50773 matches found
📄 WordPress WPZOOM Portfolio 1.4.21 Cross Site Scripting
WordPress WPZOOM Portfolio plugin versions 1.4.21 and below suffer from a cross site scripting vulnerability. Exploit Title: WordPress Plugin WPZOOM Portfolio 1.4.21 - Reflected Cross-Site Scripting XSS Date: June 10, 2026 Exploit Author: Kent Apostol Vendor Homepage: https://wpzoom.com Software...
📄 iOS Bluetooth PAN Zero-Cost Ethernet Gateway
A logic flaw in Apple's iOS Bluetooth PAN stack allows an attacker to force an iPhone to display a real "Ethernet" icon and open the core USB port 62078 over Bluetooth without any cable or adapter. The attack costs €0 to execute, while Apple sells the Satechi Multiport Pro V2 adapter for €89.95 t...
📄 WordPress Bricks Builder 1.9.6 Remote Code Execution
WordPress Bricks Builder theme versions 1.9.6 and below suffer from a remote code execution vulnerability. Exploit Title: WordPress Bricks Builder Theme - RCE Date: 2026-06-25 Exploit Author: Jared Brits K3ysTr0K3R Vendor Homepage: https://bricksbuilder.io/ Software Link: https://bricksbuilder.io...
📄 KNX visualisering Broken Access Control
KNX visualisering suffers from a brute-forcing vulnerability for the pin code. Exploit Title: KNX visualisering - Broken Access Control Date: 6/10/2026 Exploit Author: parsa rezaie khiabanloo Vendor Homepage: KNX visualisering https:/www.knxgroep.nl Version: KNX visualisering Tested on:...
📄 Tenable Nessus 10.12.0 SQL Injection
A SQL injection vulnerability exists in Tenable Nessus when importing malicious scan result files .nessus XML. Versions 10.12.0 and below are affected. Exploit Title: Tenable Nessus 10.12.1 - SQL Injection CVE: CVE-2026-57588 Date: 2026-06-26 Exploit Author: Mohammed Idrees Banyamer Author Countr...
📄 Phoenix Contact TC Router 5004T-5G EU 1.06.18 Authenticated Command Injection
Proof of concept for an authenticated command injection vulnerability in certain Phoenix Contact TC Routers such as 5004T-5G EU with firmware versions 1.06.18 and below...
📄 Hydra Stack Buffer Overflow
A malicious NTLM Type-2 challenge with an excessively long domain causes a stack buffer overflow in Hydra's NTLM authentication handler SMTP, POP3, IMAP, etc. modules. Versions 9.7 and below are affected. Exploit Title: Hydra - Stack Buffer Overflow CVE: CVE-2026-56766 Date: 2026-06-26 Exploit...
📄 MODX 3.2.1 Missing Secure Flag
MODX version 3.2.1 is missing the secure flag setting on its cookie. Titles: MODX.3.2.1 TLS cookie without secure flag set - COOKIE PHPSESSID HIJACK Author: nu11secur1ty Date: 7/7/2026 Vendor: https://modx.com/ Software:...
📄 PAN-OS GlobalProtect Authentication Bypass
This Python proof of concept exploit targets an authentication bypass vulnerability in PAN-OS GlobalProtect by attempting to forge authentication cookies using publicly exposed TLS certificate material. Versions prior to 12.1.4-h6 are affected...
📄 Perl IO::Compress Code Execution
This Metasploit auxiliary module targets a remote code execution vulnerability in Perl's IO::Compress, specifically through an eval injection issue in File::GlobMapper::getFiles...
📄 Paperclip AI Unauthenticated Remote Code Execution
Python exploit for an unauthenticated remote code execution vulnerability in Paperclip AI. The attack leverages a chain of six API requests to achieve code execution on a target system without valid authentication...
📄 OPNsense XPATH Injection
OPNsense suffers from a stored XPATH injection vulnerability that allows any user with just ca manager/certificate manager permissions to leak any secret key/any value in config.xml, thus achieving privilege escalation and potentially remote code execution. Patched in version 26.1.10. SUMMARY: a...
