50786 matches found
📄 Revive Adserver 6.0.7 CSRF / XSS / Code Injection
Revive Adserver versions 6.0.7 and below suffer from code injection, cross site request forgery, improper access control, and cross site scripting vulnerabilities. ======================================================================== Revive Adserver Security Advisory REVIVE-SA-2026-003...
📄 cleverange_auth 0.1.10 Denial of Service
A denial of service vulnerability exists in cleverangeauth version 0.1.10. The vulnerability is caused by the automatic generation of verification records and immediate email delivery whenever a new User object is created. Security Advisory: CVE-2026-51788 Denial of Service DoS Vulnerability in...
📄 OpenEMR 7.0.2 Authenticated Arbitrary File Read
This Metasploit auxiliary module targets an authenticated arbitrary file read vulnerability in the Fax/SMS module of OpenEMR version 7.0.2 and related builds. ================================================================================================================================== | Title...
📄 NTLM Relay to Self Attack Module for Active Directory Privilege Escalation
This is a Metasploit module designed for Windows/Active Directory environments that performs an advanced NTLM relay-to-self attack to escalate privileges on a compromised machine...
📄 OpenBMC bmcweb Authentication Bypass
Proof of concept that demonstrates an OpenBMC bmcweb AUTH-F6 mTLS UPN Suffix authentication bypass vulnerability via a parent-domain certificate. ================================================================================================================================== | Title : OpenBMC...
📄 OpenCATS 0.9.7.4 Time-Based Blind SQL Injection
This Python script targets a remote SQL injection vulnerability in OpenCATS version 0.9.7.4. ================================================================================================================================== | Title : OpenCATS 0.9.7.4 Time-Based Blind SQL Injection Exploit Data...
📄 OpenCATS 0.9.7.4 Time-Based Blind SQL Injection
This Metasploit module targets a remote SQL injection vulnerability in OpenCATS version 0.9.7.4. ================================================================================================================================== | Title : OpenCATS 0.9.7.4 SQL Injection Time-Based Blind | | Author ...
📄 OpenBMC bmcweb Denial of Service / Authentication Bypass
This Metasploit module exploits authentication bypass and denial of service vulnerabilities in bmcweb, the OpenBMC HTTP/Redfish web server that runs on BMC firmware for enterprise servers Intel, IBM, HPE, NVIDIA, and various ODMs...
📄 Vtiger CRM 8.3.0 Shell Upload
This is a focused authenticated remote code execution proof of concept exploit for Vtiger CRM version 8.3.0. It logs into Vtiger, uploads a .phar PHP webshell through the Documents module, uses /storage/ directory listing to discover the randomized uploaded filename, then executes commands throug...
📄 Vtiger CRM 8.3.0 / 8.4.0 Shell Upload
This repository contains a Python proof of concept for CVE-2026-23698, an authenticated remote code execution vulnerability affecting Vtiger CRM. The PoC implements two exploitation techniques: abusing the Module Manager to import a malicious module containing a PHP webshell, and on certain...
📄 Pachno 1.0.6 XML Injection / Code Execution / Shell Upload
Authenticated Python exploit tool targeting Pachno version 1.0.6 with claimed XXE, privilege escalation, CSRF payload generation, unrestricted PHP webshell upload, open redirect testing, and a placeholder deserialization / remote code execution chain...
📄 Oracle E-Business Suite 12.2.14 Remote Code Execution
This Metasploit module exploits CVE-2025-61882, a pre-authentication remote code execution vulnerability in Oracle E-Business Suite versions 12.2.3 through 12.2.14. ================================================================================================================================== |...
📄 OpenSourcePOS 3.4.1 Cross Site Request Forgery
OpenSourcePOS version 3.4.1 suffers from a cross site request forgery vulnerability. ================================================================================================================================== | Title : OpenSourcePOS 3.4.1 CSRF Vulnerability Leading to Unauthorized Admin...
