274457 matches found
Exploit for CVE-2025-15467
CVE-2025-15467: OpenSSL CMS AuthEnvelopedData Stack Buffer Ove...
📄 Microsoft Windows 11 build 10.0.27898.1000 Local Privilege Escalation
Proof of concept exploit designed to test a potential local privilege escalation vulnerability in Windows, specifically targeting a feature called AiRegistrySync. It checks if modifications made by a standard user in their own Registry profile can be automatically synchronized propagated into the...
📄 Next.js 13.5.9 Middleware Bypass Scanner
This is an authorization bypass scanner for Next.js versions 13.5.9 and below. A vulnerability exists in the Next.js middleware handling mechanism, where requests containing the "x-middleware-subrequest" header are processed differently compared to normal requests...
📄 n8n 2.0.0-rc.4 Remote Command Execution
n8n version 2.0.0-rc.4 PHP port of a research exploit that chains together multiple vulnerabilities including arbitrary file read and sandbox escape in order to achieve remote command execution...
📄 Oracle E-Business Suite 12.2.3 Request Smuggling
This script is a refined proof of concept targeting Oracle E‑Business Suite EBS vulnerability CVE‑2025‑61882. It corrects logical flaws in request smuggling payload construction, particularly around request termination and CRLF preservation, ensuring reliable proxy/backend desynchronization. The...
📄 Advantech IoTSuite / IoT Edge SQL Injection
A critical unauthenticated SQL injection vulnerability was identified in Advantech WISE-IoTSuite / SaaS Composer. The issue resides in the /displays/filename.json endpoint, where the filename parameter is improperly sanitized before being concatenated into a backend PostgreSQL query. An attacker...
📄 Monsta FTP 2.11 Remote File Injection
This Metasploit module exploits a vulnerability in Monsta FTP version 2.11 and enables remote file injection by creating a malicious FTP server. The application builds this server to upload a malicious PHP file reverse shell. After the file is uploaded, the module immediately verifies the...
📄 LibreChat MCP 0.8.2-rc2 Remote Code Execution
This proof of concept exploit targets the LibreChat MCP remote code execution vulnerability known as CVE-2026-22252. It provides a comprehensive and professional framework for detecting, testing, and exploiting the vulnerability with multiple extraction modes...
📄 libarchive RAR Double Free / Use-After-Free
This proof of concept demonstrates a memory management flaw in libarchive versions prior to 3.8.0 when handling malformed RAR headers. By supplying a corrupted RAR structure, the code forces error paths during archive parsing, leading to improper cleanup. As a result, the archive object may be...
📄 MyPRO Manager 1.2 Command Injection
MyPRO Manager versions 1.2 and below suffer from an unauthenticated command injection vulnerability. ============================================================================================================================================= | Title : MyPRO Manager 1.2 php code injection | |...
Exploit for CVE-2026-24134
CVE-2026-24134-PoC Overview This repository contains the...
Pentest-Lab-Waf-Bypass-SoledySecurity
Pentest-Lab-Waf-Bypass-SoledySecurity Hands-on web pentest lab...
FreePBX endpoint SQLi to RCE
FreePBX is an open-source IP PBX management tool that provides a modern phone system for businesses that use VoIP to make and receive phone calls. Versions before 16.0.44 and 17.0.23 are vulnerable to CVE-2025-66039, while versions before 16.0.92 and 17.0.6 are vulnerable to CVE-2025-61675. The...
WriteUp
Preface In the world of network security, CTF Capture The...
Exploit for CVE-2025-10878
CVE-2025-10878-AdminPand...
karibu-xss-csrf-lab
No d...
MY-CVE-POC-s
Proof...
Sentinel-X
!Licen...
Exploit for Incorrect Permission Assignment for Critical Resource in Apachefriends Xampp
CVE-2020-11107 – XAMPP Local Privilege Escalation Descript...
Exploit for CVE-2025-40554
CVE-2025-40554 – SolarWinds Web Help Desk Auth Bypass PoC Pro...