Exploit for Double Free in Apache Http_Server

CVE-2026-23918 — Apache modhttp2 Double Free Affected: A...

pocs

Fragnesia Abstract https://github.com/user-attachment...

Exploit for Out-of-bounds Write in Google Chrome

Vuln...

Exploit for CVE-2025-29338

CVE-2025-29338 — Security Advisory Buffer Overflow in NXP...

Exploit for Server-Side Request Forgery in Internlm Lmdeploy

CVE-2026-33626 — LMDeploy Vision-Language SSRF Lab Overvie...

Searchor-2.4.1-RCE-Exploit-PoC

Searchor-2.4.1-...

DVWA-Web-Vulnerability-Project

...

Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple

SimpleCTF-THM-Relatory First CTF successfully completed! This...

Exploit for CVE-2017-0144

💀 EternalBlue MS17-010 Exploitation Research Controlled r...

security-skills

Security Skills Security Skills is a Hermes Agent skill pack...

ANTI-FLUFF

PENTESTINGMETHS Main view example: Web Application As...

coreruleset 4.21.0 - Firewall Bypass

Exploit Title: coreruleset 4.21.0 - Firewall Bypass Date: 04/08/2026 Exploit Author: Daytrift Newgen Vendor Homepage: https://github.com/coreruleset Software Link: https://github.com/coreruleset/coreruleset Version: 4.22.0/3.3.8 Tested on: Fedora, MacOS CVE : CVE-2026-21876 import base64 import o...

Flowise < 3.0.5 - Missing Authentication for Critical Function

Exploit Title: Flowise 3.0.5 - Missing Authentication for Critical Function Date: 10/11/2025 Exploit Author: nltt0 https://github.com/nltt-br Vendor Homepage: https://flowiseai.com/ Software Link: https://github.com/FlowiseAI/Flowise Version: 3.0.5 CVE: CVE-2025-58434 from requests import post fr...

glances 4.5.2 - command injection

!/usr/bin/env python3 Exploit Title: glances 4.5.2 - command injection Date: 2026-04-09 Exploit Author: Stepanov Daniil Vendor Homepage: https://github.com/nicolargo/glances Software Link: https://github.com/nicolargo/glances Version: 4.5.2 and below fixed in 4.5.3 Tested on: Kali Linux 2026.1,...

Ninja Forms Uploads - Unauthenticated PHP File Upload

Exploit Title: Ninja Forms Uploads - Unauthenticated PHP File Upload Date: 2026-04-09 Exploit Author: Sélim Lanouar @whattheslime Vendor Homepage: https://ninjaforms.com/ Software Link: https://ninjaforms.com/extensions/file-uploads/ Version: 3.3.24 Tested on: WordPress 6.9.3 on Apache and Nginx...

📄 Espanso 2.3.0 Shell Extension Arbitrary Command Execution

The Shell extension in Espanso version 2.3.0 allows arbitrary command execution. An attacker who can modify the match configuration file can inject shell commands that execute when the user types the trigger. No restart required. Exploit Title: Espanso v2.3.0 - Shell Extension Arbitrary Command...

📄 Espanso 2.3.0 Shell and Script Extension Arbitrary Command Execution

The Shell and Script extensions in Espanso version 2.3.0 allow arbitrary command execution. No restart required. Config changes take effect immediately. Exploit Title: Espanso v2.3.0 - Shell & Script Extension Arbitrary Command Execution RCE Date: 2026-05-13 Exploit Author: Chokri Hammedi Softwar...

📄 Glances 4.5.2 Command Injection

Glances version 4.5.2 suffers from a command injection vulnerability. !/usr/bin/env python3 Exploit Title: glances 4.5.2 - command injection Date: 2026-04-09 Exploit Author: Stepanov Daniil Vendor Homepage: https://github.com/nicolargo/glances Software Link: https://github.com/nicolargo/glances...

📄 Flowise Missing Authentication

Proof of concept for Flowise versions prior to 3.0.5 that suffer from a missing authentication vulnerability. Exploit Title: Flowise 3.0.5 - Missing Authentication for Critical Function Date: 10/11/2025 Exploit Author: nltt0 https://github.com/nltt-br Vendor Homepage: https://flowiseai.com/...

📄 Event Booking Calendar 5.0 Cross Site Scripting

Event Booking Calendar version 5.0 suffers from a cross site scripting vulnerability. Titles: Event Booking Calendar-5.0 Cross-site scripting reflected Author: nu11secur1ty Date: 5/13/2026 Vendor: https://www.phpjabbers.com/ Software: https://www.phpjabbers.com/event-booking-calendar/ Reference:...