Exploit for CVE-2026-42945

CVE-2026-42945 PoC Go This tool is designed for detecting a...

Exploit for CVE-2026-1731

CVE-2026-1731 BeyondTrust Remote Support Pre-Auth RCE PoC...

📄 Django 5.1.13 SQL Injection

Django version 5.1.13 suffers from a remote SQL injection vulnerability. Exploit Title: Django 5.1.13 - SQL Injection Google Dork: none Not applicable for this vulnerability Date: 2025-12-03 Exploit Author: Wafcontrol Security Team Vendor Homepage: https://www.djangoproject.com/ Software Link:...

Malicious code in syahlan-poke34 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector bca1810855f6ff0be7eedd9ab5f40bc1ca3b86429e31d927154d49bb36065d1f This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Sitecore 10.4 - Remote Code Execution (RCE)

Exploit Title: Sitecore 10.4 - Remote Code Execution RCE Exploit Author: Yesith Alvarez Vendor Homepage: https://developers.sitecore.com/downloads Version: Sitecore 10.3 - 10.4 CVE : CVE-2025-27218 Link: https://github.com/yealvarez/CVE/blob/main/CVE-2025-27218/exploit.py from requests import...

Malicious code in zora-exploit-payload (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a09d84c94c165c768d88481e00efa77860f1237a66dc441e253dd480f1e476a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

MAL-2025-4959 Malicious code in zora-exploit-payload (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 9a09d84c94c165c768d88481e00efa77860f1237a66dc441e253dd480f1e476a Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Hax CMS Stored Cross-Site Scripting vulnerability

Summary The application does not sufficiently sanitize user input, allowing for the execution of arbitrary JavaScript code. The 'saveNode' and 'saveManifest' endpoints take user input and store it in the JSON schema for the site. This content is then rendered in the generated HAX site. Although t...

Ivanti Connect Secure 22.7R2.5 - Remote Code Execution (RCE)

Exploit Title: Ivanti Connect Secure 22.7R2.5 - Remote Code Execution RCE Date: 2025-01-11 Exploit Author: @absholi7ly CVE: CVE-2025-0282 import requests import sys import struct import socket import ssl import urllib3 import time Disable SSL warnings...

CVE-2025-21609

CVE-2025-21609 affects SiYuan Note 3.1.18. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint, where an attacker can craft a payload to cause arbitrary file deletion on the server. The issue is addressed by commit d9887aeec1b27073bec66299a9a4181dc42969f3, with a fix e...

CVE-2025-21609 SiYuan has an arbitrary file deletion vulnerability

SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint. An attacker can craft a payload to exploit this vulnerability,...

CVE-2025-21609 SiYuan has an arbitrary file deletion vulnerability

SiYuan is self-hosted, open source personal knowledge management software. SiYuan Note version 3.1.18 has an arbitrary file deletion vulnerability. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint. An attacker can craft a payload to exploit this vulnerability,...

Exploit for Out-of-bounds Write in Exim

CVE-2023-42115: Exploit and Payload Generator Scripts This r...

CE Phoenix 1.0.8.20 Remote Code Execution Exploit

Exploit Title: CE Phoenix v1.0.8.20 - Remote Code Execution RCE Authenticated Date: 2023-11-25 Exploit Author: tmrswrr Category: Webapps Vendor Homepage: CE Phoenix Version: v1.0.8.20 Tested on: Softaculous Demo - CE Phoenix EXPLOIT : import requests from bs4 import BeautifulSoup import sys impor...

Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

This is a PoC exploit for CVE-2023-27163, a remote code executio...

Exploit for CVE-2021-34527

CVE-2021-34527 PrintNightmare PoC 👾 📝 Description This sim...

Exploit for Improper Access Control in Webmin

WebminRCE-exploit CVE-2022-0824, CVE-2022-0829 - File Manger p...

No Future Posts <= 1.4 - Admin+ Stored Cross-Site Scripting

The plugin does not escape its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks when unfilteredhtml is disallowed Put the following payload in any of the plugin's settings such as Exclude posts IDs and save: " autofocus onfocus=alert/XSS///...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Log4Shell CVE-2021-44228https://nvd.nist.gov/vuln/detail/C...

Company's Recruitment Management System 1.0 - (description) Stored XSS Vulnerability

Exploit Title: Company's Recruitment Management System 1.0 - 'description' Stored Cross-Site Scripting XSS Exploit Author: Aniket Anil Deshmane Vendor Homepage: https://www.sourcecodester.com/php/14959/companys-recruitment-management-system-php-and-sqlite-free-source-code.html Software Link:...