📄 Bichon 1.0.2 Privilege Escalation

Bichon version 1.0.2 suffers from a vertical privilege escalation vulnerability via the account role assignment functionality. Bichon 1.0.2 Vertical Privilege Escalation via Account Role Assignment ====================================================================== Vendor: rustmailer Product:...

📄 Bichon 1.0.2 SOCKS5 Proxy Topology Disclosure

Bichon version 1.0.2 suffers from a SOCKS5 proxy topology disclosure vulnerability via /list-proxy. Bichon 1.0.2 SOCKS5 Proxy Topology Disclosure via /list-proxy ============================================================= Vendor: rustmailer Product: Bichon - self-hosted email archiving server...

📄 Lobster_pro Arbitrary File Read / Server-Side Request Forgery

Unauthenticated attackers can exploit a weakness in the XML parser functionality of Lobsterpro prior to version 4.12.6-GA. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services. -----BEGIN PGP...

📄 4D Server Server-Side Request Forgery / Arbitrary File Read

Unauthenticated attackers can exploit a weakness in the XML parser functionality of the SOAP endpoints in 4D server. This allows them to obtain read access to files on the application server and adjacent network shares, and perform HTTP GET requests to arbitrary services. -----BEGIN PGP SIGNED...

📄 CPanel/WHM CRLF Injection / Authentication Bypass / Remote Code Execution

This Metasploit module exploits CVE-2026-41940, a CRLF injection in cPanel/WHMs cpsrvd daemon that allows unauthenticated remote code execution as root. The Basic-auth handler writes the password to the raw session file without stripping newlines. Omitting the ob-part of the session cookie bypass...

📄 Bichon 1.0.2 Bearer Access Token Disclosure

Bichon version 1.0.2 accepts Bearer access tokens via GET requests which has the negative side affect of being disclosed in logs, REFERER headers, and more. Bichon 1.0.2 Bearer Access Token Accepted via Query String + Logged ===================================================================...

Alfred-TryHackMe-Walkthrough-Jenkins-Exploitation-Windows-Token-Privilege-Escalation

🦇 TryHackMe: Alfred Walkthrough & Penetration Testing Report...

Exploit for CVE-2026-8181

CVE-2026-8181 Burst Statistics | Authentication Bypass to Admi...

Exploit for CVE-2026-3629

CVE-2026...

Flawfinder-ANSI-Exploit-POC

Flawfinder-ANSI-Exploit-POC In version 2.0.19 of Flawfinder, n...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 Copy Fail — Análisis y desarrollo en Ensambla...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CVE-2026-31431 Copy Fail — Análisis y desarrollo en Ensambla...

Exploit for CVE-2026-42945

CVE-2026-42945-NGINX-Rift bash Basic usage with target I...

waf-demo

No d...

chrome-148-exploit-poc

World Fun Zone - 2026 Security Research Framework Conferen...

kv-cache-side-channel-poc

KV Cache Side-Channel: Cross-Tenant Timing Oracle Proof of co...

MillieRCE

MillieRCE Millie is an advanced browser-based remote code exec...

Exploit for CVE-2026-42945

CVE-2026-42945 NGINX Rift — defensive scanner Organizations...

HTB-Blue-Writeup

Blue — EternalBlue MS17-010 Platform: TryHackMe OS:...

XSS-Payload-Generator

XSS-Payload-Generator user guide 0. This script is an XSS payl...