50738 matches found
📄 thumbler 1.1.2 Command Injection
thumbler through version 1.1.2 allows OS command injection in thumbnail in lib/thumbler.js. The package concatenates the input, output, time, and size values into a single ffmpeg command string and executes that string with childprocess.exec. An attacker who controls one of those values can injec...
📄 pdf-image 2.0.0 Command Injection
pdf-image through version 2.0.0 allows OS command injection via the pdfFilePath argument. The package builds shell command strings with util.format and executes them with childprocess.exec. If an application passes an attacker-controlled file path into PDFImage, shell metacharacters in that path...
📄 V8 StringToBigInt Memory Corruption Sandbox Bypass
V8 suffers from a sandbox bypass vulnerability due to memory corruption during StringToBigInt conversion. The function v8::internal::StringToBigInt is used by V8 when converting a string to a BigInt e.g. via BigInt“1337”. It first parses the string into individual digitt’s in the...
📄 node-tesseract-ocr 2.2.1 Command Injection
node-tesseract-ocr through version 2.2.1 allows OS command injection in recognize in src/index.js. The package builds a shell command string and executes it with childprocess.exec. Because the input path is only wrapped in double quotes, an attacker can inject shell syntax through a crafted file...
📄 V8 BytecodeArray Swapping Sandbox Bypass
V8 suffers from a sandbox bypass due to arbitrary bytecode execution from BytecodeArray swapping before code deoptimization. Vulnerability Details When deoptimizing compiled code and resuming execution in the interpreter, V8 uses the function Deoptimizer::DoComputeOutputFrames to reconstruct the...
📄 textract 2.5.0 Command Injection
textract through version 2.5.0 allows OS command injection through the file path supplied to multiple extractors. Several code paths pass that file path into childprocess.exec with inadequate sanitization. An attacker who can influence the file name or path can break out of the command line and r...
📄 OpenEMR 8.0.0.2 SQL Injection
OpenEMR versions prior to 8.0.0.3 contain a remote SQL injection vulnerability in the new search popup that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the new search popup functionality. CVE-2026-29187 - SQL Injection Vulnerabilit...
📄 EspoCRM 9.3.3 Remote Code Execution / Path Traversal
EspoCRM versions 9.3.3 and below proof of concept remote code execution exploit that leverages formula ACL bypass, path traversal, and poisoning. !/bin/bash =========================================================================== EspoCRM command Example: ./poc.sh http://192.168.5.16:8090 admin...
📄 activitypub-federation-rust 0.7.1 Server-Side Request Forgery
activitypub-federation-rust versions 0.7.1 and below suffer from a server-side request forgery vulnerability. CVE-2026-33693: SSRF via 0.0.0.0 Bypass in activitypub-federation-rust v4isinvalid CVSS 6.5 Moderate Keywords: SSRF, 0.0.0.0, IP validation bypass, activitypub-federation, Lemmy, Rust,...
📄 MCPJam Inspector 1.4.2 Remote Code Execution
MCPJam Inspector versions 1.4.2 and below proof of concept remote code execution exploit. !/usr/bin/env python3 CVE-2026-23744.py for testing only import requests import argparse import json import sys import urllib3 urllib3.disablewarningsurllib3.exceptions.InsecureRequestWarning def main: parse...
📄 Payara Server Cross Site Scripting
Research details on exploitation for a cross site scripting vulnerability in Payara's administration REST interface. Versions below 4.1.2.191.54, 5.83.0, 6.34.0, and 7.2026.1 are affected. XSS to Admin account takeover CVE-2025-14340 A Cross-Site Scripting vulnerability in Payara’s Administration...
📄 esiclivre 0.2.2 SQL Injection
esiclivre versions 0.2.2 and below suffer from a remote SQL injection vulnerability. CVE-2026-30655 — SQL Injection in esiclivre password reset Summary A SQL injection vulnerability exists in the password reset endpoint of esiclivre. An unauthenticated attacker can inject SQL via the cpfcnpj POST...
📄 ddev/ddev ZipSlip Path Traversal
A ZipSlip path traversal vulnerability exists in ddev/ddev, a popular open-source local development tool for PHP, Python, and Node.js projects. Both the Untar and Unzip functions in pkg/archive/archive.go use filepath.Joindest, file.Name without any path containment validation, allowing a crafted...
📄 Digital Watchdog DVR VMAX / DW-VP / DW-VA Credential Disclosure / Code Execution
Digital Watchdog DVR versions VMAX, DW-VP, and DW-VA suffer from unauthenticated credential disclosure and post-authentication remote code execution vulnerabilities. Exploit Title: Digital Watchdog DVR VMAX/DW-VP/DW-VA unauth credential disclosure and post-auth RCE Date: 2026-01-06 Exploit Author...
📄 OpenEMR 8.0.0 Authenticated SQL Injection
OpenEMR version 8.0.0 authenticated remote SQL injection exploit that leverages the name parameter in ajax/graphs.php. ====================================================================================================================== | Title : OpenEMR 8.0.0 Authenticated SQL Injection via nam...
