~/hackyfeed
> cat /dev/github | grep security-tools
discovered 30 Mar 2026

TOP

Shell ★ 721 via github-topic
→ View on GitHub

AI Summary: TOP is a vulnerability cataloging tool designed for bug bounty hunters and penetration testers, focusing on proof-of-concept (PoC) exploits for various Common Vulnerabilities and Exposures (CVEs) from recent years. It compiles a list of notable CVEs along with their respective exploits and corresponding GitHub repositories, thereby facilitating ease of access and research for security professionals. Key features include organized yearly summaries of significant vulnerabilities, making it an essential resource for monitoring and exploiting security weaknesses.

README

Tweet Follow on Twitter GitHub Followers Top Langs

TOP

all Top Top Top_Codeql TOP All bugbounty pentesting CVE-2022- POC Exp Things

Table of Contents

2026

starupdated_atnameurldes
2592026-03-26T13:11:44ZCVE-2026-21858https://github.com/Chocapikk/CVE-2026-21858n8n Ni8mare - Unauthenticated Arbitrary File Read to RCE Chain (CVSS 10.0)
2002026-03-24T09:03:39ZCVE-2026-24061https://github.com/SafeBreach-Labs/CVE-2026-24061Exploitation of CVE-2026-24061
1352026-03-12T11:30:34ZCVE-2026-20841-PoChttps://github.com/BTtea/CVE-2026-20841-PoCPoC
952026-03-28T08:19:40ZCVE-2026-20817https://github.com/oxfemale/CVE-2026-20817Windows Error Reporting ALPC Elevation of Privilege (CVE-2026-20817) - Proof-of-Concept exploit demonstrating local privilege escalation via WER service.
1142026-03-18T17:31:00ZCVE-2026-2441-PoChttps://github.com/huseyinstif/CVE-2026-2441-PoC
82026-02-13T09:41:35ZAshwesker-CVE-2026-21509https://github.com/kimstars/Ashwesker-CVE-2026-21509CVE-2026-21509
632026-03-23T06:42:36ZCVE-2026-24061-POChttps://github.com/JayGLXR/CVE-2026-24061-POC
242026-03-03T15:55:37ZCVE-2026-21508_POChttps://github.com/0xc4r/CVE-2026-21508_POC
232026-03-23T12:49:26Zcve-2026-32746https://github.com/jeffaf/cve-2026-32746CVE-2026-32746 - GNU InetUtils telnetd LINEMODE SLC Buffer Overflow PoC (pre-auth RCE, CVSS 9.8)
262026-03-19T00:39:53ZCVE-2026-1731https://github.com/win3zz/CVE-2026-1731CVE-2026-1731 - Critical command injection vulnerability in BeyondTrust Remote Support and Privileged Remote Access due to unsafe Bash arithmetic evaluation in a WebSocket-reachable script
312026-03-24T18:05:17ZCVE-2026-25769https://github.com/hakaioffsec/CVE-2026-25769Remote Code Execution via Insecure Deserialization in Wazuh Cluster
912026-03-24T23:27:18Zmoltbot-1click-rcehttps://github.com/ethiack/moltbot-1click-rceClawdbot/Moltbot/OpenClaw One-click RCE PoC 🦞 (CVE-2026-25253)
322026-03-25T02:00:37ZCVE-2026-22812-exploithttps://github.com/rohmatariow/CVE-2026-22812-exploit
202026-03-19T00:54:00ZCVE-2026-21852-PoChttps://github.com/atiilla/CVE-2026-21852-PoC
152026-03-24T13:11:53ZCVE-2026-21509-PoChttps://github.com/gavz/CVE-2026-21509-PoCEducational PoC for CVE‑2026‑21509 (Microsoft Office security feature bypass). Generates a harmless DOCX with dummy OLE artifacts to study EDR/AV visibility. Not an exploit. For isolated labs only; see README for 7‑Zip inspection steps and mitigation references.
422026-03-27T22:50:44ZSTProcessMonitorBYOVDhttps://github.com/ANYLNK/STProcessMonitorBYOVDThe PoC for CVE-2025-70795 / CVE-2026-0828 and updated driver
312026-03-23T05:02:53ZCVE-2026-20127—Cisco-SD-WAN-Preauth-RCEhttps://github.com/zerozenxlabs/CVE-2026-20127---Cisco-SD-WAN-Preauth-RCE
462026-03-30T01:12:15ZCVE-2026-20687-AppleSEPKeyStore-UAFhttps://github.com/zeroxjf/CVE-2026-20687-AppleSEPKeyStore-UAFCVE-2026-20687: AppleSEPKeyStore Use-After-Free — iOS/macOS kernel vulnerability (patched in 26.4)
32026-02-28T10:31:43ZAshwesker-CVE-2026-21962https://github.com/boroeurnprach/Ashwesker-CVE-2026-21962CVE-2026-21962
212026-02-04T11:24:56ZCVE-2026-23745https://github.com/Jvr2022/CVE-2026-23745Proof of Concept for CVE-2026-23745: Arbitrary File Overwrite vulnerability in node-tar (versions < 7.5.3).
122026-03-19T17:10:53ZPOC-CVE-2026-1357https://github.com/LucasM0ntes/POC-CVE-2026-1357POC-CVE-2026-1357
02026-01-07T05:29:02ZAshwesker-CVE-2026-21440https://github.com/redpack-kr/Ashwesker-CVE-2026-21440CVE-2026-21440
202026-03-28T08:48:30ZCVE-2026-XNU-AIO-KEVENT-UAFhttps://github.com/crazymind90/CVE-2026-XNU-AIO-KEVENT-UAFXNU AIO kevent use-after-free — kernel panic from app sandbox on iOS 26.2 (no entitlements). Patched in iOS 26.3
62026-01-31T09:33:45ZCVE-2026-24061https://github.com/TryA9ain/CVE-2026-24061CVE-2026-24061 Batch Scanning Tool
32026-03-02T12:26:07ZCVE-2026-24061-POChttps://github.com/0p5cur/CVE-2026-24061-POCCVE-2026-24061’s poc : a critical authentication bypass in telnetd leading to RCE as root Affects systems with telnetd versions containing the vulnerability from 2015 onwards.
62026-03-23T08:30:54ZAshwesker-CVE-2026-20045https://github.com/dkstar11q/Ashwesker-CVE-2026-20045CVE-2026-20045
102026-03-07T19:11:38ZCVE-2026-1357https://github.com/halilkirazkaya/CVE-2026-1357CVE-2026-1357 — WPvivid Backup & Migration ≤ 0.9.123 Unauthenticated RCE Exploit
62026-03-20T00:13:35ZCVE-2026-29000https://github.com/kernelzeroday/CVE-2026-29000pac4j-jwt JwtAuthenticator auth bypass (CVE-2026-29000) writeup and PoCs
62026-03-29T16:38:52ZCVE-2026-24061https://github.com/Chocapikk/CVE-2026-24061
72026-01-30T15:24:50ZCVE-2026-20805-POChttps://github.com/fevar54/CVE-2026-20805-POC# CVE-2026-20805 PoC Prueba de concepto para la vulnerabilidad de divulgación de información en Desktop Windows Manager (dwm.exe) de Microsoft. ## 📋 Resumen de la Vulnerabilidad - ID: CVE-2026-20805 - Producto: Microsoft Windows