📄 Hydra Stack Buffer Overflow
A malicious NTLM Type-2 challenge with an excessively long domain causes a stack buffer overflow in Hydra's NTLM authentication handler SMTP, POP3, IMAP, etc. modules. Versions 9.7 and below are affected. Exploit Title: Hydra - Stack Buffer Overflow CVE: CVE-2026-56766 Date: 2026-06-26 Exploit...
📄 OPNsense XPATH Injection
OPNsense suffers from a stored XPATH injection vulnerability that allows any user with just ca manager/certificate manager permissions to leak any secret key/any value in config.xml, thus achieving privilege escalation and potentially remote code execution. Patched in version 26.1.10. SUMMARY: a...
📄 MODX 3.2.1 Missing Secure Flag
MODX version 3.2.1 is missing the secure flag setting on its cookie. Titles: MODX.3.2.1 TLS cookie without secure flag set - COOKIE PHPSESSID HIJACK Author: nu11secur1ty Date: 7/7/2026 Vendor: https://modx.com/ Software:...
📄 Discuz! X5.0 Authentication Bypass
Discuz! X5.0 suffers from an authentication bypass vulnerability. Exploit Title: Discuz! X5.0 - Authentication Bypass CVE: CVE-2026-49952 Date: 2026-06-26 Exploit Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity Author GitHub: https://github.com/mbanyamer Autho...
📄 Cisco AsyncOS 14.2.0 Code Execution
ESA Cisco Secure Email and Cisco Secure Email and Web Manager with Cisco AsyncOS version 14.2.0 allows an authenticated user with permissions to SNMP-config that ability to execute arbitrary code as root using a specially crafted SNMP trap config. This is for an older issue from 2023. About...
📄 MCPJam Inspector 1.4.2 Remote Code Execution
MCPJam Inspector versions 1.4.2 and below remote code execution proof of concept exploit. Exploit Title: MCPJam Inspector - Remote Code Execution Date: 07/03/2026 Exploit Author: Diamorphine Vendor Homepage: https://www.mcpjam.com/ Software Link: https://github.com/MCPJam Version: &...
📄 PAN-OS GlobalProtect Authentication Bypass
This Python proof of concept exploit targets an authentication bypass vulnerability in PAN-OS GlobalProtect by attempting to forge authentication cookies using publicly exposed TLS certificate material. Versions prior to 12.1.4-h6 are affected...
📄 Flowise 3.1.3 Arbitrary Code Execution
Flowise version 3.1.3 suffers from an arbitrary code execution vulnerability. On Windows, the Custom MCP stdio environment variable validation uses case-sensitive comparison. Supplying "nodeoptions" bypasses the NODEOPTIONS denylist and allows arbitrary code execution via --require. Exploit Title...
📄 Paperclip AI Unauthenticated Remote Code Execution
Python exploit for an unauthenticated remote code execution vulnerability in Paperclip AI. The attack leverages a chain of six API requests to achieve code execution on a target system without valid authentication...
📄 Cisco AsyncOS 14.2.0 Privilege Escalation / Local Root
Cisco AsyncOS version 14.2.0 local privilege escalation details that achieve a local root shell. About Security researcher: ly1g3, ly1g3attuta.io GPG fingerprint: https://keys.openpgp.org/vks/v1/by-fingerprint/5FE85CE4E8F675F5ABD2C0A33CE8BE447ED6D586 Overview: Local Privilege Escalation and Shell...
📄 Samba Print Command Injection
This is a command injection exploit for the Samba print spooler subsystem. ================================================================================================================================== | Title : Samba Print Spooler Subsystem Command Injection Assessment Tool Review | | Author...
📄 Joomla JoomShaper SP LMS 4.1.3 PHP Object Injection
Joomla JoomShaper SP LMS versions 4.1.3 and below suffer from a PHP object injection vulnerability. Exploit Ttile: Joomla Extension 4.1.4 - PHP Object injection Affected : JoomShaper SP LMS = 4.1.4 Author : Amin İsayev / Proxima Cyber Security Joomla version note: RCE requires Joomla = 5.2.2...
📄 Perl IO::Compress Code Execution
This Metasploit auxiliary module targets a remote code execution vulnerability in Perl's IO::Compress, specifically through an eval injection issue in File::GlobMapper::getFiles...
