47904 matches found
Windows 11 23H2 - Denial of Service (DoS)
Exploit Title: Windows 11 23H2 - Denial of Service DoS Google Dork: N/A Date: 2025-08-22 Exploit Author: Kryptoenix Vendor Homepage: https://www.microsoft.com/ Software Link: https://www.microsoft.com/en-us/software-download/windows11 Version: Windows 11 23H2 Tested on: Windows 11 23H2 x64 CVE:...
Xibo CMS 4.3.0 - RCE via SSTI
Exploit Title: Xibo CMS - Authenticated Remote Code Execution via SSTI Date: 2025-11-04 Exploit Author: Cristian Branet Vendor Homepage: https://xibosignage.com/ Software Link: https://github.com/xibosignage/xibo-cms/ Version: 4.3.1 Tested on: Linux Ubuntu 22.04 CVE : CVE-2025-62639 Article:...
Craft CMS 5.6.16 - RCE
Exploit Title: Craft CMS 5.6.16 - RCE Google Dork: N/A Date: 2026-01-24 Exploit Author: Mohammed Idrees Banyamer Author Country: Jordan Vendor Homepage: https://craftcms.com Software Link: https://github.com/craftcms/cms Version: = 3.9.14, = 4.14.14, = 5.6.16 Tested on: Linux, Apache/Nginx, PHP 8...
HAX CMS 24.x - Stored Cross-Site Scripting (XSS)
Exploit Title: HAX CMS 24.x - Stored Cross-Site Scripting XSS Date: 2026-01-28 Google Dork: "N/A" Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity Vendor Homepage: https://www.drupal.org/project/hax Software Link: https://github.com/elmsln/haxcms Version: PoC/t...
GUnet OpenEclass E-learning platform < 4.2 - Remote Code Execution (RCE)
Exploit Title: GUnet OpenEclass E-learning platform """ def banner: printf'''YELLOW ┏━╸╻ ╻┏━╸ ┏━┓┏━┓┏━┓┏━┓ ┏━┓┏━┓┏━┓╻ ╻╺┓ ┃ ┃┏┛┣╸ ╺━╸┏━┛┃┃┃┏━┛┣━┓╺━╸┏━┛┏━┛┏━┛┗━┫ ┃ ┗━╸┗┛ ┗━╸ ┗━╸┗━┛┗━╸┗━┛ ┗━╸┗━╸┗━╸ ╹╺┻╸ RED Author: @Ashif1337 RESET''' def cleanserveropeneclass,filename: printf"ORANGE+ Removing...
phpMyFAQ 4.0.16 - Improper Authorization
Exploit Title: phpMyFAQ = 4.0.16 - Improper Authorization Google Dork: N/A Date: 2026-01-23 Exploit Author: GUIA BRAHIM FOUAD Vendor Homepage: https://www.phpmyfaq.de/ Software Link: https://www.phpmyfaq.de/download/ Version: = 4.0.16 REQUIRED Tested on: Ubuntu 22.04, Apache 2.4.52, PHP 8.2.x,...
GeographicLib v2.5.1 - stack buffer overflow
Exploit title: GeographicLib v2.5.1 - stack buffer overflow Date of discovery: 20 August 2025 Exploit Author: Me zer0matt Rosario Matteo Grammatico Vendor homepage: https://github.com/geographiclib/ Software link: https://github.com/geographiclib/geographiclib Affected version: GeographicLib =...
OpenKM 6.3.12 - Multiple
Exploit Title: OpenKM Multiple Critical Zero-Day Date: 17 Jan 2026 Exploit Author: Terra System Labs Pvt. Ltd. Vendor Homepage: https://www.openkm.com/ Software Link: https://hub.docker.com/r/openkm/openkm-ce Version: OpenKM Community Edition 6.3.12 and OpenKM Pro Edition 7.1.47 and previous...
