274402 matches found
SSTI-to-RCE-Python-Eval-Bypass
SSTI-to-RCE-Python-Eval-Bypass A Proof-of-Concept PoC exp...
Path-Traversal-Lab
OS Path Traversal & System File Exfiltration 🎯 Executive S...
Path-Traversal-Lab
OS Path Traversal & System File Exfiltration 🎯 Executive S...
Exploit for Authentication Bypass by Primary Weakness in Crushftp
CVE-2025-3116...
📄 OWASP CRS WAF Bypass
OWASP core rule set CRS versions prior to 4.22.0 and 3.3.8 suffer from a bypass vulnerability. CVE-2026-21876 OWASP CRS WAF bypass CVE-2026-21876 docker container + minimal PoC. I would like to thank @airween and @fzipi separately for their quick response! The vulnerability fix was ready in a ver...
📄 Google Chrome CSSFontFeatureValuesMap Use-After-Free
Google Chrome versions prior to 145.0.7632.75 CSSFontFeatureValuesMap use-after-free proof of concept exploit. When an iterator is created over a CSSFontFeatureValuesMap object and the underlying HashMap is mutated during iteration, a rehash operation occurs, freeing the original memory while the...
📄 Telerik Report Server 2024 Q1-10.0.24.305 Remote Code Execution
Telerik Report Server versions 2024 Q1 10.0.24.305 and potentially earlier contain a critical vulnerability that allows unauthenticated attackers to achieve remote code execution through insecure deserialization in report processing functionality. The vulnerability exists due to improper input...
📄 Termius 9.9.0 Remote Code Execution
This Metasploit module demonstrates a remote code execution vulnerability in the Termius Electron application caused by an exposed symbol in the global JavaScript Symbol Registry. By accessing a shared Symbol.for key that unintentionally references preloaded Node.js modules, attacker-controlled...
📄 Tactical RMM 1.3.1 Jinja2 Server-Side Template Injection
This Metasploit module targets a server-side template injection vulnerability in Tactical RMM's template preview endpoint. The implementation is clearly marked as experimental and manually ranked due to the inherently unstable exploitation technique it relies on. The module attempts to achieve...
📄 AMSS++ 4.7 Backdoor Admin Account
AMSS++ version 4.7 has a hardcoded backdoor administrative account. Title: AMSS++ 4.7 - Backdoor Admin Account Author: indoushka Date: 2020-02-23 Tested on : windows 10 Français V.Pro / browser : Mozilla firefox 65.032-bit Vendor : http://amssplus.ubn4.go.th/amssplusdownload/amssplus431install.ra...
📄 Squirrel Out-Of-Bounds Read
A vulnerability exists in the Squirrel engine's stack implementation due to missing bounds checking in the PopTarget function. When attempting to pop from an empty stack, the function reads from datasize - 1 index -1, causing a heap buffer underflow...
📄 Icinga for Windows 1.13.3 Private Key Exposure
Icinga for Windows PowerShell Framework versions prior to 1.13.4, 1.12.4, and 1.11.2 install the certificate directory with insecure default permissions. The directory C:\Program Files\WindowsPowerShell\Modules\icinga-powershell-framework\certificate is created with BUILTIN\Users:RX permissions,...
📄 Telesquare TLR-2005KSH Remote Command Execution
Telesquare TLR-2005KSH proof of concept remote command execution exploit. ============================================================================================================================================= | Title : Telesquare TLR-2005KSH - Remote Command Execution vulnerability | |...
📄 Supermicro Onboard IPMI X9SCL / X9SCM SMT_X9_214 PHP Buffer Overflow
Supermicro Onboard IPMI X9SCL and X9SCM with firmware SMTX9214 PHP proof of concept buffer overflow exploit that spawns a reverse shell. It exploits an older vulnerability from 2013...
📄 jsPDF PDF Object Injection
jsPDF versions prior to 4.2.0 suffer from a PDF object injection vulnerability the addJS method. CVE-2026-25755: PDF Object Injection in jsPDF addJS Method Description A PDF Object Injection vulnerability was identified in the addJS method of jsPDF. The library fails to sanitize user-supplied inp...
📄 SolarWinds Web Help Desk Access Control Bypass / Unsafe Deserialization
This Metasploit module exploits access control bypass and unsafe deserialization vulnerabilities in SolarWinds Web Help Desk to achieve unauthenticated remote code execution...
📄 SuiteCRM 7.11.18 Log File Remote Code Execution
SuiteCRM version 7.11.18 allows modification of the logging configuration. The log filename extension is not validated properly .pHp accepted, causing the log to be interpreted as PHP. Then attacker injects PHP payload into the logs changing username lastname field resulting in the log file...
📄 sudo 1.9.17 chroot Privilege Escalation
This Metasploit module exploits CVE-2025-32463, a local privilege escalation vulnerability in Sudo's chroot functionality. The vulnerability allows attackers to load malicious NSS Name Service Switch modules from within a chroot environment, leading to arbitrary code execution as root...
Exploit for CVE-2025-67644
CVE-2025-67644 PoC – LangGraph SQLite Checkpoint SQL Injection...
Exploit for Deserialization of Untrusted Data in Nextgen Mirth_Connect
CVE-2023-43...