50624 matches found
📄 Samsung Quram DNG Remote Code Execution
A vulnerability exists in Samsung's image decoding library libimagecodec.quram.so responsible for parsing Digital Negatives DNG. A malformed DNG containing oversized IFD entries can cause heap corruption. With precise heap grooming, this condition may lead to remote code execution when the...
📄 Roundcube Webmail SVG Tracking
Roundcube's HTML sanitizer doesn't treat SVG feImage href as an image source. Attackers can bypass remote image blocking to track email opens. Roundcube Webmail , , and , but not on . Its href went through the wrong code path and got allowed through. Attackers could track email opens even when...
📄 Next.js 15 Remote Code Execution
A PHP-based proof of concept implementation demonstrating the critical remote code execution vulnerability in React Server Components RSC Flight protocol, affecting React and Next.js applications...
📄 Online Admission Software 2.6 SQL Injection
Online Admission Software version 2.6 suffers from a remote SQL injection vulnerability. ============================================================================================================================================= | Title : Online Admission Software 2.6 SQL injection Vulnerabilit...
📄 Samsung QuramDng Warp Out-Of-Bounds Read
This python proof of concept demonstrates an out-of-bounds read vulnerability in Samsung's QuramDng image processing library, triggered via a specially crafted DNG Digital Negative file. The script programmatically builds a minimal but valid DNG file containing a malformed WarpRectilinear opcode,...
📄 Samsung QuramDng Embedded DNG Out-Of-Bounds Read / Write
This proof of concept demonstrates an out-of-bounds read / write vulnerability in Samsung's QuramDng image parser, affecting Galaxy S22–S25 devices running One UI 6+. By crafting a malformed DNG that abuses the OpcodeList1 specifically the FixBadPixelsList opcode and embedding it inside a JPEG...
📄 Samsung Quram DNG TrimBounds Out-Of-Bounds Read
A vulnerability exists in the image decoding logic of Quram DNG parser within libimagecodec.quram.so. The flawed bounds validation in handling TrimBounds opcode triggers out-of-bounds reads on heap-allocated image buffers. This issue allows remote attackers to craft a malicious DNG payload, embed...
📄 Next.js 15.2.3 Middleware Authorization Bypass
This Python script checks whether a website built with Next.js is vulnerable to CVE‑2025‑29927, a middleware authorization bypass flaw triggered by the request header:x-middleware-subrequest...
📄 Xhibiter NFT Marketplace 1.10.2 SQL Injection
Xhibiter NFT Marketplace versions 1.10.2 and below suffer from a time-based remote blind SQL injection vulnerability in the id parameter of the /collections endpoint...
📄 WordPress TNC Toolbox 1.4.2 Information Disclosure
WordPress TNC Toolbox plugin versions 1.4.2 and below sensitive information disclosure proof of concept exploit. ============================================================================================================================================= | Title : WordPress TNC Toolbox = 1.4.2...
📄 WordPress WP Rocket 2.10.3 LFI Vulnerability Scanner
WordPress WP Rocket plugin versions prior to 2.10.4 local file inclusion vulnerability scanning tool. ============================================================================================================================================= | Title : WordPress WP Rocket 2.10.3 LFI Vulnerabilit...
📄 WordPress Wux Blog Editor 3.0.0 Vulnerability Scanner
This Metasploit auxiliary module scans WordPress sites for the External Post Editor plugin and checks for the unauthenticated file upload vulnerability that exists in version 3.0.0...
📄 WordPress Royal Elementor Addons 1.3.78 Shell Upload
WordPress Royal Elementor Addons plugin version 1.3.78 remote shell upload proof of concept exploit. ============================================================================================================================================= | Title : WordPress Royal Elementor Addons 1.3.78 RCE ...
