CVE-2025-53927 MaxKB sandbox bypass

MaxKB is an open-source AI assistant for enterprise. Prior to version 2.0.0, the sandbox design rules can be bypassed because MaxKB only restricts the execution permissions of files in a specific directory. Therefore, an attacker can use the shutil.copy2 method in Python to copy the command they...

MaxKB 代码注入漏洞

MaxKB is a 1Panel-dev open source open source knowledge base question and answer system based on a large language model and RAG. A code injection vulnerability exists in MaxKB versions prior to 2.0.0, which stems from the fact that sandbox design rules can be bypassed, potentially leading to a...

Exploit for CVE-2022-25226

ThinVNC 1.0b1 - Authentication Bypass to Remote Code Execution...

📄 Remote Mouse 4.601 Remote Command Execution

This exploit targets Remote Mouse version 4.6.0.1 by injecting malicious UDP packets that simulate keyboard input to execute arbitrary PowerShell commands. The vulnerability exists in the way Remote Mouse processes unauthenticated UDP commands on port 1978 by sending specially crafted packets...

📄 TouchServer 2.0.0 Remote Code Execution

TouchServer version 2.0.0 has a vulnerability that allows remote attackers to execute arbitrary commands by sending specially crafted UDP packets. This exploit delivers a PowerShell reverse shell by emulating keyboard input to trigger its download and execution. Exploit Title: TouchServer 2.0.0 -...

Exploit for Improper Restriction of Operations within the Bounds of a Memory Buffer in Microsoft

CVE-2020-0796 Remote Code Execution POC c 2020 ZecOps, Inc. - https://www.zecops.com - Find Attackers' Mistakes Remote Code Execution POC for CVE-2020-0796 / "SMBGhost" Expected outcome: Reverse shell with system access. Intended only for educational and testing in corporate environments. ZecOps...

Exploit for Improper Access Control in Appsmith

This is a PoC exploit for CVE-2024-55963, a vulnerability allowi...

Exploit for Code Injection in Langflow

CVE-2024-48061 Langflow vulnerable to remote code execution...

Exploit for Code Injection in Langflow

CVE-2025-3248 - Langflow Code Validation Endpoint RCE A proof...

CVE-2025-30131

An issue was discovered on IROAD Dashcam FX2 devices. An unauthenticated file upload endpoint can be leveraged to execute arbitrary commands by uploading a CGI-based webshell. Once a file is uploaded, the attacker can execute commands with root privileges, gaining full control over the dashcam...

📄 Mouselink 5.0.1 Remote Code Execution

Mouselink version 5.0.1 allows unauthenticated remote attackers to execute arbitrary commands by abusing an exposed login endpoint and insecure WebSocket-based keyboard simulation. With no password per default, an attacker can obtain a JWT token, open a WebSocket session, and simulate keystrokes ...

📄 VLC Mobile Remote for Windows 1.3.9.3 Remote Code Execution

VLC Mobile Remote for Windows version 1.3.9.3 allows remote code execution via unauthenticated keystroke injection over TCP, enabling command execution and reverse shell delivery. This is a second version of the original exploit by the same author. Exploit Title: VLC Mobile Remote VMR for Windows...

Exploit for Command Injection in Tp-Link Tl-Wr940N_Firmware

Python Exploit for TP-Link TL-WR940N/TL-WR841N Command Injecti...

OS Command Exec, Unix Command Shell, Reverse TCP (via Zsh)

Execute an OS command from PHP. Connect back and create a command shell via Zsh. Note: Although Zsh is often available, please be aware it isn't usually installed by default. Module Options msf use payload/php/unix/cmd/reversezsh msf payloadreversezsh show actions ...actions... msf...

OS Command Exec, Unix Command Shell, Reverse TCP (via Python)

Execute an OS command from PHP. Connect back and create a command shell via Python Module Options msf use payload/php/unix/cmd/reversepython msf payloadreversepython show actions ...actions... msf payloadreversepython set ACTION msf payloadreversepython show options ...show and set options... msf...

OS Command Exec, Unix Command Shell, Reverse TCP SSL (telnet)

Execute an OS command from PHP. Creates an interactive shell via mkfifo and telnet. This method works on Debian and other systems compiled without /dev/tcp support. This module uses the '-z' option included on some systems to encrypt using SSL. Module Options msf use...

OS Command Exec, Unix Command Shell, Double Reverse TCP SSL (telnet)

Execute an OS command from PHP. Creates an interactive shell through two inbound connections, encrypts using SSL via "-z" option Module Options msf use payload/php/unix/cmd/reversessldoubletelnet msf payloadreversessldoubletelnet show actions ...actions... msf payloadreversessldoubletelnet set...

Exploit for CVE-2025-49619

CVE-2025-49619 PoC --- This script exploits CVE-2025-49619...

Exploit for Code Injection in Squirrelly

CVE-2024-40453 - Squirrelly v9.0.0 RCE Disclaimer: This sc...

Exploit for Code Injection in Langflow

Authenticated CVE-2025-3248 Langflow Remote Code Execution Th...