CVE

Vulnerability Report: Unauthenticated SQL Injection in Hospita...

Exploit for Use of Less Trusted Source in Meshtastic Meshtastic_Firmware

Stopping Meshtastic from-field spoof attacks — shape-detecti...

Exploit for OS Command Injection in Gnu Bash

CVE-201...

Exploit for Incorrect Authorization in Vercel Next.Js

ALPR Dashboard runtime patches Two drop-in patches for the a...

Exploit for Uncontrolled Resource Consumption in Ietf Http

!/usr/bin/env python3 """ Evidencia CVE-2023-44487 HTTP/2 Rapi...

Exploit for CVE-2026-3844

CVE-2026-3844 Mass Exploit CVE-2026-3844 – Breeze Cache Word...

HTB-Pterodactyl-Writeup

HackTheBox — Pterodactyl Writeup Difficulty: Medium |...

net_exploit_detector

netexploitdetector.py Behavioral network exploit detector f...

📄 Microsoft SQL Server 2022/2025 Privilege Escalation

This Python script demonstrates a privilege escalation technique targeting Microsoft SQL Server, associated with CVE-2025-24999. The exploit abuses improper permission controls on system stored procedures in the msdb database to elevate a low-privileged account to SYSADMIN...

📄 MetInfo CMS 8.1 Shell Upload Mass Exploiter

This Python module is a mass exploitation framework designed to automate the testing and exploitation of multiple MetInfo CMS targets potentially affected by CVE-2026-29014...

📄 MetInfo CMS 8.1 PHP Code Injection

This Python script is a full remote code execution exploit suite targeting a vulnerability in MetInfo CMS versions 8.1 and below. The flaw resides in the weixin module handling logic, where improperly sanitized input allows PHP code injection via crafted XML and HTTP parameters/headers...

📄 Microsoft MMC (.MSC) File Execution Abuse Leading / Admin Creation

This Metasploit local Windows exploit module abuses the way Microsoft Management Console MMC processes specially crafted .msc files to achieve arbitrary PowerShell execution when a user opens the file. The payload is designed to create a new local administrator account or execute a custom command...

📄 LuaJIT 2.1.1774638290 FFI Remote Code Execution / Lua Injection

This script is a LuaJIT exploitation tool that attempts to abuse the LuaJIT FFI Foreign Function Interface to execute system commands or arbitrary shellcode on a remote Lua runtime exposed over a TCP socket. It connects to a target service, injects Lua code dynamically, and leverages unsafe FFI...

📄 NocoBase 2.0.27 Sandbox Escape / Remote Code Execution

This code is a Metasploit Auxiliary module designed to exploit a remote code execution vulnerability in NocoBase versions 2.0.27 and below. It targets a flaw in the server-side script execution engine flownodes that allows breaking out of the JavaScript sandbox...

📄 Open WebUI 0.8.11 Information Disclosure

A potential access control issue was identified in Open WebUI where the Tools API and associated “valves” endpoints may expose sensitive configuration data when accessed with valid authentication tokens. The affected endpoints allow retrieval of tool metadata and configuration structures that may...

📄 lollms-webui Server-Side Request Forgery

lollms-webui suffers from a server-side request forgery vulnerability. ================================================================================================================================== | Title : lollms-webui SSRF for Cloud Metadata Leakage and Internal Network Pivoting | | Author...

📄 OpenClaw 2026.3.13 MEDIA Protocol File Disclosure

This Python script is a security exploitation tool targeting the OpenClaw system integrated with Discord. It attempts to exfiltrate sensitive files from a victim environment by abusing a MEDIA: prompt injection mechanism...

📄 NLTK 3.9.2 Path Traversal / File Disclosure

NLTK version 3.9.2 suffers from a path traversal vulnerability that allows for file disclosure. ================================================================================================================================== | Title : NLTK 3.9.2 Path Traversal - File Disclosure Exploit | | Auth...

📄 MISP 2.5.27 Workflow Engine Cross Site Scripting

This Metasploit auxiliary module targets a potential stored cross site scripting vulnerability in the MISP Workflow Engine. It is designed to interact with the MISP API, create workflows, and inject malicious payloads into workflow data fields...

Exploit for OS Command Injection in Zyxel Vmg8623-T50B_Firmware

CVE-2026-1459-POC POC for the CVE-2026-1459 which payload c...