📄 Off 2.15.4 Unauthenticated Remote System Control

Off version 2.15.4 exposes a TCP service that accepts remote commands like Shutdown, Restart, Lock, Sleep, and Hibernate without any authentication. Exploit Title: Off 2.15.4 - Unauthenticated Remote System Control Shutdown/Restart/Lock/Sleep/Hibernate Date: 25/06/25 Exploit Author: Chokri Hammed...

📄 VLC Mobile Remote for Windows 1.3.9.3 Remote Code Execution

VLC Mobile Remote for Windows version 1.3.9.3 allows remote code execution via unauthenticated keystroke injection over TCP, enabling command execution and reverse shell delivery. This is a second version of the original exploit by the same author. Exploit Title: VLC Mobile Remote VMR for Windows...

📄 Microsoft Excel LTSC Professional Pilus 2021 Remote Code Execution

Microsoft Excel LTSC Professional Pilus 2021 and Microsoft Word LTSC MSO suffer from a vulnerability. The attacker can trick any user into opening and executing their code by sending a malicious DOCM file via email or a streaming server. Titles: Microsoft Excel LTSC Professional Pilus 2021 -...

📄 VLC Mobile Remote for Windows 1.3.9.3 Remote Arbitrary URL Launch

VLC Mobile Remote for Windows version 1.3.9.3 allows an unauthenticated attacker to remotely cause the target system to open any URL in the victim’s default web browser by sending a specially crafted request. This can lead to forced browsing to malicious sites, phishing attacks, or NTLM credentia...

📄 Mobile Mouse 3.6.0.4 Clipboard Data Exfiltration

An attacker can intercept clipboard activity from a system running Mobile Mouse version 3.6.0.4. When the user copies text, images, or takes screenshots, the data is transmitted over a WebSocket channel without encryption or authentication, allowing passive exfiltration of sensitive information...

📄 Mobile Mouse 3.6.0.4 WebSocket Remote Code Execution

Mobile Mouse version 3.6.0.4 contains a remote code execution vulnerability through its WebSocket interface. Exploit Title: Mobile Mouse 3.6.0.4 WebSocket Remote code execution Date: 06/17/2025 Exploit Author: Chokri Hammedi Vendor Homepage: https://mobilemouse.com/ Software Link:...

📄 VLC Mobile Remote for Windows 1.3.9.3 Remote Code Execution

VLC Mobile Remote for Windows version 1.3.9.3 allows remote code execution via unauthenticated keystroke injection over TCP, enabling command execution and reverse shell delivery. Exploit Title: VLC Mobile Remote VMR for Windows v1.3.9.3 Remote Code Execution Date: 06/23/2025 Exploit Author: Chok...

📄 OneTrust SDK 6.33.0 Prototype Pollution / Denial of Service

A vulnerability exists in OneTrust SDK version 6.33.0 that allows an attacker to perform prototype pollution via the misuse of Object.setPrototypeOf and Object.assign. An attacker can inject malicious properties into the prototype chain, potentially causing a denial of service or altering the...

📄 Microsoft Excel LTSC 2024 Remote Code Execution

Microsoft Excel LTSC 2024 suffers from a remote code execution vulnerability. Titles: Microsoft Excel LTSC 2024 - Remote Code Execution RCE Author: nu11secur1ty Date: 06/16/2025 Vendor: Microsoft Software: https://www.microsoft.com/en/microsoft-365/excel?market=af Reference:...

📄 FortiOS SSL-VPN 7.4.4 Insufficient Session Expiration / Cookie Reuse

An insufficient session expiration vulnerability in FortiOS SSL-VPN allows an attacker to reuse stale session cookies after logout, potentially leading to unauthorized access. The SVPNTMPCOOKIE remains valid even after the primary SVPNCOOKIE is invalidated during logout. Versions affected include...

📄 Ingress-NGINX 4.11.0 Remote Code Execution

Ingress-NGINX version 4.11.0 remote code execution exploit that sends a crafted AdmissionRequest to the vulnerable Ingress-NGINX webhook and loads shell.so to achieve code execution. Exploit Title: Ingress-NGINX 4.11.0 - Remote Code Execution RCE Google Dork: N/A Date: 2025-06-19 Exploit Author:...

📄 Glass Cage Zero-Click iMessage Exploit Details

Glass Cage, a vulnerability chain discovered on iOS 18.2, enables an attacker to compromise a device silently by sending a single malicious PNG image via iMessage. The exploit bypasses multiple layers of Apple's defenses, including BlastDoor, WebKit sandboxing, and CoreMedia memory protections...

