CVE Discoveries (1)
| CVE | Score | Date | Description |
|---|---|---|---|
| CVE-2026-32255 | 8.6 | 2026-03-19 | Kan is an open-source project management tool. In versions 0.5.4 and below, the /api/download/attatchment endpoint has no authentication and no URL validation. The Attachment Download endpoint accepts a user-supplied URL query parameter and passes it directly to fetch() server-side, and returns the full response body. An unauthenticated attacker can use this to make HTTP requests from the server to internal services, cloud metadata endpoints, or private network resources. This issue has been fixed in version 0.5.5. To workaround this issue, block or restrict access to /api/download/attatchment at the reverse proxy level (nginx, Cloudflare, etc.). |
CVE Proof of Concepts (3)
| CVE | Description | ⭐ | 🍴 | 👁️ | 📥 |
|---|---|---|---|---|---|
| CVE-2025-55182 | This repository contains a POC of CVE-2025-55182, a critical (CVSS score 10.0) pre-authentication remote code execution vulnerability affecting React Server Components, also known as React2Shell. | 12 | 3 | 3492 | 563 |
| CVE-2025-29927 | This repository contains a POC and an exploit script for CVE-2025-29927, a critical vulnerability in Next.js that allows attackers to bypass authorization checks implemented in middleware. | 5 | 3 | 1104 | 246 |
| CVE-2026-32255 | This repository contains a proof of concept (POC) for CVE-2026-32255, a high-severity Server-Side Request Forgery (SSRF) vulnerability in Kan, an open-source project management tool. | 2 | - | 420 | 143 |
Projects (4)
| Project | Description | ⭐ | 🍴 | 👁️ | 📥 |
|---|---|---|---|---|---|
| oss-oopssec-store | The first security CTF lab built with React and Next.js. Open you browser and start hacking. | 12 | 27 | 2509 | 15560 |
| cyber-bot | Threat intelligence platform: RSS aggregation, NVD CVE tracking, ENISA EUVD, databreaches, ... | 3 | 1 | 159796 | 526 |
| hate-crimes-map | This project aims to visualize hate crime data to bring visibility to crimes that are often invisible or normalized by society. | 3 | - | 27 | 20 |
| crack-hash | A fast, multi-threaded hash cracking tool written in Rust. This tool performs dictionary attacks against hashed passwords. | 2 | - | 25 | 11 |
OSS Contributions (11)
| Repository | Description | ⭐ | 🍴 |
|---|---|---|---|
| usebruno/bruno | Opensource IDE For Exploring and Testing API's (lightweight alternative to Postman/Insomnia) | 42319 | 2247 |
| infoslack/awesome-web-hacking | A list of web application security | 6827 | 1278 |
| kanbn/kan | The open source Trello alternative. | 4560 | 300 |
| OWASP/www-community | OWASP Community Pages are a place where OWASP can accept community contributions for security-related content. | 1335 | 824 |
| OWASP/www-project-vulnerable-web-applications-directory | The OWASP Vulnerable Web Applications Directory Project (VWAD) is a comprehensive and well maintained registry of all known vulnerable web applications currently available. | 83 | 45 |
| lingdojo/kana-dojo | Aesthetic, minimalist platform for learning Japanese inspired by Duolingo and Monkeytype, built with Next.js and sponsored by Vercel. Beginner-friendly with plenty of good first issues - all contributions are welcome! | 2038 | 1393 |
| fabionoth/awesome-cyber-security | A collection of awesome software, libraries, documents, books, resources and cools stuffs about security. | 1832 | 250 |
| vavkamil/awesome-vulnerable-apps | Awesome Vulnerable Applications | 1379 | 212 |
| kaiiyer/awesome-vulnerable | A curated list of VULNERABLE APPS and SYSTEMS which can be used as PENETRATION TESTING PRACTICE LAB. | 1278 | 208 |
| okhosting/awesome-cyber-security | A curated list of cyber security resources and tools. | 484 | 70 |
| secnotes/awesome-cybersecurity | A collection of awesome github repositories about security | 73 | 6 |
Github Metrics
TryHackMe Stats
| Global Rank | Top | Streak |
|---|---|---|
| #15232 | 1% | 592 days |
TryHackMe Badges (46)
Networking Nerd — Completing the 'Network Fundamentals' module
7 Day Streak — Achieving a 7 day hacking streak
Webbed — Understands how the world wide web works
World Wide Web — Completing the 'How The Web Works' module
cat linux.txt — Being competent in Linux
30 Day Streak — Hacking for 30 days solid
OWASP Top 10 — Understanding every OWASP vulnerability
Hash Cracker — Cracking all those hashes
Metasploitable — Contains the knowledge to use Metasploit
Blue — Hacking into Windows via EternalBlue
Cyber Ready — Understanding impact of training on teams
Sword Apprentice — Completing the SQLMap room
Shield Apprentice — Completing the FlareVM room
90 Day Streak — Hacking for 90 days in a row
Linux PrivEsc — Mastering Linux Privilege Escalation
Pentesting Principles — Completing the 'Introduction to Pentesting' module
Intro to Web Hacking — Completing the 'Introduction to Web Hacking' module
Advent of Cyber 2024 — Completing Advent of Cyber 2024!