2025

starupdated_atnameurldes
13942026-03-29T22:38:41ZCVE-2025-55182https://github.com/msanft/CVE-2025-55182Explanation and full RCE PoC for CVE-2025-55182
24232026-03-29T13:10:21Zreact2shell-scannerhttps://github.com/assetnote/react2shell-scannerHigh Fidelity Detection Mechanism for RSC/Next.js RCE (CVE-2025-55182 & CVE-2025-66478)
7932026-03-21T13:42:08ZCVE-2025-55182-researchhttps://github.com/ejpir/CVE-2025-55182-researchCVE-2025-55182 POC
4932026-02-23T14:30:59ZCVE-2018-20250https://github.com/WyAtu/CVE-2018-20250exp for https://research.checkpoint.com/extracting-code-execution-from-winrar
6892026-03-29T06:04:01ZCVE-2025-33073https://github.com/mverschu/CVE-2025-33073PoC Exploit for the NTLM reflection SMB flaw.
5202026-03-26T03:33:21ZCVE-2025-32463_chwoothttps://github.com/pr0v3rbs/CVE-2025-32463_chwootEscalation of Privilege to the root through sudo binary with chroot option. CVE-2025-32463
2482026-02-12T08:00:51ZIngressNightmare-PoChttps://github.com/hakaioffsec/IngressNightmare-PoCThis is a PoC code to exploit the IngressNightmare vulnerabilities (CVE-2025-1097, CVE-2025-1098, CVE-2025-24514, and CVE-2025-1974).
3312026-03-29T16:40:45Zredis_exploithttps://github.com/raminfp/redis_exploitCVE-2025-49844 (RediShell)
4582026-03-25T16:20:57ZCVE-2025-32463https://github.com/kh4sh3i/CVE-2025-32463Local Privilege Escalation to Root via Sudo chroot in Linux
2682026-03-24T19:05:15ZCVE-2025-48799https://github.com/Wh04m1001/CVE-2025-48799
3112026-01-23T10:11:46ZCVE-2025-53770-Exploithttps://github.com/soltanali0/CVE-2025-53770-ExploitSharePoint WebPart Injection Exploit Tool
3132026-03-26T19:11:10ZCVE-2025-55182https://github.com/emredavut/CVE-2025-55182RSC/Next.js RCE Vulnerability Detector & PoC Chrome Extension – CVE-2025-55182 & CVE-2025-66478
1322026-03-25T02:05:05ZNextjs_RCE_Exploit_Toolhttps://github.com/pyroxenites/Nextjs_RCE_Exploit_ToolExploit for CVE-2025-55182 & CVE-2025-66478
6602026-03-29T13:10:32ZBYOVDhttps://github.com/BlackSnufkin/BYOVDBYOVD research use cases featuring vulnerable driver discovery and reverse engineering methodology. (CVE-2025-52915, CVE-2025-1055,).
10362026-03-25T08:57:08ZReact2Shell-CVE-2025-55182-original-pochttps://github.com/lachlan2k/React2Shell-CVE-2025-55182-original-pocOriginal Proof-of-Concepts for React2Shell CVE-2025-55182
3982026-03-17T19:18:19ZCVE-2025-24071_PoChttps://github.com/0x6rss/CVE-2025-24071_PoCCVE-2025-24071: NTLM Hash Leak via RAR/ZIP Extraction and .library-ms File
1972026-03-16T13:47:47ZCVE-2025-21298https://github.com/ynwarcs/CVE-2025-21298Proof of concept & details for CVE-2025-21298
2102026-03-16T10:12:21ZCVE-2025-32023https://github.com/leesh3288/CVE-2025-32023PoC & Exploit for CVE-2025-32023 / PlaidCTF 2025 “Zerodeo”
1992026-01-10T14:57:28ZCVE-2025-30208-EXPhttps://github.com/ThumpBo/CVE-2025-30208-EXPCVE-2025-30208-EXP
1902026-03-25T19:46:42ZRSC-Detect-CVE-2025-55182https://github.com/alptexans/RSC-Detect-CVE-2025-55182RSC Detect CVE 2025 55182
2752026-03-25T13:26:48ZCVE-2025-55182-advanced-scanner-https://github.com/zack0x01/CVE-2025-55182-advanced-scanner-
1912026-03-27T14:08:11ZiOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201https://github.com/JGoyd/iOS-Attack-Chain-CVE-2025-31200-CVE-2025-31201CVE-2025-31200 is a zero-day, zero-click RCE in iOS CoreAudio’s AudioConverterService, triggered by a malicious audio file via iMessage/SMS. Exploitation bypassed Blastdoor, enabled kernel escalation (CVE-2025-31201), and allowed token theft until patched in iOS 18.4.1 (Apr 16, 2025).
3912026-03-29T01:59:21ZColorOS-CVE-2025-10184https://github.com/yuuouu/ColorOS-CVE-2025-10184ColorOS短信漏洞,以及用户自救方案
4162026-03-24T08:38:59ZNext.js-RSC-RCE-Scanner-CVE-2025-66478https://github.com/Malayke/Next.js-RSC-RCE-Scanner-CVE-2025-66478A command-line scanner for batch detection of Next.js application versions and determining if they are affected by CVE-2025-66478 vulnerability.
1482026-03-15T23:59:24ZCVE-2025-11001https://github.com/pacbypass/CVE-2025-11001Exploit for CVE-2025-11001 or CVE-2025-11002
1862026-03-23T21:59:40ZPOC-CVE-2025-24813https://github.com/absholi7ly/POC-CVE-2025-24813his repository contains an automated Proof of Concept (PoC) script for exploiting CVE-2025-24813, a Remote Code Execution (RCE) vulnerability in Apache Tomcat. The vulnerability allows an attacker to upload a malicious serialized payload to the server, leading to arbitrary code execution via deserialization when specific conditions are met.
902025-10-31T02:13:00ZIngressNightmare-POCshttps://github.com/sandumjacob/IngressNightmare-POCsCVE-2025-1974
2312026-03-27T07:24:34ZCVE-2025-21333-POChttps://github.com/MrAle98/CVE-2025-21333-POCPOC exploit for CVE-2025-21333 heap-based buffer overflow. It leverages WNF state data and I/O ring IOP_MC_BUFFER_ENTRY
3532026-03-07T19:59:45Zo3_finds_cve-2025-37899https://github.com/SeanHeelan/o3_finds_cve-2025-37899Artefacts for blog post on finding CVE-2025-37899 with o3
1082026-03-21T09:54:41ZCVE-2025-43300https://github.com/hunters-sec/CVE-2025-43300This is POC for IOS 0click CVE-2025-43300

