Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server

🚀 Wing FTP Exploit - CVE-2025-47812 Exploit mejorado para Win...

Exploit for Improper Input Validation in N8N

CVE-2026-21858 + CVE-2025-68613 - n8n Full Chain Unauthenti...

CVE

...

cve-bug-bounty

No d...

Elysium-Vanguard-Honor-Tool-Kit

🌌 Elysium Vanguard Honor Tool Kit: TITAN v13.0 Hardware-B...

ElysiumVanguard

🌌 Elysium Vanguard: TITAN v13.0 Hardware-Bridged Kernel E...

VibeCode-injectproof

🛡️ VibeCode-InjectProof Deep SQLi verification engine for...

injectproof

InjectProof The SQL injection scanner that finds what sqlma...

Exploit for Deserialization of Untrusted Data in Spip

CVE-2023-27372 — SPIP Unauthenticated remote code execution v...

📄 Tattile Cameras 1.181.5 Insufficient Token Expiration

Tattile Cameras version 1.181.5 suffers an insufficient session expiration. This occurs when the web application permits an attacker to reuse old session credentials or tokens for authorization. Insufficient session expiration increases the device's exposure to attacks that can steal or reuse...

📄 SPIP Cross Site Scripting

SPIP versions prior to 4.4.9 suffer from a persistent cross site scripting injection vulnerability in the editor. ============================================================================================================================================= | Title : SPIP before 4.4.9 Stored XSS...

📄 Advanced JUNG Smart Visu Security Scanner

This is a multi-threaded security scanner for JUNG Smart Visu servers that detects reflected cross site scripting, header injection, open redirects, and JSON injection. It tests predefined endpoints with custom payloads, analyzes HTTP responses for vulnerabilities, and generates a detailed report...

📄 Windows File Explorer Information Disclosure

Proof of concept exploit that demonstrates how the Microsoft Windows File Explorer fails to properly restrict access to sensitive system locations. Exploit Title: Windows File Explorer Information Disclosure CVE-2026-20937 Date: 2026-02-24 Exploit Author: nu11secur1ty Vendor Homepage:...

📄 Tattile Cameras 1.181.5 Default Credentials

Tattile Cameras version 1.181.5 ship with default credentials that remain active after installation and commissioning without enforcing a mandatory password change. Tattile Cameras 1.181.5 Use of Default Credentials Vendor: Tattile s.r.l. Product web page: https://www.tattile.com Affected version...

📄 Microsoft Event Log Remote Protocol Arbitrary File Write

This Python script demonstrates the abuse of the Microsoft Event Log Remote Protocol MS-EVEN to achieve an arbitrary file write over SMB using low-privileged credentials. By interacting with the Windows \pipe\eventlog named pipe through DCERPC, the script leverages the ElfrOpenBELW and...

📄 Cilium 1.18.5 Traffic Bypass

This Python proof of concept script performs a comprehensive node-level analysis to assess a vulnerability in Cilium versions 1.18.0 through 1.18.5 that allows cross-node Pod traffic to bypass Host Firewall policies when Native Routing, WireGuard, and Node Encryption are enabled...

📄 SPIP Saisies 5.11.0 Remote Code Execution

This Metasploit module exploits a PHP code injection vulnerability in the Saisies plugin for SPIP. The vulnerability allows an attacker to inject and execute arbitrary PHP code through the vulnerable parameter anciennesvaleurs. Versions 5.4.0 through 5.11.0 are affected...

📄 Echo Framework 5.0.4 Path Traversal

This Python script is a security testing tool designed to detect a path traversal vulnerability in web applications built with the Echo framework version 5 running on Windows systems...

📄 GrandStream GXP1600 Unauthenticated Remote Code Execution

An unauthenticated stack-based buffer overflow vulnerability exists in the HTTP API endpoint /cgi-bin/api.values.get. A remote attacker can leverage this vulnerability to achieve unauthenticated remote code execution RCE with root privileges on a target device. The vulnerability affects all six...

📄 QEMU VMDK Out-Of-Bounds Read

A flaw was found in QEMU's VMDK block driver implementation. When processing compressed grain markers within a monolithicSparse VMDK image, insufficient bounds validation may allow the decompression routine to read beyond the allocated buffer. A specially crafted VMDK image could trigger an...