Burp'ed — Completing the Burp Suite module
180 Day Streak — Hacking for 180 days in a row
Authentication Striker — Used the Hammer to bypass authentication
SQL Slayer — Conquered Advanced SQL Injection
System Sniffer — Completed the File Path traversal room
OhSINT — Completing the OhSINT room
Client-Side Champ — Successfully exploited client-side vulnerabilities
Introduction to Security Engineering — Completed the Security Engineer Intro room!
Calculated Risk — _Completed the Risk Management room! _
3 Day Streak — Achieving a 3 day hacking streak
Network and System Security — Finished the Auditing and Monitoring room!
Software Security — _Completed the OWASP API Security Top 10 rooms! _
365 Day Streak — Hacking for 365 days in a row
The Course Awakens — Finishing the first room in the DevSecOps path!
Just have to deal with it — _Successfully managed a cyber crisis! _
Raffle Royalty — Participating in Hack2Win 2025!
/opt/m0th3r — Finishing Mother’s Secret!
Skilled Navigator — Finishing the Eviction challenge!
First Step into SOC — Explored emerging threats and SOC response
SOC Apprentice — Explored how a SOC team operates from inside
First alert closed — Closing your first alert
First scenario completed — Completing your first scenario
100% true positive rate — Achieving 100% true positive rate in a scenario
500 Day Streak — Hacking for 500 days in a row
Tooling Specialist — Adept in creating custom offensive tooling
Advent of Cyber 2025 — Completing Advent of Cyber 2025!
Model Compromise — Completed the LLM Attacks Module
Session Held — Completing 4 weekly missions in a row!
TryHackMe Completed Rooms (304)
Certificates (118)
- Analyze and manage IT risks — 2026-03
- Everything You Need to Know About Computer Networks in Just a Few Hours — 2026-02
- Secure your Data with Cryptography — 2026-02
- Raise Cybersecurity Awareness Effectively — 2026-02
- Secure your Network with VPNs and Firewalls — 2026-02
- Conduct Your Cybersecurity Monitoring — 2026-02
- Discover the Basics of Digital Security — 2026-02
- Discover the World of Cybersecurity — 2026-02
- Try Hack Me - Advent of Cyber 2025 — 2025-12
- Try Hack Me - Security Engineer — 2025-09
- Try Hack Me - Web Fundamentals — 2025-02
- Try Hack Me - Jr Penetration Tester — 2025-01
- Try Hack Me - Advent of Cyber 2024 — 2024-12
- Try Hack Me - Complete Beginner — 2024-11
- Try Hack Me - Cyber Security 101 — 2024-11
- Try Hack Me - Introduction to Cyber Security — 2024-09
- Try Hack Me - Pre Security — 2024-08
- Ethical Hacking: Social Engineering — 2024-08
- OWASP Top 10 — 2023-11
- Security for Developers — 2023-11
- Ethical Hacking: the Complete Course — 2023-10
- Use ChatGPT to improve your productivity — 2023-05
- Ethereum and Solidity: The Complete Developer's Guide — 2023-03
- Discover the world of Information Systems — 2022-09
- Get started with Linux — 2022-07
- Simulate network architectures with GNS3 — 2022-05
- Design your TCP/IP network — 2022-05
- Draw up a functional specification — 2022-04
- Design a clickable interface — 2022-04
- Set up your front-end environment — 2022-04
- Discover the jobs of developer — 2022-04
- Develop your soft skills — 2022-04
- Use the Redux state manager to manage the state of your applications — 2022-04
- Use design patterns in JavaScript — 2022-04
- Learn how to use the command line in a terminal — 2022-04
- Manage code with Git and GitHub — 2022-03
- Create a complete React application — 2022-03
- Get started with React — 2022-01
- Manage your time efficiently — 2022-01
- Create responsive websites with Bootstrap 4 — 2021-12
- Create modern CSS animations — 2021-12
- Code an accessible website with HTML & CSS — 2021-11