2024

starupdated_atnameurldes
24392026-03-26T18:38:59ZCVE-2024-1086https://github.com/Notselwyn/CVE-2024-1086Universal local privilege escalation Proof-of-Concept exploit for CVE-2024-1086, working on most Linux kernels between v5.14 and v6.6, including Debian, Ubuntu, and KernelCTF. The success rate is 99.4% in KernelCTF images.
6912026-03-18T19:32:12ZCVE-2024-38063https://github.com/ynwarcs/CVE-2024-38063poc for CVE-2024-38063 (RCE in tcpip.sys)
4912026-03-27T19:05:17Zcve-2024-6387-pochttps://github.com/zgzhang/cve-2024-6387-poca signal handler race condition in OpenSSH’s server (sshd)
5152026-03-15T23:59:21ZCVE-2024-49113https://github.com/SafeBreach-Labs/CVE-2024-49113LdapNightmare is a PoC tool that tests a vulnerable Windows Server against CVE-2024-49113
5292026-03-27T06:20:16Zgit_rcehttps://github.com/amalmurali47/git_rceExploit PoC for CVE-2024-32002
5142026-03-26T08:07:42ZCVE-2024-6387_Checkhttps://github.com/xaitax/CVE-2024-6387_CheckCVE-2024-6387_Check is a lightweight, efficient tool designed to identify servers running vulnerable versions of OpenSSH
2252026-03-26T07:14:54ZCVE-2024-38077https://github.com/qi4L/CVE-2024-38077RDL的堆溢出导致的RCE
3842026-01-23T07:22:16Zcve-2024-6387-pochttps://github.com/acrono/cve-2024-6387-poc32-bit PoC for CVE-2024-6387 — mirror of the original 7etsuo/cve-2024-6387-poc
3302026-03-27T19:05:17ZCVE-2024-0044https://github.com/0xbinder/CVE-2024-0044CVE-2024-0044: a “run-as any app” high-severity vulnerability affecting Android versions 12 and 13
3112026-03-23T10:20:45ZCVE-2024-4577https://github.com/watchtowrlabs/CVE-2024-4577PHP CGI Argument Injection (CVE-2024-4577) Remote Code Execution PoC
3172026-03-28T03:06:21ZCVE-2024-21338https://github.com/hakaioffsec/CVE-2024-21338Local Privilege Escalation from Admin to Kernel vulnerability on Windows 10 and Windows 11 operating systems with HVCI enabled.
2882026-03-21T01:41:47ZCVE-2024-30088https://github.com/tykawaii98/CVE-2024-30088
2262026-03-24T10:54:47ZCVE-2024-21413https://github.com/CMNatic/CVE-2024-21413CVE-2024-21413 PoC for THM Lab
35582026-03-29T18:18:43Zxzbothttps://github.com/amlweems/xzbotnotes, honeypot, and exploit demo for the xz backdoor (CVE-2024-3094)
2032026-02-16T16:02:26ZCVE-2024-23897https://github.com/h4x0r-dz/CVE-2024-23897CVE-2024-23897
7602026-03-20T16:10:11ZCVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-Vulnerabilityhttps://github.com/xaitax/CVE-2024-21413-Microsoft-Outlook-Remote-Code-Execution-VulnerabilityMicrosoft-Outlook-Remote-Code-Execution-Vulnerability
2682026-03-22T11:31:59ZCVE-2024-49138-POChttps://github.com/MrAle98/CVE-2024-49138-POCPOC exploit for CVE-2024-49138
1922026-03-01T23:51:37ZCVE-2024-4367-PoChttps://github.com/LOURC0D3/CVE-2024-4367-PoCCVE-2024-4367 & CVE-2024-34342 Proof of Concept
92026-03-12T22:58:06ZCVE-2024-38077-POChttps://github.com/SecStarBot/CVE-2024-38077-POC
1232026-02-09T10:09:57Zapache-vulnerability-testinghttps://github.com/mrmtwoj/apache-vulnerability-testingApache HTTP Server Vulnerability Testing Tool
2372026-03-11T13:12:12ZCVE_2024_30078_POC_WIFIhttps://github.com/blkph0x/CVE_2024_30078_POC_WIFIbasic concept for the latest windows wifi driver CVE
1722026-03-29T06:14:02ZCVE-2024-6387https://github.com/Karmakstylez/CVE-2024-6387Remote Unauthenticated Code Execution Vulnerability in OpenSSH server (CVE-2024-6387)
2152026-03-15T23:59:18ZCVE-2024-21111https://github.com/mansk1es/CVE-2024-21111Oracle VirtualBox Elevation of Privilege (Local Privilege Escalation) Vulnerability
1802026-03-12T05:40:06ZCVE-2024-25600https://github.com/Chocapikk/CVE-2024-25600Unauthenticated Remote Code Execution – Bricks <= 1.9.6
1362026-01-12T15:22:25ZCVE-2024-7479_CVE-2024-7481https://github.com/PeterGabaldon/CVE-2024-7479_CVE-2024-7481TeamViewer User to Kernel Elevation of Privilege PoC. CVE-2024-7479 and CVE-2024-7481. ZDI-24-1289 and ZDI-24-1290. TV-2024-1006.
812026-02-10T18:53:01ZCVE-2024-30078-https://github.com/lvyitian/CVE-2024-30078-CVE-2024-30078 Detection and Command Execution Script
1462025-12-08T14:01:02ZCVE-2024-38200https://github.com/passtheticket/CVE-2024-38200CVE-2024-38200 & CVE-2024-43609 - Microsoft Office NTLMv2 Disclosure Vulnerability
1572026-02-24T08:14:52ZCVE-2024-21413https://github.com/duy-31/CVE-2024-21413Microsoft Outlook Information Disclosure Vulnerability (leak password hash) - Expect Script POC
842026-03-10T13:51:36ZCVE-2024-40725-CVE-2024-40898https://github.com/TAM-K592/CVE-2024-40725-CVE-2024-40898CVE-2024-40725 and CVE-2024-40898, affecting Apache HTTP Server versions 2.4.0 through 2.4.61. These flaws pose significant risks to web servers worldwide, potentially leading to source code disclosure and server-side request forgery (SSRF) attacks.
1372026-01-28T04:11:46ZCVE-2024-20656https://github.com/Wh04m1001/CVE-2024-20656