📄 ONLYOFFICE Docs 8.3.1 Cross Site Scripting

ONLYOFFICE Docs versions 8.3.1 and below suffers from a reflective cross site scripting vulnerability. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected Cross-Site Scripting product: ONLYOFFICE Docs...

📄 SIMCom SIM7600G Modem Undocumented Root Shell Access

The SIMCom SIM7600G modem supports an undocumented AT command, which allows an attacker to execute system commands with root permission on the modem. An attacker needs either physical access or remote shell access to a device that interacts directly with the modem via AT commands. SEC Consult...

📄 Skyvern 0.1.85 Remtoe Code Execution / SSTI

Skyvern version 0.1.85 suffers from a remote code execution vulnerability via server-side template injection. Exploit Title: Skyvern 0.1.85 - Remote Code Execution RCE via SSTI Date: 2025-06-15 Exploit Author: Cristian Branet Vendor Homepage: https://www.skyvern.com/ Software Link:...

📄 Beakon SQL Injection

Beakon versions prior to 5.4.3 suffer from a remote unauthenticated time-based SQL injection vulnerability. Title: Unauthenticated Time Based SQL Injection Vulnerability in Beakon versions prior to 5.4.3 Description: An unauthenticated time-based SQL injection vulnerability exists in the Beakon...

📄 EMQX 5.8.5 Remote Code Execution

A remote code execution vulnerability exists in the EMQX Dashboard component of EMQX, up to and including version 5.8.5. Authenticated users can upload plugins containing arbitrary code, including any kind of Erlang code, which may be executed on the server hosting the web interface. This is...

📄 Freefloat FTP Server 1.0 Remote Buffer Overflow

Freefloat FTP Server version 1.0 suffers from a buffer overflow vulnerability. Exploit Title: Freefloat FTP Server 1.0 - Remote Buffer Overflow Date: 22 may 2025 Notification vendor: No reported Discovery by: Fernando Mengali LinkedIn: https://www.linkedin.com/in/fernando-mengali-273504142/...

📄 PCMan FTP Server 2.0.7 Buffer Overflow

PCMan FTP server version 2.0.l7 suffers from a buffer overflow vulnerability. Exploit Title: PCMan FTP Server 2.0.7 - Buffer Overflow Date: 04/17/2025 Exploit Author: Fernando Mengali Vendor Homepage: http://pcman.openfoundry.org/ Software Link:...

📄 Microsoft Windows 11 SMB Client Privilege Escalation / Remote Code Execution

This proof of concept demonstrates a complex attack chain exploiting improper access control in Windows SMB clients, leading to elevation of privilege through DNS record injection, NTLM relay attacks using impacket-ntlmrelayx, and coercion of a victim system including Windows 11 to authenticate t...

📄 Microsoft Windows 10 WebDAV Remote Code Execution

This exploit leverages the behavior of Windows .URL files to execute a remote binary over a UNC path. When a victim opens or previews the .URL file e.g. from email, the system may automatically reach out to the specified path e.g. WebDAV or SMB share, leading to arbitrary code execution without...

📄 Remote for Windows 2024.15 Insecure Direct Object Reference

Remote for Windows Helper version 2024.15 contains an insecure direct object reference IDOR vulnerability. Attackers can access privileged API functions by reusing any "Allowed" client token from clients.json without authentication, leading to full system compromise. Exploit Title: Remote for...

📄 Mobile Mouse Server 3.6.3 Remote Code Execution

Mobile Mouse Server for macOS exposes a TCP control interface on port 9090, which accepts plaintext commands to simulate keyboard input and launch applications. By default, no authentication is required, allowing a remote attacker to fully control the target system. Version 3.6.3 is affected...

📄 Palo Alto PAN-OS CLI Crash

This Metasploit module triggers a denial-of-service condition in the CLI of Palo Alto PAN-OS by sending an overly long input after authentication. This module requires Metasploit Framework and compatible Ruby. require 'msf/core' require 'net/ssh' class MetasploitModule 'Palo Alto PAN-OS CLI Crash...

📄 PHP CGI Remote Code Execution

A critical vulnerability in PHP's CGI implementation allows remote attackers to execute arbitrary code through command injection. The vulnerability exists due to improper handling of command-line arguments in PHP CGI, which can be exploited to bypass security restrictions and execute arbitrary...

