Exploit for CVE-2026-40176

CVE-2026-40176 Composer Perforce Repository Remote Code Ex...

JD-Security-SHENYI-Team

No d...

Exploit for CVE-2026-0740

CVE-2026-0740 🧩 Overview CVE-2026-0740 is an un...

Exploit for CVE-2026-40175

CVE-2026-40175 — Axios CRLF Injection / HTTP Request Smuggling...

Exploit for CVE-2026-29000

CVE-2026-29000: Proof of Concept PoC for pac4j-jwt Auth Bypa...

📄 EspoCRM 9.3.3 Remote Code Execution

This Metasploit module targets an authenticated remote code execution vulnerability in EspoCRM versions 9.3.3 and below. ================================================================================================================================== | Title : EspoCRM ≤ 9.3.3 Authenticated RCE...

📄 ddev ZipSlip Path Traversal

A ZipSlip path traversal vulnerability exists in the ddev/ddev project, affecting archive extraction routines. The issue allows a crafted ZIP archive to write files outside the intended extraction directory, potentially leading to arbitrary file overwrite on the host system...

📄 Activitypub-federation-rust 0.7.1 Server-Side Request Forgery

This is a server-side request forgery scanner for Activitypub-federation-rust version 0.7.1. ================================================================================================================================== | Title : Activitypub-federation-rust 0.7.1 Lemmy ActivityPub SSRF Scanne...

📄 PCLink 4.1.1 Authentication Bypass / Code Execution

PCLink version 4.1.1 trusts localhost requests with the "X-Internal-Auth: true" header, bypassing all authentication. Combined with unrestricted extension installation, this allows arbitrary code execution. Exploit Title: PCLink v4.1.1 - Authentication Bypass Leading to Remote Code Execution Date...

📄 MCPJam Inspector 1.4.2 Remote Code Execution

This Metasploit auxiliary module targets a remote code execution vulnerability in MCPJam Inspector version 1.4.2. The flaw exists in the /api/mcp/connect endpoint, where user-controlled input is improperly passed to a backend execution mechanism...

📄 V8 Sandbox Bypass: BigInt Division Memory Corruption

This is a variant of crbug.com/474041332. The issue there was that MultiplyFFT, an optimized version of integer multiplication for very large inputs, is not robust against concurrent modification of its input buffers, but was called from ProcessorImpl::FromStringLarge with a temporary buffer insi...

poc

poc Collection of my PoC's for various vulnerabilities. L...

Exploit for Time-of-check Time-of-use (TOCTOU) Race Condition in Microsoft

CVE-2024-30088 – WinRM Adapted PoC 📌 Summary This is a mo...

web-vulnerability-scanner

...

Exploit for Improper Input Validation in Unrealircd

CVE-2...

Exploit for Improper Input Validation in N8N

PoC-CVE-2026-21858 n8n is an open source workflow automatio...

Exploit for CVE-2026-37750

CVE-2026-37750 CVE-2026-37750 — School Management System 1...

Linux Chmod

Runs chmod on the specified file with specified mode. Module Options msf use payload/linux/loongarch64/chmod msf payloadchmod show actions ...actions... msf payloadchmod set ACTION msf payloadchmod show options ...show and set options... msf payloadchmod run frozenstringliteral: true This module...

ChurchCRM Database Restore RCE 6.2.0

This module exploits a Remote Code Execution RCE vulnerability in ChurchCRM versions prior to 6.2.0. The vulnerability resides in the Database Restore functionality, which allows an authenticated user with administrative privileges to upload a malicious backup file. By bypassing upload restrictio...

Exploit for CVE-2026-37749

CVE-2026-37749 CVE-2026-37749 — CodeAstro Simple Attendance...