2023

starupdated_atnameurldes
4222026-02-27T06:42:31Zqq-tim-elevationhttps://github.com/vi3t1/qq-tim-elevationCVE-2023-34312
14922026-03-28T11:55:03Zcvelisthttps://github.com/CVEProject/cvelistPilot program for CVE submission through GitHub. CVE Record Submission via Pilot PRs ending 6/30/2023
7882026-03-20T07:11:11ZCVE-2023-38831-winrar-exploithttps://github.com/b1tg/CVE-2023-38831-winrar-exploitCVE-2023-38831 winrar exploit generator
5062026-03-09T22:43:30ZWindows_LPE_AFD_CVE-2023-21768https://github.com/chompie1337/Windows_LPE_AFD_CVE-2023-21768LPE exploit for CVE-2023-21768
3732026-03-27T19:05:09ZCVE-2023-32233https://github.com/Liuk3r/CVE-2023-32233CVE-2023-32233: Linux内核中的安全漏洞
4152026-03-07T08:25:22ZCVE-2023-0386https://github.com/xkaneiki/CVE-2023-0386CVE-2023-0386在ubuntu22.04上的提权
1132026-03-18T08:39:43ZCVE-2023-21839https://github.com/ASkyeye/CVE-2023-21839Weblogic CVE-2023-21839 RCE (无需Java依赖一键RCE)
3232026-02-17T10:40:33ZCVE-2023-21752https://github.com/Wh04m1001/CVE-2023-21752
3892026-02-06T16:46:10ZCVE-2023-4911https://github.com/leesh3288/CVE-2023-4911PoC for CVE-2023-4911
6472026-03-25T10:17:41Zkeepass-password-dumperhttps://github.com/vdohney/keepass-password-dumperOriginal PoC for CVE-2023-32784
2832026-03-12T08:05:37ZCVE-2023-21608https://github.com/hacksysteam/CVE-2023-21608Adobe Acrobat Reader - CVE-2023-21608 - Remote Code Execution Exploit
3192026-03-29T19:52:44ZCVE-2023-4863https://github.com/mistymntncop/CVE-2023-4863
2402026-03-21T13:42:06ZCVE-2023-36874https://github.com/Wh04m1001/CVE-2023-36874
2422026-03-15T20:08:57ZCVE-2023-44487https://github.com/bcdannyboy/CVE-2023-44487Basic vulnerability scanning to see if web servers may be vulnerable to CVE-2023-44487
1682025-12-25T23:28:29ZCVE-2023-36745https://github.com/N1k0la-T/CVE-2023-36745
2432026-03-05T02:51:13ZCVE-2023-7028https://github.com/Vozec/CVE-2023-7028This repository presents a proof-of-concept of CVE-2023-7028
3472025-10-04T17:42:47ZCVE-2023-23397-POC-Powershellhttps://github.com/api0cradle/CVE-2023-23397-POC-Powershell
2292026-03-26T12:20:07ZCVE-2023-3519https://github.com/BishopFox/CVE-2023-3519RCE exploit for CVE-2023-3519
2312026-02-20T14:00:18ZCVE-2023-20887https://github.com/sinsinology/CVE-2023-20887VMWare vRealize Network Insight Pre-Authenticated RCE (CVE-2023-20887)
1402026-02-16T22:04:04ZCVE-2023-34362https://github.com/horizon3ai/CVE-2023-34362MOVEit CVE-2023-34362
1802026-02-26T16:45:00ZCVE-2023-28252https://github.com/fortra/CVE-2023-28252
1332026-03-27T16:14:22ZCVE-2023-2640-CVE-2023-32629https://github.com/g1vi/CVE-2023-2640-CVE-2023-32629GameOver(lay) Ubuntu Privilege Escalation
2842026-02-27T06:42:31ZCVE-2023-25690-POChttps://github.com/dhmosfunk/CVE-2023-25690-POCCVE 2023 25690 Proof of concept - mod_proxy vulnerable configuration on Apache HTTP Server versions 2.4.0 - 2.4.55 leads to HTTP Request Smuggling vulnerability.
2402026-03-05T02:50:04ZWeblogic-CVE-2023-21839https://github.com/DXask88MA/Weblogic-CVE-2023-21839
2092026-03-26T07:37:48ZCVE-2023-46747-RCEhttps://github.com/W01fh4cker/CVE-2023-46747-RCEexploit for f5-big-ip RCE cve-2023-46747
1532026-03-26T07:14:42Zcve-2023-29360https://github.com/Nero22k/cve-2023-29360Exploit for CVE-2023-29360 targeting MSKSSRV.SYS driver
2362026-03-21T11:26:29ZCVE-2023-29357https://github.com/Chocapikk/CVE-2023-29357Microsoft SharePoint Server Elevation of Privilege Vulnerability
1682026-03-18T15:10:13ZWindows_MSKSSRV_LPE_CVE-2023-36802https://github.com/chompie1337/Windows_MSKSSRV_LPE_CVE-2023-36802LPE exploit for CVE-2023-36802
1702026-01-12T08:56:11ZCVE-2023-25157https://github.com/win3zz/CVE-2023-25157CVE-2023-25157 - GeoServer SQL Injection - PoC
1592026-03-29T21:50:49ZCVE-2023-23397_EXPLOIT_0DAYhttps://github.com/sqrtZeroKnowledge/CVE-2023-23397_EXPLOIT_0DAYExploit for the CVE-2023-23397

2022

starupdated_atnameurldes
4372026-03-23T04:09:49ZCVE-2022-25636https://github.com/Bonfee/CVE-2022-25636CVE-2022-25636
4642026-03-02T09:48:16ZCVE-2022-21882https://github.com/KaLendsi/CVE-2022-21882win32k LPE
11272026-03-16T07:03:20ZCVE-2022-0847-DirtyPipe-Exploithttps://github.com/Arinerron/CVE-2022-0847-DirtyPipe-ExploitA root exploit for CVE-2022-0847 (Dirty Pipe)
6752026-03-10T20:19:26ZCVE-2022-29072https://github.com/kagancapar/CVE-2022-290727-Zip through 21.07 on Windows allows privilege escalation and command execution when a file with the .7z extension is dragged to the Help>Contents area.
3782026-03-10T13:22:28ZCVE-2022-0185https://github.com/Crusaders-of-Rust/CVE-2022-0185CVE-2022-0185
5792026-02-16T01:07:48ZCVE-2022-23222https://github.com/tr3ee/CVE-2022-23222CVE-2022-23222: Linux Kernel eBPF Local Privilege Escalation
5002026-03-23T04:48:34ZCVE-2022-0995https://github.com/Bonfee/CVE-2022-0995CVE-2022-0995 exploit
5272026-03-29T21:50:46ZOpenSSL-2022https://github.com/NCSC-NL/OpenSSL-2022Operational information regarding CVE-2022-3602 and CVE-2022-3786, two vulnerabilities in OpenSSL 3
2222026-01-12T08:59:31ZSpring-Cloud-Gateway-CVE-2022-22947https://github.com/lucksec/Spring-Cloud-Gateway-CVE-2022-22947CVE-2022-22947
3632026-02-11T03:04:12ZCVE-2022-21907https://github.com/ZZ-SOCMAP/CVE-2022-21907HTTP Protocol Stack Remote Code Execution Vulnerability CVE-2022-21907
3562026-03-10T00:34:53ZCVE-2022-40684https://github.com/horizon3ai/CVE-2022-40684A proof of concept exploit for CVE-2022-40684 affecting Fortinet FortiOS, FortiProxy, and FortiSwitchManager
3792026-03-21T13:50:42ZCVE-2022-29464https://github.com/hakivvi/CVE-2022-29464WSO2 RCE (CVE-2022-29464) exploit and writeup.
7022026-03-28T20:52:54ZCVE-2022-0847-DirtyPipe-Exploitshttps://github.com/AlexisAhmed/CVE-2022-0847-DirtyPipe-ExploitsA collection of exploits and documentation that can be used to exploit the Linux Dirty Pipe vulnerability.
4882026-03-11T21:48:46ZCVE-2022-2588https://github.com/Markakd/CVE-2022-2588exploit for CVE-2022-2588
3872026-02-12T14:05:51ZCVE-2022-39197https://github.com/its-arun/CVE-2022-39197CobaltStrike <= 4.7.1 RCE
4142026-03-19T11:20:37ZCVE-2022-33679https://github.com/Bdenneu/CVE-2022-33679One day based on https://googleprojectzero.blogspot.com/2022/10/rc4-is-still-considered-harmful.html
2802026-01-25T16:15:44ZCVE-2022-0847https://github.com/r1is/CVE-2022-0847CVE-2022-0847-DirtyPipe-Exploit CVE-2022-0847 是存在于 Linux内核 5.8 及之后版本中的本地提权漏洞。攻击者通过利用此漏洞,可覆盖重写任意可读文件中的数据,从而可将普通权限的用户提升到特权 root。 CVE-2022-0847 的漏洞原理类似于 CVE-2016-5195 脏牛漏洞(Dirty Cow),但它更容易被利用。漏洞作者将此漏洞命名为“Dirty Pipe”
3192026-03-05T02:49:35ZCVE-2022-39197-patchhttps://github.com/burpheart/CVE-2022-39197-patchCVE-2022-39197 漏洞补丁. CVE-2022-39197 Vulnerability Patch.
3512026-03-27T10:45:35ZCVE-2022-21894https://github.com/Wack0/CVE-2022-21894baton drop (CVE-2022-21894): Secure Boot Security Feature Bypass Vulnerability
4672026-02-20T06:34:31ZCVE-2022-27254https://github.com/nonamecoder/CVE-2022-27254PoC for vulnerability in Honda’s Remote Keyless System(CVE-2022-27254)
3272026-03-17T11:17:19ZSpring4Shell-POChttps://github.com/reznok/Spring4Shell-POCDockerized Spring4Shell (CVE-2022-22965) PoC application and exploit
3062026-01-13T11:23:05ZCVE-2022-21971https://github.com/0vercl0k/CVE-2022-21971PoC for CVE-2022-21971 “Windows Runtime Remote Code Execution Vulnerability”
2822026-03-22T18:50:13Zcve-2022-27255https://github.com/infobyte/cve-2022-27255
2662026-01-13T11:24:05ZCVE-2022-39952https://github.com/horizon3ai/CVE-2022-39952POC for CVE-2022-39952
5312026-03-27T16:08:49ZCVE-2022-38694_unlock_bootloaderhttps://github.com/TomKing062/CVE-2022-38694_unlock_bootloaderThis is a one-time signature verification bypass. For persistent signature verification bypass, check https://github.com/TomKing062/CVE-2022-38691_38692
1172025-12-26T05:38:26ZCVE-2022-22963https://github.com/dinosn/CVE-2022-22963CVE-2022-22963 PoC
2392026-03-20T16:24:56ZCVE-2022-20699https://github.com/Audiobahn/CVE-2022-20699Cisco Anyconnect VPN unauth RCE (rwx stack)
2322026-03-29T23:37:25ZCVE-2022-30075https://github.com/aaronsvk/CVE-2022-30075Tp-Link Archer AX50 Authenticated RCE (CVE-2022-30075)
1842025-12-25T23:30:40ZCVE-2022-0778https://github.com/drago-96/CVE-2022-0778Proof of concept for CVE-2022-0778, which triggers an infinite loop in parsing X.509 certificates due to a bug in BN_mod_sqrt
1992026-03-01T18:32:32ZCVE-2022-21882https://github.com/L4ys/CVE-2022-21882

