274591 matches found
Stack-Buffer-Overflow-x86
Stack-Based Buffer Overflow: From Bug to Code Execution I...
Exploit for CVE-2025-61260
OpenAI Codex CLI Vuln...
Exploit for Deserialization of Untrusted Data in Facebook React
react2shell-scanner-bypasswaf A command-line tool for detecti...
š JSONPath Plus Remote Code Execution
This Metasploit module exploits a remote code execution vulnerability in JSONPath Plus library versions prior to 10.3.0 The vulnerability allows arbitrary JavaScript code execution through malicious JSONPath expressions...
š js2py 0.74 Automated Sandbox Escape / Code Execution
js2py version 0.74 automated sandbox escape and remote code execution exploit with a reverse shell. ============================================================================================================================================= | Title : js2py v0.74 Automated Sandbox Escape & Revers...
š Xiongmai XM530 IP Camera Hardcoded RTSP Credential Exposure
The GetStreamUri ONVIF endpoint in Xiongmai XM530-series IP cameras exposes RTSP URIs containing hardcoded credentials, enabling direct unauthorized access to live video streams. CVE-2025-65857 Xiongmai XM530 IP Camera Hardcoded RTSP Credentials Exposure --- Summary The GetStreamUri ONVIF endpoin...
š CāBitrix 25.100.500 Translate Module Arbitrary File Upload
CāBitrix version 25.100.500 proof of concept exploit that demonstrates an arbitrary file upload vulnerability in the translate module. ============================================================================================================================================= | Title : CāBitrix...
š AVAST Antivirus 25.11 Unquoted Service Path
AVAST Antivirus version 25.11 contains an unquoted service path vulnerability that allows local non-privileged users to potentially execute code with elevated SYSTEM privileges. Attackers can exploit the unquoted service path configuration to inject malicious executables that will be run with...
š Mantis Bug Tracker 2.3.0 Remote Code Execution
Mantis Bug Tracker version 2.3.0 unauthenticated remote code execution exploit that chains together two vulnerabilities. The exploit resets the administrator password and then takes advantage of a command injection vulnerability. Exploit Title: Mantis Bug Tracker 2.3.0 - Remote Code Execution...
š Keras 2.15 Insecure Deserialization
Keras version 2.15 insecure deserialization proof of concept exploit. A security issue in certain versions of Keras allows attackers to craft a malicious model file typically a .keras or HDF5-based model containing unsafe serialization primitives. When such a model is loaded, the deserialization...
š Juniper ScreenOS 6.2.0r15 Backdoor Scanner
Juniper ScreenOS version 6.2.0r15 SSH backdoor scanner written in PHP. ============================================================================================================================================= | Title : Juniper ScreenOS 6.2.0r15 PHP Backdoor Scanner | | Author : indoushka | |...
š Kalmia CMS 0.2.0 User Enumeration
Proof of concept exploit that demonstrates a user enumeration vulnerability via the JWT authentication API on Kalmia CMS version 0.2.0. ============================================================================================================================================= | Title : Kalmia CM...
š Jenkins 2.441 Arbitrary File Read
Jenkins version 2.441 proof of concept arbitrary file read exploit. ============================================================================================================================================= | Title : Jenkins 2.441 read files Vulnerability | | Author : indoushka | | Tested on :...
š Kubio AI Page Builder 2.5.1 PHP LFI Extractor Scanner
A local file inclusion vulnerability exists in the function kubiohybridthemeloadtemplate of the Kubio AI Page Builder plugin for WordPress versions less than or equal to 2.5.1. An unauthenticated attacker may include arbitrary files via path traversal. This may lead to sensitive file disclosure a...
š Headlamp 0.38.0 Credential Reuse
A security issue was discovered in the in-cluster version of Headlamp where unauthenticated users may be able to reuse cached credentials to access Helm functionality through the Headlamp UI. Kubernetes clusters are only affected if Headlamp is installed, is configured with config.enableHelm: tru...
š Xiongmai XM530 IP Camera ONVIF Complete Authentication Bypass
There is a complete authentication bypass in the ONVIF implementation of Xiongmai XM530-series IP cameras that allows unauthenticated remote access to sensitive device information, configuration, and video streams. CVE-2025-65856 Xiongmai XM530 IP Camera ONVIF Complete Authentication Bypass ---...
š Langflow 1.3.0 Remote Code Execution
A critical remote code execution vulnerability exists in Langflow that allows unauthenticated attackers to execute arbitrary system commands via the code validation API endpoint. The vulnerability enables complete compromise of Langflow instances through improper input sanitization in the Python...
š Laravel Pulse 1.3.1 Arbitrary Code Injection
Proof of concept exploit written in PHP for Laravel Pulse version 1.3.1. This version of Laravel Pulse suffers from an arbitrary code injection vulnerability...
Windows10-Exploitation-Validation
Windows 10 Exploitation & Security Validation šÆ Project Ob...
Exploit for Server-Side Request Forgery in Svelte Sveltekit
BlueDragon Web Security An advanced web vulnerability scann...