JuzaWeb CMS 3.4.2 - Authenticated Remote Code Execution
Exploit Title: JuzaWeb CMS 3.4.2 - Authenticated Remote Code Execution Date: 2026-01-10 Exploit Author: Sardor Shoakbarov Author GitHub: https://github.com/TheDeepOpc Vendor Homepage: https://juzaweb.com/ Software Link: https://github.com/juzaweb/ CVE: N/A Pending import requests import argparse...
FacturaScripts 2025.43 - XSS
Exploit Title: FacturaScripts 2025.43 - XSS Date: 30-12-2025 Exploit Author: VETTRIVEL U Author Profile: https://www.linkedin.com/in/vettrivel2006 Vendor Homepage: https://facturascripts.com/ Software Link: https://github.com/NeoRazorX/facturascripts Affected Versions: = 2025.4, = 2025.11, =...
Fedora - Local Privilege Escalation
Exploit Title: Fedora Local Privilege Escalation via ABRT Date: 07-October-2025 Exploit Author: initstring Vendor Homepage: https://fedoraproject.org Software Link: https://fedoraproject.org/server/download Version: Fedora 43 and below running ABRT v 2.17.7 and below Tested on: Fedora 42...
Atlona ATOMERX21 - Authenticated Command Injection
// Exploit Title: Atlona AT-OME-RX21 Authenticated Command Injection // Google Dork: N/A // Date: 2025-12-28 // Exploit Author: RIZZZIOM // Vendor Homepage: https://atlona.com // Software Link: https://atlona.com/product/at-ome-rx21/ // Version: Firmware -u -p -l -P -c package main import "bytes"...
LangChain Core 1.2.4 - SSTI/RCE
Exploit Title: LangChain Core - SSTI/RCE Date: 2025-12-29 Exploit Author: Mohammed Idrees Banyamer Author Country: Jordan Contact: @banyamersecurity Instagram GitHub: https://github.com/mbanyamer Vendor Homepage: https://www.langchain.com/ Software Link: https://pypi.org/project/langchain-core/...
GNU InetUtils 2.6 - Telnetd Remote Privilege Escalation
Exploit Title: GNU InetUtils telnetd - Remote Privilege Escalation Date: 2026-01-24 Exploit Author: Ali Guliyev infat0x Author GitHub: https://github.com/infat0x Vendor Homepage: https://www.gnu.org/software/inetutils/ Software Link: https://ftp.gnu.org/gnu/inetutils/ Version: GNU InetUtils 2.0...
OpenWrt 23.05 - Authenticated Remote Code Execution (RCE)
Exploit Title: OpenWrt 23.05 - Authenticated Remote Code Execution RCE Date: 2026-01-17 Exploit Author: Ahmet Mersin Vendor Homepage: https://github.com/stangri/luci-app-https-dns-proxy Software Link: https://github.com/stangri/luci-app-https-dns-proxy Version: All versions prior to 2026-01-17...
AVAST Antivirus 25.11 - Unquoted Service Path
Exploit Title: AVAST Antivirus 25.11 - Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Date: 2025-12-17 Vendor Homepage:https://www.avast.com/ Software Link : https://www.avast.com/es-mx/download-thank-you.php?product=SLN&locale=es-mx Tested Version:...
WordPress Plugin 5.2.0 - Broken Access Control
Exploit Title: WordPress Plugin 5.2.0 - Broken Access Control Date: 2025-09-20 Exploit Author: Zeeshan Haider Vendor Homepage: https://wordpress.org/plugins/ Software Link: https://wordpress.org/plugins/highlight-and-share/ Version: Description A broken access control vulnerability exists in a...
Throttlestop Kernel Driver - Kernel Out-of-Bounds Write Privilege Escalation
Exploit Title: Throttlestop Kernel Driver - Kernel Out-of-Bounds Write Privilege Escalation Exploit Details: https://xavibel.com/2025/12/22/using-vulnerable-drivers-in-red-team-exercises/ Date: 8/12/2025 Exploit Author: Xavi Beltran Vendor Homepage:...