2021

starupdated_atnameurldes
13982026-03-22T06:30:03ZnoPachttps://github.com/cube0x0/noPacCVE-2021-42287/CVE-2021-42278 Scanner & Exploiter.
19742026-03-26T02:15:19ZCVE-2021-1675https://github.com/cube0x0/CVE-2021-1675C# and Impacket implementation of PrintNightmare CVE-2021-1675/CVE-2021-34527
20392026-03-26T17:14:25ZCVE-2021-4034https://github.com/berdav/CVE-2021-4034CVE-2021-4034 1day
17262026-03-28T08:35:39ZCVE-2021-40444https://github.com/lockedbyte/CVE-2021-40444CVE-2021-40444 PoC
11372026-03-29T06:16:25ZCVE-2021-4034https://github.com/arthepsy/CVE-2021-4034PoC for PwnKit: Local Privilege Escalation Vulnerability in polkit’s pkexec (CVE-2021-4034)
10972026-03-25T19:43:45ZCVE-2021-1675https://github.com/calebstewart/CVE-2021-1675Pure PowerShell implementation of CVE-2021-1675 Print Spooler Local Privilege Escalation (PrintNightmare)
10062026-03-25T08:18:46ZCVE-2021-3156https://github.com/blasty/CVE-2021-3156
5002026-02-09T07:20:46ZCVE-2021-21972https://github.com/NS-Sp4ce/CVE-2021-21972CVE-2021-21972 Exploit
10462026-03-26T23:19:01Zsam-the-adminhttps://github.com/safebuffer/sam-the-adminExploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
7962026-03-26T08:15:08ZCVE-2021-3156https://github.com/worawit/CVE-2021-3156Sudo Baron Samedit Exploit
8212026-03-30T00:02:01ZCVE-2021-40444https://github.com/klezVirus/CVE-2021-40444CVE-2021-40444 - Fully Weaponized Microsoft Office Word RCE Exploit
4212026-01-25T22:24:20ZCVE-2021-1732-Exploithttps://github.com/KaLendsi/CVE-2021-1732-ExploitCVE-2021-1732 Exploit
8302026-03-18T09:21:27ZCVE-2021-31166https://github.com/0vercl0k/CVE-2021-31166Proof of concept for CVE-2021-31166, a remote HTTP.sys use-after-free triggered remotely.
8632026-03-25T09:29:21ZCVE-2021-44228-Scannerhttps://github.com/logpresso/CVE-2021-44228-ScannerVulnerability scanner and mitigation patch for Log4j2 CVE-2021-44228
9832026-03-26T06:35:00ZnoPachttps://github.com/Ridter/noPacExploiting CVE-2021-42278 and CVE-2021-42287 to impersonate DA from standard domain user
18502026-03-24T20:29:20Zlog4j-shell-pochttps://github.com/kozmer/log4j-shell-pocA Proof-Of-Concept for the CVE-2021-44228 vulnerability.
4422026-03-15T06:35:18ZCVE-2021-3493https://github.com/briskets/CVE-2021-3493Ubuntu OverlayFS Local Privesc
11402026-03-21T08:41:03Zlog4shell-vulnerable-apphttps://github.com/christophetd/log4shell-vulnerable-appSpring Boot web application vulnerable to Log4Shell (CVE-2021-44228).
3262026-03-19T11:22:58ZCVE-2021-1675-LPEhttps://github.com/hlldz/CVE-2021-1675-LPELocal Privilege Escalation Edition for CVE-2021-1675/CVE-2021-34527
1852026-01-14T02:34:13Zexprologhttps://github.com/herwonowr/exprologProxyLogon Full Exploit Chain PoC (CVE-2021–26855, CVE-2021–26857, CVE-2021–26858, CVE-2021–27065)
4392026-02-24T23:08:31Zlog4j-finderhttps://github.com/fox-it/log4j-finderFind vulnerable Log4j2 versions on disk and also inside Java Archive Files (Log4Shell CVE-2021-44228, CVE-2021-45046, CVE-2021-45105)
4342026-01-27T13:31:11ZCVE-2021-3156https://github.com/stong/CVE-2021-3156PoC for CVE-2021-3156 (sudo heap overflow)
1772026-02-12T18:40:18ZProxyVulnshttps://github.com/hosch3n/ProxyVulns[ProxyLogon] CVE-2021-26855 & CVE-2021-27065 Fixed RawIdentity Bug Exploit. [ProxyOracle] CVE-2021-31195 & CVE-2021-31196 Exploit Chains. [ProxyShell] CVE-2021-34473 & CVE-2021-34523 & CVE-2021-31207 Exploit Chains.
2872026-03-05T02:51:09ZCVE-2021-22205https://github.com/Al1ex/CVE-2021-22205CVE-2021-22205& GitLab CE/EE RCE
34352026-03-21T07:22:49Zlog4j-scanhttps://github.com/fullhunt/log4j-scanA fully automated, accurate, and extensive scanner for finding log4j RCE CVE-2021-44228
2702026-03-19T11:55:17ZCVE-2021-21972https://github.com/horizon3ai/CVE-2021-21972Proof of Concept Exploit for vCenter CVE-2021-21972
1482025-12-23T10:49:51ZCVE-2021-41773_CVE-2021-42013https://github.com/inbug-team/CVE-2021-41773_CVE-2021-42013CVE-2021-41773 CVE-2021-42013漏洞批量检测工具
3102026-03-24T16:19:11ZCVE-2021-34527https://github.com/JohnHammond/CVE-2021-34527
2922026-03-07T20:38:37ZCVE-2021-36260https://github.com/Aiminsun/CVE-2021-36260command injection vulnerability in the web server of some Hikvision product. Due to the insufficient input validation, attacker can exploit the vulnerability to launch a command injection attack by sending some messages with malicious commands.
1202026-03-06T09:08:20Zproxyshellhttps://github.com/horizon3ai/proxyshellProof of Concept for CVE-2021-34473, CVE-2021-34523, and CVE-2021-31207

