Exploit for Improper Input Validation in Apache Activemq

CVE-2026-34197 — Apache ActiveMQ Classic Jolokia RCE Lab O...

DummyDataGenerator-Sung-UnPARK-17039326

No d...

Exploit for Double Free in Apache Http_Server

CVE-2026-23918 "Apache HTTP/2 Double-Free" — Detection & Respo...

Exploit for CVE-2026-44648

CVE-2026...

Dirty-Frag-Kubernetes-PoC

Dirty Frag CVE-2026-43284 — Kubernetes Container Escape PoC...

DataPersistence-Sung-UnPARK-17039326

No d...

📄 Apache Airflow Databricks Provider Certificate Verification Bypass

The Apache Airflow Databricks Provider package disables TLS certificate verification when communicating with the Kubernetes API server during federated token exchange. Both the synchronous and asynchronous code paths use verify=False / ssl=False, allowing any attacker with network access within t...

📄 ThingsBoard IoT Platform 4.2.0 Server-Side Request Forgery

ThingsBoard IoT Platform version 4.2.0 suffers from a server-side request forgery vulnerability. Exploit Title: ThingsBoard IoT Platform 4.2.0 - Server-Side Request Forgery SSRF Date: 2026-03-25 Exploit Author: Tamil Mathi T. Vendor Homepage: https://thingsboard.io Software Link:...

📄 Exim 4.91 Remote Command Execution

Exim versions 4.87 through 4.91 improper recipient-address validation remote command execution exploit. Spawns a netcat shell on port 31415 as root, then connects to it Vulnerablity is within Exim 4.87-4.91 import subprocess import socket import os import time from subprocess import Popen, PIPE...

📄 NocoBase 2.0.27 VM Sandbox Escape

NocoBase versions 2.0.27 and below VM sandbox escape exploit. Exploit Title: NocoBase 2.0.27 - VM Sandbox Escape Date: 2026-03-26 Exploit Author: Onurcan Genç Vendor Homepage: https://www.nocobase.com/ Software Link: https://github.com/nocobase/nocobase Version: = 2.0.27 — patched in 2.0.28 Teste...

📄 Dash-Uploader 0.7.0a2 Path Traversal

There is an unauthenticated path traversal in dash-uploader versions 0.1.0 through 0.7.0a2 allowing arbitrary file write, leading to but not limited to remote code execution, application source code overwrite, stored cross site scripting, and persistent backdoor installation. CVE-2026-38360: Path...

📄 WordPress Chart 3.5.9 Missing Authentication

The Chartify WordPress Chart plugin contains a missing authentication vulnerability in all versions up to and including 3.5.9. The plugin registers an unauthenticated AJAX action that dispatches to admin-class methods based on a request parameter without any nonce or capability checks...

📄 telnetd 2.7 Buffer Overflow

telnetd version 2.7 addslc remote buffer overflow exploit that achieves root. Exploit Title: telnetd 2.7 - Buffer Overflow Google Dork: N/A Date: 2026-04-03 Exploit Author: Jeff Barron jeffaf Vendor Homepage: https://www.gnu.org/software/inetutils/ Software Link: https://ftp.gnu.org/gnu/inetutils...

📄 WordPress CatFolders 2.5.2 SQL Injection

WordPress CatFolders plugin versions 2.5.2 and below suffer from a remote SQL injection vulnerability. CVE-2025-9776: Authenticated SQL Injection in CatFolders WordPress Plugin Keywords: CVE-2025-9776, CatFolders WordPress vulnerability, SQL injection WordPress, authenticated SQL injection,...

Exploit for Improper Certificate Validation in Bluestacks

CVE-2025-44964 — BlueStacks v5.20 Improper SSL Certificate Val...

Exploit for CVE-2024-33352

CVE-2024-33352 — BlueStacks Local Privilege Escalation via VM...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Hp Power_Manager

As part of my OSCP preparation I came across CVE-2009-3999 HP P...

Exploit for CVE-2026-23870

Next.js v16.2.4 Security PoC Collection This repository colle...

Exploit for Improper Access Control in Oracle Vm_Virtualbox

CVE-2026-35250 my firstever cve is a 2.3 - Integer Overflow...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

CopyFail2 CVE-2026-31431 - Python Implementation Python por...