50738 matches found
๐ XiboCMS 3.3.4 Traversal / Code Execution
XiboCMS version 3.3.4 zip slip exploit that leverages path traversal and arbitrary file upload vulnerabilities to achieve code execution. Exploit Title: XiboCMS 3.3.4- Remote Code Execution Google Dork: N/A Date: 2025-11-18 Exploit Author: complexusprada Vendor Homepage: https://xibo.org.uk/...
๐ ZSH 5.9 Remote Command Execution
ZSH version 5.9 proof of concept remote command execution exploit. Exploit ZSH 5.9 - RCE Date: 30-12-2025 Exploit Author: sinanadilrana import pexpect import sys import time def debugprintmsg: printf"DEBUG msg" def returntogdbgdb, maxattempts=3, timeout=3: """More reliable function to return to G...
๐ RomM Cross Site Scripting / File Upload
RomM versions prior to 4.4.1 chained vulnerabilities exploit that leverages file upload to achieve cross site scripting that then leverages csrf token reuse to change a user's password. Exploit Title: RomM Application tab or Storage on Firefox Cookies - Copy the rommcsrftoken cookie value 3...
๐ MyRewards 5.6.0 Missing Authorization
MyRewards โ Loyalty Points and Rewards for WooCommerce versions 5.6.0 and below suffer from a missing authorization vulnerability that allows for privilege escalation. CVE-2025-15260: Missing Authorization / Broken Access Control in Plugin - MyRewards โ Loyalty Points and Rewards for WooCommerce...
๐ WordPress Tutor LMS 3.9.5 Insecure Direct Object Reference
WordPress Tutor LMS plugin versions 3.9.5 and below suffer from broken access control and insecure direct object reference vulnerabilities. CVE-2026-1375: Authenticated IDOR / Broken Access Control in Tutor LMS Plugin Disclaimer: This repository is created for educational purposes and ethical...
๐ WordPress Contact List 3.0.17 Cross Site Scripting
WordPress Contact List plugin versions 3.0.17 and below suffer from a persistent cross site scripting vulnerability. CVE-2026-3516: Authenticated Stored Cross-Site Scripting XSS in Contact List Plugin Disclaimer: This repository is created for educational purposes and ethical disclosure only. The...
๐ WordPress EventPrime 4.2.8.1 Arbitrary File Upload
WordPress EventPrime plugin versions 4.2.8.1 and below suffer from an unauthenticated arbitrary file upload vulnerability. CVE-2026-1657: Unauthenticated Arbitrary File Upload in EventPrime Plugin Disclaimer: This repository is created for educational purposes and ethical disclosure only. The...
๐ 7-Zip Directory Traversal / Code Execution
7-Zip versions prior to 25.00 directory traversal to code execution exploit via malicious zip file. Exploit Title: 7-Zip 25.00 - Directory Traversal to RCE via Malicious ZIP Date: 2025-11-22 Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity GitHub:...
๐ FortiWeb 8.0.1 Remote Code Execution
FortiWeb remote code execution exploit that affects versions prior to 7.6.7, 7.8.7, and 8.0.2. Exploit Title: FortiWeb 8.0.2 - Remote Code Execution Date: 2025-11-22 Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer Vendor...
๐ Horilla 1.3 Remote Command Execution
Horilla versions 1.3 and below suffer from a remote command execution vulnerability. Exploit Title: Horilla v1.3 - RCE Date: 2025-05-29 Exploit Author: Raghad Abdallah Al-syouf Version: = 1.3 Tested on: Ubuntu / Docker CVE: CVE-2025-48868 Description: This script exploits the authenticated RCE...
๐ NetBT e-Fatura 2024 Unquoted Service Path
NetBT e-Fatura 2024 suffers from an unquoted service path vulnerability. Exploit Title: NetBT e-Fatura - Privilege Escalation Author: Seccops Discovery Date: 2025-10-03 Vendor: https://net-bt.com.tr/e-fatura/ Tested Version: 2024 Tested on OS: Microsoft Windows Server 2019 DC Vulnerability Type:...
๐ React Server 19.2.0 Remote Code Execution
React Server versions 19.0.0, 19.1.0, 19.1.1, and 19.2.0 proof of concept remote code execution exploit. Exploit Title: React Server 19.2.0 - Remote Code Execution Date: 2025-12-05 Exploit Author: EynaExp https://github.com/EynaExp Vendor Homepage: https://react.dev Software Link:...
