Offensive security research hub
Discover original 0-days, detailed advisories, and the people behind them.
At Pentest-Tools.com, we publish offensive security research the way we practice pentesting: transparent, evidence-backed, and always focused on what matters most for practitioners.
The latest vulnerabilities our team discovered
Our latest write-ups
DotNetNuke: XSS to RCE (CVE-2026-40321)
DotNetNuke (DNN) might be a leading CMS in the Microsoft ecosystem, but a routine test on an older version accidentally led us straight to a brand-new 0-day. In this write-up, we escalate a simple Stored XSS vulnerability into a full Remote Code Execution (RCE) chain (CVE-2026-40321). Coverage in Cybernews.
Exploiting a 25-year-old flaw in cPanel's AWStats
Find out how an AWStats analysis reveals how legacy third-party software becomes a major security liability in hosting environments like cPanel. See how we discovered CVE-2025-63261 and how attackers leverage it to escape restricted shells and execute system commands.
Weaponizing SessionReaper in Magento 2
See how we developed a highly accurate exploit for SessionReaper (CVE-2025-54236), a critical account takeover vulnerability in Magento 2 and Adobe Commerce. This includes how we bypassed security to hijack accounts without credentials, how we automated the attack, and how to mitigate the risk.
Chaining an unauthenticated 0-click RCE in FuelCMS
FuelCMS may be a relic, but its vulnerabilities remain highly combustible. We uncovered a 0-click, pre-auth Remote Code Execution chain by combining an email array mishandling flaw for account takeover with a template escape bug in Dwoo. This deep dive details how we weaponized these bugs to execute arbitrary PHP.
Researcher profiles
Meet the offensive security specialists at Pentest-Tools.com.
Explore their discoveries, from zero-click RCE chains to responsibly disclosed CVEs - all documented in transparent, indexable advisories.
Matei Badanoiu
Offensive Security Research Lead
Matei "Mal" Badanoiu, widely recognized in the global security community as "CVE Jesus", is the Offensive Security Research Lead at Pentest-Tools.com.
An OSCP and OSCE certified expert, Matei first gained international acclaim with Team Romania’s historic European championship victory at ECSC2019. His achievements earned him a place in Forbes' 30 Under 30 for his contributions to the "golden generation" of Romanian cybersecurity. When you don't see him presenting at conferences you can find him finding findings to add to his hoard of over 120 CVEs.
Author profile // Wiz // Rapid7 // Github // DefCamp // SciProfiles // Calea Europeana // Forbes
Vision and impact
Championing a practitioner-led approach, the team provides the foundational research that takes our custom detections to the next level. They actively uncover previously undiscovered 0-days or create proof of concepts for theoretical 1-days and help build the tools to safely exploit them, such as the automated, highly accurate SessionReaper module(CVE-2025-54236). This work fuels our Adversarial Exposure Validation (AEV) capabilities, giving you definitive proof of compromise that far exceeds the utility of standard vulnerability scanners.
Challengers and innovators
The Pentest-Tools.com offensive research team is driven by high-fidelity results. Rather than stopping at theoretical discoveries, they make sure the internal "PoC||GTFO" mantra gets respected. By transforming complex exploits into practical write-ups and product capabilities, the team bridges the gap between raw vulnerability data and actionable offensive insights.
Inside the Pentest-Tools.com offensive security research hub
This hub shares our vulnerability research in an open and practical way, building on the community’s long tradition of shared knowledge and collaboration.
By showing how we discover and validate vulnerabilities, we aim to contribute to raising the bar for both attackers and defenders - and to encourage more research in the process.
Why we publish our research
We believe vulnerability research is not just about finding flaws.
This hub makes our research accessible to everyone who shares the same goals: security researchers, internal teams, MSP and MSSPs, consultants, and other decision-makers who need validated insights to act with confidence.
We prove exploitation paths with clarity and evidence
We support responsible disclosure so vendors can patch faster
We help practitioners understand real-world attack chains - not just CVE IDs
We show how vulnerabilities connect, sometimes chaining into zero-click RCEs
What you’ll find here
TL;DR - Advisories you can act on, research you can trust.
Advisories
Detailed write-ups of vulnerabilities our research team discovered, including technical breakdowns, impact summaries, and disclosure timelines.
Researcher profiles
Meet the offensive security specialists behind the findings.
Methodology
How we approach security research and handle responsible disclosure.
Offensive security research that speaks in proof
Detect 16,600+ vulnerabilities and validate your real-world risk with 180+ automated exploits.