Exploit for Use After Free in Google Chrome

⚠️ CVE-2026-2441-PoC - Test Chrome Vulnerability Safely !Do...

poc-test-vulnerability

poc-test-vulnerab...

Exploit for CVE-2025-36911

WhisperPair CVE-2025-36911 Vulnerability Scanner & Research...

Cross-Site-Scripting---XSS

Cross Site Scripting XSS Assignment Objective Demonstrate Cro...

Exploit for Deserialization of Untrusted Data in Facebook React

React2Shell CVE-2025-55182 A proof-of-concept exploit demon...

Exploit for CVE-2025-29775

SAMLStorm CVE-2025-29775 Lab Environment !Educationalhtt...

Exploit for Improper Access Control in Papercut Papercut_Mf

CVE-2023-27350 This PoC demonstrates how it’s possible to byp...

Exploit for CVE-2025-666666

CVE-2025-666666 Successful e...

MTN Group: Social media account takeover

The social media account for https://simfy.africa was taken over, allowing the attacker to redirect visitors to their own Instagram account. This vulnerability was demonstrated through a proof of concept video...

CVE-2024-3938

The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a...

CVE-2024-3938

The "reset password" login page accepted an HTML injection via URL parameters. This has already been rectified via patch, and as such it cannot be demonstrated via Demo site link. Those interested to see the vulnerability may spin up a...

Improper privilege management - Anyone can view room settings.

Description Hi bigbluebutton maintainers, I would like to report an improper privilege management, this allows anyone to view any room settings. Proof of Concept 1. To demonstrate the vulnerability, I've created a room https://demo.bigbluebutton.org/gl/hoa-j4s-sxx-5gn 2. Run this curl command to...

HackerOne: Second-order SOQL injection through email and campaign name parameter in Salesforce lead submission

The HackerOne directory contains profiles of bug bounty and vulnerability disclosure programs that aren't managed on HackerOne. These profiles can be claimed by the organization that manages it. As part of this flow, they will need to enter an email address to confirm that affiliation with the...

vulhub

It is an offensive tool for web application security training. The repository contains a collection of pre-built vulnerable environments based on Docker-Compose. The tool is designed to provide a simple way to create and manage vulnerable environments for web application security training. The...

Exploit for Improper Access Control in Oracle Jdk

This repository contains a collection of exploit files and proof-of-concept PoC vulnerability demonstration files from the team at Hacker House. The files are categorized into several subdirectories, each containing a specific type of exploit or vulnerability. The files include: 1. AIX-0days.txt:...

Should You Send Your Pen Test Report to the MSRC?

Every day, the Microsoft Security Response Center MSRC receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of concept,...

Should You Send Your Pen Test Report to the MSRC?

Every day, the Microsoft Security Response Center MSRC receives vulnerability reports from security researchers, technology/industry partners, and customers. We want those reports, because they help us make our products and services more secure. High-quality reports that include proof of concept,...

CVE-2018-6361

Easy Hosting Control Panel EHCP v0.37.12.b has XSS via the op parameter, as demonstrated by adding a backdoor FTP account...

Smiths Medical Medfusion 4000 - DHCP Denial of Service Exploit

Exploit for hardware platform in category dos / poc !/usr/bin/python3 """PoC for MQX RTCS code execution via DHCP options overflow. This is just a quick hack to prove the vulnerability and was designed to run on a private network with the target device. """ import datetime import socket def main:...

Ruby on Rails remote code execution vulnerability analysis (CVE-2 0 1 6-0 7 5 2)-vulnerability warning-the black bar safety net

If your application uses a dynamic rendering path, such as render params:id, and then unfortunately, the application currently by the presence of local file inclusion and lead to remote code execution vulnerabilities, please quickly move your Rails to update to the latest version, or for your...