๐ Jumbo Website Manager Shell Upload
Proof of concept exploit that demonstrates a remote shell upload vulnerability in Jumbo Website Manage version 1.3.7. Exploit Title: Jumbo Website Manager - Remote Code Execution Application: Jumbo Website Manager Version: v1.3.7 Bugs: RCE Technology: PHP Vendor URL:...
๐ Microsoft MMC MSC EvilTwin Local Admin Creation
Microsoft MMC MSC EvilTwin local admin creation exploit. !/usr/bin/env python3 Exploit Title: Microsoft MMC MSC EvilTwin - Local Admin Creation Date: 2025-11-22 Author: Mohammed Idrees Banyamer Author Country: Jordan GitHub: https://github.com/mbanyamer Vendor Homepage: https://www.microsoft.com...
๐ Authentic 8 User Profile Insecure Direct Object Reference
Proof of concept exploit that demonstrates user data exposure via an insecure direct object reference and missing access control vulnerabilities in the User Profile endpoint of Authentic 8...
๐ Vaadin 25.x Authentication Bypass
An authentication bypass affects Vaadin versions 6.8.13, 14.x, 23.x, 24.x, and 25.x when used with Spring Security, due to inconsistent path pattern matching on reserved framework routes. Accessing the /VAADIN endpoint without a trailing slash can bypass security filters, allowing unauthenticated...
๐ Spectrum ANOG Device Credential Extraction / Command Injection
This Metasploit auxiliary module targets Spectrum/ANOG devices and combines credential extraction, password decryption, and remote command execution through an authenticated command injection flaw...
๐ Microsoft Malware Protection Engine Type Confusion
Microsoft Malware Protection Engine type confusion vulnerability proof of concept exploit for an older vulnerability from 2017. ================================================================================================================================== | Title : Microsoft Malware Protection...
๐ UNI-PASS-Based Customs Systems Insecure Direct Object Reference
A critical security vulnerability has been identified in customs platforms based on UNI-PASS, where a publicly exposed API endpoint allows unauthorized access to sensitive documents without proper authentication or authorization checks. The affected endpoint commonly structured under /api/public/...
๐ Cockpit CMS 2.13.5 Cross Site Scripting
Cockpit CMS version 2.13.5 suffers from a persistent cross site scripting vulnerability in the content model display template. The $interpolate function in /modules/App/assets/js/app/utils.js uses new Function to evaluate template strings, allowing arbitrary JavaScript execution. Any authenticate...
๐ Dolibarr 23.0.0 dol_eval_standard() Whitelist Bypass
Dolibarr version 23.0.0 bypass proof of concept exploit. The whitelist mode of dolevalstandard does not apply $forbiddenphpstrings checks, and the function-call regex does not detect PHP dynamic callable syntax. This allows 'exec''cmd' to bypass all validation and reach eval. !/usr/bin/env python...
๐ NocoBase 2.0.27 Sandbox Escape / Remote Code Execution
NocoBase versions 2.0.27 and below suffer from a sandbox escape vulnerability in the Workflow Script Node. The console object passed into the Node.js vm sandbox context exposes host-realm WritableWorkerStdio stream objects via console.stdout. An authenticated attacker can traverse the prototype...
๐ Grafana 11.6.0 Server-Side Request Forgery
Grafana versions 11.2.0 through 11.6.0 suffer from a server-side request forgery vulnerability. Exploit Title: Grafana 11.6.0 - SSRF FOFA: app="Grafana" Date: 2-11-2025 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: https://grafana.com/ Software Link: https://grafana.com/grafana/download...
๐ Fuel CMS 1.4.1 Remote Command Execution
Fuel CMS version 1.4.1 unauthenticated remote command execution exploit that leverages an issue discovered back in 2018. !/usr/bin/python3 Exploit Title: Fuel CMS 1.4.1 - Remote Code Execution RCE via filter parameter Google Dork: intitle:"Welcome to Fuel CMS" inurl:/fuel/ Date: 2025-04-05 Exploi...