📄 Xiongmai XM530 ONVIF / RTSP Security Scanner
This project is a unified PHP-based security scanner designed to identify critical vulnerabilities in IP cameras, with a primary focus on ONVIF authentication bypass CVE-2025-65856 and unauthenticated RTSP stream exposure. The tool provides a single-file web interface that allows scanning a singl...
📄 WordPress Tatsu 3.3.11 Shell Upload
WordPress Tatsu plugin version 3.3.11 proof of concept unauthenticated remote shell upload exploit. ============================================================================================================================================= | Title : WordPress Tatsu 3.3.11 Plugin Unauthenticated...
📄 MikroTik RouterOS WinBox 3.41 Username Enumeration
Proof of concept exploit for MikroTik RouterOS WinBox version 3.41 that demonstrates a username enumeration vulnerability. ============================================================================================================================================= | Title : MikroTik RouterOS WinB...
📄 XWiki 16.4.0 Remote Code Execution
Proof of concept exploit for a critical template injection vulnerability in XWiki Platform that allows unauthenticated remote code execution. The vulnerability affects XWiki versions 5.3-milestone-2 to 15.10.10 and 16.0.0-rc-1 to 16.4.0, potentially impacting thousands of enterprise wiki...
📄 WordPress SureTriggers 1.0.78 Authentication Bypass
WordPress SureTriggers plugin versions 1.0.78 and below expose an unauthenticated REST endpoint that allows construction of a user creation payload. This proof of concept demonstrates structure and logic only. No admin account is created, no plugin uploaded...
📄 WordPress StoreKeeper for WooCommerce 14.4.4 Shell Upload
A critical security vulnerability exists in the StoreKeeper for WooCommerce WordPress plugin that allows unauthenticated attackers to upload arbitrary files, including PHP web shells, leading to complete system compromise. Version 14.4.4 is affected...
📄 WordPress User Registration and Membership 4.1.2 Authentication Bypass
Proof of concept exploit for WordPress User Registration and Membership plugin versions 4.1.2 and below. These versions contain a critical authentication bypass vulnerability that allows unauthenticated attackers to gain unauthorized access to user accounts, including administrative privileges, b...
📄 WordPress WOOCOMMERCE Designer Pro 1.9.26 Shell Upload
WordPress WOOCOMMERCE Designer Pro plugin version 1.9.26 proof of concept remote shell upload exploit. ============================================================================================================================================= | Title : WordPress WOOCOMMERCE Designer Pro 1.9.26...
📄 NPU Driver Use-After-Free Detector
This Metasploit module detects vulnerable NPU drivers susceptible to CVE-2025-21424, a use-after-free vulnerability in the MSM NPU kernel driver. Additional details are included that identify shortcomings in the original proof of concept...
📄 Node.js 25.x Permission Model Sandbox Bypass / Path Traversal
This Metasploit module validates a sandbox escape weakness in the Node.js permission model that allows restricted file access bypass through symlink-based path traversal. When Node.js is executed with the --permission flag and limited filesystem read/write paths, the permission checks rely on...
📄 Piranha CMS 12.0 Cross Site Scripting
Piranha CMS version 12.0 suffers from a cross site scripting vulnerability. Exploit Title: Piranha CMS 12.0 - Stored Cross Site Scripting Date: 2025-09-26 Exploit Author: Chidubem Chukwu Terminal Venom LinkedIn : https://www.linkedin.com/in/chidubem-chukwu-20bb202a9? Vendor Homepage:...
📄 Novell GroupWise 8.0 Traversal / Code Injection
Proof of concept exploit for an older vulnerability from 2012 that looks for a directory traversal vulnerability in Novell GroupWise version 8.0 before Support Pack 3 and attempts to upload a webshell if possible...
📄 Ingress-NGINX Admission Controller 1.11.1 Remote Code Execution
Ingress-NGINX Admission Controller version 1.11.1 remote code execution proof of concept exploit that chains together multiple vulnerabilities. Exploit Title: Ingress-NGINX Admission Controller v1.11.1 - FD Injection to RCE Date: 2025-10-07 Exploit Author: Beatriz Fresno Naumova Vendor Homepage:...
