274379 matches found
Exploit for Untrusted Pointer Dereference in Microsoft
CVE-2024-35250 Local privilege escalation via untrusted point...
exploit-auditor
No d...
elite-0day-researcher
No d...
Exploit for Deserialization of Untrusted Data in Oracle Application_Development_Framework
CVE-2022-21445 Exploit - PoC This toolkit generates exploit p...
Exploit for CVE-2023-24012
DDS Security Test This is a ROS 2 DDS security testing enviro...
Exploit for CVE-2025-1302
Research: jsonpath-plus RCE CVE-2025-1302 Analysis !Securi...
Exploit for CVE-2025-39459
CVE-2025-39459 Real Estate 7 = 3.5.2 - Unauthenticated Pri...
Exploit for Path Traversal in Cisco Catalyst_Sd-Wan_Manager
🦅 BlueFalconInk — CISA ED 26-03 Compliance Tracker Built by...
📄 Frigate NVR 0.16.3 Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability in Frigate NVR versions 0.16.3 and below by manipulating the application's configuration through the go2rtc stream settings. The module retrieves the current configuration, safely parses and modifies it to introduce a controlle...
📄 WordPress RFC 6.0.8 Security Scanner
WordPress RFC plugin version 6.0.8 security scanner that detects and attempts remote shell upload. ============================================================================================================================================= | Title : WordPress RFC Plugin 6.0.8 Security Scanner | ...
📄 Xerte Online Toolkits 3.14 Shell Upload
A vulnerability in Xerte Online Toolkits versions 3.14 and earlier allows unauthenticated users to upload arbitrary files via the template import functionality. The issue exists in /websitecode/php/import/import.php. Due to missing authentication checks on the import endpoint, an attacker can...
📄 WordPress Slider‑Future 1.0.5 Arbitrary File Upload
This is a Metasploit module that demonstrates an unauthenticated file upload vulnerability in WordPress Slider‑Future plugin version 1.0.5. ============================================================================================================================================= | Title :...
📄 WordPress RomethemeKit for Elementor 1.5.4 Privilege Escalation
Proof of concept exploit for an unauthorized privilege escalation vulnerability in WordPress RomethemeKit for Elementor plugin version 1.5.4 ============================================================================================================================================= | Title :...
📄 fast-xml-parser 5.3.5 Denial of Service
A denial of service vulnerability was identified in fast-xml-parser affecting versions 4.1.3 through 5.3.5. The issue arises from improper handling of XML Document Type Definitions DTD, specifically when processing internal entity expansion. An attacker can supply a crafted XML payload containing...
📄 FUXA 1.2.8 Authentication Bypass / Remote Code Execution
This Metasploit module adds support for exploiting CVE-2025-69985 in FUXA SCADA/HMI software versions 1.2.8 and below. The vulnerability allows unauthenticated access to the /api/runscript endpoint due to an authentication bypass, leading to remote code execution via Node.js childprocess.execSync...
📄 WordPress RestroPress Online Food Ordering System 3.1.9.2 Disclosure Scanner
WordPress RestroPress Online Food Ordering System plugin version 3.1.9.2 user metadata exposure scanner. ============================================================================================================================================= | Title : WordPress RestroPress Online Food Orderi...
📄 WordPress WPvivid Backup and Migration 0.9.123 Shell Upload
A critical vulnerability in the WPvivid Backup and Migration plugin for WordPress allows unauthenticated attackers to upload arbitrary files, potentially resulting in remote code execution. The issue stems from a cryptographic fail‑open condition combined with insufficient file path validation...
📄 ZAI-Shell P2P Command Injection
This Metasploit module targets a command injection vulnerability in ZAI-Shell when running in noaimode. The exploit communicates over a plaintext P2P protocol default port 5757 and sends crafted JSON messages to execute arbitrary system commands on the target. The module includes an enhanced...
Exploit for CVE-2020-14645
CVE-2020-1...
Exploit for Deserialization of Untrusted Data in Nextgen Mirth_Connect
CVE-2023-43208: Unauthenticated Remote Code Execution RCE in...