๐ ASP.net 8.0.10 HTTP Request Smuggling / Authentication Bypass
ASP.net version 8.0.10 suffers from HTTP request smuggling, bypass, and server-side request forgery vulnerabilities. Exploit Title: ASP.net 8.0.10 - Bypass Date: 2025-11-03 Author: Mohammed Idrees Banyamer Author Country: Jordan Instagram: @banyamersecurity GitHub: https://github.com/mbanyamer CV...
๐ WordPress Madera 2.2.2 Local File Inclusion
WordPress Madera plugin versions 2.2.2 and below suffer from a local file inclusion vulnerability. Exploit Title: WordPress Madara Local File Inclusion Date: November 1, 2025 Exploit Author: Beatriz Fresno Naumova Vendor Homepage: WordPress Theme Madara Software Link: WordPress Theme Madara Teste...
๐ Zhiyuan OA Traversal / File Upload
Path traversal and improper validation in the multipart file upload handling of Zhiyuan OA's wpsAssistServlet allows an attacker to place crafted files outside the intended directories by controlling the realFileType and fileId parameters. Exploit Title: Zhiyuan OA - arbitrary file upload leading...
๐ DigitalOcean Droplet Agent Remote Command Execution
DigitalOcean Droplet Agent versions through 1.3.2 suffer from a remote command injection vulnerability via metadata poisoning and side-channel attacks. CVE-2026-24516-DigitalOcean-RCE. Technical analysis and PoC for CVE-2026-24516: Unauthenticated Root Remote Code Execution in DigitalOcean Drople...
๐ Microsoft SQL Server 2022 / 2025 Privilege Escalation
Microsoft SQL Server versions 2022 and 2025 suffer from a privilege escalation vulnerability via the MSDatabaseManager role. Title: Microsoft SQL Server Privilege Elevation Through MSDatabaseManager Role CVE-2025-24999 Product: Database Manufacturer: Microsoft Affected Versions: SQL Server...
๐ listmonk Session Persistence
listmonk has a flaw where sessions persist as valid after password reset and password change. CVE-2026-34828 listmonkโs Session Persistence After Password Reset and Password Change Intro I found this issue while reviewing listmonk, an open-source newsletter and mailing list manager, with a simple...
๐ Bloomberg Memray Cross Site Scripting
Bloomberg Memray prior to versions 1.19.2 rendered the command line of the tracked process directly into generated HTML reports without escaping, allowing for cross site scripting attacks. CVE-2026-32722 Bloomberg Memrayโs Stored XSS via Unescaped Command-Line Metadata Intro I found this issue...
๐ Langflow 1.8.4 File Write / Traversal / Remote Code Execution
Langflow versions 1.8.4 and below have an issue where the POST /api/v2/files endpoint does not sanitize the filename parameter from the multipart form data, allowing an attacker to write files to arbitrary locations on the filesystem using path traversal sequences. When Langflow runs with...
๐ MetInfo CMS 8.1 Code Injection
MetInfo CMS versions 8.1 and below suffer from a PHP code injection vulnerability in weixinreply.class.php. --------------------------------------------------------------------------- MetInfo CMS = 8.1 weixinreply.class.php PHP Code Injection Vulnerability...
๐ FreeScout 1.8.206 Remote Code Execution
This Metasploit module exploits an unauthenticated remote code execution vulnerability in FreeScout versions less than or equal to 1.8.206 CVE-2026-28289. The sanitizeUploadedFileName function checks for dot-prefixed filenames before stripping Unicode format characters ZWSP U+200B, allowing...
๐ NLTK StanfordSegmenter 3.9.2 Arbitrary Code Execution
nltk.tokenize.StanfordSegmenter dynamically loads external Java .jar files via subprocess without performing any integrity verification, signature checking, or sandboxing. The class accepts fully attacker-controlled parameters including pathtojar, pathtomodel, pathtodict, and javaclass, and passe...
๐ Langflow 1.8.1 Remote Code Execution
This Python script is a multi-threaded tool targeting a suspected vulnerability in Langflow versions 1.8.1 and below that allows unauthenticated remote code execution through unsafe execution of CustomComponent code during flow compilation...
๐ Langflow 1.8.1 Remote Code Execution
This Metasploit auxiliary module scans Langflow instances for CVE-2026-33017, an unauthenticated remote code execution vulnerability affecting versions 1.8.1 and below. ================================================================================================================================...
