Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server

\ CVE-2025-47812 — Wing FTP Server RCE Research \ Contexte...

Exploit for Code Injection in Pivotal_Software Spring_Data_Commons

SpringBoot-Toolkit An interactive penetration-testing tool de...

Exploit for CVE-2020-12446

CVE-2020-12446 - You can check WriteUphtt...

Exploit for Improper Input Validation in N8N

CVE-2026-21858 + CVE-2025-68613 - n8n Full Chain Unauthenti...

AutoRunScan-

AutoRunScan PowerShell-инструмент для аудита автозагрузок W...

Exploit for CVE-2026-34197

Fixed the issue...

Exploit for Code Injection in Mariadb

CVE-2024-27766 MariaDB v11.1 RCE via UDF — modified PoC based...

mule-sftest

No d...

Exploit for CVE-2026-40271

Lazarus Group: 19-Day A/B Test Campaign Analysis TLP:CLEA...

Exploit for CVE-2026-4747

...

Exploit for OS Command Injection in Gnu Bash

...

Exploit for Type Confusion in Mozilla Firefox

No d...

Exploit for Type Confusion in Mozilla Firefox

No d...

📄 Microsoft Malware Protection Engine Type Confusion

Microsoft Malware Protection Engine type confusion vulnerability proof of concept exploit for an older vulnerability from 2017. ================================================================================================================================== | Title : Microsoft Malware Protection...

📄 Spectrum ANOG Device Credential Extraction / Command Injection

This Metasploit auxiliary module targets Spectrum/ANOG devices and combines credential extraction, password decryption, and remote command execution through an authenticated command injection flaw...

ZSH 5.9 - RCE

Exploit ZSH 5.9 - RCE Date: 30-12-2025 Exploit Author: sinanadilrana import pexpect import sys import time def debugprintmsg: printf"DEBUG msg" def returntogdbgdb, maxattempts=3, timeout=3: """More reliable function to return to GDB prompt""" debugprint"Attempting to return to GDB..." for attempt...

📄 UNI-PASS-Based Customs Systems Insecure Direct Object Reference

A critical security vulnerability has been identified in customs platforms based on UNI-PASS, where a publicly exposed API endpoint allows unauthorized access to sensitive documents without proper authentication or authorization checks. The affected endpoint commonly structured under /api/public/...

Jumbo Website Manager - Remote Code Execution

Exploit Title: Jumbo Website Manager - Remote Code Execution Application: Jumbo Website Manager Version: v1.3.7 Bugs: RCE Technology: PHP Vendor URL: https://sourceforge.net/projects/jumbo/ Software Link: https://sourceforge.net/projects/jumbo/ Date of found: 28.10.2025 Author: Mirabbas Ağalarov...

React Server 19.2.0 - Remote Code Execution

Exploit Title: React Server 19.2.0 - Remote Code Execution Date: 2025-12-05 Exploit Author: EynaExp https://github.com/EynaExp Vendor Homepage: https://react.dev Software Link: https://react.dev/reference/rsc/server-components Version: 19.0.0, 19.1.0, 19.1.1, 19.2.0 Tested on: Windows,Linux CVE :...

RomM 4.4.0 - XSS_CSRF Chain

Exploit Title: RomM Application tab or Storage on Firefox Cookies - Copy the rommcsrftoken cookie value 3. Replace below with your token 4. Replace with the target RomM instance URL e.g., http://romm.local 5. Save this file as avatar.html 6. Upload it as your profile avatar...