D-Link DIR-650IN - Authenticated Command Injection
Exploit Title: D-Link DIR-650IN - Authenticated Command Injection Date: 2023-01-08 Exploit Author: Sanjay Singh Vendor Homepage: https://www.dlink.com Software Link: https://dlinkmea.com/index.php/product/details?det=T082aVdUWUFNR2FRblBBQUxMWlVTZz09 Version: Firmware V1.04 REQUIRED Tested on:...
NetBT e-Fatura - Privilege Escalation
Exploit Title: NetBT e-Fatura - Privilege Escalation Author: Seccops Discovery Date: 2025-10-03 Vendor: https://net-bt.com.tr/e-fatura/ Tested Version: 2024 Tested on OS: Microsoft Windows Server 2019 DC Vulnerability Type: CWE-428 Unquoted Search Path or Element CVE: CVE-2025-14018 Note: Thanks...
ZSH 5.9 - RCE
Exploit ZSH 5.9 - RCE Date: 30-12-2025 Exploit Author: sinanadilrana import pexpect import sys import time def debugprintmsg: printf"DEBUG msg" def returntogdbgdb, maxattempts=3, timeout=3: """More reliable function to return to GDB prompt""" debugprint"Attempting to return to GDB..." for attempt...
RomM 4.4.0 - XSS_CSRF Chain
Exploit Title: RomM Application tab or Storage on Firefox Cookies - Copy the rommcsrftoken cookie value 3. Replace below with your token 4. Replace with the target RomM instance URL e.g., http://romm.local 5. Save this file as avatar.html 6. Upload it as your profile avatar...
Jumbo Website Manager - Remote Code Execution
Exploit Title: Jumbo Website Manager - Remote Code Execution Application: Jumbo Website Manager Version: v1.3.7 Bugs: RCE Technology: PHP Vendor URL: https://sourceforge.net/projects/jumbo/ Software Link: https://sourceforge.net/projects/jumbo/ Date of found: 28.10.2025 Author: Mirabbas Ağalarov...
React Server 19.2.0 - Remote Code Execution
Exploit Title: React Server 19.2.0 - Remote Code Execution Date: 2025-12-05 Exploit Author: EynaExp https://github.com/EynaExp Vendor Homepage: https://react.dev Software Link: https://react.dev/reference/rsc/server-components Version: 19.0.0, 19.1.0, 19.1.1, 19.2.0 Tested on: Windows,Linux CVE :...
xibocms 3.3.4 - RCE
Exploit Title: XiboCMS 3.3.4- Remote Code Execution Google Dork: N/A Date: 2025-11-18 Exploit Author: complexusprada Vendor Homepage: https://xibo.org.uk/ Software Link: https://github.com/xibosignage/xibo-cms Version: 1.8.0 - 2.3.16, 3.0.0 - 3.3.4 Tested on: Ubuntu Linux Docker, Xibo CMS 3.3.4...
7-Zip 24.00 - Directory Traversal
Exploit Title: 7-Zip 25.00 - Directory Traversal to RCE via Malicious ZIP Date: 2025-11-22 Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Vendor Homepage: https://www.7-zip.org Software Link:...
Microsoft MMC MSC EvilTwin - Local Admin Creation
!/usr/bin/env python3 Exploit Title: Microsoft MMC MSC EvilTwin - Local Admin Creation Date: 2025-11-22 Author: Mohammed Idrees Banyamer Author Country: Jordan GitHub: https://github.com/mbanyamer Vendor Homepage: https://www.microsoft.com Software Link: N/A built-in Windows component - mmc.exe...
Horilla v1.3 - RCE
Exploit Title: Horilla v1.3 - RCE Date: 2025-05-29 Exploit Author: Raghad Abdallah Al-syouf Version: = 1.3 Tested on: Ubuntu / Docker CVE: CVE-2025-48868 Description: This script exploits the authenticated RCE vulnerability CVE-2025-48868. It logs into the target web app, creates a project, and...
SQLite 3.50.1 - Heap Overflow
Exploit Title: SQLite 3.50.1 - Heap Overflow Date: 2025-11-05 Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Vendor Homepage: https://www.sqlite.org Software Link: https://www.sqlite.org/download.html Version: SQLite 3.50....
