274365 matches found
π OpenEXR Integer Overflow
Proof of concept exploit for a potential integer overflow condition when processing specially crafted multiβpart DeepScanLine EXR files with OpenEXR. The program generates a malicious .exr file containing 86 parts, where each pixel is assigned 50,000,000 samples. When these values are summed...
π Splunk Enterprise 9.1.5 / 9.2.2 Remote Code Execution
Proof of concept exploit for a critical authenticated remote code execution vulnerability that affects multiple versions of Splunk Enterprise when the splunkarchiver application is enabled...
π Siklu EtherHaul Series EH-8010 / EH-1200 File Upload
PHP proof of concept for a critical vulnerability that exists in Siklu EtherHaul EH-8010 and EH-1200 devices running firmware versions 7.4.0 through 10.7.3. The rfpiped service exposed on TCP port 555 uses hardcoded AES-256-CBC encryption parameters static key and IV and lacks any authentication...
π joserfc JWE PBES2 1.6.2 Denial of Service
A denial of service condition can occur in applications using the joserfc library when processing malicious JSON Web Encryption tokens that use the PBES2-HS256+A128KW algorithm...
π Apache Artemis / ActiveMQ Artemis Missing Authentication
Proof of concept exploit for CVE-2026-27446 targeting Apache Artemis versions 2.50.0 through 2.51.0 and Apache ActiveMQ Artemis versions 2.11.0 through 2.44.0...
π minimatch Denial of Service
minimatch suffers from a regular expression denial of service vulnerability. Versions prior to 10.2.3, 9.0.7, 8.0.6, 7.4.8, 6.2.2, 5.1.8, 4.2.5, and 3.1.4 are affected...
π MajorDoMo Remote Code Execution
A critical vulnerability in the MajorDoMo web console allows unauthenticated remote attackers to execute arbitrary system commands on the target server. By sending crafted requests to the /admin.php endpoint with manipulated console parameters, an attacker can inject and execute PHP code remotely...
π pypdf Memory Exhaustion / Denial of Service
pypdf versions prior to 6.7.3 were vulnerable to a denial of service condition caused by uncontrolled memory allocation during decompression of XFA streams. An attacker could craft a malicious PDF file containing a highly compressed stream using /FlateDecode...
π c3p0 Insecure Deserialization
A critical vulnerability in c3p0 prior to version 0.12.0 allows attackers to achieve remote code execution through insecure handling of the userOverridesAsString property in several ConnectionPoolDataSource implementations...
π psd-tools Denial of Service
When a specially crafted PSD file contains malformed RLE-compressed image data for example, a literal run extending beyond the expected row size, the internal decoderle function raises a ValueError in psd-tools, resulting in a denial of service condition...
π OpenStack Remote Code Execution
A remote code execution vulnerability exists in the query parser of OpenStack Vitrage prior to versions 12.0.1, 13.0.0, 14.0.0, and 15.0.0.The issue resides in the createqueryfunction method...
Exploit for CVE-2026-29786
CVE-2026-29786 Research: Joshua van Rijswijkhttps://gi...
Symfony-RCE
Symfony-RCE Exploit for the Symfony fragment Remote Code E...
BDO-Ontology
π§ OntologyLab !Python 3.11+https://img.shields.io/badge/P...
buffer-overflow-exploit-ip-camera-
buffe...
Exploit for CVE-2026-29000
CVE-2026-29000: pac4j-jwt JwtAuthenticator authentication bypa...
Exploit for Origin Validation Error in Solarwinds Dameware_Mini_Remote_Control
DameFlare !Pythonh...
web-pentest-cases
Web Application Pentesting Cases Practical web application se...
Tactical RMM Jinja2 SSTI Remote Code Execution
This module exploits a Server-Side Template Injection SSTI vulnerability in Tactical RMM versions prior to 1.4.0 CVE-2025-69516. The reporting template preview endpoint passes user-controlled Jinja2 template content to Environment.fromstring without sandboxing, allowing arbitrary Python code...
BlackPearl-Full-Stack-Enumeration-Privilege-Escalation-Case-Study
BlackPearl β Proof of Concept Walkthrough Objective This...