Drupal Core 10.5.5 - Error-Based SQL Injection

Exploit Title: Drupal Core 10.5.5 - Error-Based SQL Injection Google Dork: N/A Date: 2026-05-31 Exploit Author: cardosource Vendor Homepage: https://www.drupal.org Software Link: https://www.drupal.org/project/drupal Version: Drupal Core 10.5.5 Tested on: Debian Linux Docker, PHP 8.2, Apache,...

WordPress OrderConvo 14 - Path Traversal

Exploit Title: WordPress OrderConvo 14 - Path Traversal Date: 05-31-2026 Exploit Author: Diamorphine Vendor Homepage: https://www.najeebmedia.com/ Software Link: https://wordpress.org/plugins/admin-and-client-message-after-order-for-woocommerce/ Version: 13.5 Tested on: Debian CVE : CVE-2025-1016...

📄 dwatch 0.0.2 SSRF Boundary and Network Isolation Audit Tool

This is an auditing tool to analyze server-side request forgery vulnerabilities in dwatch version 0.0.2. ================================================================================================================================== | Title : dwatch 0.0.2 SSRF Boundary and Network Isolation...

📄 dwol 1.0.0 Command Injection

This Python script is a security auditing tool designed to assess a potential unauthenticated command injection vulnerability in dwol. It interacts with the target application's API to register test machines and inject controlled payloads into the host parameter to determine whether arbitrary...

📄 Espanso 2.3.0 Configuration Injection

This Python script is a configuration manipulation tool for Espanso version 2.3.0 that modifies its YAML configuration file base.yml to add new text triggers capable of executing system commands via shell or script extensions...

📄 Notepad++ 8.9.6 Arbitrary Code Execution

Notepad++ versions 8.9.6 and below proof of concept arbitrary code execution exploit. Exploit Title: Notepad++ 8.9.6 - Arbitrary Code Execution Date: 2026-05-30 Exploit Author: Kavin Jindal Avyukt Security https://www.linkedin.com/in/kavin-jindal/ Vendor Homepage: https://notepad-plus-plus.org...

📄 Mennekes Amtron Series and Smart-T PnC 5.22.3 Authentication Bypass / Privilege Escalation

Mennekes Amtron Series and Smart-T PnC version 5.22.3 suffers from authentication bypass and privilege escalation vulnerabilities. CyberDanube Security Research 20260528-0 ------------------------------------------------------------------------------- title| Multiple Vulnerabilities product|...

📄 Apache ActiveMQ Jolokia Remote Code Execution

This is a proof of concept security research tool that evaluates a potential authenticated remote code execution pathway through the Jolokia management interface exposed by Apache ActiveMQ. The tool authenticates to the broker, discovers configuration details, interacts with JMX operations expose...

📄 MATLAB R2024a Arbitrary Local System Information Disclosure

This proof of concept tool demonstrates arbitrary local system information disclosure via MATLAB using system/fileread primitives. ================================================================================================================================== | Title : MATLAB R2024a Full...

Software-Security-Exploits

Software Security: Privilege Escalation Attacks SEED Labs pro...

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

usage: exploit.py -h --lhost LHOST --lport LPOR...

Windows Kernel Pointer Exposure Enumerator

This module enumerates kernel object pointers exposed via NtQuerySystemInformation with SystemExtendedHandleInformation. It categorizes exposed pointers by object type and provides observational data about kernel address space layout for research and educational purposes. Module Options msf use...

Exploit for Code Injection in Backupbliss Backup_Migration

WordPressBackupMigration-RCEUnauth...

Exploit for CVE-2022-42005

Tesla Security Research Vulnerability research on the Tesla M...

Exploit for Improper Authentication in Google Android

DEDSECBKIF DEDSECBKIF is a keystroke injection tool for Androi...

Exploit for Missing Authentication for Critical Function in Mcpjam Inspector

CVE-2026-23744 — MCPJam Inspector Unauthenticated RCE !Pytho...

Exploit for CVE-2022-25765

CVE-2022-25765 — Command Injection in pdfkit Descripción...

Exploit for Use After Free in Apache Http_Server

CVE-2019-0211 — Apache HTTP Server Local Privilege Escalation...

Exploit for SQL Injection in Cmsmadesimple Cms_Made_Simple

CVE-2019-9053 — Unauthenticated SQL Injection in CMS Made Simp...

Exploit for Improper Access Control in Fortinet Forticlientems

CVE-2026-35616 - Fortinet FortiClientEMS 7.4.5 Unauthenticated...