Exploit for Out-of-bounds Write in Google Chrome

CVE-2026-3909 Chromium Browser PoC This repository contains a...

Exploit for CVE-2026-35584

CVE-2...

Exploit for CVE-2026-5530

CVE-2026-5530 Ollama SSRF via OCI registry redirect with full...

Exploit for CVE-2026-33033

CVE-2026-33...

Exploit for CVE-2026-34197

6.0.0-6.1.1 V...

Exploit for SQL Injection in Djangoproject Django

No d...

📄 Jumbo Website Manager Shell Upload

Proof of concept exploit that demonstrates a remote shell upload vulnerability in Jumbo Website Manage version 1.3.7. Exploit Title: Jumbo Website Manager - Remote Code Execution Application: Jumbo Website Manager Version: v1.3.7 Bugs: RCE Technology: PHP Vendor URL:...

📄 WordPress Contact List 3.0.17 Cross Site Scripting

WordPress Contact List plugin versions 3.0.17 and below suffer from a persistent cross site scripting vulnerability. CVE-2026-3516: Authenticated Stored Cross-Site Scripting XSS in Contact List Plugin Disclaimer: This repository is created for educational purposes and ethical disclosure only. The...

📄 ZSH 5.9 Remote Command Execution

ZSH version 5.9 proof of concept remote command execution exploit. Exploit ZSH 5.9 - RCE Date: 30-12-2025 Exploit Author: sinanadilrana import pexpect import sys import time def debugprintmsg: printf"DEBUG msg" def returntogdbgdb, maxattempts=3, timeout=3: """More reliable function to return to G...

D-Link DIR-650IN - Authenticated Command Injection

Exploit Title: D-Link DIR-650IN - Authenticated Command Injection Date: 2023-01-08 Exploit Author: Sanjay Singh Vendor Homepage: https://www.dlink.com Software Link: https://dlinkmea.com/index.php/product/details?det=T082aVdUWUFNR2FRblBBQUxMWlVTZz09 Version: Firmware V1.04 REQUIRED Tested on:...

NetBT e-Fatura - Privilege Escalation

Exploit Title: NetBT e-Fatura - Privilege Escalation Author: Seccops Discovery Date: 2025-10-03 Vendor: https://net-bt.com.tr/e-fatura/ Tested Version: 2024 Tested on OS: Microsoft Windows Server 2019 DC Vulnerability Type: CWE-428 Unquoted Search Path or Element CVE: CVE-2025-14018 Note: Thanks...

📄 RomM Cross Site Scripting / File Upload

RomM versions prior to 4.4.1 chained vulnerabilities exploit that leverages file upload to achieve cross site scripting that then leverages csrf token reuse to change a user's password. Exploit Title: RomM Application tab or Storage on Firefox Cookies - Copy the rommcsrftoken cookie value 3...

📄 FortiWeb 8.0.1 Remote Code Execution

FortiWeb remote code execution exploit that affects versions prior to 7.6.7, 7.8.7, and 8.0.2. Exploit Title: FortiWeb 8.0.2 - Remote Code Execution Date: 2025-11-22 Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Vendor...

📄 React Server 19.2.0 Remote Code Execution

React Server versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 proof of concept remote code execution exploit. Exploit Title: React Server 19.2.0 - Remote Code Execution Date: 2025-12-05 Exploit Author: EynaExp https://github.com/EynaExp Vendor Homepage: https://react.dev Software Link:...

📄 SQLite 3.50.1 Heap Overflow

SQLite version 3.50.1 proof of concept that triggers a heap overflow in winsqlite3.dll via excessive aggregate functions. Exploit Title: SQLite 3.50.1 - Heap Overflow Date: 2025-11-05 Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity GitHub:...

📄 Authentic 8 User Profile Insecure Direct Object Reference

Proof of concept exploit that demonstrates user data exposure via an insecure direct object reference and missing access control vulnerabilities in the User Profile endpoint of Authentic 8...

📄 D-Link DIR-650IN Command Injection

Proof of concept details for an authenticated command injection vulnerability in D-Link DIR-650IN. Exploit Title: D-Link DIR-650IN - Authenticated Command Injection Date: 2023-01-08 Exploit Author: Sanjay Singh Vendor Homepage: https://www.dlink.com Software Link:...

📄 Microsoft MMC MSC EvilTwin Local Admin Creation

Microsoft MMC MSC EvilTwin local admin creation exploit. !/usr/bin/env python3 Exploit Title: Microsoft MMC MSC EvilTwin - Local Admin Creation Date: 2025-11-22 Author: Mohammed Idrees Banyamer Author Country: Jordan GitHub: https://github.com/mbanyamer Vendor Homepage: https://www.microsoft.com...

📄 XiboCMS 3.3.4 Traversal / Code Execution

XiboCMS version 3.3.4 zip slip exploit that leverages path traversal and arbitrary file upload vulnerabilities to achieve code execution. Exploit Title: XiboCMS 3.3.4- Remote Code Execution Google Dork: N/A Date: 2025-11-18 Exploit Author: complexusprada Vendor Homepage: https://xibo.org.uk/...

📄 NetBT e-Fatura 2024 Unquoted Service Path

NetBT e-Fatura 2024 suffers from an unquoted service path vulnerability. Exploit Title: NetBT e-Fatura - Privilege Escalation Author: Seccops Discovery Date: 2025-10-03 Vendor: https://net-bt.com.tr/e-fatura/ Tested Version: 2024 Tested on OS: Microsoft Windows Server 2019 DC Vulnerability Type:...