๐ Microsoft Windows RRAS Integer Overflow
This Metasploit module simulates a remote exploitation attempt against a hypothetical integer overflow vulnerability in Windows RRAS, which could lead to a heap-based overflow and potential remote code execution...
๐ lollms-webui Server-Side Request Forgery
A critical server-side request forgery vulnerability has been identified in lollms-webui, the web interface for Lord of Large Language and Multi modal Systems. The @router.post"/api/proxy" endpoint allows unauthenticated attackers to force the server into making arbitrary GET requests. This can b...
๐ Grav CMS 1.7.49.5 Remote Code Execution
Grav CMS versions 1.7.49.5 and below with Admin Plugin versions 1.10.49.3 and below are vulnerable to an authenticated remote code execution vulnerability via the "Direct Install" feature in the administrative interface. An authenticated administrator can upload a crafted plugin archive containin...
๐ WordPress Datalogics Ecommerce Delivery Privilege Escalation
WordPress Datalogics Ecommerce Delivery plugin versions prior to 2.6.60 suffer from a privilege escalation vulnerability. ===============================================================================================================================================================================...
๐ NLTK 3.9.2 Arbitrary File Read / Path Traversal
NLTK versions 3.9.2 and below suffer from an arbitrary file read issue due to a path traversal vulnerability. CVE-2026-0847 โ NLTK Multiple CorpusReader Classes: Arbitrary File Read via Path Traversal --- Overview | Field | Details | |---|---| | CVE ID | CVE-2026-0847 | | Package | nltk Natural...
๐ Wagtail CMS 6.4.1 Cross Site Scripting
Wagtail CMS version 6.4.1 is vulnerable to a persistent cross site scripting vulnerability in the document upload functionality. An attacker can embed a malicious payload inside a PDF file. When the uploaded document is accessed via the CMS interface, the payload may execute in the context of the...
๐ Google Keras 3.13.0 Denial of Service
A denial of service vulnerability exists in the HDF5 weight loading component of Google Keras versions 3.0.0 through 3.13.0 on all platforms. The vulnerability is caused by the absence of any validation or throttling when processing HDF5 dataset shape metadata declared inside a .keras archive...
๐ Forcepoint One Endpoint macOS 25.08.5008 DLP Bypass
Forcepoint One Endpoint DLP Endpoint for macOS version 25.08.5008 with DLP Policy Engine version 10.2.0.298 allows a local standard non-admin user to bypass DLP content inspection and policy enforcement by sending SIGSTOP to user-owned browser helper processes Websense Endpoint Helper,...
๐ Ghost CMS 6.19.0 SQL Injection
Ghost CMS versions 3.24.0 through 6.19.0 suffer from a remote SQL injection vulnerability via the content API. Exploit Title: Ghost CMS Unauthenticated SQLi via Content API Date: 2026-03-30 Exploit Author: Maksim Rogov Exploit Licence: GPL-3.0 Software Link: https://ghost.org/ Version: Ghost =...
๐ Bludit CMS Shell Upload
Bludit CMS versions prior to 3.18.4 have an unrestricted API file upload vulnerability that allows for remote code execution. Exploit Title: Bludit CMS . The uploadFile function performs no file extension or content validation, allowing upload of PHP webshells that execute as www-data. The API...
๐ LuaJIT 2.1.1774638290 Arbitrary Code Execution
LuaJIT's Foreign Function Interface FFI provides unrestricted access to native C functions including syscall, mmap, mprotect and arbitrary shared library loading. When FFI is accessible to untrusted Lua code in embedding scenarios OpenResty, Redis, game engines, IoT, an attacker can achieve...
๐ Generic HTTP Command Execution
This Metasploit module interacts with existing command execution functionality on a target system, where user-supplied input is directly passed to system execution functions via a HTTP request. This could be from an existing vulnerability, or uploaded webshells. It is likely that HTTP evasion...
๐ OpenEMR 8.0.0.2 SQL Injection
OpenEMR version 8.0.0.2 contains a remote SQL injection vulnerability in the patient selection feature that can be exploited by authenticated attackers. The vulnerability exists due to insufficient input validation in the patient selection feature. CVE-2026-33910 - SQL Injection Vulnerability in...