274428 matches found
📄 OctoPrint 1.11.2 Remote Code Execution
OctoPrint versions 1.11.2 and below suffer from a remote code execution vulnerability via a malformed filename being used in an authenticated file upload. Exploit Title: OctoPrint 1.11.2 - File Upload Date: 2025-09-28 Exploit Author: prabhatverma.addada Vendor Homepage: https://octoprint.org...
📄 aiohttp 3.9.1 Directory Traversal
Proof of concept exploit for a directory traversal vulnerability in aiohttp version 3.9.1. Exploit Title: Python aiohttp directory traversal PoC CVE-2024-23334 Google Dork: N/A Date: 2025-10-06 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://www.aiohttp.org / https://www.python.or...
📄 Online Grievance Redressal Software 2.6 SQL Injection
Online Grievance Redressal Software version 2.6 suffers from a remote SQL injection vulnerability. ============================================================================================================================================= | Title : Online Grievance Redressal Software 2.6 SQL...
📄 RPi-Jukebox-RFID 2.8.0 Cross Site Scripting
RPi-Jukebox-RFID version 2.8.0 suffers from a persistent cross site scripting vulnerability. Exploit Title: RPi-Jukebox-RFID 2.8.0 - Stored XSS CVE-2025-10370 Date: 2025-09-25 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://github.com/MiczFlor/RPi-Jukebox-RFID Software Link:...
📄 Nexus Repository Manager 3.53.0-01 File Disclosure / Traversal
A critical path traversal vulnerability exists in Sonatype Nexus Repository Manager 3 that allows unauthenticated attackers to read arbitrary files from the server filesystem through crafted URL paths. This is a proof of concept for an issue discovered in 2024...
📄 Piranha CMS 12.0 Cross Site Scripting
Piranha CMS version 12.0 suffers from a cross site scripting vulnerability. Exploit Title: Piranha CMS 12.0 - Stored Cross Site Scripting Date: 2025-09-26 Exploit Author: Chidubem Chukwu Terminal Venom LinkedIn : https://www.linkedin.com/in/chidubem-chukwu-20bb202a9? Vendor Homepage:...
📄 NPU Driver Use-After-Free Detector
This Metasploit module detects vulnerable NPU drivers susceptible to CVE-2025-21424, a use-after-free vulnerability in the MSM NPU kernel driver. Additional details are included that identify shortcomings in the original proof of concept...
📄 Next.js 14.2.25 Middleware Subrequest Bypass
A vulnerability exists in the Next.js middleware handling mechanism, where requests containing the "x-middleware-subrequest" header are processed differently compared to normal requests, potentially allowing attackers to bypass authentication...
📄 Node.js 25.x Permission Model Sandbox Bypass / Path Traversal
This Metasploit module validates a sandbox escape weakness in the Node.js permission model that allows restricted file access bypass through symlink-based path traversal. When Node.js is executed with the --permission flag and limited filesystem read/write paths, the permission checks rely on...
📄 Redis 8.0.2 Remote Code Execution
Redis versions from 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, suffer from a heap out of bounds write that can be leverage for remote code execution. Exploit Title: Redis RCE Date: 2025-10-07 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://redis.io/ Software Link:...
📄 Online Vehicle Service Management System 1.0 Add Administrator
Proof of concept add administrator exploit for Online Vehicle Service Management System version 1.0 that leverages a missing authentication vulnerability. ============================================================================================================================================= ...
📄 Ingress-NGINX Admission Controller 1.11.1 Remote Code Execution
Ingress-NGINX Admission Controller version 1.11.1 remote code execution proof of concept exploit that chains together multiple vulnerabilities. Exploit Title: Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE Date: 2025-10-07 Exploit Author: Beatriz Fresno Naumova Vendor Homepage:...
📄 Online Admission Software 2.6 Insecure Direct Object Reference
Online Admission Software version 2.6 suffers from an insecure direct object reference vulnerability. ============================================================================================================================================= | Title : Online Admission Software 2.6 IDOR...
📄 D-Link DIR-825 Rev.B 2.10 Buffer Overflow
D-Link DIR-825 Rev.B versions 2.10 and below proof of concept stack buffer overflow denial of service exploit. Exploit Title: D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow DoS Google Dork: N/A Date: 2025-09-25 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://www.dlink.com/...
Exploit for CVE-2026-25512
CVE-2026-25512 PoC – Group-Office Authenticated RCE via TNEF H...
Exploit for CVE-2026-25546
CVE-2026-25546 PoC - godot-mcp OS Command...
Exploit for CVE-2025-69906
make it a readme.md to paste into it CVE-2025-69906: Monstra...
cms-security-poc
CVE-2026-31266 - Craft CMS Missing Authorization CVE Infor...
Exploit for Argument Injection in Gnu Inetutils
https://github.com/SafeBreach-Labs/CVE-2026-24061/blob/main/t...
Gladinet CentreStack/Triofox Access Ticket Forge
This module forges access tickets for the Gladinet CentreStack/Triofox /storage/filesvr.dn endpoint. The vulnerability exists because the application uses hardcoded cryptographic keys in GladCtrl64.dll to encrypt/decrypt access tickets. The access ticket is an encrypted string that contains: -...