📄 Cisco AsyncOS 14.2.0 Privilege Escalation / Local Root
Cisco AsyncOS version 14.2.0 local privilege escalation details that achieve a local root shell. About Security researcher: ly1g3, ly1g3attuta.io GPG fingerprint: https://keys.openpgp.org/vks/v1/by-fingerprint/5FE85CE4E8F675F5ABD2C0A33CE8BE447ED6D586 Overview: Local Privilege Escalation and Shell...
📄 Cisco AsyncOS 14.2.0 Code Execution
ESA Cisco Secure Email and Cisco Secure Email and Web Manager with Cisco AsyncOS version 14.2.0 allows an authenticated user with permissions to SNMP-config that ability to execute arbitrary code as root using a specially crafted SNMP trap config. This is for an older issue from 2023. About...
📄 MCPJam Inspector 1.4.2 Remote Code Execution
MCPJam Inspector versions 1.4.2 and below remote code execution proof of concept exploit. Exploit Title: MCPJam Inspector - Remote Code Execution Date: 07/03/2026 Exploit Author: Diamorphine Vendor Homepage: https://www.mcpjam.com/ Software Link: https://github.com/MCPJam Version: &...
📄 Pulpy 0.1.1-Beta Sandbox Bypass
Pulpy versions 0.1.1-Beta and below suffer from a filesystem sandbox bypass vulnerability. Exploit Title: Pulpy 0.1.1-Beta - Filesystem Sandbox Bypass Google Dork: N/A Date: 2026-06-19 Exploit Author: Onur BILICI @basekill Vendor Homepage: https://github.com/enesgkky/pulpy Software Link:...
📄 Proofpoint Messaging Security Gateway 8.18.4.73 Remote Code Execution
Proofpoint Messaging Security Gateway version 8.18.4.73 has a remote code execution vulnerability that can be leveraged via a simple curl. About Security researcher: ly1g3, ly1g3attuta.io GPG fingerprint: https://keys.openpgp.org/vks/v1/by-fingerprint/5FE85CE4E8F675F5ABD2C0A33CE8BE447ED6D586...
📄 PHPSpreadsheet 5.8.0 Remote Code Execution
PHPSpreadsheet version 5.8.0 suffers from a phar deserialization remote code execution vulnerability. ================================================================================================================================== | Title : PHPSpreadsheet 5.8.0 Phar Deserialization RCE | | Auth...
📄 WordPress KeepInMind Dashboard 0.8.4.2 Cross Site Scripting
WordPress KeepInMind Dashboard versions 0.8.4.2 and below suffer from a persistent cross site scripting vulnerability. Exploit Title: KeepInMind 0.8.4.2 - Stored XSS Date: 2026-06-12 Exploit Author: Pavan N Vendor Homepage: https://wordpress.org/plugins/keepinmind-dashboard-notes/ Software Link:...
📄 Proofpoint Messaging Security Gateway 8.18.4.73 Remote Code Execution
Proofpoint Messaging Security Gateway version 8.18.4.73 has a remote code execution vulnerability in Euwebutils.pm. About Security researcher: ly1g3, ly1g3attuta.io GPG fingerprint: https://keys.openpgp.org/vks/v1/by-fingerprint/5FE85CE4E8F675F5ABD2C0A33CE8BE447ED6D586 Overview: Remote Code...
📄 Flowise 3.1.3 Arbitrary Code Execution
Flowise version 3.1.3 suffers from an arbitrary code execution vulnerability. On Windows, the Custom MCP stdio environment variable validation uses case-sensitive comparison. Supplying "nodeoptions" bypasses the NODEOPTIONS denylist and allows arbitrary code execution via --require. Exploit Title...
📄 Joomla JoomShaper SP LMS 4.1.3 PHP Object Injection
Joomla JoomShaper SP LMS versions 4.1.3 and below suffer from a PHP object injection vulnerability. Exploit Ttile: Joomla Extension 4.1.4 - PHP Object injection Affected : JoomShaper SP LMS = 4.1.4 Author : Amin İsayev / Proxima Cyber Security Joomla version note: RCE requires Joomla = 5.2.2...
📄 Discuz! X5.0 Authentication Bypass
Discuz! X5.0 suffers from an authentication bypass vulnerability. Exploit Title: Discuz! X5.0 - Authentication Bypass CVE: CVE-2026-49952 Date: 2026-06-26 Exploit Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity Author GitHub: https://github.com/mbanyamer Autho...
