📄 OpenEMR Remote Code Execution

OpenEMR versions prior to 8.0.0.1 contain multiples command injection vulnerabilities in the backup functionality that can be exploited by authenticated attackers. CVE-2026-32238 - Remote Code Execution in OpenEMR Weakness CWE-78 : Improper Neutralization of Special Elements used in an OS Command...

📄 PEGA Infinity Brute Force / Insecure Direct Object Reference

PEGA Infinity suffers from brute forcing and insecure direct object reference vulnerabilities. Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by the brute force issue. Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by the idor issue. SEC Consult Vulnerability Lab...

vulnerability-payload-atlas

🚩 Atlas de Vulnerabilidades & Payloads 📖 Sobre o Repositório Est...

Exploit for OS Command Injection in Php

╔═══════════════════════════════════════════════════════╗...

AVideo Encoder getImage.php Unauthenticated Command Injection

This module exploits an unauthenticated OS command injection vulnerability in AVideo Encoder's getImage.php endpoint CVE-2026-29058. The base64Url GET parameter is base64-decoded and injected directly into an ffmpeg shell command within double quotes, without any sanitization or use of...

Exploit for OS Command Injection in Apache Tomcat

ISM.bat RCE Exploit PoC script for unauthenticated Remote Cod...

WAVLINK-WN530H4-Command-Injection-in-set_add_routing

WAVLINK-WN...

Exploit for Uncontrolled Resource Consumption in Siemens 6Bk1602-0Aa12-0Tp0_Firmware

Web Exploitation Guide - Index Overview This guide provid...

Exploit for Improper Input Validation in Adobe Commerce

SessionReaper-CVE-2025-54...

Exploit for Path Traversal in Joomla Joomla\!

CVE...

exploits

No d...

BasicSQLiScanner

No d...

Exploit for CVE-2024-11114

Chromium Exploit Development Toolkit A toolkit for weaponizing...

cve-exploit-engine

cve-exploit-engine An automated CVE monitoring and exploit wo...

📄 Casdoor 2.359.0 Cross Site Request Forgery

Casdoor version 2.359.0 suffers from a cross site request forgery vulnerability. This is an older vulnerability originally discovered in 2023 that they still have not addressed in later versions. Exploit Title: Casdoor 2.359.0 2026-03-18 - Cross-Site Request Forgery CSRF Application: Casdoor...

📄 AVideo getImage.php Unauthenticated Command Injection

This Metasploit module exploits an unauthenticated OS command injection vulnerability in the AVideo encoder getImage.php endpoint. This affects versions prior to 7.0. The base64Url GET parameter is base64-decoded and injected directly into an ffmpeg shell command within double quotes, without any...

📄 Arturia Software Center MacOS 2.12.0.3157 Privilege Escalation

Arturia Software Center MacOS version 2.12.0.3157 suffers from privilege escalation vulnerabilities. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Privilege Escalation Vulnerabilities product: Arturia Softwa...

Exploit for Incorrect Default Permissions in Amazon Amplify_Cli

skycenter Attack Chain Security Analysis Engine for AWS, Azure...

Exploit for Argument Injection in Gnu Inetutils

CVE-2026-24061 - telnetd auth bypass o co chodzi argument...

Exploit for CVE-2026-2991

KiviCare 📜 Description CVE-2026-2...