Exploit for Unrestricted Upload of File with Dangerous Type in Devcode Openstamanager

OpenSTAManager RCE Exploit CVE-2026-38751 Arbitrary File...

IITR_Capstone_RedScope_Project

RedScope Capstone Project Lab-only red-team assessment for we...

pheditor-file-write-rce-cve

CVE-2026-XXXXX Arbitrary File Write Leading to Remote Code...

Exploit for CVE-2026-5366

PoC: CVE-2026-5366 - Git Argument Injection in Prefect GitRep...

Exploit for CVE-2026-5366

CVE-2026-5366 P...

xss-vulnerability-scanner

Application Security: Automated Reflected XSS Web Fuzzer 📝...

Exploit for Improper Access Control in Widgetfactorylimited Jce

MASTA CVE-2026-48907 Scanner Joomla! JCE 2.9.99.5 Unauthe...

Exploit for CVE-2026-46331

cve-id ⚡ Simple Usage Use this project only in safe and...

boxmoe-dove-sqli-cve

CVE-2026-XXXXX Unauthenticated SQL Injection in Boxmoe Dov...

Gogs (Go Git Service) 0.11.66 - Remote Code Execution

Gogs 0.11.66 allows remote code execution because it does not properly validate session IDs, as demonstrated by a ".." session-file forgery in the file session provider in file.go. This is related to session ID handling in the go-macaron/session code for Macaron. id: CVE-2018-18925 info: name: Go...

Gogs <0.12.6 - Remote Command Execution

Gogs before 0.12.6 is susceptible to remote command execution via the uploading repository file in GitHub repository gogs/gogs. An attacker can execute malware, obtain sensitive information, modify data, and/or gain full control over a compromised system without entering necessary credentials. id...

Jenkins Git <=4.11.3 - Missing Authorization

Jenkins Git plugin through 4.11.3 contains a missing authorization check. An attacker can trigger builds of jobs configured to use an attacker-specified Git repository and to cause them to check out an attacker-specified commit. This can make it possible to obtain sensitive information, modify...

Magento Mass Importer <0.7.24 - Remote Auth Bypass

Magento Mass Importer aka MAGMI versions prior to 0.7.24 are vulnerable to a remote authentication bypass due to allowing default credentials in the event there is a database connection failure. id: CVE-2020-5777 info: name: Magento Mass Importer 0.7.24 - Remote Auth Bypass author: dwisiswant0...

n8n >= 0.123.0 and < 1.121.3 - Remote Code Execution

n8n versions = 0.123.0 and = 0.123.0 and = 0.123.0 and 1.121.3 contain a critical authenticated remote code execution vulnerability via arbitrary file write. An authenticated user can exploit the Git node to overwrite critical files and execute untrusted code on the n8n server, potentially leadin...

Langflow < 1.3.0 - Remote Code Execution via validate_code() exec()

Langflow contains a remote code execution caused by inclusion of functionality from untrusted control sphere in the execglobals parameter at the validate endpoint, letting remote attackers execute arbitrary code as root, exploit requires no authentication. id: CVE-2026-0770 info: name: Langflow...

AstrBot <= 4.22.1 - Command Injection

AstrBot versions up to and including 4.22.1 contain a command injection vulnerability in the MCP server configuration endpoint. The /api/tools/mcp/add endpoint accepts arbitrary command and args fields that are passed directly to subprocess execution during the connection test, without any...

Magmi 0.7.22 - Cross-Site Scripting

Magmi 0.7.22 contains a cross-site scripting vulnerability due to insufficient filtration of user-supplied data prefix passed to the magmi-git-master/magmi/web/ajaxgettime.php URL. id: CVE-2017-7391 info: name: Magmi 0.7.22 - Cross-Site Scripting author: pikpikcu severity: medium description: Mag...

WordPress WP Clone <= 2.4.2 - Database Backup Exposure

Clone WordPress plugin 2.4.3 contains a buffer overflow caused by storing in-progress backup information in publicly accessible buffer files at a static file path, letting attackers access sensitive backup data, exploit requires no special privileges id: CVE-2023-6750 info: name: WordPress WP Clo...

sakura-theme-sqli-cve

CVE-2026-XXXXX Unauthenticated SQL Injection in Sakura Wor...

sentinel

Sentinel — Agentic Code & System Quality Guardian Production-...