📄 PCLink 4.1.1 Insecure Extension Installation
A vulnerable configuration in PCLink version 4.1.1 could potentially be abused to install unauthorized extensions. The script automates the creation of an extension package, hosts it through a local HTTP server, and sends requests to the target application to trigger the extension installation...
📄 Samba Print Command Injection
This is a command injection exploit for the Samba print spooler subsystem. ================================================================================================================================== | Title : Samba Print Spooler Subsystem Command Injection Assessment Tool Review | | Author...
📄 MacOS PackageKit ZSH Environment Privilege Escalation
This Metasploit module exploits CVE-2024-27822, a vulnerability in macOS PackageKit.framework where PKG installer scripts using a ZSH shebang !/bin/zsh are executed as root while inheriting the installing users environment. This causes ZSH to load the users /.zshenv with root privileges before th...
📄 Slate Digital Connect 1.37.0 Local Privilege Escalation
Slate Digital Connect version 1.37.0 local proof of concept privilege escalation exploit. ================================================================================================================================== | Title : Slate Digital Connect 1.37.0 Local Privilege Escalation Exploit | ...
📄 Siemens SICAM A8000 25.30 Remote Operation Denial of Service
This is a network stress-testing / denial of service tool written in Python, modeled around a claimed vulnerability CVE-2026-27663 affecting Siemens SICAM A8000 devices...
📄 Strapi CMS 5.36.1 Account Takeover
This Metasploit module exploits a critical bypass vulnerability in Strapi CMS that allows unauthenticated attackers to take over the Super Admin account. ================================================================================================================================== | Title :...
📄 SAP NetWeaver ABAP SAML XML Signature Wrapping Authentication Bypass
This Metasploit module exploits a vulnerability in SAP NetWeaver ABAP's SAML Service Provider implementation CVE-2026-23687. The vulnerability allows an attacker to bypass SAML signature verification through XML Signature wrapping attacks. By crafting a SAML response with a wrapped signature usin...
📄 SoftmaartCRM 2 Cross Site Request Forgery
SoftmaartCRM version 2 suffers from a cross site request forgery vulnerability. ================================================================================================================================== | Title : SoftmaartCRM v2 CSRF vulnerability | | Author : indoushka | | Tested on :...
📄 Strapi Filter Injection Administrator Password Reset
This tool assesses whether filter injection weaknesses can impact administrator account recovery workflows in Strapi deployments. It validates exposure conditions, evaluates enumeration risks, and analyzes password reset flow behavior for defensive security testing. Strapi versions starting in...
📄 Xerte Online Toolkits 3.15 Unauthenticated Remote Code Execution
Python remote code execution proof of concept exploit for Xerte Online Toolkits targeting multiple vulnerabilities in the elFinder file manager integration. ================================================================================================================================== | Title :...
📄 Tenda HG7 / HG9 / HG10 Buffer Overflow
This module is a Metasploit auxiliary scanner / denial of service module designed to test a stack-based buffer overflow condition affecting specific Tenda router models through the /boaform/formDOMAINBLK endpoint. The issue is associated with oversized input supplied to the blkDomain parameter,...
📄 Tenda HG7 / HG9 / HG10 Buffer Overflow
This Python script is a multi-mode framework targeting an alleged stack-based buffer overflow vulnerability in the /boaform/formDOMAINBLK endpoint of certain Tenda HG-series routers...
📄 Horde Groupware IMP Webmail Path Traversal / Local File Inclusion
Horde Groupware's IMP Webmail solution contains a path traversal / local file inclusion vulnerability which could be exploited to escalate privileges or bypass authentication. This is patched in version 7.0.1. this is my first time sending to a mailing list so ive chosen something easy. here goes...
📄 ImageMagick 7.x MIFF BZip Decoder Infinite Loop Denial of Service
A vulnerability in ImageMagick's MIFF decoder coders/miff.c allows an attacker to cause an infinite loop and CPU exhaustion by providing a specially crafted MIFF file with a compressed block length of zero when BZip compression is enabled...
