274274 matches found
D-Link DIR-650IN - Authenticated Command Injection
Exploit Title: D-Link DIR-650IN - Authenticated Command Injection Date: 2023-01-08 Exploit Author: Sanjay Singh Vendor Homepage: https://www.dlink.com Software Link: https://dlinkmea.com/index.php/product/details?det=T082aVdUWUFNR2FRblBBQUxMWlVTZz09 Version: Firmware V1.04 REQUIRED Tested on:...
📄 NetBT e-Fatura 2024 Unquoted Service Path
NetBT e-Fatura 2024 suffers from an unquoted service path vulnerability. Exploit Title: NetBT e-Fatura - Privilege Escalation Author: Seccops Discovery Date: 2025-10-03 Vendor: https://net-bt.com.tr/e-fatura/ Tested Version: 2024 Tested on OS: Microsoft Windows Server 2019 DC Vulnerability Type:...
📄 WordPress Tutor LMS 3.9.5 Insecure Direct Object Reference
WordPress Tutor LMS plugin versions 3.9.5 and below suffer from broken access control and insecure direct object reference vulnerabilities. CVE-2026-1375: Authenticated IDOR / Broken Access Control in Tutor LMS Plugin Disclaimer: This repository is created for educational purposes and ethical...
📄 WordPress IndieWeb 4.0.5 Cross Site Scripting
WordPress IndieWeb plugin versions 4.0.5 and below suffers from persistent cross site scripting vulnerability. CVE-2025-14893: Authenticated Stored Cross-Site Scripting XSS in IndieWeb WordPress Plugin Disclaimer: This repository is created for educational purposes and ethical disclosure only. Th...
📄 7-Zip Directory Traversal / Code Execution
7-Zip versions prior to 25.00 directory traversal to code execution exploit via malicious zip file. Exploit Title: 7-Zip 25.00 - Directory Traversal to RCE via Malicious ZIP Date: 2025-11-22 Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity GitHub:...
📄 WordPress EventPrime 4.2.8.1 Arbitrary File Upload
WordPress EventPrime plugin versions 4.2.8.1 and below suffer from an unauthenticated arbitrary file upload vulnerability. CVE-2026-1657: Unauthenticated Arbitrary File Upload in EventPrime Plugin Disclaimer: This repository is created for educational purposes and ethical disclosure only. The...
📄 MyRewards 5.6.0 Missing Authorization
MyRewards – Loyalty Points and Rewards for WooCommerce versions 5.6.0 and below suffer from a missing authorization vulnerability that allows for privilege escalation. CVE-2025-15260: Missing Authorization / Broken Access Control in Plugin - MyRewards – Loyalty Points and Rewards for WooCommerce...
📄 Horilla 1.3 Remote Command Execution
Horilla versions 1.3 and below suffer from a remote command execution vulnerability. Exploit Title: Horilla v1.3 - RCE Date: 2025-05-29 Exploit Author: Raghad Abdallah Al-syouf Version: = 1.3 Tested on: Ubuntu / Docker CVE: CVE-2025-48868 Description: This script exploits the authenticated RCE...
Exploit for Injection in Thedaylightstudio Fuel_Cms
CVE-2018-16763 — Fuel CMS 1.4.1 Remote Code Execution PoC...
Exploit for Improper Access Control in Fiberhome Hg6145F1_Firmware
FiberHome Wi-Fi Password Predictor CVE-2025-63353 A Python...
Exploit for Out-of-bounds Read in Microsoft
!CVEhttps://img.shields.io/badge/CVE-2025--60709-FF0000?styl...
Windows Telemetry Persistence
This persistence mechanism installs a new telemetry provider for windows. If telemetry is turned on, when the scheduled task launches, it will execute the telemetry provider and execute our payload with system permissions. Module Options msf use exploit/windows/persistence/telemetry msf...
Exploit for CVE-2026-39912
CVE-2026-39912 - Xboard / V2Board Unauth Account Takeover M...
Exploit for CVE-2025-14893
CVE-2025-14893: Authenticated Stored Cross-Site Scripting XSS...
Exploit for CVE-2026-1657
CVE-2026-1657: Unauthenticated Arbitrary File Upload in EventP...
Exploit for Path Traversal in Xibosignage Xibo
Xibo CMS CVE-2023-33177 Vulnerability Tester !Python 3.6+...
Exploit for CVE-2025-15260
CVE-2025-15260: Missing Authorization / Broken Access Control...
Exploit for Type Confusion in Mozilla Firefox
No d...
cybersentinel-agent
CyberSentinel Agent Defensive cybersecurity agent framework w...
centuri-translation-demo
No d...