📄 Redis 8.0.2 Remote Code Execution
Redis versions from 2.8 to before 8.0.3, 7.4.5, 7.2.10, and 6.2.19, suffer from a heap out of bounds write that can be leverage for remote code execution. Exploit Title: Redis RCE Date: 2025-10-07 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://redis.io/ Software Link:...
📄 MySCADA MyPRO Manager 1.2 PHP Code Injection
MySCADA MyPRO Manager version 1.2 suffers from a code injection vulnerability. ============================================================================================================================================= | Title : MySCADA MyPRO Manager 1.2 PHP Code Injection Vulnerability | |...
📄 RPi-Jukebox-RFID 2.8.0 Cross Site Scripting
RPi-Jukebox-RFID version 2.8.0 suffers from a persistent cross site scripting vulnerability. Exploit Title: RPi-Jukebox-RFID 2.8.0 - Stored XSS CVE-2025-10370 Date: 2025-09-25 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://github.com/MiczFlor/RPi-Jukebox-RFID Software Link:...
📄 NFR Agent 1.0.1 Arbitrary File Delete
Proof of concept exploit for an arbitrary file deletion vulnerability from 2011 in NFR Agent version 1.0.1. ============================================================================================================================================= | Title : NFR Agent 1.0.1 Arbitrary File Delete...
📄 D-Link DIR-825 Rev.B 2.10 Buffer Overflow
D-Link DIR-825 Rev.B versions 2.10 and below proof of concept stack buffer overflow denial of service exploit. Exploit Title: D-Link DIR-825 Rev.B 2.10 - Stack Buffer Overflow DoS Google Dork: N/A Date: 2025-09-25 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://www.dlink.com/...
📄 Nexus Repository Manager 3.53.0-01 File Disclosure / Traversal
A critical path traversal vulnerability exists in Sonatype Nexus Repository Manager 3 that allows unauthenticated attackers to read arbitrary files from the server filesystem through crafted URL paths. This is a proof of concept for an issue discovered in 2024...
📄 Casdoor 2.284.0 / 2.285.0 Cross Site Request Forgery
Casdoor versions 2.284.0 and 2.285.0 suffer a cross site request forgery vulnerability that was originally discovered in an earlier version but has not been addressed. Related CVE number: CVE-2023-34927. Exploit Title: Casdoor v2.284.0 2026-02-03 & v2.285.0 2026-02-03 - Cross-Site Request Forgery...
📄 Microsoft Windows 10 / 11 NTLM Hash Disclosure Spoofing
Microsoft Windows 10 / 11 proof of concept exploit that generates a .library-ms XML file pointing to a network share UNC. When opened/imported on Windows, the library points to the specified UNC path. Exploit Title: windows 10/11 - NTLM Hash Disclosure Spoofing Date: 2025-10-06 Exploit Author:...
📄 Next.js 14.2.25 Middleware Subrequest Bypass
A vulnerability exists in the Next.js middleware handling mechanism, where requests containing the "x-middleware-subrequest" header are processed differently compared to normal requests, potentially allowing attackers to bypass authentication...
📄 Online Vehicle Service Management System 1.0 Add Administrator
Proof of concept add administrator exploit for Online Vehicle Service Management System version 1.0 that leverages a missing authentication vulnerability. ============================================================================================================================================= ...
📄 Online Admission Software 2.6 Insecure Direct Object Reference
Online Admission Software version 2.6 suffers from an insecure direct object reference vulnerability. ============================================================================================================================================= | Title : Online Admission Software 2.6 IDOR...
📄 aiohttp 3.9.1 Directory Traversal
Proof of concept exploit for a directory traversal vulnerability in aiohttp version 3.9.1. Exploit Title: Python aiohttp directory traversal PoC CVE-2024-23334 Google Dork: N/A Date: 2025-10-06 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://www.aiohttp.org / https://www.python.or...
