Exploit for Deserialization of Untrusted Data in Roundcube Webmail

CVE-2025-49113 — Roundcube Post-Auth RCE via PHP Object Deseri...

Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below

CVE-2025-27591 — Meta below Symlink Local Privilege Escalati...

Exploit for Code Injection in Xwiki

CVE-2025-24893 — XWiki SSTI Remote Code Execution Overview...

VulnForge

VulnForge AI-Powered Vulnerability Scanner & Auto-Exploit E...

📄 Fortinet FortiSandbox 4.4.8 Remote Command Execution

Fortinet FortiSandbox versions 4.4.0 through 4.4.8 suffer from a remote command execution vulnerability. CVE-2026-39808 On November 2025, a critical vulnerability was discovered on Fortinet's FortiSandbox which allowed an unauthenticated attacker to execute commands in the underlying OS as root...

📄 ChurchCRM Database Restore Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in ChurchCRM versions prior to 6.2.0. The vulnerability resides in the Database Restore functionality, which allows an authenticated user with administrative privileges to upload a malicious backup file. By bypassing upload...

Exploit for CVE-2026-35031

CVE-2026-35031: Jellyfin Subtitle Upload Path Traversal to RCE...

Exploit for CVE-2024-12029

Alternative-Approach-Reverse-Shell-Callback-Test-InvokeAI-RCE...

Windows Persistence Bits Job

This module establishes persistence through a BITS job that downloads and executes a payload. Background Intelligent Transfer Service BITS is a Windows service for transferring files in the background using idle network bandwidth. BITS jobs are persistent and will resume across reboots until...

Powershell Profile Persistence

This module establishes persistence by modifying a PowerShell profile script, which is automatically executed when PowerShell starts. The module supports multiple profile scopes current user or all users and safely backs up any existing profile prior to modification, enabling clean removal by...

openDCIM install.php SQL Injection to RCE

This module exploits a SQL injection vulnerability in openDCIM's install.php endpoint CVE-2026-28515 to achieve remote code execution. The install.php script remains accessible after installation and processes LDAP configuration parameters via UpdateParameter without authentication or input...

ios-26-activation-research

iOS 26 Activation Lock -- Documented Vulnerabilities Document...

Exploit for Improper Authentication in Cisco Catalyst_Sd-Wan_Manager

CVE-2026-20127 Scanner Overview This project is a Windows-based...

Exploit for Prototype Pollution in Adobe Acrobat_Dc

No d...

Exploit for Code Injection in Flowiseai Flowise

CVE-2025-59528 — Flowise AI Authenticated Remote Code Executio...

Exploit for Missing Encryption of Sensitive Data in Apache Tomcat

CVE-2026-34486 — Apache Tomcat EncryptInterceptor RCE Apa...

Exploit for Missing Authentication for Critical Function in Flowiseai Flowise

Flowise-CVE-2025-58434-PasswordReset Unauthenticated...

Venom_xss

Ven...

Exploit for Heap-based Buffer Overflow in Microsoft

CVE-2024-26229 BOF Beacon Object File implementation of CVE-2...

tp-xss

TP - Exploitation d'une Faille XSS Enonce du professeur...