2020

starupdated_atnameurldes
42772026-03-27T04:17:32Zexphubhttps://github.com/zhzyker/exphubExphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
18092026-03-26T23:11:23ZCVE-2020-1472https://github.com/bvcyber/CVE-2020-1472Test tool for CVE-2020-1472
20712026-03-26T00:42:21ZweblogicScannerhttps://github.com/0xn0ne/weblogicScannerweblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883
13512026-03-22T06:30:10ZCVE-2020-0796https://github.com/danigargu/CVE-2020-0796CVE-2020-0796 - Windows SMBv3 LPE exploit #SMBGhost
12842026-03-26T02:27:18ZCVE-2020-1472https://github.com/dirkjanm/CVE-2020-1472PoC for Zerologon - all research credits go to Tom Tervoort of Secura
2902025-10-14T22:36:07ZCVE-2020-14882https://github.com/jas502n/CVE-2020-14882CVE-2020–14882、CVE-2020–14883
3282026-03-01T18:22:23Zcve-2020-0688https://github.com/Ridter/cve-2020-0688cve-2020-0688
6872026-03-26T02:26:19Zzerologonhttps://github.com/risksense/zerologonExploit for zerologon cve-2020-1472
7152026-03-25T23:52:24ZSMBGhosthttps://github.com/ly4k/SMBGhostScanner for CVE-2020-0796 - SMBv3 RCE
3522026-03-19T11:56:43ZCVEAC-2020https://github.com/thesecretclub/CVEAC-2020EasyAntiCheat Integrity check bypass by mimicking memory changes
5732026-03-22T15:59:38ZCVE-2020-0796-RCE-POChttps://github.com/jamf/CVE-2020-0796-RCE-POCCVE-2020-0796 Remote Code Execution POC
3742025-12-23T08:30:40ZCVE-2020-5902https://github.com/jas502n/CVE-2020-5902CVE-2020-5902 BIG-IP
1332025-12-23T08:36:04ZCVE_2020_2546https://github.com/hktalent/CVE_2020_2546CVE-2020-2546,CVE-2020-2915 CVE-2020-2801 CVE-2020-2798 CVE-2020-2883 CVE-2020-2884 CVE-2020-2950 WebLogic T3 payload exploit poc python3,
2932026-03-21T03:36:27ZCNVD-2020-10487-Tomcat-Ajp-lfi-Scannerhttps://github.com/bkfish/CNVD-2020-10487-Tomcat-Ajp-lfi-ScannerCnvd-2020-10487 / cve-2020-1938, scanner tool
8892026-03-18T07:57:07ZCurveBallhttps://github.com/ly4k/CurveBallPoC for CVE-2020-0601- Windows CryptoAPI (Crypt32.dll)
2252026-03-22T02:26:40ZSAP_RECONhttps://github.com/chipik/SAP_RECONPoC for CVE-2020-6287, CVE-2020-6286 (SAP RECON vulnerability)
3382026-03-03T15:24:37ZCVE-2020-2551https://github.com/Y4er/CVE-2020-2551Weblogic IIOP CVE-2020-2551
3562026-01-12T09:19:27ZCVE-2020-0688https://github.com/zcgonvh/CVE-2020-0688Exploit and detect tools for CVE-2020-0688
2502025-12-23T08:44:05ZBlueGatehttps://github.com/ly4k/BlueGatePoC (DoS + scanner) for CVE-2020-0609 & CVE-2020-0610 - RD Gateway RCE
7222026-01-19T09:32:46ZCVE-2020-0787-EXP-ALL-WINDOWS-VERSIONhttps://github.com/cbwang505/CVE-2020-0787-EXP-ALL-WINDOWS-VERSIONSupport ALL Windows Version
1662025-12-23T08:45:32Zcve-2020-0688https://github.com/random-robbie/cve-2020-0688cve-2020-0688
1002026-01-12T15:57:47Zdnspooqhttps://github.com/knqyf263/dnspooqDNSpooq - dnsmasq cache poisoning (CVE-2020-25686, CVE-2020-25684, CVE-2020-25685)
3942026-03-02T19:19:07ZCVE-2020-1472https://github.com/VoidSec/CVE-2020-1472Exploit Code for CVE-2020-1472 aka Zerologon
3292026-03-05T03:02:15ZCVE-2020-0796-PoChttps://github.com/eerykitty/CVE-2020-0796-PoCPoC for triggering buffer overflow via CVE-2020-0796
2562026-03-22T23:37:52ZCVE-2020-0041https://github.com/bluefrostsecurity/CVE-2020-0041Exploits for Android Binder bug CVE-2020-0041
5082026-03-16T17:06:05ZCVE-2020-15368https://github.com/stong/CVE-2020-15368CVE-2020-15368, aka “How to exploit a vulnerable driver”
3382025-12-24T00:54:54Zchainoffoolshttps://github.com/kudelskisecurity/chainoffoolsA PoC for CVE-2020-0601
3372026-02-20T13:55:56ZCVE-2020-0683https://github.com/padovah4ck/CVE-2020-0683CVE-2020-0683 - Windows MSI “Installer service” Elevation of Privilege
4102026-03-23T20:00:25ZGhostcat-CNVD-2020-10487https://github.com/00theway/Ghostcat-CNVD-2020-10487Ghostcat read file/code execute,CNVD-2020-10487(CVE-2020-1938)
1222026-03-22T17:09:25ZCVE-2020-11651-pochttps://github.com/jasperla/CVE-2020-11651-pocPoC exploit of CVE-2020-11651 and CVE-2020-11652

