnerability detection scripts for the latest zero-days + actively exploited vulnerabilities. If that’s of interest, updates are shared here as they emerge in real time. You can also find my work on GitHub: github.com/rxerium

A POC for CVE-2025-55182 gist.github.com/maple3142/48bc…

Sometimes I feel bad for Carlos.

Andrej Karpathy says you should learn AI depthwise, not breadthwise. Most education is breadthwise: watch lectures, memorize formulas, and trust you'll need it later. Karpathy flips this by learning "depthwise, on demand." What this means: Pick a project, start building, and learn exactly when you hit a wall. When he created a tutorial on transformers (the architecture behind ChatGPT), he didn't start by explaining attention mechanisms or complex architectures. Instead, he started with the simplest possible thing: a lookup table that predicts the next word. You build that first. Then you try to make it handle more complex patterns. And it breaks. Only then, when you've felt the limitation, does he introduce the next concept. Each piece solves a problem you've actually encountered. As he puts it: "It's a dick move to present the solution before I give you a shot to try it yourself." When you attempt the problem first, the solution actually makes sense. Teaching forces you to learn. "If I don't really understand something, I can't explain it." When you try to explain and stumble, you've found the gaps in your understanding. ... Build a project that gives you a reward. Hit a wall. Learn just enough to solve it. Then explain it to someone else. Don't consume content. Build the code. That's how you actually learn.

⚡ Wrote a cheesheet kind of a blog on Container Security. A concise reference covering essential practices for securing Docker and Kubernetes environments. awwfensive.site/blogs/containe…

@0xSN1PE wooho

𝗡𝗲𝘄 𝗕𝗹𝗼𝗴 𝗥𝗲𝗹𝗲𝗮𝘀𝗲𝗱 📢 Hey everyone! I have released a new blog on the analysis of the 𝗚𝗿𝗲𝗺𝗹𝗶𝗻 𝗜𝗻𝗳𝗼𝘀𝘁𝗲𝗮𝗹𝗲𝗿. 𝘊𝘩𝘦𝘤𝘬 𝘪𝘵 𝘰𝘶𝘵 𝘩𝘦𝘳𝘦: vxsnipe.xyz/posts/dissecti…

@_heyanoop @lochan_twt shinchan made it sound more mature!

how can i become like him ?

⚡ I encountered an authentication system in a CTF, it involved bcryptjs library. - Bcrypt truncates at 72 bytes, here's a blog post on this behaviour could lead to vulnerable auth systems: awwfensive.site/blogs/bcrypt.h…

A practical lab environment for testing and understanding the critical CVE-2025-49844 (RediShell) vulnerability in Redis. github.com/raminfp/redis_… Update to Redis 8.2.2+ immediately #RediShell #Security #RedTeam #PenTesting #SecurityResearch

🚨 Critical zero-day tagged as CVE-2025-61882 (CVSS 9.8) affecting Oracle E-Business Suite I've created a vulnerability detection script here: github.com/rxerium/CVE-20… This vulnerability is remotely exploitable without authentication. Patches are available as per Oracle's Security Advisory: oracle.com/security-alert…

GitHub - 0xMarcio/cve: Latest CVEs with their Proof of Concept exploits. github.com/0xMarcio/cve

Yet another CTF writeup; "Exploiting Symlink Upload and Session Forgery" awwfensive.site/slippy.html