Mutation testing on X.509 Certificate Validation IN OpenSSL v.1.1.1h, based on CVE-2021-3450.
pocexploitGHSA-3mgp-fx93-9xv5
Mutation testing on X.509 Certificate Validation IN OpenSSL v.1.1.1h, based on CVE-2021-3450.
aaPanel WebSocket CSRF Bypass leading to RCE (Incomplete fix for CVE-2021-37840)
CVE-2026-40369本地权限提升漏洞exp
A minimal PoC for CVE-2026-21018, demonstrating how it works
Static analysis of 2 malicious Office documents on REMnux using oletools; identified CVE-2017-11882 and obfuscated macros.
Vulnerability proof of concept reworked from https://github.com/utmost3/cve/issues/2 I take no credit for discovering the vulnerability. This is for educational and portfolio purposes only.
CVE-2026-49772 — The Events Calendar (WordPress) unauthenticated blind SQLi PoC
Detection & remediation toolkit for the Miasma / Shai-Hulud worm and CVE-2026-35603 (AI-agent/IDE config injection)
CVE-2025-48907 - Unauthenticated RCE exploit for Joomla JCE < 2.9.99.5
POC for CVE-2026-23744 for a python revshell
CVE-2023-31290 Scanner
CVE-2026-39031 — offline plaintext password recovery for Lansweeper lsrunase 2.0 / lsencrypt 2.0 via a hardcoded RC4 key. PoC + technical advisory.
Unauthenticated PHP Object Injection to RCE in WP Activity Log <= 5.6.3.1 (CVE-2026-54806)
El exploit para obtener root usado la vulnerabilidad del CVE-2021-4034 o tambien llamado PwnKit el cual permite teniendo un shell hacer una escalada de privilegios siempre y cuando la version de pkexec sea = o < que la v0.105
CVE-2026-2002 writeup and Proof-of-concept
Ethical, network-isolated Docker lab reproducing CVE-2026-26030 — Semantic Kernel in-memory vector store filter eval() RCE (patched in 1.39.4)
Technical analysis of CVE-2026-42945 (NGINX Rift), a critical heap buffer overflow in NGINX's rewrite engine caused by a state mismatch between length calculation and copy operations, enabling worker crashes and potential remote code execution.
GNN-based supply chain backdoor detector for Python packages. Uses Code Property Graphs + 3-layer GCN to detect obfuscated backdoors by learning semantic data flow patterns — not just signatures. Inspired by XZ Utils (CVE-2024-3094).
Unauthenticated RCE PoC for CVE-2026-48908 — SP Page Builder for Joomla (≤ 6.6.1): arbitrary file upload via asset.uploadCustomIcon. Self-cleaning, token-guarded. Authorized testing only.
Technical analysis of CVE-2026-46300 (Fragnesia), a Linux kernel page-cache write vulnerability that enables local privilege escalation through SKBFL_SHARED_FRAG invariant violations in the networking stack.