📄 AirKeyboard iOS App 1.0.5 Remote Input Injection

The AirKeyboard iOS application version 1.0.5 exposes a WebSocket server on port 8888 which accepts arbitrary input injection messages from any client. No authentication or pairing process is required. This allows any attacker to type arbitrary keystrokes directly into the victim’s iOS device in...

📄 WAGO Remote Code Execution

WAGO remote code execution exploit that affects multiple products due to allowing an unauthenticated attacker to change the configuration. package main import "bufio" "bytes" "crypto/tls" "encoding/json" "flag" "fmt" "io" "net/http" "os" "regexp" "strings" "sync" "time" const // ANSI color codes...

📄 AirKeyboard 1.9.0.0 Integer Overflow / Denial of Service

AirKeyboard version 1.9.0.0 suffers from an integer overflow vulnerability in its TCP request handler. The ReadLength method parses a 4-byte user-supplied length field without bounds checking, allowing attackers to trigger a denial-of-service by sending a malformed packet with an oversized length...

📄 Remote for Windows 2024.15 Helper Remote Code Execution

Remote for Windows version 2024.15 proof of concept remote code execution exploit that works when the "ask to grant access for unknown iOS devices" in settings is unchecked. Exploit Title: Remote for Windows 2024.15 helper - RCE V2 Date: 2025-06-13 Exploit Author: Chokri Hammedi Vendor Homepage:...

📄 WordPress Likes and Dislikes 1.0.0 SQL Injection

The Likes and Dislikes Plugin plugin for WordPress is vulnerable to SQL Injection via the post parameter in all versions up to, and including, 1.0.0 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for...

📄 Litespeed Cache 6.4.0.1 Privilege Escalation

Litespeed Cache version 6.4.0.1 suffers from a privilege escalation vulnerability. Exploit Title: Litespeed Cache 6.4.0.1 - Privilege Escalation Date: 2025-06-10 Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL Country:...

📄 WordPress HyperComments 1.2.2 Privilege Escalation

The HyperComments plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to a missing capability check on the hcrequesthandler function in all versions up to, and including, 1.2.2. This makes it possible for unauthenticated attackers to...

📄 Microsoft Excel Remote Code Execution

Microsoft Excel appears to suffer from a remote code execution vulnerability via a malicious macro. Titles: Microsoft Excel Local Code Execution Vulnerability Author: nu11secur1ty Date: 06/09/2025 Vendor: Microsoft Software: https://www.microsoft.com/en/microsoft-365/excel?market=af Reference:...

📄 Mongoose HTTP Denial of Service

Mongoose HTTP versions prior to 7.14 appear to suffer from a basic resource exhaustion denial of service vulnerability. Exploit Title: Mongoose HTTP 7.14 DDOS Stack-Based Free Discovered by: Yehia Elghaly Discovered Date: 2025-06-11 Vendor Homepage: https://mongoose.ws/ Software Link :...

📄 Roundcube 1.6.10 Remote Code Execution

Roundcube Webmail versions prior to 1.5.10 and versions 1.6.x prior to 1.6.11 allow remote code execution by authenticated users because the from parameter in a URL is not validated in program/actions/settings/upload.php, leading to PHP object deserialization. An attacker can execute arbitrary...

📄 WordPress RealHomes Theme 4.4.0 Privilege Escalation

WordPress RealHomes Theme versions 4.4.0 and below suffer from a privilege escalation vulnerability. CVE-2025-4601 - WordPress RealHomes Theme = 4.4.0 - Privilege Escalation 🔥 Vulnerability Summary The WordPress theme RealHomes versions = 4.4.0 is vulnerable to a privilege escalation vulnerabilit...

📄 DokuWiki 2025-05-14a Shell Upload

DokuWiki version 2025-05-14a suffers from a remote shell upload vulnerability. Exploit Title: DokuWiki 2025-05-14a Remote Code Execution via File Upload Authenticated Exploit Author: tmrswrr Vendor Homepage: https://www.dokuwiki.org/dokuwiki Software Link:...

📄 INDAMED - MEDICAL OFFICE Demo Version Privilege Escalation / Default Credentials

INDAMED - MEDICAL OFFICE demo version revision 18544 II/20224 suffers from local privilege escalation and default credential vulnerabilities. SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Local Privilege Escalation a...

