Exploit for Improper Input Validation in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

🚀 Automated Log4Shell CVE-2021-44228 Play & Plug Lab An aut...

PT-2026-41767

Name of the Vulnerable Software and Affected Versions Docker affected versions not specified Description A race condition occurs during the mount setup of the docker cp command. When copying files into a container, the daemon creates a temporary filesystem view by bind-mounting volumes. A process...

PT-2026-41766

Name of the Vulnerable Software and Affected Versions Docker affected versions not specified Description A race condition occurs during the mount setup of docker cp, allowing a malicious container to create empty files or directories at arbitrary absolute paths on the host filesystem with root...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 Security Lab "React2Shell" This repository c...

PoCLab

kernel-poc Minimal Linux kernel + QEMU environment for reprod...

Operation-Molasses

🍯 OPERATION MOLASSES PEKMEZ Zencefil Efendi's Cyber Dow...

Exploit for CVE-2026-42945

CVE-2026-42945 nginx 32-bit Exploit Lab This repository is a...

KonR

KonR Hierarchical multi-agent AI penetration testing system p...

Exploit for Missing Authentication for Critical Function in Coreweave Marimo

CVE-2026-39987 - Marimo Pre-Auth RCE Unauthenticated Remote...

Exploit for CVE-2025-9074

🐚 docker-shell A lightweight, dependency-free bash script tha...

dvwa_xss_lab

DVWA XSS Lab Project Introduction This project creates a...

SECpocs

Next.js React Server Components RCE Exploit Exploits CVE-2025...

Exploit for Insecure Default Initialization of Resource in Praison Praisonai

CVE-2026-44338 PraisonAI Authentication Bypass Lab Local Dock...

Exploit for Missing Authentication for Critical Function in Flowiseai Flowise

Silentium — HackTheBox Writeup Platform: HackTheBox...

Exploit for Improper Access Control in Joomla Joomla\!

Full-Lifecycle CMS Penetration Testing Joomla 4.2.5 📌 Pr...

GHSA-RRMM-9V76-H3P4 Portainer missing authorization on Docker plugin endpoints, which allows host RCE

Summary Portainer enforces Role-Based Access Control RBAC on top of the Docker API. The proxy layer routes incoming Docker API requests to per-resource handlers containers, images, services, volumes, etc. that apply authorization checks. The Docker plugin management endpoints /plugins/ were not...

Portainer missing authorization on Docker plugin endpoints, which allows host RCE

Summary Portainer enforces Role-Based Access Control RBAC on top of the Docker API. The proxy layer routes incoming Docker API requests to per-resource handlers containers, images, services, volumes, etc. that apply authorization checks. The Docker plugin management endpoints /plugins/ were not...

CVE-2026-42593

CVE-2026-42593 affects Gotenberg: multiple routes (merge, split, LibreOffice convert, chromium convert variants) improperly accept stampSource=pdf/stampExpression and watermarkSource=pdf/watermarkExpression from anonymous callers. If stampExpression or watermarkExpression points to a file path th...

CVE-2026-42589 Gotenberg: Unauthenticated RCE via ExifTool Metadata Key Injection

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg's /forms/pdfengines/metadata/write HTTP endpoint accepts a JSON metadata object and passes its keys directly to ExifTool via the go-exiftool library. No validation is performed on key characters. A \n embedded i...

CVE-2026-42589

Gotenberg exposes an unauthenticated RCE via the /forms/pdfengines/metadata/write endpoint. The root cause is that JSON metadata keys are passed to ExifTool without validation; a newline in a key allows injection of ExifTool flags (e.g., -if), enabling arbitrary code execution as the Gotenberg pr...