📄 PCLink 4.1.1 Insecure Extension Installation
A vulnerable configuration in PCLink version 4.1.1 could potentially be abused to install unauthorized extensions. The script automates the creation of an extension package, hosts it through a local HTTP server, and sends requests to the target application to trigger the extension installation...
📄 Pulpy 0.1.1-Beta Sandbox Bypass
Pulpy versions 0.1.1-Beta and below suffer from a filesystem sandbox bypass vulnerability. Exploit Title: Pulpy 0.1.1-Beta - Filesystem Sandbox Bypass Google Dork: N/A Date: 2026-06-19 Exploit Author: Onur BILICI @basekill Vendor Homepage: https://github.com/enesgkky/pulpy Software Link:...
📄 Proofpoint Messaging Security Gateway 8.18.4.73 Remote Code Execution
Proofpoint Messaging Security Gateway version 8.18.4.73 has a remote code execution vulnerability that can be leveraged via a simple curl. About Security researcher: ly1g3, ly1g3attuta.io GPG fingerprint: https://keys.openpgp.org/vks/v1/by-fingerprint/5FE85CE4E8F675F5ABD2C0A33CE8BE447ED6D586...
📄 Proofpoint Messaging Security Gateway 8.18.4.73 Remote Code Execution
Proofpoint Messaging Security Gateway version 8.18.4.73 has a remote code execution vulnerability in Euwebutils.pm. About Security researcher: ly1g3, ly1g3attuta.io GPG fingerprint: https://keys.openpgp.org/vks/v1/by-fingerprint/5FE85CE4E8F675F5ABD2C0A33CE8BE447ED6D586 Overview: Remote Code...
📄 Phoenix Contact TC Router 5004T-5G EU 1.06.18 Authenticated Command Injection
Proof of concept for an authenticated command injection vulnerability in certain Phoenix Contact TC Routers such as 5004T-5G EU with firmware versions 1.06.18 and below...
📄 WordPress KeepInMind Dashboard 0.8.4.2 Cross Site Scripting
WordPress KeepInMind Dashboard versions 0.8.4.2 and below suffer from a persistent cross site scripting vulnerability. Exploit Title: KeepInMind 0.8.4.2 - Stored XSS Date: 2026-06-12 Exploit Author: Pavan N Vendor Homepage: https://wordpress.org/plugins/keepinmind-dashboard-notes/ Software Link:...
📄 PHPSpreadsheet 5.8.0 Remote Code Execution
PHPSpreadsheet version 5.8.0 suffers from a phar deserialization remote code execution vulnerability. ================================================================================================================================== | Title : PHPSpreadsheet 5.8.0 Phar Deserialization RCE | | Auth...
📄 WordPress WPZOOM Portfolio 1.4.21 Cross Site Scripting
WordPress WPZOOM Portfolio plugin versions 1.4.21 and below suffer from a cross site scripting vulnerability. Exploit Title: WordPress Plugin WPZOOM Portfolio 1.4.21 - Reflected Cross-Site Scripting XSS Date: June 10, 2026 Exploit Author: Kent Apostol Vendor Homepage: https://wpzoom.com Software...
📄 KNX visualisering Broken Access Control
KNX visualisering suffers from a brute-forcing vulnerability for the pin code. Exploit Title: KNX visualisering - Broken Access Control Date: 6/10/2026 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: KNX visualisering https:/www.knxgroep.nl Version: KNX visualisering Tested on:...
📄 Tenable Nessus 10.12.0 SQL Injection
A SQL injection vulnerability exists in Tenable Nessus when importing malicious scan result files .nessus XML. Versions 10.12.0 and below are affected. Exploit Title: Tenable Nessus 10.12.1 - SQL Injection CVE: CVE-2026-57588 Date: 2026-06-26 Exploit Author: Mohammed Idrees Banyamer Author Countr...