📄 FUDForum 3.2.0 Cross Site Scripting

FUDForum version 3.2.0 suffers from a persistent cross site scripting vulnerability. Exploit Title: FUDForum 3.2.0 Stored XSS Authenticated Exploit Author: tmrswrr Vendor Homepage: http://fudforum.org/ Software Link: https://sourceforge.net/projects/fudforum/files/FUDforum3.2.0.zip/download Versi...

📄 RAD FT Dell Firmware A00-00 Privilege Escalation

RAD FT Firmware versions A00-00 Build WP0000051154 and prior are susceptible to a privilege escalation vulnerability due to a failure to properly filter the user-supplied input through the .NET Profiler. Exploit name: RAD FT Dell Firmware Download link:...

📄 FUDForum 3.2.0 Command Injection

FUDForum version 3.2.0 suffers from a code injection vulnerability. Exploit Title: FUDForum 3.2.0 Command Injection Authenticated Exploit Author: tmrswrr Vendor Homepage: http://fudforum.org/ Software Link: https://sourceforge.net/projects/fudforum/files/FUDforum3.2.0.zip/download Version : 3.2.0...

📄 Laravel Pulse 1.3.1 Arbitrary Code Injection

Laravel Pulse version 1.3.1 suffers from an arbitrary code injection vulnerability. !/usr/bin/env python3 Exploit Title: Laravel Pulse 1.3.1 - Arbitrary Code Injection Author: Mohammed Idrees Banyamer @banyamersecurity GitHub: https://github.com/mbanyamer Date: 2025-06-06 Tested on: Laravel Pulse...

📄 TightVNC 2.8.83 Control Pipe Manipulation

TightVNC version 2.8.83 suffers from a control pipe manipulation vulnerability. Exploit Title: TightVNC 2.8.83 - Control Pipe Manipulation Date: 06/09/2025 Exploit Author: Ionut Zevedei [email protected] Exploit Repository: https://github.com/zeved/CVE-2024-42049-PoC Vendor Homepage:...

📄 SDiagnostics 10.0.22621.3527 UAC Bypass

SDiagnostics versions 10.0.22621.3527 and below suffer from a UAC bypass vulnerability. Exploit name: UAC Bypass SDiagnostic.exe Troubleshooter Exploit author: Juan Sacco https://exploitpack.com Description: SDiagnostics version 10.0.22621.3527 and prior is vulnerable to an UAC User Account Contr...

📄 Remote for Mac 2025.7 Unauthenticated Remote Code Execution

This Metasploit module exploits an unauthenticated remote code execution vulnerability in Remote for Mac versions up to and including 2025.7 via the /api/executeScript endpoint. When authentication is disabled on the target system, it allows attackers to execute arbitrary AppleScript commands,...

📄 Microsoft Windows 11 Version 24H2 Privilege Escalation

This vulnerability affects Microsoft Windows 11 various versions including 24H2, 23H2, and 22H2 and Windows Server 2025. It targets an improper access control in the Windows Cross Device Service, allowing a low-privileged local attacker to overwrite a critical DLL file...

📄 vBulletin 4.x movepm PHP Object Injection

In vBulletin 4.x, a flawed security patch from 2014 has introduced a new post-auth PHP object injection vector by replacing serialize with jsonencode — ironically making it possible to get vBulletin to sign attacker-controlled base64-encoded payloads, potentially allowing users to perform remote...

📄 Apache Tomcat 10.1.39 Denial of Service

Apache Tomcat version 10.1.39 suffers from a denial of service vulnerability. Exploit Title: Apache Tomcat 10.1.39 - Denial of Service DOS Author: Abdualhadi khalifa CVE: CVE-2025-31650 import httpx import asyncio import random import urllib.parse import sys import socket from colorama import ini...

📄 macOS / iOS Local Privilege Escalation

This local privilege escalation exploit leverages a vulnerable macOS LaunchDaemon plist configuration to execute arbitrary commands with root privileges. The exploit creates a root payload script that adds a root shell binary, creates an admin user, and installs a persistent LaunchDaemon backdoor...

📄 Microsoft Windows Server 2025 JScript Engine Remote Code Execution

This proof of concept exploits a use-after-free vulnerability in jscript.dll to achieve code execution via heap spraying. The shellcode executes calc.exe as a demonstration of code execution. !/usr/bin/env python3 Exploit Title: Microsoft Windows Server 2025 JScript Engine - Remote Code Execution...