📄 Trojan-Spy.Win32.Small MVID-2026-0705 Remote Command Execution

Trojan-Spy.Win32.Small malware opens a listener on TCP port 65535, allowing unauthenticated remote attackers with network access to execute arbitrary operating system commands on the infected host. Discovery / credits: Malvuln John Page aka hyp3rlinx c 2026 Original source:...

📄 Below Log File Symlink Privilege Escalation

This Metasploit module exploits a local privilege escalation vulnerability in the below utility when executed with sudo. This affects versions prior to 0.9.0. ================================================================================================================================== | Title...

📄 ASP.net 8.0.10 Core Kestrel HTTP Request Smuggling

This Metasploit auxiliary module targets a critical HTTP request smuggling vulnerability in ASP.NET Core Kestrel caused by improper parsing of malformed chunked transfer encoding notably LF-only line handling and case-variant headers like chUnKEd...

📄 Bludit CMS 3.18.2 Shell Upload

This Metasploit module targets a vulnerability in Bludit CMS version 3.18.2 targeting the API file upload mechanism which allows authenticated users with a valid API token to upload arbitrary files without proper validation. This can result in a shell upload...

📄 dcontrol 1.0.9 Remote Code Execution

dcontrol version 1.0.9 suffers from an unauthenticated remote code execution vulnerability via the /control-api/monitor/open endpoint. Exploit Title: dcontrol v1.0.9 - Unauthenticated Remote Code Execution RCE Date: 2026-04-18 Exploit Author: Chokri Hammedi Vendor Homepage:...

📄 dwatch 0.0.2 Server-Side Request Forgery

dwatch version 0.0.2 allows unauthenticated users to create monitoring tasks via the /api/task/save endpoint. The url parameter accepts arbitrary URLs and makes HTTP requests to them. Exploit Title: dwatch 0.0.2 - Unauthenticated SSRF via Task URL Date: 2026-04-18 Exploit Author: Chokri Hammedi...

📄 WordPress Kali Forms 2.4.9 Remote Code Execution

WordPress Kali Forms plugin version 2.4.9 suffers from a remote code execution vulnerability. ================================================================================================================================== | Title : WordPress Kali Forms 2.4.9 Remote Code Execution Assessment | ...

📄 Remote Sunrise Helper for Windows 2026.14 Remote Code Execution

Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated remote code execution vulnerability. Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated Remote Code Execution Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...

📄 dcontrol 1.0.9 Arbitrary File Upload

dcontrol version 1.0.9 suffers from an unauthenticated arbitrary file upload vulnerability. Exploit Title: dcontrol v1.0.9 - Unauthenticated Arbitrary File Upload Date: 2026-04-18 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/dhjz/dcontrol Software Link:...

📄 Remote Sunrise Helper for Windows 2026.14 UAC Bypass

Remote Sunrise Helper for Windows version 2026.14 suffers from a local UAC bypass vulnerability via the Icon Import dialog. Exploit Title: Remote Sunrise Helper for Windows 2026.14 - UAC Bypass via Icon Import Dialog Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...

📄 dwol 1.0.0 Command Injection

dwol version 1.0.0 suffers from an unauthenticated command injection vulnerability in the host parameter of the /api/machines endpoint. Exploit Title: dwol v1.0.0 - Unauthenticated Command Injection Date: 2026-04-18 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/dhjz/dwol...

📄 dmonitor 1.0.3 Server-Side Request Forgery

dmonitor version 1.0.3 suffers from an unauthenticated server-side request forgery vulnerability that can allow for data exfiltration. Exploit Title: dmonitor v1.0.3 - Unauthenticated SSRF Date: 2026-04-18 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/dhjz/dmonitor Software...

📄 Remote Sunrise Helper for Windows 2026.14 Live Screen Capture

Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated live screen capture vulnerability. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated Live Screen Capture Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...

📄 Remote Sunrise Helper for Windows 2026.14 UAC Bypass

Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated UAC bypass vulnerability that enables remote code execution via /api/executeScript. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated UAC Bypass Elevated CMD Date:...

📄 openDCIM 25.01 SQL Injection / Remote Code Execution

openDCIM version 25.01 remote SQL injection exploit that achieves remote code execution. ================================================================================================================================== | Title : openDCIM 25.01 SQL Injection Leading to Remote Code Execution | |...

📄 dcontrol 1.0.9 Remote Screen Capture

dcontrol version 1.0.9 suffers from an unauthenticated remote screen capture vulnerability via the WebSocket endpoint at /ws. The application allows any client to connect to the WebSocket without authentication and request screenshots of the target system's display by sending a "screen" message...

📄 Remote Sunrise Helper for Windows 2026.14 File / Folder Deletion

Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated file / folder deletion vulnerability. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Folder Delete Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...

📄 OpenEMR 8.0.0.2 SQL Injection

This Metasploit auxiliary module targets a potential SQL injection vulnerability in OpenEMR version 8.0.0.2. ================================================================================================================================== | Title : OpenEMR 8.0.0.2 Exploitation Tool | | Author :...

