You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Matrix-driven authorization testing for HTTP APIs and MCP tool-calls. Turns an access-control matrix into positive & negative tests that catch BOLA, BFLA, BOPLA, privilege escalation and authorization drift — with CWE/OWASP-tagged SARIF for CI/CD.
Proof of concept for exploitation of the vulnerability described in CVE-2025-11554, which concerns the possibility of a privilege escalation through arbitrary requests to user types change endpoint in the i-Educar software.