📄 Cursor IDE MCP Deeplink Remote Code Execution
This Metasploit module exploits the MCP deeplink functionality in Cursor IDE through social engineering. The cursor:// protocol handler can be abused when a user accepts an installation prompt, leading to arbitrary command execution...
📄 Webb Fontaine Trade Portal Information Disclosure
A security vulnerability was identified in the Webb Fontaine Trade Portal affecting the codification module /trade/help/codification. The issue allows unauthorized users to trigger data export functionality via the /export/excel endpoint without proper validation of session state or user...
📄 DSpace 7.6.6-next Cross Site Scripting
The Discovery Search REST API in DSpace version 7.6.6-next suffers from a cross site scripting vulnerability. ============================================================================================================================================= | Title : DSpace 7.6.6-next Discovery API...
📄 MailEnable 10.54 Cross Site Scripting
MailEnable versions 10.54 and below suffer from multiple cross site scripting vulnerabilities. --------------------------------------------------------------------------- MailEnable = 10.54 Multiple Reflected Cross-Site Scripting Vulnerabilities...
📄 AVideo Command Injection
The Metasploit exploit module targets a command injection vulnerability in AVideo. This module exploits a base64-encoded command injection flaw in AVideo Encoder's image processing endpoint, turning a simple URL parameter into remote code execution with multiple payload strategies. Versions prior...
📄 Starlink DNS Rebinding
This python script implements a DNS rebinding attack targeting Starlink infrastructure CVE-2023-52235. ================================================================================================================================== | Title : Starlink DNS Rebinding Exploit | | Author : indoushka...
📄 Barracuda ESG TAR Filename Command Injection
This Metasploit module exploits CVE-2023-2868, a command injection vulnerability in Barracuda Email Security Gateway ESG appliances. The vulnerability exists in how the ESG processes TAR file attachments - filenames containing shell metacharacters backticks are passed directly to shell commands...
📄 Starlink DNS Rebinding
This Metasploit auxiliary module implements a DNS rebinding attack targeting Starlink infrastructure CVE-2023-52235. The module operates by running a malicious DNS server that dynamically switches responses from a public IP to internal network targets, enabling access to internal services. It als...
📄 PEGA Infinity Brute Force / Insecure Direct Object Reference
PEGA Infinity suffers from brute forcing and insecure direct object reference vulnerabilities. Pega Platform versions 7.1.0 through Infinity 25.1.0 are affected by the brute force issue. Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by the idor issue. SEC Consult Vulnerability Lab...
📄 OpenEMR Remote Code Execution
OpenEMR versions prior to 8.0.0.1 contain multiples command injection vulnerabilities in the backup functionality that can be exploited by authenticated attackers. CVE-2026-32238 - Remote Code Execution in OpenEMR Weakness CWE-78 : Improper Neutralization of Special Elements used in an OS Command...
📄 Arturia Software Center MacOS 2.12.0.3157 Privilege Escalation
Arturia Software Center MacOS version 2.12.0.3157 suffers from privilege escalation vulnerabilities. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple Privilege Escalation Vulnerabilities product: Arturia Softwa...
📄 AVideo getImage.php Unauthenticated Command Injection
This Metasploit module exploits an unauthenticated OS command injection vulnerability in the AVideo encoder getImage.php endpoint. This affects versions prior to 7.0. The base64Url GET parameter is base64-decoded and injected directly into an ffmpeg shell command within double quotes, without any...
📄 Casdoor 2.359.0 Cross Site Request Forgery
Casdoor version 2.359.0 suffers from a cross site request forgery vulnerability. This is an older vulnerability originally discovered in 2023 that they still have not addressed in later versions. Exploit Title: Casdoor 2.359.0 2026-03-18 - Cross-Site Request Forgery CSRF Application: Casdoor...
📄 FreePBX Filestore Command Injection
This script targets a potential remote command execution vector in the FreePBX Filestore module by leveraging a valid PHP session cookie PHPSESSID to access administrative AJAX endpoints. The exploit attempts to abuse the testconnection function within the filestore module to inject and execute...
📄 WordPress WPvivid 0.9.123 Arbitrary File Write
This Metasploit module exploits an unauthenticated arbitrary file write vulnerability in the WPvivid Backup plugin used in WordPress websites. The vulnerability allows an attacker to send a specially crafted encrypted payload to the vulnerable endpoint using the parameter wpvividaction=sendtosite...
📄 Libjxl Integer Overflow
This Python script generates malicious JPEG XL JXL image files designed to test a potential integer overflow vulnerability in libjxl. The tool creates specially crafted JXL images with extremely large dimensions and manipulated headers that can trigger memory miscalculations when processed by...
📄 WordPress WWLC 2.0.3.1 File Upload Metasploit Scanner
This Metasploit auxiliary module scans WordPress websites for an arbitrary file upload vulnerability in the WWLC plugin version 2.0.3.1. The module attempts to upload a crafted PHP file through the vulnerable AJAX endpoint admin-ajax.php using the wwlcfileuploadhandler action. If the upload is...