📄 WordPress Bricks Builder 1.9.6 Remote Code Execution
WordPress Bricks Builder theme versions 1.9.6 and below suffer from a remote code execution vulnerability. Exploit Title: WordPress Bricks Builder Theme - RCE Date: 2026-06-25 Exploit Author: Jared Brits K3ysTr0K3R Vendor Homepage: https://bricksbuilder.io/ Software Link: https://bricksbuilder.io...
📄 iOS Bluetooth PAN Zero-Cost Ethernet Gateway
A logic flaw in Apple's iOS Bluetooth PAN stack allows an attacker to force an iPhone to display a real "Ethernet" icon and open the core USB port 62078 over Bluetooth without any cable or adapter. The attack costs €0 to execute, while Apple sells the Satechi Multiport Pro V2 adapter for €89.95 t...
📄 Tenda HG7 / HG9 / HG10 Buffer Overflow
This module is a Metasploit auxiliary scanner / denial of service module designed to test a stack-based buffer overflow condition affecting specific Tenda router models through the /boaform/formDOMAINBLK endpoint. The issue is associated with oversized input supplied to the blkDomain parameter,...
📄 SoftmaartCRM 2 Cross Site Request Forgery
SoftmaartCRM version 2 suffers from a cross site request forgery vulnerability. ================================================================================================================================== | Title : SoftmaartCRM v2 CSRF vulnerability | | Author : indoushka | | Tested on :...
📄 Strapi CMS 5.36.1 Account Takeover
This Metasploit module exploits a critical bypass vulnerability in Strapi CMS that allows unauthenticated attackers to take over the Super Admin account. ================================================================================================================================== | Title :...
📄 Slate Digital Connect 1.37.0 Local Privilege Escalation
Slate Digital Connect version 1.37.0 local proof of concept privilege escalation exploit. ================================================================================================================================== | Title : Slate Digital Connect 1.37.0 Local Privilege Escalation Exploit | ...
📄 Strapi Filter Injection Administrator Password Reset
This tool assesses whether filter injection weaknesses can impact administrator account recovery workflows in Strapi deployments. It validates exposure conditions, evaluates enumeration risks, and analyzes password reset flow behavior for defensive security testing. Strapi versions starting in...
📄 Xerte Online Toolkits 3.15 Unauthenticated Remote Code Execution
Python remote code execution proof of concept exploit for Xerte Online Toolkits targeting multiple vulnerabilities in the elFinder file manager integration. ================================================================================================================================== | Title :...
📄 Tenda HG7 / HG9 / HG10 Buffer Overflow
This Python script is a multi-mode framework targeting an alleged stack-based buffer overflow vulnerability in the /boaform/formDOMAINBLK endpoint of certain Tenda HG-series routers...
📄 MacOS PackageKit ZSH Environment Privilege Escalation
This Metasploit module exploits CVE-2024-27822, a vulnerability in macOS PackageKit.framework where PKG installer scripts using a ZSH shebang !/bin/zsh are executed as root while inheriting the installing users environment. This causes ZSH to load the users /.zshenv with root privileges before th...
📄 SAP NetWeaver ABAP SAML XML Signature Wrapping Authentication Bypass
This Metasploit module exploits a vulnerability in SAP NetWeaver ABAP's SAML Service Provider implementation CVE-2026-23687. The vulnerability allows an attacker to bypass SAML signature verification through XML Signature wrapping attacks. By crafting a SAML response with a wrapped signature usin...
📄 Siemens SICAM A8000 25.30 Remote Operation Denial of Service
This is a network stress-testing / denial of service tool written in Python, modeled around a claimed vulnerability CVE-2026-27663 affecting Siemens SICAM A8000 devices...
📄 ImageMagick 7.x MIFF BZip Decoder Infinite Loop Denial of Service
A vulnerability in ImageMagick's MIFF decoder coders/miff.c allows an attacker to cause an infinite loop and CPU exhaustion by providing a specially crafted MIFF file with a compressed block length of zero when BZip compression is enabled...
📄 Whistlelink Site-Access Password Exposed
The Whistlelink reporting portal protects optionally-enabled, password-gated whistleblowing sites with a site-access password. When a visitor unlocks such a site, the client validates the password by issuing an HTTP GET request that carries the password as a URL query-string parameter which is...