autopenx

AutoPenX – A fully automated CTF-solving & penetration testing...

Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path

Exploit Title: Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path Exploit Author: CENACIF-MX Discovery Date: 2025-12-04 Vendor Homepage: https://support.lenovo.com/es/es/solutions/legionspace Tested Version: 1.7.11.2 Vulnerability Type: Unquoted Service Path Tested on OS: Microsoft...

Cockpit 359 - RCE

Exploit Title: Cockpit 359 - RCE Date: 18-04-2026 Exploit Author: @intx0x80 Vendor Homepage: https://cockpit-project.org/ Software Link: https://github.com/cockpit-project/cockpit Version: 327-359 Tested on: Debain CVE : CVE-2026-4631 import base64 import argparse import requests import urllib3...

BookStack 25.12.1 - Denial of Service

Exploit Title: BookStack 25.12.1 - Denial of Service Search Terms Resource Exhaustion Date: 2026-04-29 Exploit Author: Gabriel Rodrigues TEXUGO Vendor Homepage: https://www.bookstackapp.com Software Link: https://github.com/BookStackApp/BookStack Version: 2 else None searchurl =...

📄 dompdf Remote Code Execution

This Metasploit module exploits CVE-2022-28368, a remote code execution vulnerability in dompdf versions prior to 1.2.1. The vulnerability exists because dompdf preserves the original file extension when caching fonts downloaded via CSS @font-face rules. By pointing a @font-face src to a .php fil...

📄 BookStack 25.12.1 Denial of Service

BookStack version 25.12.1 suffers from a denial of service vulnerability. Exploit Title: BookStack 25.12.1 - Denial of Service Search Terms Resource Exhaustion Date: 2026-04-29 Exploit Author: Gabriel Rodrigues TEXUGO Vendor Homepage: https://www.bookstackapp.com Software Link:...

📄 Lenovo LegionSpace 1.7.11.2 Unquoted Service Path

Lenovo LegionSpace version 1.7.11.2 suffers from an unquoted service path vulnerability. Exploit Title: Lenovo LegionSpace 1.7.11.2 - 'DAService' Unquoted Service Path Exploit Author: CENACIF-MX Discovery Date: 2025-12-04 Vendor Homepage: https://support.lenovo.com/es/es/solutions/legionspace...

📄 Cockpit 359 Remote Code Execution

Cockpit versions 357 through 359 suffer from a remote code execution vulnerability. Exploit Title: Cockpit 359 - RCE Date: 18-04-2026 Exploit Author: @intx0x80 Vendor Homepage: https://cockpit-project.org/ Software Link: https://github.com/cockpit-project/cockpit Version: 327-359 Tested on: Debai...

solaredge - (CSRF-OOB-Injection)

Titles: solaredge - CSRF-OOB-Injection Author: nu11secur1tyAI Date: 2026-04-26 Vendor: SolarEdge Technologies Ltd. Software: SolarEdge Monitoring Platform - Framework /solaredge-web/ Reference: https://monitoring.solaredge.com/ Description: The solaredge-CSRF-Hijack vulnerability arises due to a...

FUXA 1.2.9 - RCE

Exploit Title: FUXA 1.2.9 - RCE Date: 4/24/2026 Exploit Author: Anthony Cihan Hann1bl3L3ct3r Vendor Homepage: https://github.com/frangoteam/FUXA Version: Arbitrary File Write - RCE Affected: FUXA makes Node's path.resolve climb out of appDir to anywhere the FUXA process can write. fullPath/fileNa...

📄 FUXA 1.2.9 Remote Code Execution

FUXA versions 1.2.9 and below suffers from an unauthenticated path traversal vulnerability that leads to arbitrary file write that enables remote code execution. Exploit Title: FUXA 1.2.9 - RCE Date: 4/24/2026 Exploit Author: Anthony Cihan Hann1bl3L3ct3r Vendor Homepage:...

Exploit for CVE-2020-25078

ABYSS C2 — HiSilicon DVR Exploit Framework ⚠️ EDUCATIONAL...

Exploit for CVE-2026-0265

CVE-2026-0265 Passive Detector v2 Defensive reconnaissanc...

Exploit for CVE-2026-2587

CVE-2026-2587 — GlassFish EL Injection RCE...

Exploit for Path Traversal in Mikrotik Routeros

Ferramentas de Pentest — /rede Repositório de scripts para au...

poc-gitcliff-injection

po...

Exploit for CVE-2026-0265

CVE-2026-0265 Vulnerability Assessment Tool Safely detect whe...

ai-pentest-lab

AI Pentest Lab Demo de segurança ofensiva com IA para palestr...

CVE-PoC

No d...

Citrix ADC (NetScaler) CVE-2026-3055 Scanner

This module scans for a vulnerability that allows a remote, unauthenticated attacker to leak memory from a target Citrix ADC server configured as a SAML IdP. The leaked memory is then scanned for session cookies which can be hijacked if found. Module Options msf use...