CVE-2018-25315 Alloksoft Video joiner 4.6.1217 Buffer Overflow via License Name

Alloksoft Video joiner 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying a malicious string in the License Name field. Attackers can craft a payload with structured exception handler SEH overwrite and shellcode to achieve code...

Exploit for CVE-2025-27136

CVE-2025-27136 Exploiting an XML External Entity XXE Vulnera...

CVE-2020-37010

CVE-2020-37010 affects BearShare Lite 5.2.5. The issue is a buffer overflow in the Advanced Search keywords input that can allow arbitrary code execution by crafting a payload to overwrite the EIP and run shellcode when content is pasted into the search keywords field. Documented impact is high (...

Exploit for CVE-2026-24061

CVE-2026-24061 复现步骤 构建镜像 docker build -t telnetd-bypass...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell - Preuve de Concept CVE-2025-55182 Ce projet...

Exploit for CVE-2025-62726

N8N Remote Code Execution CVE-2025-62726 POC/Exploit This vul...

EUVD-2018-15664

Malware in sbrugna...

CVE-2024-57099

ClassCMS v4.8 has a code execution vulnerability. Attackers can exploit this vulnerability by constructing a payload in the classview parameter of the model management feature, allowing them to execute arbitrary code and potentially take control of the server...

GHSA-8FX8-PFFW-W498 SiYuan has an arbitrary file deletion vulnerability

Summary A arbitrary file deletion vulnerability has been identified in the latest version of Siyuan Note. The vulnerability exists in the POST /api/history/getDocHistoryContent endpoint.An attacker can craft a payload to exploit this vulnerability, resulting in the deletion of arbitrary files on...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Adobe Experience Manager 跨站脚本漏洞

Adobe Experience Manager AEM is a set of content management solutions that can be used to build websites, mobile applications and forms from the American company Odobie Adobe. The program supports mobile content management, marketing and sales campaign management and multi-site management. A...

Call Now Accessibility Button < 1.1 - Admin+ Stored Cross Site Scripting

Description The plugin does not properly sanitize some of its settings, which could allow high-privilege users to perform Stored Cross-Site Scripting XSS attacks even when the unfilteredhtml capability is disallowed for example in multisite setup. 1. In the plugin's "Quick Start" field, add the...

Evaluate <= 1.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitize and escapes some of its settings, which could allow high-privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed for example, in multisite setup. 1. Go to Settings » Evaluate » Add New. 2. Add...

Advanced Comment Form < 1.2.1 - Admin+ Authenticated Stored XSS

The plugin does not sanitise and escape its settings, allowing high privilege users such as admin to perform cross-Site Scripting attacks even when the unfilteredhtml capability is disallowed. In the settings of the plugin, add the following payload to the text before the form:...

Thinkific Uploader <= 1.0.0 - Admin+ Stored Cross-Site Scripting

The plugin does not sanitise and escape its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks against other administrators. Put the following payload in any of the settings: "...

D-Link DIR882 操作系统命令注入漏洞

The D-Link DIR882 is a dual-band wireless router from China-based AUO D-Link. An operating system command injection vulnerability exists in the D-Link DIR882 DIR882A1FW130B06 firmware version, which stems from a command injection issue in component /SetTriggerLEDBlink/Blink. An attacker can explo...

DEBIAN-CVE-2022-22909

HotelDruid v3.0.3 was discovered to contain a remote code execution RCE vulnerability which is exploited via an attacker inserting a crafted payload into the name field under the Create New Room module...

Exploit for Off-by-one Error in Sudo_Project Sudo

This is a PoC Proof of Concept exploit for the CVE-2021-3156 vulnerability in the sudo package. The vulnerability is a heap-based buffer overflow that can be exploited to gain elevated privileges. The exploit is written in C and uses a brute-force approach to identify the correct offset and...