📄 Online Grievance Redressal Software 2.6 SQL Injection
Online Grievance Redressal Software version 2.6 suffers from a remote SQL injection vulnerability. ============================================================================================================================================= | Title : Online Grievance Redressal Software 2.6 SQL...
📄 OctoPrint 1.11.2 Remote Code Execution
OctoPrint versions 1.11.2 and below suffer from a remote code execution vulnerability via a malformed filename being used in an authenticated file upload. Exploit Title: OctoPrint 1.11.2 - File Upload Date: 2025-09-28 Exploit Author: prabhatverma.addada Vendor Homepage: https://octoprint.org...
📄 Microsoft Windows 11 Build 10.0.27898.1000 Advanced Admin Protection Bypass
This enhanced proof of concept demonstrates an advanced method for bypassing Windows Administrator Protection by manipulating registry hives using both WinAPI and NTAPI. The code implements safe smart‑pointer wrappers for handles, secure SID management, deep registry enumeration, privilege checks...
📄 Blesta 5.13.1 2Checkout PHP Object Injection
Blesta versions 3.0.0 through 5.13.1 suffer from a 2Checkout PHP object injection vulnerability. The vulnerabilities exist because user input passed through the invoices POST parameter or the item-ext-ref GET parameter when dispatching the Checkout2::validate or Checkout2::success method is not...
📄 mPDF 8.1.0 Server-Side Request Forgery / Local File Disclosure / DoS
mPDF version 8.1.0 is vulnerable to multiple security issues related to unsafe handling of external resources, file paths, and image content during HTML-to-PDF rendering. When untrusted or partially trusted HTML input is processed, attackers may exploit insufficient validation to trigger...
📄 NanoMQ 0.24.6 API SQL Rule Engine Buffer Overflow
This script is a proof of concept used to test NanoMQ's API for improper input handling. It sends an intentionally long and malformed SQL alias through the /api/v4/rules endpoint to check whether the service safely rejects the input or crashes. The code does not achieve real remote code execution...
📄 Blesta 5.13.1 Cross Site Scripting
Blesta versions 3.2.0 through 5.13.1 suffer from a cross site scripting vulnerability. User input passed through the confirmurl GET parameter to the /dialog/confirm and /clientdialog/confirm/ endpoints is not properly sanitized before being used to generate HTML output; specifically, before being...
📄 Nagios XI Monitoring Wizard Command Injection
Nagios XI is a widely used enterprise monitoring solution. A vulnerability exists within the Monitoring Wizard configuration page where the database parameter is unsafely passed into backend operations. Authenticated users can exploit this to execute arbitrary system commands, allowing full remot...
📄 MotionEye Frontend 0.43.1b4 Command Injection
Proof of concept exploit for a command injection vulnerability in MotionEye Frontend version 0.43.1b4. ============================================================================================================================================= | Title : MotionEye Frontend 0.43.1b4 RCE | | Author...
📄 NCR Command Center Agent 16.3 Remote Command Execution
Proof of concept exploit for a remote command execution vulnerability in NCR Command Center Agent version 16.3 on Aloha POS/BOH servers. The vulnerability allows remote, unauthenticated attackers to execute arbitrary commands with SYSTEM privileges by sending a specially crafted XML document to...
📄 Mutiny 5.0-1.07 Directory Traversal
Mutiny version 5.0-1.07 directory traversal proof of concept exploit that demonstrates an issue originally discovered in 2013. ============================================================================================================================================= | Title : Mutiny 5.0-1.07...
📄 Blesta 5.13.1 Admin Interface PHP Object Injection
Blesta versions 3.0.0 through 5.13.1 suffer from an administrative interface PHP object injection vulnerability. The vulnerabilities exist because user input passed through the vars and orderinfo POST parameters when dispatching the /app/controllers/adminclients.php script, and through the...