Barracuda ESG TAR Filename Command Injection

This module exploits CVE-2023-2868, a command injection vulnerability in Barracuda Email Security Gateway ESG appliances. The vulnerability exists in how the ESG processes TAR file attachments - filenames containing shell metacharacters backticks are passed directly to shell commands during...

Mass-Mirai-IoT-Exploit

Fiber — Mass Mirai IoT Exploit Languages: Englishengl...

BUGSCANNER---PHP-Web-Security-Scanner-for-Bug-Bounty-Penetration-Testing

!Pythonhttps://img.shields.io/badge/Python-3.10%2B-3776AB?st...

Exploit for CVE-2026-26833

CVE-2026-26833: OS command injection in thumbler Summary...

Exploit for CVE-2026-26832

CVE-2026-26832: OS command injection in node-tesseract-ocr...

Exploit for CVE-2026-26831

CVE-2026-26831: OS command injection in textract Summary...

Exploit for CVE-2026-26830

CVE-2026-26830: OS command injection in pdf-image Summary...

DarKSward

DarKSward-DarKSword Webpack source code reconstruction of the...

sqlic

SQLIC sca...

ide-task-rce

⚡ IDE Folder-Open RCE: Automatic Task Execution Vulnerability...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Vulnetix Claude Code Plugin Vulnerability intelligence for Cl...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell-PoC-C...

Exploit for Race Condition in Canonical Ubuntu_Linux

ls Privilege Escalation using the Dirty Cow Kernel Exploit...

Exploit for CVE-2026-29000

CVE-2026-29000-pac4j-jwt-auth-byp...

📄 esiclivre 0.2.2 SQL Injection

esiclivre versions 0.2.2 and below suffer from a remote SQL injection vulnerability. CVE-2026-30655 — SQL Injection in esiclivre password reset Summary A SQL injection vulnerability exists in the password reset endpoint of esiclivre. An unauthenticated attacker can inject SQL via the cpfcnpj POST...

📄 Payara Server Cross Site Scripting

Research details on exploitation for a cross site scripting vulnerability in Payara's administration REST interface. Versions below 4.1.2.191.54, 5.83.0, 6.34.0, and 7.2026.1 are affected. XSS to Admin account takeover CVE-2025-14340 A Cross-Site Scripting vulnerability in Payara’s Administration...

📄 MCPJam Inspector 1.4.2 Remote Code Execution

MCPJam Inspector versions 1.4.2 and below proof of concept remote code execution exploit. !/usr/bin/env python3 CVE-2026-23744.py for testing only import requests import argparse import json import sys import urllib3 urllib3.disablewarningsurllib3.exceptions.InsecureRequestWarning def main: parse...

📄 ddev/ddev ZipSlip Path Traversal

A ZipSlip path traversal vulnerability exists in ddev/ddev, a popular open-source local development tool for PHP, Python, and Node.js projects. Both the Untar and Unzip functions in pkg/archive/archive.go use filepath.Joindest, file.Name without any path containment validation, allowing a crafted...

📄 activitypub-federation-rust 0.7.1 Server-Side Request Forgery

activitypub-federation-rust versions 0.7.1 and below suffer from a server-side request forgery vulnerability. CVE-2026-33693: SSRF via 0.0.0.0 Bypass in activitypub-federation-rust v4isinvalid CVSS 6.5 Moderate Keywords: SSRF, 0.0.0.0, IP validation bypass, activitypub-federation, Lemmy, Rust,...

Reconx

🔍 reconx - Modular Penetration Testing Framework !Python 3...