📄 WordPress WWLC 2.0.3.1 File Upload Scanner
This Python tool is a multi‑threaded scanner designed to detect an arbitrary file upload vulnerability in the WWLC WordPress plugin version 2.0.3.1. The script loads a list of target websites from a file and attempts to upload a crafted PHP payload through the vulnerable admin-ajax.php endpoint...
📄 FreePBX Filestore Authenticated Command Injection
This Metasploit module exploits an authenticated command injection vulnerability in the FreePBX filestore module. The filestore module allows administrators to configure remote file storage backends SSH, FTP, etc. for backup and file management purposes. The vulnerability exists in the SSH driver...
📄 WordPress Canto 3.0.4 Remote File Inclusion
This is a Metasploit module that exploits a remote file inclusion vulnerability in WordPress Canto plugin versions 3.0.4 and below. ============================================================================================================================================= | Title : WordPress Can...
📄 Microsoft Windows Server 2025 jscript.dll Use-After-Free
The exploit targets a use-After-free vulnerability in the JScript engine component jscript.dll of Internet Explorer 11 on Windows Server 2025. ============================================================================================================================================= | Title :...
📄 Microsoft Windows Cloud Files Mini Filter Driver Local Privilege Escalation
Proof of concept exploit for a heap-based buffer overflow vulnerability in the Windows Cloud Files Mini Filter Driver cldflt.sys that allows local attackers to escalate privileges from user-level to SYSTEM-level access on affected Windows systems. The vulnerability exists in the Cloud Files Mini...
📄 Microsoft Windows 11 Race Condition / Privilege Escalation
This Metasploit module exploits CVE-2025-62215, a race condition combined with a double-free vulnerability in the Windows Kernel. It allows local privilege escalation from low-privileged users to SYSTEM by exploiting improper synchronization in kernel object handling...
📄 Microsoft Windows 11 SMB Local Privilege Escalation
Proof of concept for CVE‑2025‑33073, a Microsoft Windows SMB privilege escalation vulnerability that abuses local NTLM reflection behavior within the SMB stack...
📄 Alipay Open Redirect / API Attacker Payload Insertion
A single crafted URL enables a complete attack chain against Alipay mobile application users that can allow for data exfiltration. As the vendor has stated this is normal behavior with no apparent plans to address the problem, this is being published to make users aware. Alipay Mobile App -...
📄 Microsoft Windows LNK File Remote Code Execution
This PHP script is a proof of concept exploit that demonstrates how to create a Windows LNK shortcut file that executes a PowerShell command in this example, launches calc.exe...
📄 SPIP CMS Analysis Scanner Script
This is an exploitation tool designed for websites running the SPIP CMS versions 5.4.0 through 5.11.0. The tool performs automated detection and enumeration of SPIP installations, identifies installed plugins, attempts to determine plugin versions, and searches for forms using the saisies plugin...
📄 BuptLab DNS Relay Server 1.0 Denial of Service
A remote denial of service vulnerability exists in BuptLab DNS Relay Server version 1.0 due to improper validation of DNS label length during query parsing. An attacker can send a specially crafted DNS request containing an invalid label length field that exceeds the actual payload size. When the...
📄 Nginx UI 2.3.3 Backup Decryption Mass Scanner
This Python tool is a multi‑threaded scanner and exploitation utility designed to identify and validate the vulnerability CVE-2026-27944 affecting Nginx UI versions 2.3.2 and below. The script supports scanning single hosts, CIDR ranges, or target lists, and checks multiple common web service...
📄 Nginx UI 2.3.3 Unauthenticated Backup Disclosure / Decryption
This Python proof‑of‑concept demonstrates an unauthenticated information disclosure vulnerability in Nginx UI tracked as CVE-2026-27944. The vulnerability allows a remote attacker to access the /api/backup endpoint without authentication and retrieve a backup archive of the server configuration...
📄 FreeFloat FTP Server 1.0 Buffer Overflow
Proof of concept exploit for a buffer overflow vulnerability in FreeFloat FTP Server version 1.0. The exploit works by sending an overly long payload through the NOOP FTP command, which overflows the server's buffer and allows control of the EIP Extended Instruction Pointer...
📄 WatchGuard Firebox Default SSH Credentials
This is a python script to detect whether or not WatchGuard Firebox devices allow unauthorized access via default credentials admin:readwrite on port 4118. =============================================================================================================================================...
📄 BuptLab DNS Relay Server 1.0 Buffer Underflow
This is a proof of concept exploit that leverages a remote heap buffer underflow denial of service vulnerability in BuptLab DNS Relay Server version 1.0.0 that was recently discovered by Antonius...
📄 Vvveb CMS 1.0.5 Command Injection
Proof of concept exploit for a remote command injection vulnerability in Vvveb CMS version 1.0.5 via configuration files. Upon further analysis, the researcher has also discovered that this affects version 1.0.7.3...
📄 Easy Grade Pro 4.1 Malformed .EGP File Denial of Service
This Python script generates a malformed .EGP gradebook file designed to trigger a crash in Easy Grade Pro 4.1 by corrupting data at a specific offset within the file...