📄 Remote Sunrise Helper for Windows 2026.14 Arbitrary File Read

Remote Sunrise Helper for Windows 2026.14 suffers from an unauthenticated file read vulnerability. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File Read Date: 2026-04-20 Exploit Author: Chokri Hammedi Software: https://rs.ltd/latest.php?os=win...

📄 OpenEMR 8.0.0.2 Remote Code Execution

This Metasploit exploit module targets a potential remote code execution vulnerability in OpenEMR systems identified as CVE-2026-32238. The module combines authentication handling, HTTP request manipulation, and command injection capabilities to achieve remote command execution on vulnerable...

📄 Remote Sunrise Helper for Windows 2026.14 Directory Creation

Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated directory creation vulnerability. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated Directory Creation Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...

📄 openDCIM 25.01 SQL Injection

openDCIM version 25.01 remote SQL injection exploit that can be leveraged to execute arbitrary code. ================================================================================================================================== | Title : openDCIM 25.01 Python Exploit – Authenticated &...

📄 dcontrol 1.0.9 Keyboard Injection Remote Code Execution

dcontrol version 1.0.9 is vulnerable to an unauthenticated remote code execution via keyboard input injection. The /control-api/monitor/sendkey and /control-api/monitor/sendtext endpoints allow an unauthenticated attacker to simulate keyboard input on the target system. By chaining these endpoint...

📄 Remote Sunrise Helper for Windows 2026.14 File Upload

Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated file upload vulnerability. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File Upload Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...

📄 Remote Sunrise Helper for Windows 2026.14 UDP Injection

Remote Sunrise Helper for Windows version 2026.14 suffers from UDP injection that can allow for remote code execution. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated UDP Input Injection RCE Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...

📄 Remote Sunrise Helper for Windows 2026.14 Screenshot Capture

Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated screenshot capture vulnerability. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated Screenshot Capture Date: 2026-04-20 Exploit Author: Chokri Hammedi Software:...

📄 dcontrol 1.0.9 Local File Inclusion

dcontrol version 1.0.9 suffers from an unauthenticated local file inclusion vulnerability via a path traversal. Exploit Title: dcontrol v1.0.9 - Unauthenticated Local File Inclusion LFI Date: 2026-04-18 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/dhjz/dcontrol Software Link...

📄 dcontrol 1.0.9 Arbitrary File Delete

dcontrol version 1.0.9 suffers from an unauthenticated arbitrary file deletion vulnerability via path traversal in the /control-api/file/delete endpoint. Exploit Title: dcontrol v1.0.9 - Unauthenticated Arbitrary File Delete Date: 2026-04-18 Exploit Author: Chokri Hammedi Vendor Homepage:...

📄 Remote Sunrise Helper for Windows 2026.14 Directory Listing

Remote Sunrise Helper for Windows version 2026.14 suffers from an unauthenticated file / directory listing vulnerability. !/usr/bin/env python3 Exploit Title: Remote Sunrise Helper for Windows 2026.14 - Unauthenticated File/Directory Listing Date: 2026-04-20 Exploit Author: Chokri Hammedi Softwar...

📄 MCPJam Inspector 1.4.2 Remote Code Execution

This Metasploit auxiliary module targets a remote code execution vulnerability in MCPJam Inspector version 1.4.2. The flaw exists in the /api/mcp/connect endpoint, where user-controlled input is improperly passed to a backend execution mechanism...

📄 V8 Sandbox Bypass: BigInt Division Memory Corruption

This is a variant of crbug.com/474041332. The issue there was that MultiplyFFT, an optimized version of integer multiplication for very large inputs, is not robust against concurrent modification of its input buffers, but was called from ProcessorImpl::FromStringLarge with a temporary buffer insi...

📄 EspoCRM 9.3.3 Remote Code Execution

This Metasploit module targets an authenticated remote code execution vulnerability in EspoCRM versions 9.3.3 and below. ================================================================================================================================== | Title : EspoCRM ≤ 9.3.3 Authenticated RCE...

📄 Activitypub-federation-rust 0.7.1 Server-Side Request Forgery

This is a server-side request forgery scanner for Activitypub-federation-rust version 0.7.1. ================================================================================================================================== | Title : Activitypub-federation-rust 0.7.1 Lemmy ActivityPub SSRF Scanne...

📄 ddev ZipSlip Path Traversal

A ZipSlip path traversal vulnerability exists in the ddev/ddev project, affecting archive extraction routines. The issue allows a crafted ZIP archive to write files outside the intended extraction directory, potentially leading to arbitrary file overwrite on the host system...

📄 PCLink 4.1.1 Authentication Bypass / Code Execution

PCLink version 4.1.1 trusts localhost requests with the "X-Internal-Auth: true" header, bypassing all authentication. Combined with unrestricted extension installation, this allows arbitrary code execution. Exploit Title: PCLink v4.1.1 - Authentication Bypass Leading to Remote Code Execution Date...

