Windows 11 23H2 - Denial of Service (DoS)

Exploit Title: Windows 11 23H2 - Denial of Service DoS Google Dork: N/A Date: 2025-08-22 Exploit Author: Kryptoenix Vendor Homepage: https://www.microsoft.com/ Software Link: https://www.microsoft.com/en-us/software-download/windows11 Version: Windows 11 23H2 Tested on: Windows 11 23H2 x64 CVE:...

Adobe ColdFusion 2023.6 - Remote File Read

Exploit Title: Adobe ColdFusion 2023.6 - Remote File Read Exploit Author: @İbrahimsql Exploit Author's github: https://github.com/ibrahmsql Description: ColdFusion 2023 LUcee - Remote Code Execution CVE: CVE-2024-20767 Vendor Homepage: https://www.adobe.com/ Requirements: requests=2.25.0,...

Campcodes Online Hospital Management System 1.0 - SQL Injection

Exploit Title: Campcodes Online Hospital Management System 1.0 - SQL Injection Google Dork: N/A Exploit Author: Carine Constantino Vendor Homepage: https://www.campcodes.com Software Link: https://www.campcodes.com/projects/online-hospital-management-system-using-php-and-mysql/ Version: 1.0 Teste...

WordPress Depicter Plugin 3.6.1 - SQL Injection

Exploit Title: WordPress Depicter Plugin 3.6.1 - SQL Injection Google Dork: inurl:/wp-content/plugins/depicter/ Date: 2025-05-06 Exploit Author: Andrew Long datagoboom Vendor Homepage: https://wordpress.org/plugins/depicter/ Software Link: https://downloads.wordpress.org/plugin/depicter.3.6.1.zip...

Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege

Exploit Title: Microsoft Windows 11 23h2 - CLFS.sys Elevation of Privilege Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ CVE: CVE-2024-49138 include...

📄 Android 13 Local Privilege Escalation

Android version 13 local privilege escalation proof of concept exploit. Exploit Title: Android 13 - Local Privilege Escalation Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Version: = 13 Tested on: Win,...

Tatsu 3.3.11 - Unauthenticated RCE

Exploit Title:Tatsu 3.3.11 - Unauthenticated RCE Date: 2025-04-16 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL MiRROR-H: https://mirror-h.org/search/hacker/49626/ Product: Tatsu wordpress plugin = 3.3.11 CVE:...

📄 RemotePC Remote Code Execution

RemotePC suffers from an unauthenticated remote code execution vulnerability. The release for this on github offers no version information. Exploit Title: RemotePC - Unauthenticated RCE Date: 2025-04-14 Exploit Author: Ahmet Ümit BAYRAM Vendor: https://github.com/akoc95/RemotePC Version: latest...

CyberPanel 2.3.6 - Remote Code Execution (RCE)

Exploit Title: CyberPanel 2.3.6 - Remote Code Execution RCE Date: 10/29/2024 Exploit Author: Luka Petrovic refr4g Vendor Homepage: https://cyberpanel.net/ Software Link: https://github.com/usmannasir/cyberpanel Version: 2.3.5, 2.3.6, 2.3.7 before patch Tested on: Ubuntu 20.04, CyberPanel v2.3.5,...

📄 Typecho 1.3.0 Cross Site Scripting

Typecho versions 1.3.0 and below suffer from a persistent cross site scripting vulnerability. // Exploit Title: Typecho = 1.3.0 Stored Cross-Site Scripting XSS // Google Dork: intext:"Powered by Typecho" inurl:/index.php // Date: 18/08/2024 // Exploit Author: Michele 'cyberaz0r' Di Bonaventura //...

Typecho 1.3.0 - Stored Cross-Site Scripting (XSS)

Exploit Title: Typecho 1.3.0 - Stored Cross-Site Scripting XSS Google Dork: intext:"Powered by Typecho" inurl:/index.php Date: 18/08/2024 Exploit Author: Michele 'cyberaz0r' Di Bonaventura Vendor Homepage: https://typecho.org Software Link: https://github.com/typecho/typecho Version: 1.3.0 Tested...

📄 PandoraFMS 7.0NG.772 SQL Injection

PandoraFMS version 7.0NG.772 proof of concept authenticated remote SQL injection exploit. Exploit Title: PandoraFMS console v7.0NG.772 - SQL Injection Authenticated Date: 21/11/2023 Exploit Author: Osama Yousef Vendor Homepage: https://pandorafms.com/ Software Link:...

📄 DocsGPT 0.12.0 Remote Code Execution

DocsGPT version 0.12.0 suffers from a remote code execution vulnerability. Exploit Title: DocsGPT 0.12.0 - Remote Code Execution Date: 09/04/2025 Exploit Author: Shreyas Malhotra OSMSEC Vendor Homepage: https://github.com/arc53/docsgpt Software Link:...

Apache HugeGraph Server 1.2.0 - Remote Code Execution (RCE)

Exploit Title: Apache HugeGraph Server 1.2.0 - Remote Code Execution RCE Exploit Author: Yesith Alvarez Vendor Homepage: https://hugegraph.apache.org/docs/download/download/ Version: Apache HugeGraph 1.0.0 - 1.2.0 CVE : CVE-2024–27348 from requests import Request, Session import sys import json d...

📄 GeoVision GV-ASManager 6.1.0.0 Information Disclosure

GeoVision GV-ASManager versions 6.1.0.0 and below suffer from an information disclosure vulnerability. Exploit Title: Information Disclosure in GeoVision GV-ASManager Google Dork: inurl:"ASWeb/Login" Date: 02-FEB-2025 Exploit Author: Giorgi Dograshvili DRAGOWN Vendor Homepage:...

📄 Blood Bank and Donor Management System 2.4 Cross Site Scripting

Blood Bank and Donor Management System version 2.4 suffers from a cross site scripting vulnerability. Exploit Title: Blood Bank & Donor Management System v2.4 - Cross Site Scripting XSS Date: 2025-04-07 Exploit Author: Mehmet Can Kadıoğlu a.k.a mao7un Vendor:...

📄 SAP HTTP Request Smuggling

SAPGateBreaker HTTP request smuggling proof of concept exploit that demonstrates a vulnerability in SAP NetWeaver Application Server ABAP, SAP NetWeaver Application Server Java, ABAP Platform, SAP Content Server 7.53, and SAP Web Dispatcher. Exploit Title: SAPGateBreaker Exploit - CVE-2022-22536 ...

Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure

Exploit Title: Microsoft Office 2019 MSO Build 1808 - NTLMv2 Hash Disclosure Exploit Author: Metin Yunus Kandemir Vendor Homepage: https://www.office.com/ Software Link: https://www.office.com/ Details: https://github.com/passtheticket/CVE-2024-38200 Version: Microsoft Office 2019 MSO Build 1808...

ProSSHD 1.2 - Denial of Service (DOS)

Exploit Title: ProSSHD 1.2 20090726 - Denial of Service DoS Google Dork: N/A Date: 13 january 2024 Exploit Author: Fernando Mengali Vendor Homepage: https://prosshd.com/ Software Link: N/A Version: 1.2 20090726 Tested on: Windows XP CVE: CVE-2024-0725 $sis="$^O"; if $sis eq "windows" $cmd="cls";...

CodeCanyon Rise CRM 3.7.0 SQL Injection

CodeCanyon Rise CRM version 3.7.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass. PROOF OF CONCEPT CVE: CVE-2024-8945 Exploit Title: RISE Ultimate Project Manager 3.7 sql injection POC Google Dork: N/A Date: September 19, 2024 Exploit Author: Jobyer Ahmed...