FortiWeb 8.0.2 - Remote Code Execution
Exploit Title: FortiWeb 8.0.2 - Remote Code Execution Date: 2025-11-22 Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Vendor Homepage: https://www.fortinet.com Software Link:...
Desktop Window Manager Core Library 10.0.10240.0 - Privilege Escalation
Title: Desktop Window Manager Core Library 10.0.10240.0 — Privilege Escalation Heap-based Buffer Overflow sanitized evidence Author: nu11secur1ty Date: 2025-11-04 Vendor: Microsoft Software: Windows Desktop Window Manager DWM — DWM Core Library affected desktop/server releases as per vendor...
RiteCMS 3.1.0 - Authenticated Remote Code Execution
Exploit Title: RiteCMS 3.1.0 - Authenticated Remote Code Execution Date: 2025-10-26 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/handylulu/RiteCMS Software Link: https://github.com/handylulu/RiteCMS/releases/download/V3.1.0/ritecms.v3.1.0.zip Version: 3.1.0 Tested on: Window...
Grafana 11.6.0 - SSRF
Exploit Title: Grafana 11.6.0 - SSRF FOFA: app="Grafana" Date: 2-11-2025 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://grafana.com/ Software Link: https://grafana.com/grafana/download Version: 11.2.0 - 11.6.0 CVE: CVE-2025-4123 Description: An SSRF Server-Side Request Forgery...
WBCE CMS 1.6.4 - Remote Code Execution
Exploit Title: WBCE CMS 1.6.4 - Remote Code Execution Date: 2024-10-26 Exploit Author: Chokri Hammedi Vendor Homepage: https://wbce.org/ Software Link: https://github.com/WBCE/WBCECMS/releases/tag/v1.6.4 Version: 1.6.4 Tested on: Linux Debian/Parrot OS Vulnerability Description WBCE CMS version...
WordPress Madara - Local File Inclusion
Exploit Title: WordPress Madara Local File Inclusion Date: November 1, 2025 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: WordPress Theme Madara Software Link: WordPress Theme Madara Tested on: OS / PHP / WordPress versions used in testing — e.g., Ubuntu 22.04, PHP 8.1, WP 6.4 CVE:...
Fortinet FortiWeb v8.0.1 - Auth Bypass
Titles:Fortinet FortiWeb v8.0.1 - Auth Bypass Author: nu11secur1ty Date: 11/15/2025 Vendor: https://www.fortinet.com/ Software: v8.0.1 Reference: https://nvd.nist.gov/vuln/detail/CVE-2025-64446 Description: CVE-2025-64446 is a critical path traversal vulnerability affecting multiple versions of...
Windows Kernel - Elevation of Privilege
Exploit Title : Windows Kernel - Elevation of Privilege Author : E1.Coders Contact : E1.Coders at Mail dot RU Security Risk : CNA: Microsoft Corporation Base Score: 7.0 HIGH...
ASP.net 8.0.10 - Bypass
Exploit Title: ASP.net 8.0.10 - Bypass Date: 2025-11-03 Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer CVE: CVE-2025-55315 Tested on: .NET Kestrel unpatched - ASP.NET Core on localhost lab environment Platform: remote Type...
Zhiyuan OA - arbitrary file upload leading
Exploit Title: Zhiyuan OA - arbitrary file upload leading Google Dork / FOFA: app="致远互联-OA" && title="V8.0SP2" Date: 1-11-2025 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://service.seeyon.com/ Software Link: vendor download / product page if available Version: 5.0, 5.1–5.6sp1,...
is-localhost-ip 2.0.0 - SSRF
Titles: is-localhost-ip 2.0.0 - SSRF Author: nu11secur1ty Date: 11/09/2025 Vendor: https://github.com/tinovyatkin/is-localhost-ip Software: https://github.com/tinovyatkin/is-localhost-ip/releases/tag/v2.0.0 Reference: https://portswigger.net/web-security/ssrf Description: SSRF PoC — Professional...
mailcow 2025-01a - Host Header Password Reset Poisoning
Exploit Title: mailcow 2025-01a - Host Header Password Reset Poisoning Date: 2025-10-21 Exploit Author: Iam Alvarez AKA Groppoxx / Maizeravla Vendor Homepage: https://mailcow.email Software Link: https://github.com/mailcow/mailcow-dockerized Version: 2025-01a REQUIRED Tested on: Ubuntu 22.04.5 LT...