2019

starupdated_atnameurldes
20712026-03-26T00:42:21ZweblogicScannerhttps://github.com/0xn0ne/weblogicScannerweblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883
42772026-03-27T04:17:32Zexphubhttps://github.com/zhzyker/exphubExphub[漏洞利用脚本库] 包括Webloigc、Struts2、Tomcat、Nexus、Solr、Jboss、Drupal的漏洞利用脚本,最新添加CVE-2020-14882、CVE-2020-11444、CVE-2020-10204、CVE-2020-10199、CVE-2020-1938、CVE-2020-2551、CVE-2020-2555、CVE-2020-2883、CVE-2019-17558、CVE-2019-6340
18332026-03-20T18:34:29Zphuip-fpizdamhttps://github.com/neex/phuip-fpizdamExploit for CVE-2019-11043
11872026-03-21T18:07:14ZBlueKeephttps://github.com/Ekultek/BlueKeepProof of concept for CVE-2019-0708
4972026-03-17T01:18:41ZCVE-2019-0708https://github.com/n1xbyte/CVE-2019-0708dump
6562026-03-29T19:09:28ZCVE-2019-5736-PoChttps://github.com/Frichetten/CVE-2019-5736-PoCPoC for CVE-2019-5736
3892026-01-04T10:13:56ZCVE-2019-0708https://github.com/k8gege/CVE-2019-07083389远程桌面代码执行漏洞CVE-2019-0708批量检测工具(Rdpscan Bluekeep Check)
4362026-01-29T03:44:58ZCVE-2019-2725https://github.com/lufeirider/CVE-2019-2725CVE-2019-2725 命令回显
8162026-03-30T00:01:45Zesp32_esp8266_attackshttps://github.com/Matheus-Garbelini/esp32_esp8266_attacksProof of Concept of ESP32/8266 Wi-Fi vulnerabilties (CVE-2019-12586, CVE-2019-12587, CVE-2019-12588)
5752026-02-23T14:33:26Zcve-2019-19781https://github.com/trustedsec/cve-2019-19781This is a tool published for the Citrix ADC (NetScaler) vulnerability. We are only disclosing this due to others publishing the exploit code first.
3522026-03-27T11:52:33ZCOMahawkhttps://github.com/apt69/COMahawkPrivilege Escalation: Weaponizing CVE-2019-1405 and CVE-2019-1322
3642025-12-23T08:10:22ZCVE-2019-11510https://github.com/projectzeroindia/CVE-2019-11510Exploit for Arbitrary File Read on Pulse Secure SSL VPN (CVE-2019-11510)
3682026-02-23T14:33:26ZCVE-2019-19781https://github.com/projectzeroindia/CVE-2019-19781Remote Code Execution Exploit for Citrix Application Delivery Controller and Citrix Gateway [ CVE-2019-19781 ]
1332025-07-21T10:32:14ZCVE-2019-0604https://github.com/linhlhq/CVE-2019-0604CVE-2019-0604
3282026-03-29T19:07:24ZCVE-2019-13272https://github.com/jas502n/CVE-2019-13272Linux 4.10 < 5.1.17 PTRACE_TRACEME local root
6252026-03-06T21:50:21ZCVE-2019-11708https://github.com/0vercl0k/CVE-2019-11708Full exploit chain (CVE-2019-11708 & CVE-2019-9810) against Firefox on Windows 64-bit.
3672026-03-24T23:37:21ZCVE-2019-18935https://github.com/noperator/CVE-2019-18935RCE exploit for a .NET JSON deserialization vulnerability in Telerik UI for ASP.NET AJAX.
3162025-12-23T08:37:49Zcve-2019-1003000-jenkins-rce-pochttps://github.com/adamyordan/cve-2019-1003000-jenkins-rce-pocJenkins RCE Proof-of-Concept: SECURITY-1266 / CVE-2019-1003000 (Script Security), CVE-2019-1003001 (Pipeline: Groovy), CVE-2019-1003002 (Pipeline: Declarative)
2422026-03-01T18:23:28ZCVE-2019-0841https://github.com/rogue-kdc/CVE-2019-0841PoC code for CVE-2019-0841 Privilege Escalation vulnerability
2082026-02-12T16:53:05ZCVE-2019-11932https://github.com/awakened1712/CVE-2019-11932Simple POC for exploiting WhatsApp double-free bug in DDGifSlurp in decoding.c in libpl_droidsonroids_gif
2562025-12-23T08:46:32ZCVE-2019-5786https://github.com/exodusintel/CVE-2019-5786FileReader Exploit
2682025-12-23T08:46:40ZCVE-2019-11932https://github.com/dorkerdevil/CVE-2019-11932double-free bug in WhatsApp exploit poc
9162026-03-22T19:49:29Zrdpscanhttps://github.com/robertdavidgraham/rdpscanA quick scanner for the CVE-2019-0708 “BlueKeep” vulnerability.
2932026-03-23T16:05:31Zbluekeephttps://github.com/0xeb-bp/bluekeepPublic work for CVE-2019-0708
2532025-12-12T06:29:30ZCVE-2019-1040https://github.com/Ridter/CVE-2019-1040CVE-2019-1040 with Exchange
2282026-02-23T14:31:49ZCVE-2019-9810https://github.com/0vercl0k/CVE-2019-9810Exploit for CVE-2019-9810 Firefox on Windows 64-bit.
2012026-02-24T19:04:03ZCVE-2019-16098https://github.com/Barakat/CVE-2019-16098Local privilege escalation PoC exploit for CVE-2019-16098
1652026-03-15T17:20:53ZCVE-2019-7609https://github.com/LandGrey/CVE-2019-7609exploit CVE-2019-7609(kibana RCE) on right way by python2 scripts
32025-09-14T06:41:42ZCVE-2019-0708https://github.com/victor0013/CVE-2019-0708Scanner PoC for CVE-2019-0708 RDP RCE vuln
6832026-03-26T11:00:41Zdirty_sockhttps://github.com/initstring/dirty_sockLinux privilege escalation exploit via snapd (CVE-2019-7304)

2018

starupdated_atnameurldes
20712026-03-26T00:42:21ZweblogicScannerhttps://github.com/0xn0ne/weblogicScannerweblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883
5012026-03-06T23:31:47ZCVE-2018-8120https://github.com/rip1s/CVE-2018-8120CVE-2018-8120 Windows LPE exploit
4932026-02-23T14:30:59ZCVE-2018-20250https://github.com/WyAtu/CVE-2018-20250exp for https://research.checkpoint.com/extracting-code-execution-from-winrar
5322026-03-14T02:24:57ZCVE-2018-15473-Exploithttps://github.com/Rhynorater/CVE-2018-15473-ExploitExploit written in Python for CVE-2018-15473 with threading and export formats
3732026-03-20T16:09:50ZExchange2domainhttps://github.com/Ridter/Exchange2domainCVE-2018-8581
5552026-03-13T09:31:02ZCVE-2018-9995_dvr_credentialshttps://github.com/ezelf/CVE-2018-9995_dvr_credentials(CVE-2018-9995) Get DVR Credentials
4982026-01-29T10:24:43ZCVE-2018-10933https://github.com/blacknbunny/CVE-2018-10933Spawn to shell without any credentials by using CVE-2018-10933 (LibSSH)
2542025-12-08T12:10:11ZCVE-2018-13379https://github.com/milo2012/CVE-2018-13379CVE-2018-13379
2722026-02-17T08:40:13ZCVE-2018-0802https://github.com/rxwx/CVE-2018-0802PoC Exploit for CVE-2018-0802 (and optionally CVE-2017-11882)
4212026-03-20T18:34:47ZCVE-2018-8897https://github.com/can1357/CVE-2018-8897Arbitrary code execution with kernel privileges using CVE-2018-8897.
3522026-03-14T02:25:26ZCVE-2018-7600https://github.com/a2u/CVE-2018-7600💀Proof-of-Concept for CVE-2018-7600 Drupal SA-CORE-2018-002
2962026-03-27T01:32:48ZCVE-2018-8120https://github.com/alpha1ab/CVE-2018-8120CVE-2018-8120 Exploit for Win2003 Win2008 WinXP Win7
3322025-12-23T08:32:17ZCVE-2018-8581https://github.com/WyAtu/CVE-2018-8581CVE-2018-8581
782024-08-12T19:37:50ZCVE-2018-2628https://github.com/shengqi158/CVE-2018-2628CVE-2018-2628 & CVE-2018-2893
5202026-03-18T22:09:20ZWinboxPoChttps://github.com/BasuCert/WinboxPoCProof of Concept of Winbox Critical Vulnerability (CVE-2018-14847)
1472025-08-29T16:32:13ZCVE-2018-13382https://github.com/milo2012/CVE-2018-13382CVE-2018-13382
1412025-12-23T08:46:36ZCVE-2018-8174_EXPhttps://github.com/Yt1g3r/CVE-2018-8174_EXPCVE-2018-8174_python
3022026-02-23T14:29:16Zstruts-pwn_CVE-2018-11776https://github.com/mazen160/struts-pwn_CVE-2018-11776An exploit for Apache Struts CVE-2018-11776
2042026-03-29T21:50:24ZCVE-2018-0296https://github.com/yassineaboukir/CVE-2018-0296Script to test for Cisco ASA path traversal vulnerability (CVE-2018-0296) and extract system information.
1722025-12-24T02:23:23ZCVE-2018-3245https://github.com/pyn3rd/CVE-2018-3245CVE-2018-3245-PoC
1642025-02-17T09:35:37Zcve-2018-8120https://github.com/bigric3/cve-2018-8120
1812026-01-29T03:51:13ZCVE-2018-15982_EXPhttps://github.com/Ridter/CVE-2018-15982_EXPexp of CVE-2018-15982
1222025-01-17T02:29:49Zcve-2018-8453-exphttps://github.com/ze0r/cve-2018-8453-expcve-2018-8453 exp
1402026-03-23T13:15:57ZCVE-2018-7600https://github.com/pimps/CVE-2018-7600Exploit for Drupal 7 <= 7.57 CVE-2018-7600
1672026-02-14T21:40:05ZRTF_11882_0802https://github.com/Ridter/RTF_11882_0802PoC for CVE-2018-0802 And CVE-2017-11882
1692026-02-14T21:40:14ZCVE-2018-8174-msfhttps://github.com/0x09AL/CVE-2018-8174-msfCVE-2018-8174 - VBScript memory corruption exploit.
3472026-03-22T09:33:40ZGDRVLoaderhttps://github.com/zer0condition/GDRVLoaderUnsigned driver loader using CVE-2018-19320
1402025-11-28T04:31:10ZCVE-2018-2894https://github.com/LandGrey/CVE-2018-2894CVE-2018-2894 WebLogic Unrestricted File Upload Lead To RCE Check Script
2692025-12-26T05:38:32Zcredssphttps://github.com/preempt/credsspA code demonstrating CVE-2018-0886
1312025-12-08T12:10:04ZCVE-2018-17182https://github.com/jas502n/CVE-2018-17182Linux 内核VMA-UAF 提权漏洞(CVE-2018-17182),0day

