DAHUA_AUTH-BYPASS-CVE-2021-33044
pocexploitGHSA-3mgp-fx93-9xv5
DAHUA_AUTH-BYPASS-CVE-2021-33044
Unauthenticated RCE PoC for CVE-2026-48908 SP Page Builder (Joomla) arbitrary file upload and remote code execution exploit with mass scaning support.
CraftCMS CVE-2025-32432 - Clean PoC
CVE-2026-48908 - SP Page Builder Joomla Unauthenticated RCE
CVE-2026-31431 getroot.c from a Turkish Malware
CVE-2026-49777, CVE-2026-10735 - Draft
CVE-2026-45504 Microsoft Exchange File Read
A security research tool for simulating targeted phishing campaigns using CVE-2024-21413 (Moniker Link).
CVE-2026-42978 — Use-After-Free race condition in Windows Push Notifications (WpnService). Patch diff, root cause analysis, TOCTOU lab, Sysmon/ETW detection rules.
Proof of Concept (PoC) for the TP-Link DHCP Option 66 Unauthenticated RCE (CVE-2026-11834)
This repository contains the Proof of Concept (PoC) exploit script for CVE-2026-45156
Apache Tomcat CGI Servlet RCE (Windows) — Educational PoC
Execute local privilege escalation on networkd-dispatcher via CVE-2022-29799 and CVE-2022-29800 using this C proof of concept.
CVE-2026-11837: local privilege escalation in the ansible.posix authorized_key module via symlink-following chown. Technical writeup; sibling of CVE-2024-9902.
Demonstrate local privilege escalation in networkd-dispatcher via CVE-2022-29799 and CVE-2022-29800 using this C proof of concept.
Fuzzing the Microsoft Windows DNS client library. Inspired by CVE-2026-41096.
Public advisory for CVE-2026-39253, addressing an insecure deserialisation in Pivotal CRM 6.6.04.08 allowing remote code execution via unsafe BinaryFormatter usage in Smart Client and PBS components. Includes vulnerability details, affected versions, and remediation guidance.
Prueba de concepto de CVE-2021-41773