DM on WhatsApp - wa.link/brutsecurity
Please open Telegram to view this post
VIEW IN TELEGRAM
π2β€1
π A PoC/exploit has been discovered for vulnerability CVE-2026-35616
PT ID: PT-2026-30288
Vendor: Fortinet
Product: FortiClientEMS
Description: A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
Link: https://github.com/Alaatk/CVE-2026-35616
PT ID: PT-2026-30288
Vendor: Fortinet
Product: FortiClientEMS
Description: A improper access control vulnerability in Fortinet FortiClientEMS 7.4.5 through 7.4.6 may allow an unauthenticated attacker to execute unauthorized code or commands via crafted requests.
Link: https://github.com/Alaatk/CVE-2026-35616
GitHub
GitHub - Alaatk/CVE-2026-35616: Fortinet FortiClientEMS improper access control
Fortinet FortiClientEMS improper access control. Contribute to Alaatk/CVE-2026-35616 development by creating an account on GitHub.
β€5
https://topmate.io/saumadip/2054509?coupon_code=awxe
Please open Telegram to view this post
VIEW IN TELEGRAM
topmate.io
Web Application Bug Bounty Methodology with Saumadip Mandal
Pro hacker's playbook: recon, XSS, SQLi, SSRF & more
β€1
β‘οΈPoC collection of Atlassian(Jira, Confluence, Bitbucket) products and Jenkins, Solr, Nexus,etc
β http://github.com/shadowsock5/Poc
β http://github.com/shadowsock5/Poc
π₯8β€6π³2π1
CVE-2026-23870, CVE-2026-44575, CVE-2026-44579, CVE-2026-44574, CVE-2026-44578, CVE-2026-44573, CVE-2026-44581, CVE-2026-44580, CVE-2026-44577, CVE-2026-44576, CVE-2026-44582, CVE-2026-44572
https://github.com/dwisiswant0/next-16.2.4-pocs
https://github.com/dwisiswant0/next-16.2.4-pocs
GitHub
GitHub - dwisiswant0/next-16.2.4-pocs: Next.js v16.2.4 Security PoC Collection (CVE-2026-23870, CVE-2026-44575, CVE-2026-44579β¦
Next.js v16.2.4 Security PoC Collection (CVE-2026-23870, CVE-2026-44575, CVE-2026-44579, CVE-2026-44574, CVE-2026-44578, CVE-2026-44573, CVE-2026-44581, CVE-2026-44580, CVE-2026-44577, CVE-2026-445...
π3β€2
β Real-world web attacks
β Live practical sessions
β Bug bounty methodology
β Recon to exploitation
β Report writing & workflow
β Beginner friendly + advanced concepts
π Batch Starts: June 2026
π Online Live Classes, Weekend Batch
π© Limited seats available
Please open Telegram to view this post
VIEW IN TELEGRAM
β€5
Hey Hunterβs,
DarkShadow is here back again!
if you got any api endpoint and showing you unauthorized then use fake perameter like:
you can FUZZ like:
?admin=true,
?bypass=1,
debug=true,
OR try to add header βX-Custom-IP-Authorization: 127.0.0.1β
these are some underrated but very effective method which i use to check api endpoints.
if you guyβs really enjoy to read such method then show your love to react here π₯β€οΈ
DarkShadow is here back again!
if you got any api endpoint and showing you unauthorized then use fake perameter like:
/api/public = unauthorized
/api/public/latest?anything=/api/public
you can FUZZ like:
?admin=true,
?bypass=1,
debug=true,
OR try to add header βX-Custom-IP-Authorization: 127.0.0.1β
these are some underrated but very effective method which i use to check api endpoints.
if you guyβs really enjoy to read such method then show your love to react here π₯β€οΈ
π₯6β€4π2
Please open Telegram to view this post
VIEW IN TELEGRAM
topmate.io
Web Application Bug Bounty Methodology with Saumadip Mandal
Pro hacker's playbook: recon, XSS, SQLi, SSRF & more
β€3π₯3π2
A collection of AI agent prompts for bug bounty and pentesting workflows:
https://github.com/matty69v/Bug-Bounty-Agents
https://github.com/matty69v/Bug-Bounty-Agents
GitHub
GitHub - matty69v/Bug-Bounty-Agents: AI-Powered Agents for Bub-Bounty Pentesting and Red-Teaming purposes
AI-Powered Agents for Bub-Bounty Pentesting and Red-Teaming purposes - matty69v/Bug-Bounty-Agents
π1
Please open Telegram to view this post
VIEW IN TELEGRAM
topmate.io
Bug Bounty Masterclass with Saumadip Mandal
Beginner to bug bounty hunter β tools, recon & real PoCs.