📄 ChurchCRM Database Restore Remote Code Execution

This Metasploit module exploits a remote code execution vulnerability in ChurchCRM versions prior to 6.2.0. The vulnerability resides in the Database Restore functionality, which allows an authenticated user with administrative privileges to upload a malicious backup file. By bypassing upload...

📄 Fortinet FortiSandbox 4.4.8 Remote Command Execution

Fortinet FortiSandbox versions 4.4.0 through 4.4.8 suffer from a remote command execution vulnerability. CVE-2026-39808 On November 2025, a critical vulnerability was discovered on Fortinet's FortiSandbox which allowed an unauthenticated attacker to execute commands in the underlying OS as root...

📄 Kiuwan SAST 2.8.2412.0 Improper Enforcement

It was found out that a user is still able to login at the Kiuwan WebUI via SSO, even if the Kiuwan mapped account has been disabled in the user settings by an admin. This issue has been addressed in version 2.8.2509.4. SEC Consult Vulnerability Lab Security Advisory...

📄 Siemens SICAM A8000 25.30 Denial of Service / Memory Corruption

Siemens SICAM A8000 CP-8050/CP-8031/CP-8010/CP-8012 versions 25.30 and below suffer from Content-Length denial of service and XML related memory corruption vulnerabilities. CyberDanube Security Research 20260408-1 -------------------------------------------------------------------------------...

📄 Siemens SICAM A8000 25.30 Denial of Service

Siemens SICAM A8000 CP-8050/CP-8031/CP-8010/CP-8012 versions 25.30 and below suffer from a resource exhaustion denial of service vulnerability. CyberDanube Security Research 20260408-0 ------------------------------------------------------------------------------- title| Remote Operation Denial o...

📄 WebRemoteControl Unauthenticated Remote Code Execution

WebRemoteControl suffers from an unauthenticated remote code execution vulnerability. Exploit Title: WebRemoteControl - Unauthenticated Remote Code Execution Date: 2026-04-14 Exploit Author: Chokri Hammedi Vendor Homepage: https://github.com/wolfgangasdf/WebRemoteControl Software Link:...

📄 CMS Sense 2.0 Cross Site Scripting

CMS Sense version 2.0 suffers from a cross site scripting vulnerability. ================================================================================================================================== | Title : CMS sense v 2.0 HTML Injection Leading to XSS via Attribute Breakout | | Author :...

📄 Twig Sandbox Bypass / XXE / Remote Code Execution / LFI

Research describing a critical vulnerability that exists in the October CMS Twig sandbox Safe Mode that allows authenticated users with template editing privileges to bypass security restrictions and execute arbitrary PHP code or read arbitrary files via XML injection or local file inclusion from...

📄 Selenium Grid/Selenoid Unauthenticated Remote Code Execution

Selenium Grid and Selenoid expose a WebDriver API that allows creating browser sessions with arbitrary capabilities. When deployed without authentication the default for both, an attacker can achieve remote code execution through two browser-specific techniques: For Chrome, the goog:chromeOptions...

📄 WebRemoteControl Unauthenticated Remote Filesystem Access

WebRemoteControl suffers from an unauthenticated remote filesystem access vulnerability. This proof of concept exploit lets you browse directory contents and access files. Exploit Title: WebRemoteControl - Unauthenticated Remote Filesystem Access Date: 2026-04-14 Exploit Author: Chokri Hammedi...

📄 Pachno 1.0.6 Shell Upload

Pachno version 1.0.6 suffers from a remote shell upload vulnerability. The multipart file parameter to the /uploadfile endpoint allows authenticated users to upload files directly to the server. File upload must be enabled by an admin, who can also configure the storage path, within a...

📄 Dolibarr 22.0.4 Command Injection

Dolibarr versions 22.0.4 and below suffer from a remote code injection vulnerability via via MAINODTASPDF. CVE-2026-23500: OS Command Injection RCE via MAINODTASPDF configuration in Dolibarr Overview | Field | Details | |---|---| | CVE ID | CVE-2026-23500 | | Severity | CRITICAL | | Advisory |...

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Scadenzario Print Template. CVE-2025-69216: OpenSTAManager has a SQL Injection in Scadenzario Print Template Overview | Field | Details | |---|---| | CVE ID | CVE-2025-69216 | | Severity | HIGH | |...

📄 Pachno 1.0.6 Open Redirection

Pachno version 1.0.6 suffers from an open redirection vulnerability. Input passed via the returnto GET/POST parameter to the login endpoint is not properly verified before being used to redirect users. The getLoginForwardUrl helper applies htmlentities to the value which is intended for HTML outp...

📄 OpenSTAManager 2.9.8 SQL Injection

OpenSTAManager versions 2.9.8 and below suffer from a remote SQL injection vulnerability in the Prima Nota module. CVE-2026-24419: OpenSTAManager has a SQL Injection in the Prima Nota module Overview | Field | Details | |---|---| | CVE ID | CVE-2026-24419 | | Severity | HIGH | | Advisory | View...