274371 matches found
Blueprint-POC
Sales-to-Delivery Agent Orchestration System - POC Phase 1...
Exploit for CVE-2026-2268
CVE-20...
Exploit for Code Injection in Agentfront Enclave
RCE in ESM Environments β The require Problem When achievi...
Exploit for Improper Authentication in Cisco Catalyst_Sd-Wan_Manager
CVE-2026β20127 β Remote Authentication Bypass for Cisco Cataly...
SafeVault
No d...
TEST-EXPLOIT
...
Exploit for Cross-site Scripting in Bdtask Multi_Store_Inventory_Management_System
CVE-2024-2997 Scanner !Versionhttps://img.shields.io/badge...
π Wireshark Dissector Crash Denial of Service
A vulnerability in the RF4CE Profile protocol dissector of Wireshark versions 4.6.0 through 4.6.3 and 4.4.0 through 4.4.13 allows an attacker to trigger a denial of service condition by supplying a specially crafted IEEE 802.15.4 packet capture file. The flaw exists in the handling of malformed...
π Tactical RMM Jinja2 SSTI Remote Code Execution
This Metasploit module exploits a Server-Side Template Injection SSTI vulnerability in Tactical RMM versions prior to 1.4.0 CVE-2025-69516. The reporting template preview endpoint passes user-controlled Jinja2 template content to Environment.fromstring without sandboxing, allowing arbitrary Pytho...
π basic-ftp downloadToDir() Path Traversal
basic-ftp versions prior to 5.2.0 suffer from a path traversal vulnerability in downloadToDir. ============================================================================================================================================= | Title : basic-ftp prior to version 5.2.0 Path Traversal in...
π Cisco Catalyst SD-WAN Controller Authentication Bypass / Arbitrary WAR Upload
A critical security vulnerability chain was identified involving an authentication bypass through exposed configuration data, followed by an arbitrary file upload via path traversal. Successful exploitation may allow an attacker to deploy a malicious WAR archive into the application server's...
π Juniper JunosEvolved Remote Command Execution
This Metasploit module exploits an unauthenticated command injection vulnerability in the Juniper JunosEvolved API. The exploit workflow involves creating a custom command entity, mapping it to a Directed Acyclic Graph DAG, and triggering an execution instance. The module uses a non-destructive...
π Wireshark USB HID Protocol Dissector Memory Exhaustion
CVE-2026-3201 is a denial of service vulnerability affecting the USB HID protocol dissector in Wireshark versions 4.6.0 through 4.6.3 and 4.4.0 through 4.4.13. The vulnerability is triggered when Wireshark parses a specially crafted USB HID Report Descriptor containing an excessively large...
π Honeywell Trend IQ4 Unauthenticated Add Admin
This Metasploit module exploits an insecure default configuration in Honeywell Trend IQ4 controllers. By default, these devices do not enforce authentication, allowing a remote user to enable the User Module and create a new administrative account. Note: This action permanently changes the device...
π Adobe DNG SDK 1.7.1 2410 Integer Overflow
A potential security issue may arise when processing DNG Digital Negative files that embed JPEG XL JXL compressed image streams if image dimensions are not properly validated before memory allocation. In this scenario, specially crafted width and height values are embedded inside the JPEG XL stre...
π Adobe SDK 1.7.1 2410 Integer Overflow / Denial of Service
A logic flaw in the processing of the ProfileHueSatMapDims 0xC6F5 tag within the Adobe DNG SDK can lead to an integer overflow condition when parsing crafted DNG files. By supplying excessively large dimension values e.g., 0x15555554 in the Hue/Saturation map metadata, an attacker can trigger...
π Windows SMB Client Privilege Escalation
This Metasploit module exploits CVE-2025-33073 in Windows SMB clients through a complex attack chain involving DNS record injection, NTLM relay attacks, and RPC coercion. The vulnerability allows privilege escalation and remote code execution on affected Windows systems including Windows 11,...
π dottie 2.0.6 Prototype Pollution Bypass
CVE-2026-27837 describes an incomplete patch in dottie versions 2.0.4 through 2.0.6, following the original CVE-2023-26132 fix attempt. The protection added in commit 7d3aee1 validates only the first segment of a dot-separated property path against dangerous keys such as proto. However, the...
Exploit for Embedded Malicious Code in Tukaani Xz
xzdoor-poc !License: MIThttps://img.shields.io/badge/Lice...
Exploit for Integer Overflow or Wraparound in Apple Ipados
Coruna: Full-Chain Safari/WebKit Exploit Kit Research & Ana...