Exploit for CVE-2025-5688

CVE-2025-5688 – FreeRTOS-Plus-TCP Out-of-Bounds Write Exploit...

video_translation_poc

No d...

video_translation_poc.py

No d...

Exploit for CVE-2026-27831

CVE-2026...

Exploit for Command Injection in Microsoft

🛡️ CVE-2026-20841-PoC - Simple Proof of Concept Tool !Downl...

Online-Traffic-Offense-Management-System-1.0-Unauthenticated-RCE-PoC

Online Traffic Offense Management System 1.0 — Unauthenticated...

Exploit for CVE-2026-1404

wordpress-vulnerability-fix WordPress XSS Vulnerability Ass...

📄 zlib crc32_combine_gen64 Denial of Service

zlib versions prior to 1.3.2 has an infinite loop vulnerability in the crc32combinegen64 function that can result in a denial of service condition. ============================================================================================================================================= | Title...

📄 Supermicro X8 Vulnerability Scanner

This code is a vulnerability scanner designed to scan for vulnerabilities in the Supermicro Onboard IPMI interface. The code checks for two known buffer overflow vulnerabilities. The checks are for older issues from 2013...

📄 telnetd Environment Variable Bypass

It has been discovered that telnetd has further bypass issues relating to environment variables that can achieve remote root. For 27 years, this issue persists. From: Justin Swartz Date: Tue, 24 Feb 2026 03:17:02 +0200 Greetings, I have been reviewing the recent vulnerability report by Ron Ben...

📄 Textpattern 4.9.0 Cross Site Scripting

Textpattern version 4.9.0 suffers from a cross site scripting vulnerability. ============================================================================================================================================= | Title : Textpattern 4.9.0 Second-Order XSS via Atom Feed Injection | | Autho...

📄 FreeBSD Routing Socket Input Validation

This proof of concept exploit attempts to test the robustness of the FreeBSD routing socket subsystem by crafting a RTMADD message containing an intentionally oversized sockaddr structure salen greater than the traditional sockaddrstorage limit of 128 bytes...

📄 Windows Notepad Markdown Link Code Execution

The Windows Notepad App Microsoft Store version fails to properly validate protocol handlers in markdown links. When a user Ctrl+Click on a crafted link in a .md file, Notepad passes the raw URI to ShellExecuteExW without sufficient filtering. This allows execution of arbitrary binaries in two...

📄 fast-xml-parser REGEX Injection / Cross Site Scripting

fast-xml-parser versions starting at 4.1.3 and below 5.3.5 suffer from a REGEX injection issue that can allow for cross site scripting attacks. ============================================================================================================================================= | Title :...

📄 Rack::Directory Cross Site Scripting

A persistent cross site scripting vulnerability affects Rack::Directory in Rack versions prior to 2.2.22, 3.1.20, and 3.2.5. ============================================================================================================================================= | Title : Rack Rack::Directory...

📄 OpenBabel 3.1.1 Parsing Issues

This Metasploit auxiliary module generates specially crafted proof of concept files targeting potential parsing vulnerabilities in OpenBabel version 3.1.1 such as NULL pointer dereference and out-of-bounds read conditions...

📄 Google Chrome 145.0.7632.117 DevTools Injection

A high-severity vulnerability was identified in the DevTools component of Google Chrome versions prior to 145.0.7632.117. The issue stems from an inappropriate implementation that allowed insufficient isolation between Chrome extensions and privileged DevTools pages. If a user was convinced to...

📄 WordPress TeconceTheme Coven Core 1.3 Blind SQL Injection

Proof of concept exploit for a remote blind SQL injection vulnerability in Wordpress TeconceTheme Coven Core theme version 1.3. ============================================================================================================================================= | Title : TeconceTheme Cove...

📄 PJSIP PJMEDIA H.264 Denial of Service

A logic validation flaw was identified in the H.264 packetization routine within the PJMEDIA component of PJSIP. Specifically, insufficient validation of FU-A Fragmentation Unit – Type A state handling in pjmediah264packetize may allow malformed RTP payloads to trigger unsafe pointer arithmetic...

📄 Siklu EtherHaul Series EH-8010 / EH-1200 Arbitrary File Upload

This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in Siklu EtherHaul wireless backhaul devices. By abusing the proprietary encrypted RFPipe protocol, an unauthenticated remote attacker can upload arbitrary files to the target system without valid credentials...