📄 Moodle TeX Formula Rendering Denial of Service

A denial of service vulnerability was identified in the TeX formula rendering component of Moodle. The issue occurs when rendering TeX content using the mimetex engine without enforcing sufficient execution time or resource limitations. By submitting specially crafted TeX formulas designed to...

📄 Open Babel 3.1.1 CIF File Memory Corruption

This Metasploit auxiliary module generates a crafted .cif file designed to test for memory corruption conditions in Open Babel version 3.1.1. By providing an excessive number of symmetry operations, it triggers a crash DoS during file parsing. The exact outcome depends on the target's build,...

📄 Cosign 3.0.4 Certificate Chain Validation Bypass

A logic flaw in the certificate verification process of Cosign versions 3.0.4 and below allows signatures to be accepted even when the issuing Intermediate Certificate Authority CA has already expired. This proof of concept generates a chain that can be tested with this software in order to prove...

📄 FUX 1.2.8 Authentication Bypass / Remote Command Execution

This Python exploit targets CVE-2025-69985, an authentication bypass in FUXA web-based SCADA/HMI software that allows access to the protected /api/runscript endpoint even when authentication is enabled. By sending a crafted JavaScript payload using childprocess.execSync, it achieves full remote...

📄 Icinga for Windows 1.13.3 Private Key Disclosure

This Metasploit module identifies and exploits insecure default ACL permissions in vulnerable versions of the Icinga for Windows PowerShell Framework. The certificate directory is created with overly permissive read access for the BUILTIN\Users group, allowing any local user to access the...

📄 SPIP Gadget Chain Insecure Deserialization

SPIP Gadget Chain versions prior to 4.4.9 suffer from a potential PHP object deserialization vulnerability. ============================================================================================================================================= | Title : SPIP Gadget Chain before 4.4.9...

📄 Frigate NVR 0.16.3 Remote Command Execution

This Python exploit targets a critical configuration manipulation vulnerability in Frigate NVR versions up to 0.16.3 both authenticated and unauthenticated paths. By injecting a malicious go2rtc stream and a fake camera entry, it triggers arbitrary command execution as the Frigate process during...

📄 PDF Object Injection Generator

PDF object injection is a vulnerability in applications that dynamically generate PDFs from user input without proper validation or escaping. This proof of concept generates a malicious pdf for testing software such as jsPDF...

📄 Calibre 9.2.1 Path Traversal / Arbitrary File Write

Calibre versions 9.2.1 and below are vulnerable to a path traversal flaw in the PDB file parser, affecting both the 132-byte and 202-byte header variants of the PDB reader implementation. The vulnerability allows a specially crafted PDB file to embed directory traversal sequences such as ../ with...

📄 MS‑EVEN TOCTOU ElfrBackupELFW Arbitrary File Write

This module exploits a Time-of-Check Time-of-Use TOCTOU vulnerability in the MS-EVEN protocol Windows Event Log service. A low-privileged authenticated user can write arbitrary files to a remote Windows machine by abusing the ElfrBackupELFW RPC function. This module strictly follows the MS-EVEN...

📄 BeyondTrust PRA / RS Unauthenticated Remote Code Execution

This Metasploit module exploit achieves unauthenticated remote code execution against BeyondTrust Privileged Remote Access PRA and Remote Support RS. It leverages three different vulnerabilities depending on the user-selected target. The default target leverages CVE-2026-1731, a direct command...

Exploit for Improper Privilege Management in Frigate

Frigate NVR ≤ 0.16.3 Blind RCE Exploit CVE-2026-25643 PoC...

Exploit for Deserialization of Untrusted Data in Nextgen Mirth_Connect

CVE-2023-43208: Unauthenticated Remote Code Execution RCE in...

Exploit for Inclusion of Functionality from Untrusted Control Sphere in Langflow

🚀 CVE-2026-0770 – Langflow RCE execglobal PoC Rem...

Exploit for Improper Privilege Management in Microsoft

Windows Privilege Escalation ========================== A col...

Exploit for CVE-2025-1242

ICSA-26-055-03 — Gardyn Home Kit IoT Vulnerabilities CISA ICS...

GrandStream GXP1600 proxy SIP traffic

This capture module works against Grandstream GXP1600 series VoIP devices and can reconfigure the device to use an arbitrary SIP proxy. You can first leverage the exploit/linux/http/grandstreamgxp1600unauthrce exploit module to get a root session on a target GXP1600 series device before running...

GrandStream GXP1600 Gather Credentials

This gather module works against Grandstream GXP1600 series VoIP devices and can collect HTTP, SIP, and TR-069 credentials from a device. You can first leverage the exploit/linux/http/grandstreamgxp1600unauthrce exploit module to get a root session on a target GXP1600 series device before running...

Linux WSL via Startup Folder Persistence

This module establishes persistence by creating a payload in the windows startup folder from within the Windows Subsystem for Linux WSL environment. This allows for code execution on Windows user login. Verified on Windows 10 with Ubuntu 24.04 WSL distribution. Module Options msf use...

GrandStream GXP1600 Unauthenticated Remote Code Execution

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution RCE with root privileges on a target device. The vulnerability affects all six...