MTK

No d...

synergy-security

No d...

DrvEye

drivertool A static-analysis & exploitation-triage toolkit...

Pack2TheRoot

My exploit for...

Sentinal-ai

Sentinal-ai Free, offline...

xss

CSS Style Sheet Mutation alert"This is a test" alert"...

unicas_docker_exploit

Cyber-Range Didattico in Docker / Educational Docker Cyber-Ran...

Exploit for Access of Uninitialized Pointer in Bytecodealliance Wasmtime

No d...

mcp-stdio-exploit

MCP STDIO Exploit: A Local Reimplementation Vulnerability...

Exploit for CVE-2026-0911

CVE-2026-0911 — Hustle modül import PoC WordPress eklentisi...

📄 OWASP CRS 3.3.9 / 4.25.x LTS / 4.8.x File Upload Bypass

This proof of concept demonstrating a weakness in some web applications protected by OWASP Core Rule Set CRS or similar filters, where file upload validation can be bypassed using ambiguous filename formatting...

📄 Windows Cloud Files Tiering Engine Local Privilege Escalation

his Metasploit local exploit module models a Windows privilege escalation scenario involving Cloud Files, NTFS reparse points, named pipes, and service interaction. The workflow simulates abusing file system operations and cloud sync mechanisms by creating controlled directories, placeholder file...

📄 thumbler 1.1.2 Command Injection

The thumbler package through version 1.1.2 contains a critical command injection vulnerability in the thumbnail function. User-supplied input parameters input, output, time, size are concatenated into a single ffmpeg command string and executed via childprocess.exec without proper sanitization. A...

📄 SQLite 3.50.1 winsqlite3.dll Heap Overflow

This Metasploit local exploit module targets a heap overflow vulnerability in winsqlite3.dll in SQLite versions prior to 3.50.2 on Windows systems. It first attempts to detect the installed SQLite version, then generates a specially crafted database and SQL workload containing an excessive number...

📄 node-tesseract-ocr 2.2.1 Command Injection

In node-tesseract-ocr version 2.2.1, a security vulnerability allows OS command injection when attacker-controlled image paths are passed to the OCR function. ================================================================================================================================== | Title...

📄 SolarEdge 3.0-2021 Cross Site Request Forgery / OOB Injection

SolarEdge version 3.0-2021 suffers from a cross site request forgery vulnerability in the /solaredge-web/p/initClient that can lead to a remote command injection vulnerability. Titles: solaredge-CSRF-OOB-Injection 3.0-2021 web portal Author: nu11secur1tyAI Date: 2026-04-26 Vendor: SolarEdge...

📄 textract 2.5.0 Command Injection

In textract version 2.5.0, a security vulnerability allows OS command injection when untrusted file paths are processed by the library. ================================================================================================================================== | Title : textract 2.5.0 OS...

📄 Vienna Assistant 1.2.542 macOS Privilege Escalation

A macOS helper service interface implemented via NSXPC was observed exposing methods that may allow privileged operations such as file writing and command execution through a remote proxy connection...

📄 Sequelize 6.37.7 SQL Injection

A remote SQL injection vulnerability exists Sequelize versions 6.37.7 and below in the JSON/JSONB where clause processing. When Sequelize parses a JSON path key containing ::, the value after :: is treated as a SQL cast type and is inserted into the generated SQL without proper validation. If an...

📄 V8 BigInt String Conversion Stress Test Conceptual Sandbox

This is a V8 Sandbox Escape vulnerability in BigInt::Allocate where buffers are shuffled outside the sandbox. The vulnerability allows for writes outside the boundaries of the allocated buffer within the sandbox outbound write by manipulating data during the MultiplyFFT process...