Boss Mini v1.4.0 - Local File Inclusion (LFI)
Exploit Title: Boss Mini v1.4.0 - Local File Inclusion LFI Date: 07/12/2023 Exploit Author: nltt0 Version: 1.4.0 Build 6221 CVE: CVE-2023-3643 from requests import post from urllib.parse import quote from argparse import ArgumentParser banner = r""" / \ | | / | | / / | | \ --. | | / | |/ | ' \ /...
WordPress Backup Migration 1.3.7 - Remote Command Execution
Exploit Title: WordPress Backup Migration 1.3.7 - Remote Command Execution Date: 2025-10-26 Exploit Author: DANG Vendor Homepage: https://backupbliss.com/ Software Link: https://wordpress.org/plugins/backup-backup/ Version: Backup Migration ≤1.3.7 Tested on: LINUX CVE : CVE-2023-6553 This module...
WeGIA 3.5.0 - SQL Injection
Exploit Title: WeGIA 3.5.0 - SQL Injection Date: 2025-10-14 Exploit Author: Onur Demir OnurDemir-Dev Vendor Homepage: https://www.wegia.org Software Link: https://github.com/LabRedesCefetRJ/WeGIA/ Version: " echo "Example: $0 http://127.0.0.1/WeGIA/ "admin" "wegia" "version"" exit 1 fi...
Easy File Sharing Web Server v7.2 - Buffer Overflow
Exploit title: Easy File Sharing Web Server v7.2 - Buffer Overflow Date: 16/10/2025 Exploit Author: Donwor X: @realDonwor Discord: Donwor Website: https://github.com/D0nw0r Software Link: https://www.exploit-db.com/apps/60f3ff1f3cd34dec80fba130ea481f31-efssetup.exe Version: Easy File Sharing Web...
glibc 2.38 - Buffer Overflow
Exploit Title: glibc 2.38 - Buffer Overflow Google Dork: N/A Date: 2025-10-08 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://www.gnu.org/software/libc/ Software Link: https://ftp.gnu.org/gnu/libc/glibc-2.35.tar.gz Version: glibc 2.35 specifically 2.35-0ubuntu3.3 on Ubuntu 22.04.3...
Windows 10.0.17763.7009 - spoofing vulnerability
Exploit Title: Windows 10.0.17763.7009 - spoofing vulnerability Google Dork: N/A Date: 2025-10-06 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://www.microsoft.com Software Link: N/A Version: Not applicable this is a generic Windows library file behavior Tested on: Windows 10 x64 ...
motionEye 0.43.1b4 - RCE
Exploit Title: motionEye 0.43.1b4 - RCE Exploit PoC: motionEye RCE via client-side validation bypass safe PoC Filename: motioneyercepocedb.txt Author: prabhatverma47 Date tested: 2025-05-14 original test; prepared for submission: 2025-10-11 Affected Versions: motionEye = 0.43.1b4 Tested on: Debia...
Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE
Exploit Title: Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE Date: 2025-10-07 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://kubernetes.io Software Link: https://github.com/kubernetes/ingress-nginx Version: Affects v1.10.0 to v1.11.1 potentially others Tested o...
windows 10/11 - NTLM Hash Disclosure Spoofing
Exploit Title: windows 10/11 - NTLM Hash Disclosure Spoofing Date: 2025-10-06 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://www.microsoft.com Software Link: N/A Version: Not applicable this is a generic Windows library file behavior Tested on: Windows 10 x64 / Windows 11 x64 lab...