v6.0.0 — LDAP, OAuth, 2FA Bypass, Password Reset Poisoning, GraphQL, JWT Confusion, Docker, Postman
LatestVulnBank v6.0.0 — New Vulnerability Classes
New Attack Surfaces
LDAP Injection (CWE-90) — \�pi/ldap.py
Filter string injection ((&(objectClass=user)(uid={username}))), anonymous search, plaintext password return
OAuth Misconfiguration — \�pi/oauth.py
Missing state parameter, open redirect on callback, SSRF via user-controlled token_endpoint, hardcoded client_secret, weak access tokens
2FA Bypass — \�pi/mfa.py
Hardcoded master bypass code \