- Test your Front End applications with JavaScript — 2021-11
- Debug your website interface — 2021-10
- Write the technical documentation for your project — 2021-10
- Test the interface of your site — 2021-10
- Create a web application with Vue.js — 2021-10
- Adopt REST APIs for your web projects — 2021-09
- Go full stack with Node.js, Express and MongoDB — 2021-08
- Write JavaScript for the web — 2021-07
- Design accessible web content — 2021-07
- Learn to program with JavaScript — 2021-07
- Simplify CSS with Sass — 2021-06
- Increase your traffic with natural referencing (SEO) — 2021-06
- Optimize the referencing of your site (SEO) by improving its technical performance — 2021-06
- Secure your web applications with OWASP — 2021-05
- Learn to learn — 2021-02
- The stages of the Mentor's life — 2021-02
- Learn about Python for data analysis — 2020-04
- Ultra-fast applications with Node.js — 2020-02
- Perfect your agile project management — 2019-02
- Understanding Bitcoin and the Blockchain — 2019-02
- Discover the cloud with Amazon Web Services — 2019-02
- Manage your project with a Scrum team — 2019-02
- Continue with Ruby on Rails — 2019-01
- Set up an information monitoring system — 2019-01
- Learn about agile project management — 2018-10
- Get started with Ruby on Rails — 2018-10
- Discover the agility posture — 2018-10
- Put the UX approach into practice — 2018-09
- Discover the world of cybersecurity_0 — 2018-09
- Start programming with Ruby — 2018-08
- React and Redux in practice — 2018-06
- Really understand Javascript — 2018-05
- Build a web application with React.js — 2018-04
- UX design: discover the basics! — 2018-01
- Learn about Design Thinking — 2018-01
- Speak in public — 2017-12
- Make a database with UML — 2017-11
- Use REST APIs in your web projects — 2017-10
- Manage your IT project easily! — 2017-09
- Start software analysis with UML — 2017-09
- Improve your skills in Python — 2017-08
- Discover how the algorithms work — 2017-08
- Discover object-oriented programming with Python — 2017-08
- Animate a Twitter community — 2017-08
- Start your project with Python — 2017-07
- Launch your freelance activity — 2017-06
- Succeed in your emailing campaign with MailChimp — 2017-05
- Digital Marketing Fundamentals (Digital Active) — 2017-03
- Develop your website with the Symfony framework — 2016-12
- Manage and pilot a multimedia project — 2016-11
- Organize your multimedia project — 2016-11
- Draw up the specifications for a digital project — 2016-10
- Simplify your JavaScript development with jQuery — 2016-09
- Introduction to jQuery — 2016-08
- Big Data: Intelligence, Products and Markets in the Age of Big Analytics — 2016-07
- Become an auto-entrepreneur — 2016-07
- Build modern and beautiful websites with WordPress — 2016-06
- Create your professional website with WordPress — 2016-06
- Create interactive web pages with JavaScript — 2016-06
- Manage your databases with MySQL — 2016-06
- Big Data is transforming my life and the lives of businesses — 2016-06
- Learn how to frame a multimedia project — 2016-05
- Create your first website with WordPress — 2016-04
- Design your website with PHP and MySQL — 2016-04
- Understanding Big Data through movies — 2016-03
- Discover the basics of project management — 2016-03
- Learn how to surf the Internet safely — 2016-03
- Control the use of your personal data — 2016-03
- Take back control with Linux! — 2016-03
- Web Integrator — 2016-03
- Get started with Bootstrap — 2016-03
- Manage your code with Git and GitHub — 2016-03
- Discover CMS solutions — 2016-02
- Learn to code with JavaScript — 2016-02
- Understanding the Web — 2016-02
- Learn how to create your website with HTML5 and CSS3 — 2016-02