274602 matches found
Exploit for Deserialization of Untrusted Data in Facebook React
Next.js CVE-2025-55182 Proof of Concept This is a proof-of-co...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
CVE-2025-24071 This is a python PoC...
š HTMLDOC 1.9.13 Stack Buffer Overflow
Proof of concept exploit written in PHP for HTMLDOC version 1.9.13 that generates a malicious BMP file that will trigger a stack buffer overflow vulnerability...
š Craft CMS 5.0 Twig Template Injection Scanner
This is a mass scanning script for the Craft CMS version 5.0 Twig template injection vulnerability. ============================================================================================================================================= | Title : Craft CMS 5.0 Twig Template Injection ā Mass...
š Gnuboard 5.6.23 SQL Injection / Code Execution
Gnuboard version 5.6.23 installation exploit that can identify SQL injection and potentially achieve remote code execution. ============================================================================================================================================= | Title : Gnuboard v5.6.23...
š WIX.com Cross Site Scripting
WIX.com appears to suffer from a cross site scripting vulnerability. The researcher contacted them months ago and they have ignored his report, so we are posting this to encourage them to address it and to let their users know that they could be affected by this vulnerability. Titles: WIX.com /...
š HighCMS 12.x SQL Injection
HighCMS version 12.x remote SQL injection proof of concept exploit written in Python. ============================================================================================================================================= | Title : HighCMS v12.x SQL Injection Exploit | | Author : indoushka ...
š Bitrix24 25.100.300 Remote Code Execution
Bitrix24 versions 25.100.300 and below have a vulnerability that is located within the Translate Module, which allows users to upload and extract archive files into a temporary directory. However, the application fails to properly verify the contents of these archives before extracting them. This...
š Hestia Control Panel 1.9.3 Code Execution
Hestia Control Panel version 1.9.3 code injection proof of concept exploit written in PHP that leverages cronjobs. ============================================================================================================================================= | Title : Hestia Control Panel 1.9.3 PHP...
š HTTP/2 Rapid Reset DoS Tester
This is an HTTP/2 Rapid Reset denial of service testing tool. It provides a comprehensive method for testing CVE-2023-44487 with cross-system compatibility, improved user interface, and detailed reporting capabilities...
š Grav CMS 1.7.49.5 Sandbox Bypass
This code is a standalone PHP proof of concept exploit targeting Grav CMS version 1.7.49.5 that demonstrates an authenticated remote code execution vulnerability caused by a Twig server-side template injection combined with a sandbox bypass...
š WordPress Omnipress 1.6.3 Cross Site Scripting
WordPress Omnipress plugin versions 1.6.3 and below suffer from a persistent cross site scripting vulnerability. CVE-2025-12163: Stored Cross-Site Scripting in Omnipress WordPress Plugin Keywords: CVE-2025-XXXXX, Omnipress WordPress vulnerability, stored XSS, WordPress security, authenticated XSS...
esm-dev 136 - Path Traversal
Exploit Title: esm-dev 136 - Path Traversal Date: 2025-07-11 Exploit Author: Byte Reaper Vendor Homepage: https://github.com/esm-dev/esm.sh Software Link: https://github.com/esm-dev/esm.sh CVE-2025-59342 - File : exploit.c - Date : 09/17/2025 - Target : esm-dev - Version: 136 - Target Endpoint :...
Summar Employee Portal 3.98.0 - Authenticated SQL Injection
Exploit Title: Summar Employee Portal 3.98.0 - Authenticated SQL Injection Google Dork: inurl:"/MemberPages/quienesquien.aspx" Date: 09/22/2025 Exploit Author: Peter Gabaldon - https://pgj11.com/ Vendor Homepage: https://www.summar.es/ Software Link: https://www.summar.es/software-recursos-humano...
š 1C-Bitrix 25.100.500 Remote Code Execution
1C-Bitrix versions 25.100.500 and below have a vulnerability that is located within the Translate Module, which allows users to upload and extract archive files into a temporary directory. However, the application fails to properly verify the contents of these archives before extracting them. Thi...
š Control Web Panel 0.9.8.1208 Command Injection
Control Web Panel versions 0.9.8.1208 and below suffer from an issue where user input passed via the key GET parameter to /admin/index.php when the api parameter is set is not properly sanitized before being used to execute OS commands. This can be exploited by unauthenticated attackers to inject...
Exploit for CVE-2025-12163
CVE-2025-12163: Stored Cross-Site Scripting in Omnipress WordP...
Exploit for Deserialization of Untrusted Data in Facebook React
React2Shell CVE-2025-55182 ā Local RSC Security Demo ā ļø W...
XSS-FINDER
usage python xssscanner.py āāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāāā...
Exploit for CVE-2025-65318
PoC for CVE-2025-65318 and CVE-2025-65319 - CVE-2025-65318...