Exploit for CVE-2025-69690

🔐 CVE-2025-69690 & CVE-2025-69691 Authenticated Remote Co...

Exploit for CVE-2025-4138

CVE-2025-4138 Auto-Sudo Generator A Python script to generate...

Exploit for CVE-2025-49132

CVE-2025-49132 - Pterodactyl Panel Exploit ⚠️ Disclaimer...

Exploit for Authentication Bypass by Spoofing in Booster Booster_For_Woocommerce

QE3 - WordPress Auto Exploitation Scanner ╔════════════...

ExploitPwned

ExploitPwned Exploit Database ExploitDB is an archive of exp...

security-research

Security Research This project hosts security advisories and...

Exploit for Incorrect Authorization in Dani-Garcia Vaultwarden

CVE-2026-26012 — Vaultwarden Cipher Enumeration PoC Full...

scan-exploit

pyt...

Parth--SQLI-Detection-Tool

No d...

📄 eNet SMART HOME Server 2.3.1 Default Credentials

The eNet Smart Home system ships with default credentials that remain active after installation and commissioning without enforcing a mandatory password change. Version 2.3.1 is affected. eNet SMART HOME server 2.3.1 Use of Default Credentials Vendor: Gira Giersiepen GmbH & Co. KG | ALBRECHT JUNG...

📄 ChurchCRM 6.8.0 Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in the installation process of ChurchCRM versions 6.8.0 and earlier. By sending a specially crafted POST request to the setup page, an attacker can execute arbitrary commands on the target server. This Metasplo...

📄 PopojiCMS 2.0.1 Code Injection

PopojiCMS version 2.0.1 remote PHP code injection proof of concept exploit. ============================================================================================================================================= | Title : PopojiCMS 2.0.1 PHP COde Injection Vulnerability | | Author : indoush...

📄 JUNG Smart Panel 5.1 KNX (L1.12.22) Path Traversal

JUNG Smart Panel version 5.1 KNX L1.12.22 unauthenticated path traversal proof of concept exploit that builds on the finding from LiquidWorm. ============================================================================================================================================= | Title : JUN...

📄 JUNG Smart Visu Server 1.1.1050 Denial of Service

Proof of concept exploit for a security vulnerability in JUNG Smart Visu Server version 1.1.1050 that allows unauthenticated remote attackers to trigger a system reboot or shutdown via a crafted HTTP POST request to a publicly exposed REST API endpoint...

📄 eNet SMART HOME Server 2.3.1 Account Takeover

The eNet Smart Home system contains an authorization flaw in the resetUserPassword functionality that allows any authenticated low-privileged user UGUSER to reset the password of arbitrary accounts, including those in the UGADMIN and UGSUPERADMIN groups, without supplying the current password or...

📄 phpIPAM 1.4 Code Execution / Local File Inclusion

A critical local file inclusion vulnerability exists in in index.php in phpIPAM version 1.4. Attackers can exploit this to read sensitive system files and potentially perform remote code execution. phpIPAM 1.4 LFI to RCE Exploit...

📄 eNet SMART HOME Server 2.3.1 Arbitrary User Deletion

The eNet Smart Home system contains an authorization weakness in the deleteUserAccount JSON-RPC method that permits any authenticated low-privileged user UGUSER to delete arbitrary user accounts, except for the built-in admin account. The application does not enforce proper role-based access...

📄 FortiGate Advanced Symlink Bypass Exploit

This Python script is an advanced exploitation tool targeting vulnerable FortiGate devices manufactured by Fortinet. It attempts to exploit a symlink/path bypass vulnerability via the /lang//custom/ endpoint in order to access sensitive internal files that should not be publicly accessible...

📄 eNet SMART HOME Server 2.3.1 Remote Privilege Escalation

The eNet Smart Home system suffers from a privilege escalation vulnerability due to insufficient authorization checks in the JSON-RPC endpoint for user management. A low-privileged user, can exploit the setUserGroup method by sending a crafted POST request to /jsonrpc/management, specifying their...

📄 JUNG Smart Visu Server Cache Poisoning

Python proof of concept web cache poisoning exploit for JUNG Smart Visu Server that builds on the finding from LiquidWorm. ============================================================================================================================================= | Title : JUNG Smart Visu Server...