Exploit for Deserialization of Untrusted Data in Google Android

Zygote Toolkit - CVE-2024-31317 This is a toolkit that uses C...

Exploit for Improper Input Validation in Alibaba Fastjson

Lab 6-CVE-2017-18349 I. SYSTEM ANALYSIS Attack S...

Exploit for CVE-2026-40564

CVE-2026-40564: SSRF via FlinkSessionJob.spec.job.jarURI in fl...

Y2X

Y2eXploit Y2X --- Overview Y2eXploit Y2X is an a...

waf-engine

WAF & SOAR Engine A cloud-native Web Application Firewall and...

Exploit for XPath Injection in Huggingface Smolagents

🔐 Smolagents XPath Injection Simulation Framework CVE-2025-11...

sqli_exploit

S...

My-CVE

No d...

bungee-gum

bungee-gum A colle...

Exploit for SQL Injection in Ghost

version Unauthenticated Stored Cross-Site Scripting CVE-2026-...

Exploit for Protection Mechanism Failure in Artifex Ghostscript

Real Case Exploitation of Buffer Overflow & Format String Vuln...

Exploit for Code Injection in Xwiki

CVE-2025-24893 Exploit de Execução Remota de Código RCE no X...

Exploit for Binding to an Unrestricted IP Address in Openprinting Cups-Browsed

No d...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

copyfail-detect Detection toolkit for CVE-2026-31431 "Copy F...

📄 EspoCRM 9.3.3 Server-Side Request Forgery

EspoCRM version 9.3.3 suffers from an authenticated server-side request forgery vulnerability. Exploit Title: EspoCRM 9.3.3 - Authenticated SSRF via Alternative IPv4 Notation Google Dork: N/A Date: 2026-05-08 Exploit Author: Max Gabriel https://github.com/EntroVyx Vendor Homepage:...

📄 Grav CMS Shell Upload

The Grav CMS Direct Install feature in the Admin plugin allows administrators to upload plugins as ZIP files. The system failed to adequately validate the contents of the ZIP archive or prevent path traversal Zip Slip during extraction. By crafting a malicious plugin that hooks into Grav events...

📄 Casdoor 3.54.1 Arbitrary File Write / Path Traversal

Casdoor versions prior to 3.54.1 suffer from an arbitrary file write vulnerability via a path traversal. This can result in remote code execution via a shell upload or ssh key injection. Exploit Title: Casdoor 3.54.1 - Arbitrary File Write via Path Traversal Date: 2026-05-11 Exploit Author: sixpa...

📄 WordPress Quick Playground 1.3.1 Shell Upload

Quick Playground for WordPress plugin versions 1.3.1 and below suffers from a remote shell upload vulnerability. Exploit Title: Quick Playground for WordPress 1.3.1 - Unauthenticated Remote Code Execution Google Dork: N/A Date: 2026-05-22 Exploit Author: cardosource Vendor Homepage:...

📄 WordPress Prodigy Commerce 3.2.9 Local File Inclusion

WordPress Prodigy Commerce plugin versions 3.2.9 and below suffer from a local file inclusion vulnerability. Exploit Title: Prodigy Commerce 3.3.0 - Local File Inclusion Date: 23-05-2026 Exploit Author: Diamorphine Vendor Homepage: https://prodigycommerce.com/ Software Link:...

📄 D-Link DSL2600U Password Disclosure

D-Link DSL2600U suffers from an administrative password disclosure vulnerability. Exploit Title: D-Link DSL2600U - 'rom-0' Admin Password Disclosure Date: 2026-05-02 Exploit Author: Amir Hossein Jamshidi Vendor Homepage: https://www.dlink.com Version: DSL-2600U Tested on: ubuntu CVE : N/A Firmwar...