📄 NanoMQ 0.24.6 API SQL Rule Engine Buffer Overflow

This script is a proof of concept used to test NanoMQ's API for improper input handling. It sends an intentionally long and malformed SQL alias through the /api/v4/rules endpoint to check whether the service safely rejects the input or crashes. The code does not achieve real remote code execution...

📄 Blesta 5.13.1 Admin Interface PHP Object Injection

Blesta versions 3.0.0 through 5.13.1 suffer from an administrative interface PHP object injection vulnerability. The vulnerabilities exist because user input passed through the vars and orderinfo POST parameters when dispatching the /app/controllers/adminclients.php script, and through the...

📄 Monstra CMS 3.0.4 Shell Upload

Monstra CMS version 3.0.4 proof of concept remote shell upload exploit. ============================================================================================================================================= | Title : Monstra CMS 3.0.4 shell upload Vulnerability | | Author : indoushka | |...

📄 Mutiny 5.0-1.07 Directory Traversal

Mutiny version 5.0-1.07 directory traversal proof of concept exploit that demonstrates an issue originally discovered in 2013. ============================================================================================================================================= | Title : Mutiny 5.0-1.07...

📄 mPDF 8.1.0 Server-Side Request Forgery / Local File Disclosure / DoS

mPDF version 8.1.0 is vulnerable to multiple security issues related to unsafe handling of external resources, file paths, and image content during HTML-to-PDF rendering. When untrusted or partially trusted HTML input is processed, attackers may exploit insufficient validation to trigger...

FortiWeb Fabric Connector 7.6.x - SQL Injection to Remote Code Execution

Exploit Title: FortiWeb Fabric Connector 7.6.x - Pre-authentication SQL Injection to Remote Code Execution Date: 2025-10-05 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Tested on: Win, Ubuntu CVE : CVE-2025-25257 Overvi...

Docker Desktop 4.44.3 - Unauthenticated API Exposure

Exploit Title: Docker Desktop 4.44.3 - Unauthenticated API Exposure Date: 2025-10-06 Exploit Author: OilSeller2001 Vendor Homepage: https://www.docker.com/ Software Link: https://www.docker.com/products/docker-desktop/ Version: Affected on Windows and macOS versions prior to 4.44.3 Tested on:...

windows 10/11 - NTLM Hash Disclosure Spoofing

Exploit Title: windows 10/11 - NTLM Hash Disclosure Spoofing Date: 2025-10-06 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://www.microsoft.com Software Link: N/A Version: Not applicable this is a generic Windows library file behavior Tested on: Windows 10 x64 / Windows 11 x64 lab...

OctoPrint 1.11.2 - File Upload

Exploit Title: OctoPrint 1.11.2 - File Upload Date: 2025-09-28 Exploit Author: prabhatverma.addada Vendor Homepage: https://octoprint.org Software Link: https://github.com/OctoPrint/OctoPrint Affected Versions: = 1.11.2 Patched Versions: 1.11.3 CVE: CVE-2025-58180 CVSS per advisory: 7.5 Platform:...

Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE

Exploit Title: Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE Date: 2025-10-07 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://kubernetes.io Software Link: https://github.com/kubernetes/ingress-nginx Version: Affects v1.10.0 to v1.11.1 potentially others Tested o...

aiohttp 3.9.1 - directory traversal PoC

Exploit Title: Python aiohttp directory traversal PoC CVE-2024-23334 Google Dork: N/A Date: 2025-10-06 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://www.aiohttp.org / https://www.python.org Software Link: https://github.com/aio-libs/aiohttp vulnerable tag: 3.9.1 Version: aiohttp...

Redis 8.0.2 - RCE

Exploit Title: Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE Date: 2025-10-07 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://redis.io/ Software Link: https://redis.io/ Version: Affects := 8.0.0, 8 + p8size & 0xff def buildmalformedhll: """ Construct a malformed...

React Native Community CLI remote command execution

Added: 02/04/2026 Background React Native is a framework for building mobile JavaScript applications. React Native Community CLI is a collection of command line tools that help developers build React Native mobile applications. Problem A vulnerability in React Native Community CLI when running wi...

📄 Go crypto/x509 Hostname Verification Denial of Service

A denial of service vulnerability exists in the Go programming language crypto/x509 package. The issue occurs during TLS hostname verification when constructing error messages for certificates containing a very large number of DNS names. In affected versions, error message construction uses...

Exploit for CVE-2026-24854

CVE-2026-24854 – ChurchCRM Authenticated Numeric SQL Injection...

Exploit for CVE-2026-25130

CVE-2026-25130 – Cybersecurity AI CAI Framework Argument Inj...

Exploit for Out-of-bounds Write in Netapp C400_Firmware

🔐 SLUBSTICK Exploitation Research Demonstrating Race Con...

Exploit for Argument Injection in Gnu Inetutils

🔒 CVE-2026-24061 - Exploit Critical Authentication Flaw 🚀...

Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

CVE-2023-27163---Maltrail-0.53---RCE...

Exploit for Server-Side Request Forgery in Rbaskets Request_Baskets

CVE-2023-27163---SSRF-Baskets-Reques...