Exploit for CVE-2026-24688

CVE-2026-24688 - pypdf - Circular Reference DoS Vulnerability...

Exploit for CVE-2026-24061

CVE-2026-24061 Vulnerability Scanner & Exploit !Licenseh...

Master-Engine-POC---Proprietary-Agentic-AI-Solution

Master Engine POC - Proprietary Agentic AI Solution !Pyth...

Exploit for Path Traversal in Aiohttp

CVE‑2024‑23334 Path Traversal - PoC I created this script t...

CVEs-huyle

CVE-2026-30139: Silverpeas Core Reflected XSS in AdvancedSearc...

Exploit for CVE-2024-11467

CVE-2024-11467 The macOS operating system uses XPC services f...

📄 PLY 3.11 Arbitrary Code Execution

An undocumented and unsafe feature in the PyPI‑distributed version of PLY version 3.11 allows arbitrary code execution when the yacc function is invoked with the picklefile parameter. 🚨 Undocumented Remote Code Execution in PLY CVE‑2025‑56005 CVE ID: CVE‑2025‑56005 Reported by: Ahmed Abd Disclosu...

📄 MinIO RELEASE.2023-03-20T20-16-18Z Vulnerability Scanner

This PHP script is a command-line vulnerability scanner designed to detect CVE-2023-28432 in MinIO servers. The vulnerability allows unauthenticated access to sensitive environment variables through the /minio/bootstrap/v1/verify endpoint...

📄 MikroTik RouterOS 6.40.10 Denial of Service

This exploit targets a vulnerability in the MikroTik RouterOS SMB service, allowing remote attackers to crash the SMB process and render services unavailable. Specially crafted SMB packets trigger an abnormal condition, leading to a denial of service, requiring manual restart or reboot of the...

📄 macOS 10.13.4 (17E199) fgetattrlist Heap Overflow

CVE-2018-4243 is a critical kernel heap overflow vulnerability in macOS and iOS affecting the fgetattrlist system call. The vulnerability allows local attackers to trigger kernel heap corruption, potentially leading to kernel panic, privilege escalation, or arbitrary code execution. This particul...

📄 Ivanti Connect Secure 9.x / 22.x Command Injection

The provided PHP script targets CVE‑2024‑21887, a command injection vulnerability in Ivanti Connect Secure versions 9.x and 22.x It is designed to identify and exploit vulnerable systems through a crafted API request. It initializes a reusable cURL session to send malicious JSON payloads to a...

📄 MaNGOSWeb 4.0.6 Host Header Injection / XML Injection

MaNGOSWeb version 4.0.6 host header proof of concept exploit that a code injection vulnerability. It shows that it can be leveraged for more than cross site scripting and can be used to perform XML external entity injection leading to a file write that can assist in remote code execution...

📄 MCPJam 1.4.2 Command Injection

This Metasploit exploit module targets the MCP Model Context Protocol server, specifically exploiting a command injection vulnerability in the /api/mcp/connect endpoint. The vulnerability allows unauthorized remote command execution by sending crafted JSON payloads that are executed by the server...

📄 Lighttpd 1.4.66 FastCGI Resource Exhaustion

Proof of concept exploit for a resource exhaustion vulnerability that exists in lighttpd versions 1.4.56 through 1.4.66 affecting FastCGI and other gateway backends. When processing HTTP/1.1 requests using chunked transfer encoding with request-body streaming enabled, an anomalous client disconne...

Exploit for Improper Authorization in Vercel Next.Js

PoC: CVE-2025-29927 - Next.js Middleware Bypass This reposito...

Exploit for Deserialization of Untrusted Data in Facebook React

CVE-2025-55182 React2Shell Vulnerability Target Vulnerab...

Exploit for CVE-2025-27237

CVE-2025-27237 Local privilege escalation vulnerability in Za...

Exploit for CVE-2025-36911

ZWhisper for Linux CVE-2025-36911 WhisperPair Vulnerabilit...

Exploit for CVE-2025-36911

ZWhisper CVE-2025-36911 WhisperPair Vulnerability Scanner...

sonarcloud-poc

SonarCloud PoC - SAST Test Projeto de teste para validar dete...