📄 WordPress StoryChief 1.0.42 Shell Upload

This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in the StoryChief WordPress plugin less than or equal to 1.0.42. The plugin exposes a webhook endpoint at /wp-json/storychief/webhook which accepts a forged HMAC. Because the plugin uses an empty secret for HMA...

📄 Python Tarfile Bypass

This proof of concept exploit targets CVE-2025-4138, a vulnerability in Python's built-in tarfile module when extracting archives using filter="data". The issue allows a crafted archive to bypass intended path restrictions by abusing filesystem path length handling and symbolic link resolution...

📄 SmarterMail 16.3.6989.16341 Path Traversal

This PHP proof of concept is a detection-only artifact generator for CVE-2025-52691 affecting SmarterMail version 16.3.6989.16341. It sends a crafted multipart upload request to the /api/upload endpoint, leveraging a path traversal condition in the contextData GUID to determine whether the target...

📄 SofaWiki 3.9.2 Shell Upload

This is a proof of concept remote shell upload exploit for SofaWiki version 3.9.2 that leverages an issue originally discovered in 2024. ============================================================================================================================================= | Title : SofaWiki...

📄 Shenzhen Aitemi M300 Wi-Fi Repeater Remote Code Execution

Shenzhen Aitemi M300 Wi-Fi Repeater unauthenticated proof of concept remote code execution exploit that leverages the time parameter in protocol.csp. ============================================================================================================================================= | Tit...

Exploit for Use After Free in Google Chrome

CSS in Google Chrome prior to Remote Code Execution CVE-2026-...

Exploit for CVE-2025-4517

CVE-2025-4517 Exploit - WingData HTB NOTES This exploit an...

Windows Registry Persistence via Userinit

This module will install a payload that is executed during user logon. It writes a payload executable to disk and modifies the Userinit registry value in "HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon" to append the payload path, causing it to execute when any user logs in. Module...

Emacs Extension Persistence

This module adds a lisp based malicious extension to the emacs configuration file. When emacs is opened, the extension will be loaded and the payload will be executed. Tested against emacs 29.3 build 1 on Ubuntu Desktop 24.04. Module Options msf use exploit/linux/persistence/emacsextension msf...

Exploit for CVE-2024-4041

CVE-2024-4041 Yoast SEO /?page=%22%20onmouseover%3D%...

Exploit for CVE-2024-25600

CVE-2024-25600 — WordPress Bricks Builder RCE PoC Unauthent...

Awesome-Hacking-with-AI

No d...

Exploit for Improper Privilege Management in Oracle Vm_Virtualbox

Oracle VM VirtualBox Vulnerability CVE-2026-21957 Overvi...

Exploit for Use After Free in Google Chrome

CVE-2026-2441 — Chrome CSSFontFeatureValuesMap Use-After-Free...

Exploit for Expression Language Injection in Vmware Spring_Data_Mongodb

SpringData - SpEL RCE Exploit - CVE-2022-22980 Exploit pour l...

Exploit for CVE-2025-4517

This script is a weaponized version of the research published in...

Exploit for Incorrect Authorization in Dani-Garcia Vaultwarden

CVE-2026-26012...

Exploit for Argument Injection in Gnu Inetutils

!Authorhttps://img.shields.io/badge/Author-Mohammed%20Idrees%...

Exploit for Improper Neutralization of Null Byte or NUL Character in Wftpserver Wing_Ftp_Server

CVE-2025-47812 — Wing FTP Server Remote Code Execution RCE...

Exploit for CVE-2026-26221

📡 Hyland OnBase Timer Service Unauthenticated RCE Mohamm...