Microsoft Defender for Endpoint (MDE) - Elevation of Privilege

!/bin/bash Exploit Title: Microsoft Defender for Endpoint MDE - Elevation of Privilege Date: 2025-05-27 Exploit Author: Rich Mirch Vendor Homepage: https://learn.microsoft.com/en-us/defender-endpoint/ Software Link:...

📄 WordPress Social Welfare 3.5.2 Remote Code Execution

WordPress Social Welfare plugin versions 3.5.2 and below suffer from a remote code execution vulnerability. !/usr/bin/env python3 Exploit Title: Social Warfare WordPress Plugin 3.5.2 - Remote Code Execution RCE Date: 25-06-2025 Exploit Author: Huseyin Mardini @housma Original Researcher: Luka Sik...

Exploit for CVE-2025-5640

PX4 Military UAV Autopilot =1.12.3 Stack Buffer Overflow Expl...

PT-2025-28194 · Gnu +1 · Gpac +1

Уязвимость функции gf dash group get audio channels media tools/dash client.c утилиты MP4Box мультимедийной платформы GPAC связана с разыменованием указателей при обработке DASH-манифестов. Эксплуатация уязвимости может позволить нарушителю выполнить произвольный код или вызвать отказ в обслужива...

Exploit for CVE-2025-5964

CVE‑2025‑5964 Path Traversal PoC for M‑Files Author: By...

Microsoft Excel Use After Free - Local Code Execution

Titles: Microsoft Excel Use After Free - Local Code Execution Author: nu11secur1ty Date: 06/09/2025 Vendor: Microsoft Software: https://www.microsoft.com/en/microsoft-365/excel?market=af Reference: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-27751 Versions: MS Excel 2016, MS Office...

Google Chrome Security Update (stable-channel-update-for-desktop_10-2025-06) - Mac OS X

Google Chrome is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:google:chrome"; ifdescription...

TightVNC 2.8.83 - Control Pipe Manipulation

Exploit Title: TightVNC 2.8.83 - Control Pipe Manipulation Date: 06/09/2025 Exploit Author: Ionut Zevedei [email protected] Exploit Repository: https://github.com/zeved/CVE-2024-42049-PoC Vendor Homepage: https://www.tightvnc.com/ Software Link: https://www.tightvnc.com/download.php Version: 2.8.83...

Exploit for CVE-2025-29927

CVE-2025-29927 - Critical Security Vulnerability in Next.js...

Exploit for Use After Free in Microsoft

KTMPOCS This repo contains reports for CVE 2024-43570http...

Exploit for CVE-2025-49113

CVE-2025-49113 RCE exploit the method for use...

Exploit for Unrestricted Upload of File with Dangerous Type in Tecrail Responsive_Filemanager

CVE 2022 46604 – Responsive File Manager ⚠️ Disclaimer...

Grandstream GSD3710 1.0.11.13 - Stack Overflow

!/usr/bin/env python3 Exploit Title: Grandstream GSD3710 1.0.11.13 - Stack Overflow Date: 2025-05-29 Exploit Author: Pepelux Vendor Homepage: https://www.grandstream.com/ Version: Grandstream GSD3710 - firmware:1.0.11.13 and lower Tested on: Linux and MacOS CVE: CVE-2022-2025 """ Author: Jose Lui...

Automic Agent 24.3.0 HF4 - Privilege Escalation

Exploit Title: Automic Agent 24.3.0 HF4 - Privilege Escalation Date: 26.05.2025 Exploit Author: Flora Schäfer Vendor Homepage: https://www.broadcom.com/products/software/automation/automic-automation Version: /tmp/sh.so 2. Run the ucxjlx6 executable as follows $ ./ucxjlx6 ini=echo -e...

D-Link DIR-600L formSetWanL2TP function buffer overflow vulnerability

The D-Link DIR-600L is an entry-level wireless router from China's AUO D-Link that supports 150Mbps wireless transmission and four 100 megabit wired ports. The D-Link DIR-600L suffers from a buffer overflow vulnerability that stems from the formSetWanL2TP function parameter host failing to proper...

Kentico Xperience 13.0.178 - Cross Site Scripting (XSS)

Exploit Title: Kentico Xperience 13.0.178 - Cross Site Scripting XSS Date: 2025-05-09 Version: Kentico Xperience before 13.0.178 Exploit Author: Alex Messham Contact: [email protected] Source: https://github.com/xirtam2669/Kentico-Xperience-before-13.0.178---XSS-POC/ CVE: CVE-2025-32370 import...

Exploit for Code Injection in Xwiki

CVE-2025-24893-EXP Affected Versions xwiki-platform = 5.3...

ZTE ZXV10 H201L - RCE via authentication bypass

Exploit Title: ZTE ZXV10 H201L - RCE via authentication bypass Exploit Author: l34n tasos meletlidis https://i0.rs/blog/finding-0click-rce-on-two-zte-routers/ import http.client, requests, os, argparse, struct, zlib from io import BytesIO from os import stat from Crypto.Cipher import AES def...

unzip-stream 0.3.1 - Arbitrary File Write

Exploit Title: unzip-stream 0.3.1 - Arbitrary File Write Date: 18th April, 2024 Exploit Author: Ardayfio Samuel Nii Aryee Software link: https://github.com/mhr3/unzip-stream Version: unzip-stream 0.3.1 Tested on: Ubuntu CVE: CVE-2024-42471 NB: Python's built-in zipfile module has limitations on t...

About Elevation of Privilege – Windows Process Activation (CVE-2025-21204) vulnerability

About Elevation of Privilege - Windows Process Activation CVE-2025-21204 vulnerability. This vulnerability from the April Microsoft Patch Tuesday was not highlighted by VM vendors in their reviews. It affects the Windows Update Stack component and is related to improper link resolution before fil...