2017

starupdated_atnameurldes
5382026-02-14T21:40:02ZCVE-2017-11882https://github.com/Ridter/CVE-2017-11882CVE-2017-11882 from https://github.com/embedi/CVE-2017-11882
7292026-02-14T21:39:48ZCVE-2017-0199https://github.com/bhdresh/CVE-2017-0199Exploit toolkit CVE-2017-0199 - v4.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft Office RCE. It could generate a malicious RTF/PPSX file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.
20712026-03-26T00:42:21ZweblogicScannerhttps://github.com/0xn0ne/weblogicScannerweblogic 漏洞扫描工具。目前包含对以下漏洞的检测能力:CVE-2014-4210、CVE-2016-0638、CVE-2016-3510、CVE-2017-3248、CVE-2017-3506、CVE-2017-10271、CVE-2018-2628、CVE-2018-2893、CVE-2018-2894、CVE-2018-3191、CVE-2018-3245、CVE-2018-3252、CVE-2019-2618、CVE-2019-2725、CVE-2019-2729、CVE-2019-2890、CVE-2020-2551、CVE-2020-14750、CVE-2020-14882、CVE-2020-14883
7712026-03-26T03:13:15Zspectre-attackhttps://github.com/Eugnis/spectre-attackExample of using revealed “Spectre” exploit (CVE-2017-5753 and CVE-2017-5715)
4952026-02-24T20:37:21ZCVE-2017-11882https://github.com/embedi/CVE-2017-11882Proof-of-Concept exploits for CVE-2017-11882
4692026-03-22T23:37:04ZCVE-2017-0785https://github.com/ojasookert/CVE-2017-0785Blueborne CVE-2017-0785 Android information leak vulnerability
3952026-02-28T09:03:52ZCVE-2017-12617https://github.com/cyberheartmi9/CVE-2017-12617Apache Tomcat < 9.0.1 (Beta) / < 8.5.23 / < 8.0.47 / < 7.0.8 - JSP Upload Bypass / Remote Code Execution
3132026-02-14T21:39:58ZCVE-2017-8759https://github.com/bhdresh/CVE-2017-8759Exploit toolkit CVE-2017-8759 - v1.0 is a handy python script which provides pentesters and security researchers a quick and effective way to test Microsoft .NET Framework RCE. It could generate a malicious RTF file and deliver metasploit / meterpreter / other payload to victim without any complex configuration.
3322026-02-19T15:23:00ZCVE-2017-11882https://github.com/rip1s/CVE-2017-11882CVE-2017-11882 Exploit accepts over 17k bytes long command/code in maximum.
3832026-03-26T17:41:12Zexploit-CVE-2017-7494https://github.com/opsxcq/exploit-CVE-2017-7494SambaCry exploit and vulnerable container (CVE-2017-7494)
1842026-02-14T21:40:05ZCVE-2017-8570https://github.com/rxwx/CVE-2017-8570Proof of Concept exploit for CVE-2017-8570
3402026-03-26T19:01:31Zeternal_scannerhttps://github.com/peterpt/eternal_scannerAn internet scanner for exploit CVE-2017-0144 (Eternal Blue) & CVE-2017-0145 (Eternal Romance)
2602025-12-23T08:45:28ZCVE-2017-7494https://github.com/joxeankoret/CVE-2017-7494Remote root exploit for the SAMBA CVE-2017-7494 vulnerability
2722026-02-17T08:40:13ZCVE-2018-0802https://github.com/rxwx/CVE-2018-0802PoC Exploit for CVE-2018-0802 (and optionally CVE-2017-11882)
1762026-02-14T21:39:57ZCVE-2017-8759https://github.com/vysecurity/CVE-2017-8759CVE-2017-8759 - A vulnerability in the SOAP WDSL parser.
2562026-02-14T21:39:57ZCVE-2017-8759-Exploit-samplehttps://github.com/Voulnet/CVE-2017-8759-Exploit-sampleRunning CVE-2017-8759 exploit sample.
922026-01-21T20:25:06Ziis6-exploit-2017-CVE-2017-7269https://github.com/g0rx/iis6-exploit-2017-CVE-2017-7269iis6 exploit 2017 CVE-2017-7269
4422026-02-27T08:01:58Zstruts-pwnhttps://github.com/mazen160/struts-pwnAn exploit for Apache Struts CVE-2017-5638
1812025-12-25T04:23:54Zcve-2017-7494https://github.com/betab0t/cve-2017-7494Proof-of-Concept exploit for CVE-2017-7494(Samba RCE from a writable share)
1902025-10-18T00:31:12ZJira-Scanhttps://github.com/random-robbie/Jira-ScanCVE-2017-9506 - SSRF
1352025-01-20T02:00:30Zcve-2017-7269https://github.com/zcgonvh/cve-2017-7269fixed msf module for cve-2017-7269
1672026-02-14T21:40:05ZRTF_11882_0802https://github.com/Ridter/RTF_11882_0802PoC for CVE-2018-0802 And CVE-2017-11882
442025-12-25T23:28:18ZCVE-2017-11882https://github.com/starnightcyber/CVE-2017-11882CVE-2017-11882 exploitation
2102026-03-23T13:51:45Zjboss-_CVE-2017-12149https://github.com/yunxu1/jboss-_CVE-2017-12149CVE-2017-12149 jboss反序列化 可回显
2472026-02-24T20:53:49Zstruts-pwn_CVE-2017-9805https://github.com/mazen160/struts-pwn_CVE-2017-9805An exploit for Apache Struts CVE-2017-9805
772026-03-27T18:25:41ZExploit-Developmenthttps://github.com/wetw0rk/Exploit-DevelopmentCVE-2020-8012, CVE-2016-10709, CVE-2017-17099, CVE-2017-18047, CVE-2019-1003000, CVE-2018-1999002
1442026-03-22T23:39:34ZCVE-2017-0781https://github.com/ojasookert/CVE-2017-0781Blueborne CVE-2017-0781 Android heap overflow vulnerability
1432026-02-06T16:18:53ZCVE-2017-10271https://github.com/c0mmand3rOpSec/CVE-2017-10271WebLogic Exploit
562025-05-21T12:10:14ZCVE-2017-1000353https://github.com/vulhub/CVE-2017-1000353jenkins CVE-2017-1000353 POC
1282026-03-17T05:28:11ZCVE-2017-10271https://github.com/kkirsche/CVE-2017-10271Oracle WebLogic WLS-WSAT Remote Code Execution Exploit (CVE-2017-10271)

Donation

Wechat PayAliPayPaypalBTC PayBCH Pay
paypal miracletalent@gmail.com
exploit pentesting shell