📄 Tactical RMM Jinja2 SSTI Remote Code Execution

This Metasploit module exploits a Server-Side Template Injection SSTI vulnerability in Tactical RMM versions prior to 1.4.0 CVE-2025-69516. The reporting template preview endpoint passes user-controlled Jinja2 template content to Environment.fromstring without sandboxing, allowing arbitrary Pytho...

Exploit for CVE-2026-36670

CVE-2026-36670 A time-based blind SQL injection exploit for t...

CVE-2026-20902 Copeland XWEB and XWEB Pro OS Command Injection

An OS command injection vulnerability exists in XWEB Pro version 1.12.1 and prior, enabling an authenticated attacker to achieve remote code execution on the system by injecting malicious input into the map filename field during the map upload action of the parameters route...

CVE-2026-27568 AVideo has Stored Cross-Site Scripting via Markdown Comment Injection

WWBN AVideo is an open source video platform. Prior to version 21.0, AVideo allows Markdown in video comments and uses Parsedown v1.7.4 without Safe Mode enabled. Markdown links are not sufficiently sanitized, allowing javascript: URIs to be rendered as clickable links. An authenticated...

CVE-2026-27458

LinkAce is a self-hosted archive to collect website links. Versions 2.4.2 and below have a Stored Cross-site Scripting vulnerability through the Atom feed endpoint for lists /lists/feed. An authenticated user can inject a CDATA-breaking payload into a list description that escapes the XML CDATA...

CVE-2026-27118

SvelteKit is a framework for rapidly developing robust, performant web applications using Svelte. Versions of @sveltejs/adapter-vercel prior to 6.3.2 are vulnerable to cache poisoning. An internal query parameter intended for Incremental Static Regeneration ISR is accessible on all routes, allowi...

Exploit for CVE-2026-2670

exploit-CVE-2026-2670 CVE-2026-2670 – Advantech WISE-6610...

CVE-2026-26990

Summary: CVE-2026-26990 affects LibreNMS versions 25.12.0 and below, with a Time-Based Blind SQL Injection in the address-search.inc.php component via the address parameter. The issue arises when a crafted subnet prefix is supplied, causing the prefix value to be concatenated into SQL without pro...

📄 pfSense Ultimate Exploit Framework

This Python script is an exploitation framework targeting two authenticated remote code execution vulnerabilities in pfSense. One exploit vector is an unsafe deserialization in pfSense CE version 2.7.2 and another is related to XMLRPC execphp abuse in pfSense CE version 2.8.0...

CVE-2025-11142

The VAPIX API mediaclip.cgi that did not have a sufficient input validation allowing for a possible remote code execution. This flaw can only be exploited after authenticating with an operator- or administrator- privileged service account...

Joomla-Core-1.5.0-through-3.9.4---Directory-Traversal-Authenticated-Arbitrary-File-Deletion

No d...

📄 Mutiny 5.0-1.07 Directory Traversal

Mutiny version 5.0-1.07 directory traversal proof of concept exploit that demonstrates an issue originally discovered in 2013. ============================================================================================================================================= | Title : Mutiny 5.0-1.07...

WordPress plugin OS DataHub Maps 代码问题漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. There wa...

EUVD-2026-5084

A command injection vulnerability may be exploited after the admin's authentication via the configuration backup restoration function of the TP-Link Archer BE230 v1.2. Successful exploitation could allow an attacker to gain full administrative control of the device, resulting in severe compromise...

EUVD-2020-30881

M/Monit 3.7.4 contains a privilege escalation vulnerability that allows authenticated users to modify user permissions by manipulating the admin parameter. Attackers can send a POST request to the /api/1/admin/users/update endpoint with a crafted payload to grant administrative access to a standa...

CVE-2026-0796

ALGO 8180 IP Audio Alerter Web UI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific fla...

CVE-2026-0786 ALGO 8180 IP Audio Alerter SCI Command Injection Remote Code Execution Vulnerability

ALGO 8180 IP Audio Alerter SCI Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of ALGO 8180 IP Audio Alerter devices. Authentication is required to exploit this vulnerability. The specific flaw...

CVE-2025-68924

In Umbraco UmbracoForms through 8.13.16, an authenticated attacker can supply a malicious WSDL aka Webservice URL as a data source for remote code execution...

CVE-2025-37171

Authenticated command injection vulnerabilities exist in the web-based management interface of mobility conductors running AOS-8 operating system. Successful exploitation could allow an authenticated malicious actor to execute arbitrary commands as a privileged user on the underlying operating...

📄 n8n Workflow Expression Remote Code Execution

This Metasploit module exploits a critical remote code execution vulnerability CVE-2025-68613 in the n8n workflow automation platform. The vulnerability exists in the workflow expression evaluation system where user-supplied expressions enclosed in are evaluated in an execution context that is no...