Exploit for CVE-2026-9082

⚠️ Security Research & Legal Disclaimer 📌 Purpose of This...

Exploit for CVE-2026-6857

⚠️ Security Research & Legal Disclaimer 📌 Purpose of This...

Evil-M5Project WiFi Exploration Tool

This is the latest archive as of 2025/01/02 of the Evil-M5Project, an innovative tool developed for ethical testing and exploration of WiFi networks. It harnesses the power of the M5Core2 device to scan, monitor, and interact with WiFi networks in a controlled environment. This project is designe...

cve-poc-garage

Curated collection of CVE Proof of Concepts — reproducib...

APTSimulator

This is a toolset for simulating an APT Advanced Persistent Threat attack on a Windows system. The tool, called APT Simulator, is a Windows Batch script that uses a set of tools and output files to make a system look as if it was compromised. It is designed to be simple and easy to use, requiring...

Exploit for Command Injection in Fit2Cloud 1Panel

https://github.com/hophtien/CVE-2025-54424/releaseshttps://gi...

JavaDeserH2HC

This repository contains sample codes for the Hackers to Hackers Conference magazine 2017 H2HC. The codes are designed to demonstrate various exploitation techniques, specifically focusing on Java deserialization vulnerabilities. The primary vulnerability class/vector targeted is Java...

Exploit for Path Traversal in Microsoft

PoC exploit for CVE-2025-47176, a Microsoft Outlook Remote Code...

Exploit for Use After Free in Microsoft

🔥 CVE-2025-29824 Zero-Day Exploit 🔥 Welcome to the dark heart...

Exploit for Code Injection in Grafana

File-Read-CVE-2024-9264 Proof Of Concept for File Read in Graf...

Exploit for Authentication Bypass Using an Alternate Path or Channel in Jetbrains Teamcity

CVE-2024-27198 In JetBrains TeamCity before 2023.11.4 authenti...

Ray has arbitrary code execution via jobs submission API

Anyscale Ray allows a remote attacker to execute arbitrary code via the job submission API. NOTE: the vendor's position is that this report is irrelevant because Ray, as stated in its documentation, is not intended for use outside of a strictly controlled network environment...

Exploit for Insufficient Verification of Data Authenticity in Rarlab Winrar

CVE-2023-38831 En este caso, os comparto los archivos necesar...

vulhub

This is a collection of vulnerable web applications and tools for testing and learning about web application security. The repository contains a variety of applications, including CouchDB, FFmpeg, Git, and Jenkins, each with its own set of vulnerabilities. The applications are designed to be used...

vulhub

This repository is an open-source collection of vulnerable systems and applications for educational purposes, specifically for learning and practicing penetration testing and vulnerability assessment. It is maintained by phith0n and hosted on GitHub. The repository contains various vulnerable...

New Microsoft Sysmon report in VirusTotal improves security

Today, following the 25th year anniversary of Microsoft Sysinternals, we are announcing the general availability of a new Microsoft Sysmon report in VirusTotal. Whether you’re an IT professional or a developer, you’re probably already using Microsoft Sysinternals utilities to help you manage,...

PowerSploit

This is an offensive tool for Windows PowerShell exploitation. It is a collection of PowerShell modules, specifically PowerSploit, which provides various functions for code execution, DLL injection, and antivirus bypass. The tool is designed to be used by penetration testers and red teamers to te...

vulhub

This is an open-source collection of pre-built vulnerable docker environments. It is a toolkit for defensive blue-team research and threat mitigation, providing a platform for testing and analyzing vulnerabilities in a controlled environment. The repository contains a variety of vulnerable...

blogpost_qiling_dlink_1

It is an offensive tool for exploiting vulnerabilities in software. The repository contains a Python script that exploits a vulnerability in a software product. The script is designed to be used by a penetration tester or a security researcher to test the security of the software. The script uses...

My-CTF-Web-Challenges

It is an offensive tool for web exploitation. The repository contains a collection of web challenges created by the user 'orange'. The challenges are designed to test various web exploitation techniques, including SQL injection, cross-site scripting XSS, and authentication bypass. The challenges...