SecurityInfinity
ScannersCVE FeedPricingBug BountyTraining
SecurityInfinity
ScannersCVE FeedPricingBug BountyTraining
Security Research Database

Vulnerability Masterlist

Comprehensive database of security vulnerabilities with real-world payloads, exploitation techniques, and remediation guidance for security professionals.

12
Vulnerability Types
335+
Payload Examples
10+
OWASP Categories
50+
Code Examples
Severity:
Tags:
CriticalCWE-89

SQL Injection

Interference with queries an application makes to its database, potentially leading to data theft or deletion.

webdatabaseinjection
45 payloadsExplore
CriticalCWE-78

OS Command Injection

Executing arbitrary operating system commands on the server through vulnerable applications.

webserver-siderce
30 payloadsExplore
CriticalCWE-502

Insecure Deserialization

Exploiting deserialization of untrusted data to achieve remote code execution.

webrcejava
18 payloadsExplore
CriticalCWE-1336

Server-Side Template Injection

Injecting template directives to execute arbitrary code on the server.

webrcetemplate
35 payloadsExplore
HighCWE-79

Cross-Site Scripting (XSS)

Injecting malicious scripts into web pages viewed by other users, enabling session hijacking and data theft.

webclient-sideinjection
42 payloadsExplore
HighCWE-918

Server-Side Request Forgery

Inducing the server to make HTTP requests to arbitrary domains, accessing internal services.

webserver-sidenetwork
28 payloadsExplore
HighCWE-98

Local File Inclusion

Including files from the server filesystem, potentially exposing sensitive configuration and source code.

webserver-sidefile
35 payloadsExplore
HighCWE-611

XML External Entity (XXE)

Processing XML input containing external entity references, leading to file disclosure or SSRF.

webxmlinjection
22 payloadsExplore
HighCWE-22

Path Traversal

Accessing files and directories outside the intended directory using ../ sequences.

webfileserver-side
25 payloadsExplore
HighCWE-347

JWT Token Attacks

Exploiting weak JWT implementations to bypass authentication and forge tokens.

apiauthenticationcrypto
20 payloadsExplore
MediumCWE-639

Insecure Direct Object Reference

Accessing objects directly based on user-supplied input without proper authorization checks.

webapiauthorization
15 payloadsExplore
MediumCWE-93

CRLF Injection

Injection of carriage return and line feed characters to manipulate HTTP headers.

webheadersinjection
20 payloadsExplore

Additional Resources

OWASP Top 10 2021

Most critical web application security risks

CWE Database

Common Weakness Enumeration dictionary

CVE Details

CVE vulnerability database

HackTricks

Penetration testing methodology

PayloadsAllTheThings

Comprehensive payload repository

PortSwigger Academy

Free web security training

SecurityInfinity

Architecting the future of autonomous cybersecurity intelligence for a safer digital world.

Product

ScannersPricingBug BountyDocumentation

Resources

ResearchCybersecurityCVE DatabaseBlog

Training

Learning PathsHands-on LabsVulnerability TypesTech Blog

Company

About UsContact UsCEO's BlogPrivacy Policy
© 2026 SecurityInfinity. All rights reserved.
TermsPrivacyCookies