2108 matches found
📄 WebRemoteControl Unauthenticated Remote Filesystem Access
Proof of concept tool that demonstrates how WebRemoteControl suffers from unauthenticated remote filesystem access and potential remote code execution. ================================================================================================================================== | Title :...
Exploit for CVE-2022-42005
Tesla Security Research Vulnerability research on the Tesla M...
Exploit for CVE-2025-66478
CVE-2025-66478-Research-Proof-of-Concept Overview This re...
sqli_exploit
S...
Malicious code in skills-detector (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 844190b21455d308d6e2b5305ebe92634d80b55817290a84644a1048df0e54b3 On npm install, postinstall.js executes whoami and id via childprocess.execSync, collects os.hostname, os.platform, current working directory, and th...
MAL-2026-4644 Malicious code in power-platform-playwright-toolkit (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 57967d58233d74f2fc4f9b0dee7c050370eb388050df8d63f29e719f83468d73 On npm install, the package's postinstall script postinstall.js collects host identifiers and CI context — whoami, os.hostname, os.platform, cwd, CI,...
Exploit for CVE-2025-46822
CVE-2025-46822 ⚠️ Security Research & Legal Disclaimer...
Malicious code in dds-js-idl-types (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 68e8941c301603919022f1d67d311d576d5d5efcac7ed7cb0d3526cb71e829d6 On npm install, the package's postinstall.js runs whoami and reads os.hostname, os.platform, the current working directory, and CI-related environmen...
Making Vulnerable Drivers Exploitable Without Hardware - The BYOVD Perspective
1 Introduction This article provides a technical analysis of how many Windows kernel mode drivers can be interacted with from user mode without the hardware they were developed for. This work was motivated by driver-oriented vulnerability research and the need to evaluate the exploitability of...
Exploit for Command Injection in Exiftool_Project Exiftool
⚠️ Security Research & Legal Disclaimer 📌 Purpose of This...
offensive-claude
Offensive Security Research Config for Claude Code A comprehe...
react2shell-poc
日本語 !CAUTION For Authorized Security Re...
portofolio_DWForSec
DwF — Cybersecurity Portfolio A professional cybersecurity po...
poc-archive
poc-archive A structured archive of security research proof-o...
Exploit for Incorrect Implementation of Authentication Algorithm in Google Android
🔓 CVE-2026-0073 - Android ADB Wireless Debugging Auth Bypass...
CVE-2026-28961
creationtimestamp| type| source ---|---|--- 2026-05-12 10:21:51+00:00| seen| https://www.thezdi.com/blog/2026/5/12/the-apple-macos-security-update-review 2026-05-12 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities20260513 2026-05-26...
CVE-2026-28993
creationtimestamp| type| source ---|---|--- 2026-05-12 10:21:51+00:00| seen| https://www.thezdi.com/blog/2026/5/12/the-apple-macos-security-update-review 2026-05-12 18:00:00+00:00| seen| https://www.hkcert.org/security-bulletin/apple-products-multiple-vulnerabilities20260513 2026-05-26...
PT-2026-40426
Name of the Vulnerable Software and Affected Versions pyLoad affected versions not specified Description An authenticated attacker with administrative privileges can achieve account takeover by stealing session files of other users. The issue arises because the software fails to block the storage...
Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel
CVE-2026-31431 "Copy Fail" - Research & Pentesting Tool !Li...
PT-2026-39599
Zed is a code editor. Prior to 0.229.0, Zed's terminal tool permission system can be bypassed by prepending environment variable assignments to allowlisted commands, hijacking program behavior e.g., PAGER to execute arbitrary code. This vulnerability is fixed in 0.229.0...