📄 Whistlelink Site-Access Password Exposed
The Whistlelink reporting portal protects optionally-enabled, password-gated whistleblowing sites with a site-access password. When a visitor unlocks such a site, the client validates the password by issuing an HTTP GET request that carries the password as a URL query-string parameter which is...
📄 Cockpit CMS 2.13.5 Cross Site Scripting / Account Takeover
Cockpit CMS versions 2.13.5 and below suffer from persistent cross site scripting and cross site request forgery vulnerabilities. CVE-2026-39275 - Stored XSS Leading to Account Takeover in Cockpit CMS Note: Responsibly disclosed to and patched by the Cockpit CMS maintainers prior to publication. ...
📄 Cacti 1.2.30 Remote Code Execution
This Metasploit module is an authenticated remote code execution exploit for Cacti versions 1.2.30 and below. ================================================================================================================================== | Title : Cacti ≤ 1.2.30 Authenticated RCE via Host...
📄 Cacti 1.2.30 Remote Code Execution
Cacti versions 1.2.30 and below authenticated remote code execution exploit that uses variable injection via graph rendering. Written in Python. ================================================================================================================================== | Title : Cacti ≤...
📄 Zscaler Client Connector macOS Fail-Open SIGSTOP Bypass
Zscaler Client Connector for macOS can be bypassed by a standard local user during the Restart Services / Repair App workflow by suspending user-owned Zscaler processes with SIGSTOP. The reported impact is fail-open loss of ZIA/ZPA enforcement, DLP, telemetry, and tunnel routing while the console...
📄 ImageMagick 7.x MIFF Decoder Denial of Service
This code generates a malicious MIFF image file designed to exploit a flaw in ImageMagick’s BZip decompression handling. The issue is triggered by a zero-length compressed block, which can cause ImageMagick to enter an infinite loop and consume 100% CPU...
📄 Samsung Galaxy Zero-Click HFP/A2DP Takeover
Samsung Galaxy buds have an issue where an attacker within Bluetooth range can force a transition of the active audio session to an attacker-controlled device without requiring user interaction. Samsung believes it is a non-issue. MESSAGE HASH SHA-256:...
📄 Zig 0.16.0 Denial of Service / Integer Overflow
Zig version 0.16.0 suffers from an integer overflow vulnerability that results in a denial of service condition. Agent Spooky’s Fun Parade hereby reports, with the solemnity of a raccoon presenting a subpoena, an integer-overflow panic in Zig’s std.http chunked request-body reader. In Zig 0.16.0...
📄 Atlassian Central GraphQL Email Enumeration
The loomUnauthenticatedprimaryAuthTypeForEmail GraphQL query on Atlassian's central GraphQL gateway returns different responses depending on whether an email address is registered with Atlassian, allowing unauthenticated user enumeration. CVE-2026-XXXX: Atlassian Central GraphQL — Email Enumerati...
📄 Flowise CSV Agent Prompt Injection Remote Code Execution
This vulnerability allows remote attackers to execute arbitrary code on affected installations of FlowiseAI Flowise. Authentication is not required to exploit this vulnerability. The specific flaw exists within the run method of the CSVAgents class. The issue results from the lack of proper...
📄 Control Web Panel 0.9.8.1224 SQL Injection
Control Web Panel versions 0.9.8.1224 and below suffer from a remote SQL injection vulnerability via the userRes POST parameter. --------------------------------------------------------------------- Control Web Panel = 0.9.8.1224 userRes SQL Injection Vulnerability...
📄 ProtonVPN 4.4.1 Unquoted Service Path
ProtonVPN version 4.4.1 suffers from an unquoted service path vulnerability. Exploit Title: ProtonVPN v4.4.1 - Unquoted Service Path Date: 2026-06-22 Exploit Author: Milad Karimi Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Vendor Homepage:...
📄 WordPress WP Full Stripe Free 8.4.3 Missing Authorization
The WP Full Stripe Free plugin for WordPress is vulnerable to missing authorization in versions up to, and including, 8.4.3 via the wpfsupdatefailedpaymentstatus AJAX action. CVE-2026-12432: WP Full Stripe Free = 8.4.4 - Published: June 26, 2026 - Last Updated: June 27, 2026 - Researcher: Netwurm...